}
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
- const uint8_t public_key[32], const uint8_t private_key[32])
+ const uint8_t public_key[32], const uint8_t private_key[32],
+ OPENSSL_CTX *libctx, const char *propq)
{
uint8_t az[SHA512_DIGEST_LENGTH];
uint8_t nonce[SHA512_DIGEST_LENGTH];
ge_p3 R;
uint8_t hram[SHA512_DIGEST_LENGTH];
- EVP_MD *sha512 = EVP_MD_fetch(NULL, SN_sha512, NULL);
+ EVP_MD *sha512 = EVP_MD_fetch(libctx, SN_sha512, propq);
EVP_MD_CTX *hash_ctx = EVP_MD_CTX_new();
unsigned int sz;
int res = 0;
static const char allzeroes[15];
int ED25519_verify(const uint8_t *message, size_t message_len,
- const uint8_t signature[64], const uint8_t public_key[32])
+ const uint8_t signature[64], const uint8_t public_key[32],
+ OPENSSL_CTX *libctx, const char *propq)
{
int i;
ge_p3 A;
fe_neg(A.X, A.X);
fe_neg(A.T, A.T);
- sha512 = EVP_MD_fetch(NULL, SN_sha512, NULL);
+ sha512 = EVP_MD_fetch(libctx, SN_sha512, propq);
if (sha512 == NULL)
return 0;
hash_ctx = EVP_MD_CTX_new();
return res;
}
-void ED25519_public_from_private(uint8_t out_public_key[32],
- const uint8_t private_key[32])
+int ED25519_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[32],
+ const uint8_t private_key[32])
{
uint8_t az[SHA512_DIGEST_LENGTH];
ge_p3 A;
+ int r;
+ EVP_MD *sha512 = NULL;
- SHA512(private_key, 32, az);
+ sha512 = EVP_MD_fetch(ctx, SN_sha512, NULL);
+ if (sha512 == NULL)
+ return 0;
+ r = EVP_Digest(private_key, 32, az, NULL, sha512, NULL);
+ EVP_MD_free(sha512);
+ if (!r) {
+ OPENSSL_cleanse(az, sizeof(az));
+ return 0;
+ }
az[0] &= 248;
az[31] &= 63;
ge_p3_tobytes(out_public_key, &A);
OPENSSL_cleanse(az, sizeof(az));
+ return 1;
}
int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],