On Sun., Jun. 25, 2023, 3:02 a.m. , <openssl@xxxxxxxxxxxxxxxxxx> wrote:
I am using OpenSSL (3.1) and working to add EdDSA support to libacvp. I
have discovered that the EdDSA implementation appears to ignore the
"context-string" input variable to a signing operation.
The man page for ED448 with 3.1
(https://www.openssl.org/docs/man3.1/man7/Ed448.html) implies that only
PureEdDSA is supported. It contains the statement "No additional
parameters can be set during one-shot signing or verification. In
particular, because PureEdDSA is used, a digest must NOT be specified
when signing or verifying." In the notes section, it goes on to say
"The PureEdDSA algorithm ... ". These statements imply only support for
Pure EdDSA and *not* pre-hash EdDSA.
The "manmaster" page for ED448
(https://www.openssl.org/docs/manmaster/man7/Ed448.html) says something
very different.
Support for all five EdDSA instances from RFC 8032 is available on "master":
I don't think it available in a release yet.
-James M