Implement deterministic ECDSA sign (RFC6979) by slontis · Pull Request #18809 · openssl/openssl

slontis · 2022-07-15T11:39:45Z

This PR is based off the contributions in PR #9223 by Jemmy1228.

It has been modified and reworked to:
(1) Work with providers
(2) Support ECDSA and DSA
(3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG.

A nonce_type is passed around in the API's, just in case there are
future deterministic algorithms.

Added test vectors for ECDSA from @bbbrumley
bbbrumley@921c037

Checklist

documentation is added or updated
tests are added or updated

slontis · 2022-07-19T03:38:20Z

@pauli - you are ok with adding extra fields to the DRBG_HMAC struct.. It gets ugly if I try to separate the data.. Putting into another file also horrible since the struct then needs to be shared via the header..

slontis · 2022-07-19T03:47:00Z

The following code was used to generate test vectors for dsa

# define NUM_ELEM(x)    (sizeof(x)/sizeof((x)[0]))

/*
 * Example showing how to generate an EC key and extract values from the
 * generated key.
 */

typedef struct {
    const char *name;
    const char *p;
    const char *q;
    const char *g;
    const char *priv;
    const char *pub;
} DSAKEY;

typedef struct {
    const char *digest;
    const char *msg;
    const char *r;
    const char *s;
} DSASIG;

typedef struct {
    const DSAKEY dsa;
    DSASIG *sig;
} DSADATA;

#include <string.h>
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/core_names.h>
#include <openssl/param_build.h>
#include <openssl/encoder.h>
#include <openssl/dsa.h>

static DSASIG dsa1024sig[] = {
    { "SHA1", "sample",
      "2E1A0C2562B2912CAAF89186FB0F42001585DA55",
      "29EFB6B0AFF2D7A68EB70CA313022253B9A88DF5"
    },
    { "SHA224", "sample",
      "4BC3B686AEA70145856814A6F1BB53346F02101E",
      "410697B92295D994D21EDD2F4ADA85566F6F94C1"
    },
    { "SHA256", "sample",
      "81F2F5850BE5BC123C43F71A3033E9384611C545",
      "4CDD914B65EB6C66A8AAAD27299BEE6B035F5E89"
    },
    { "SHA384", "sample",
      "07F2108557EE0E3921BC1774F1CA9B410B4CE65A",
      "54DF70456C86FAC10FAB47C1949AB83F2C6F7595"
    },
    { "SHA512", "sample",
      "16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B",
      "02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C"
    },
    { "SHA1", "test",
      "42AB2052FD43E123F0607F115052A67DCD9C5C77",
      "183916B0230D45B9931491D4C6B0BD2FB4AAF088"
    },
    { "SHA224", "test",
      "6868E9964E36C1689F6037F91F28D5F2C30610F2",
      "49CEC3ACDC83018C5BD2674ECAAD35B8CD22940F"
    },
    { "SHA256", "test",
      "22518C127299B0F6FDC9872B282B9E70D0790812",
      "6837EC18F150D55DE95B5E29BE7AF5D01E4FE160"
    },
    { "SHA384", "test",
      "854CF929B58D73C3CBFDC421E8D5430CD6DB5E66",
      "91D0E0F53E22F898D158380676A871A157CDA622"
    },
    { "SHA512", "test",
      "8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A0",
      "7C670C7AD72B6C050C109E1790008097125433E8"
    },
    {}
};

static DSASIG dsa2048sig[] = {
    { "SHA1", "sample",
      "3A1B2DBD7489D6ED7E608FD036C83AF396E290DBD602408E8677DAABD6E7445A",
      "D26FCBA19FA3E3058FFC02CA1596CDBB6E0D20CB37B06054F7E36DED0CDBBCCF"
    },
    { "SHA224", "sample",
      "DC9F4DEADA8D8FF588E98FED0AB690FFCE858DC8C79376450EB6B76C24537E2C",
      "A65A9C3BC7BABE286B195D5DA68616DA8D47FA0097F36DD19F517327DC848CEC"
    },
    { "SHA256", "sample",
      "EACE8BDBBE353C432A795D9EC556C6D021F7A03F42C36E9BC87E4AC7932CC809",
      "7081E175455F9247B812B74583E9E94F9EA79BD640DC962533B0680793A38D53"
    },
    { "SHA384", "sample",
      "B2DA945E91858834FD9BF616EBAC151EDBC4B45D27D0DD4A7F6A22739F45C00B",
      "19048B63D9FD6BCA1D9BAE3664E1BCB97F7276C306130969F63F38FA8319021B"
    },
    { "SHA512", "sample",
      "2016ED092DC5FB669B8EFB3D1F31A91EECB199879BE0CF78F02BA062CB4C942E",
      "D0C76F84B5F091E141572A639A4FB8C230807EEA7D55C8A154A224400AFF2351"
    },
    { "SHA1", "test",
      "C18270A93CFC6063F57A4DFA86024F700D980E4CF4E2CB65A504397273D98EA0",
      "414F22E5F31A8B6D33295C7539C1C1BA3A6160D7D68D50AC0D3A5BEAC2884FAA"
    },
    { "SHA224", "test",
      "272ABA31572F6CC55E30BF616B7A265312018DD325BE031BE0CC82AA17870EA3",
      "E9CC286A52CCE201586722D36D1E917EB96A4EBDB47932F9576AC645B3A60806"
    },
    { "SHA256", "test",
      "8190012A1969F9957D56FCCAAD223186F423398D58EF5B3CEFD5A4146A4476F0",
      "7452A53F7075D417B4B013B278D1BB8BBD21863F5E7B1CEE679CF2188E1AB19E"
    },
    { "SHA384", "test",
      "239E66DDBE8F8C230A3D071D601B6FFBDFB5901F94D444C6AF56F732BEB954BE",
      "6BD737513D5E72FE85D1C750E0F73921FE299B945AAD1C802F15C26A43D34961"
    },
    { "SHA512", "test",
      "89EC4BB1400ECCFF8E7D9AA515CD1DE7803F2DAFF09693EE7FD1353E90A68307",
      "C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
    },
    {}
};

static const DSADATA testdata[2] = {
    {
        {
        "DSA_1024",
        "86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447"
        "E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88"
        "73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C"
        "881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779",

        "996F967F6C8E388D9E28D01E205FBA957A5698B1",

        "07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D"
        "89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD"
        "87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4"
        "17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD",

        "411602CB19A6CCC34494D79D98EF1E7ED5AF25F7",

        "5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653"
        "92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D"
        "4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6"
        "82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B"
        },
        dsa1024sig
    },
    {
        {
          "DSA_2048",
          "9DB6FB5951B66BB6FE1E140F1D2CE5502374161FD6538DF1648218642F0B5C48"
          "C8F7A41AADFA187324B87674FA1822B00F1ECF8136943D7C55757264E5A1A44F"
          "FE012E9936E00C1D3E9310B01C7D179805D3058B2A9F4BB6F9716BFE6117C6B5"
          "B3CC4D9BE341104AD4A80AD6C94E005F4B993E14F091EB51743BF33050C38DE2"
          "35567E1B34C3D6A5C0CEAA1A0F368213C3D19843D0B4B09DCB9FC72D39C8DE41"
          "F1BF14D4BB4563CA28371621CAD3324B6A2D392145BEBFAC748805236F5CA2FE"
          "92B871CD8F9C36D3292B5509CA8CAA77A2ADFC7BFD77DDA6F71125A7456FEA15"
          "3E433256A2261C6A06ED3693797E7995FAD5AABBCFBE3EDA2741E375404AE25B",

          "F2C3119374CE76C9356990B465374A17F23F9ED35089BD969F61C6DDE9998C1F",

          "5C7FF6B06F8F143FE8288433493E4769C4D988ACE5BE25A0E24809670716C613"
          "D7B0CEE6932F8FAA7C44D2CB24523DA53FBE4F6EC3595892D1AA58C4328A06C4"
          "6A15662E7EAA703A1DECF8BBB2D05DBE2EB956C142A338661D10461C0D135472"
          "085057F3494309FFA73C611F78B32ADBB5740C361C9F35BE90997DB2014E2EF5"
          "AA61782F52ABEB8BD6432C4DD097BC5423B285DAFB60DC364E8161F4A2A35ACA"
          "3A10B1C4D203CC76A470A33AFDCBDD92959859ABD8B56E1725252D78EAC66E71"
          "BA9AE3F1DD2487199874393CD4D832186800654760E1E34C09E4D155179F9EC0"
          "DC4473F996BDCE6EED1CABED8B6F116F7AD9CF505DF0F998E34AB27514B0FFE7",

          "69C7548C21D0DFEA6B9A51C9EAD4E27C33D3B3F180316E5BCAB92C933F0E4DBC",

          "667098C654426C78D7F8201EAC6C203EF030D43605032C2F1FA937E5237DBD94"
          "9F34A0A2564FE126DC8B715C5141802CE0979C8246463C40E6B6BDAA2513FA61"
          "1728716C2E4FD53BC95B89E69949D96512E873B9C8F8DFD499CC312882561ADE"
          "CB31F658E934C0C197F2C4D96B05CBAD67381E7B768891E4DA3843D24D94CDFB"
          "5126E9B8BF21E8358EE0E0A30EF13FD6A664C0DCE3731F7FB49A4845A4FD8254"
          "687972A2D382599C9BAC4E0ED7998193078913032558134976410B89D2C171D1"
          "23AC35FD977219597AA7D15C1A9A428E59194F75C721EBCBCFAE44696A499AFA"
          "74E04299F132026601638CB87AB79190D4A0986315DA8EEC6561C938996BEADF"
        },
        dsa2048sig
    }
};

/*
 * The following code shows how set raw key data into a DSA key.
 * See doc/man7/EVP_PKEY-DSA.pod and doc/man7/EVP_PKEY-FFC.pod for more info.
 */

static EVP_PKEY *load_dsakey_fromdata(const DSAKEY *k)
{
    EVP_PKEY_CTX *ctx = NULL;
    OSSL_PARAM_BLD *bld = NULL;
    OSSL_PARAM *params = NULL;
    BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL;
    BIGNUM *pub_bn = NULL, *priv_bn = NULL;
    EVP_PKEY *pkey = NULL;

    bld = OSSL_PARAM_BLD_new();
    if (bld == NULL)
        goto err;

    if (!BN_hex2bn(&p_bn, k->p)
            || !BN_hex2bn(&q_bn, k->q)
            || !BN_hex2bn(&g_bn, k->g)
            || !BN_hex2bn(&pub_bn, k->pub)
            || !BN_hex2bn(&priv_bn, k->priv))
        goto err;

    if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn)
            || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn)
            || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g_bn)
            || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_bn)
            || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_bn))
        goto err;
    /* Other parameters such as seed and counter could also be set here */

    params =  OSSL_PARAM_BLD_to_param(bld);
    if (params == NULL)
        goto err;

    ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
    if (ctx == NULL)
        goto err;

    if (EVP_PKEY_fromdata_init(ctx) <= 0)
        goto err;

    if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
         goto err;

err:
    BN_free(priv_bn);
    BN_free(pub_bn);
    BN_free(g_bn);
    BN_free(q_bn);
    BN_free(p_bn);
    OSSL_PARAM_free(params);
    OSSL_PARAM_BLD_free(bld);
    EVP_PKEY_CTX_free(ctx);
    return pkey;
}

static int print_signature(const char *name, const DSASIG *t)
{
    int ret = 0;
    BIGNUM *r_bn = NULL, *s_bn = NULL;
    DSA_SIG *sign = NULL;
    size_t sig_len;
    unsigned char *sig = NULL;
    char out[1024];

    sign = DSA_SIG_new();
    if (sign == NULL)
        goto err;

    if (!BN_hex2bn(&r_bn, t->r) || !BN_hex2bn(&s_bn, t->s))
        goto err;
    DSA_SIG_set0(sign, r_bn, s_bn);
    r_bn = s_bn = NULL;

    sig_len = i2d_DSA_SIG(sign, &sig);
    if (sig_len <= 0)
        goto err;
    if (!OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, sig, sig_len, '\0'))
        goto err;
    OPENSSL_free(sig);
    sig = NULL;
    ret = 1;

    printf("DigestSign = %s\n", t->digest);
    printf("Key = %s_PRIV\n", name);
    printf("NonceType = deterministic\n");
    printf("Input = \"%s\"\n", t->msg);
    printf("Output = %s\n\n", out);

    printf("DigestVerify = %s\n", t->digest);
    printf("Key = %s_PUB\n", name);
    printf("Input = \"%s\"\n", t->msg);
    printf("Output = %s\n\n", out);
err:
    OPENSSL_free(sig);
    BN_free(s_bn);
    BN_free(r_bn);
    DSA_SIG_free(sign);
    return ret;
}

static int print_keypair(const DSAKEY *k)
{
    int ret = 0;
    EVP_PKEY *pkey;
    OSSL_ENCODER_CTX *ctx = NULL;

    pkey = load_dsakey_fromdata(k);
    if (pkey == NULL)
        goto end;

    ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, EVP_PKEY_KEYPAIR, "PEM",
                                        "PrivateKeyInfo", NULL);
    if (ctx == NULL)
        goto end;

    printf("\nPrivateKey=%s_PRIV\n", k->name);
    if (OSSL_ENCODER_to_fp(ctx, stdout) <= 0)
        goto end;
    OSSL_ENCODER_CTX_free(ctx);

    ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, EVP_PKEY_PUBLIC_KEY, "PEM",
                                        "SubjectPublicKeyInfo", NULL);
    if (ctx == NULL)
        goto end;

    printf("\nPublicKey=%s_PUB\n", k->name);
    if (OSSL_ENCODER_to_fp(ctx, stdout) <= 0)
        goto end;
    printf("\nPrivPubKeyPair=%s_PRIV:%s_PUB\n\n", k->name, k->name);
    ret = 1;
end:
    OSSL_ENCODER_CTX_free(ctx);
    EVP_PKEY_free(pkey);
    return ret;
}

int main(void)
{
    int result = 0;
    int i, j;

    for (i = 0; i < NUM_ELEM(testdata); ++i) {
        if (!print_keypair(&testdata[i].dsa))
            goto cleanup;
        for (j = 0; testdata[i].sig[j].digest != NULL; ++j) {
            if (!print_signature(testdata[i].dsa.name, &testdata[i].sig[j]))
                goto cleanup;
        }
    }
    result = 1;
cleanup:
    if (result != 1)
        ERR_print_errors_fp(stderr);

    return result == 0;
}

slontis · 2022-07-19T04:33:02Z

Test vectors added and rebased to fixup commit message

slontis · 2022-07-20T06:56:38Z

Put back into draft form - whilst I figure out if this fits in better as a KDF, as suggested by Pauli.

slontis · 2022-07-20T08:05:45Z

The output of the algorithm is a value k (nonce), This is a BIGNUM in the range [2....q-1]
This doesnt sit very well with the derive function that does...
EVP_KDF_derive(ctx, key, keylen, params); since keylen is normally the output size.. So this seems a bit kludgy,, It then needs to convert key to a BIGNUM after the derive. I could make it return a zero padded value but it seems not very nice.

paulidale · 2022-07-20T08:11:57Z

How does this differ from using the DRBG to generate bytes which need converting to a BN?

KDF has been added

paulidale

Looks good.

paulidale

With typos addressed.

openssl-machine · 2022-08-29T00:08:49Z

This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago

slontis · 2022-09-13T07:42:23Z

Requires reapproval since i added tests..

slontis · 2022-11-23T01:14:35Z

@paulidale requires reapproval

t8m · 2022-11-23T07:50:33Z

                     evppkey_rsa.txt
                    );
 push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
+push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec || $no_ec2m;


Could you please split the ec2m testcases into a separate file?

I'll approve then.

Hmm, actually $no_ec2m should not be necessary. The evp_test should handle missing support for a key type gracefully. Could you please drop it?

It actually crashed with that line removed..
I am a bit suprised this has not happened before now.. Basically the "Key=XXX" lines fails.. so it sets t->skip = 1.. And then it continues to parse every line of the test (And NULL pointer access in then possible).
I have changed it so it skips the rest of the parsing in this case - I could check for NULL, but it seems silly to continue parsing a skipped test.

…ormat

openssl-machine · 2022-11-25T08:00:26Z

24 hours has passed since 'approval: done' was set, but this PR has failing CI tests. Once the tests pass it will get moved to 'approval: ready to merge' automatically, alternatively please review and set the label manually.

openssl-machine · 2022-11-25T16:00:20Z

This pull request is ready to merge

hlandau · 2022-11-30T07:35:21Z

Merged to master. Thank you.

A trivial merge conflict in 30-test_evp.t was fixed on merge.

A fixup commit had to be reordered as it did not apply cleanly when reordered to be immediately after the commit it was a fixup for. This was squashed into the following commit instead. There are no changes to the consequent diff of this entire PR.

This PR is based off the contributions in PR #9223 by Jemmy1228. It has been modified and reworked to: (1) Work with providers (2) Support ECDSA and DSA (3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG. A nonce_type is passed around inside the Signing API's, in order to support any future deterministic algorithms. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #18809)

parameter. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #18809)

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #18809)

jamuir · 2022-12-01T21:36:34Z

 #define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES    \
    OSSL_PKEY_PARAM_MGF1_PROPERTIES
 #define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
+#define OSSL_SIGNATURE_PARAM_NONCE_TYPE         "nonce_type"


in the updated documentation, the new param string is stated to be nonce-type.

Should this be nonce-type rather than nonce_type?

yeah we should change this... before it makes it into a actual release.

This PR is based off the contributions in PR openssl#9223 by Jemmy1228. It has been modified and reworked to: (1) Work with providers (2) Support ECDSA and DSA (3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG. A nonce_type is passed around inside the Signing API's, in order to support any future deterministic algorithms. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#18809)

parameter. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#18809)

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#18809)

slontis added the branch: master Applies to master branch label Jul 15, 2022

github-actions Bot added the severity: fips change The pull request changes FIPS provider sources label Jul 15, 2022

slontis mentioned this pull request Jul 15, 2022

Implement deterministic ECDSA sign (RFC6979) #9223

Closed

8 tasks

slontis commented Jul 15, 2022

View reviewed changes

Comment thread providers/implementations/rands/drbg_hmac.c Outdated

paulidale reviewed Jul 18, 2022

View reviewed changes

Comment thread providers/implementations/rands/drbg.c Outdated

paulidale reviewed Jul 19, 2022

View reviewed changes

Comment thread doc/man7/EVP_RAND-HMAC-DRBG-DETERMINISTIC.pod Outdated

paulidale previously approved these changes Jul 19, 2022

View reviewed changes

paulidale added approval: review pending This pull request needs review by a committer approval: otc review pending labels Jul 19, 2022

paulidale self-requested a review July 19, 2022 03:36

slontis force-pushed the ecdsa_dsa_deterministic_sign branch from 616caf9 to 4281bfa Compare July 19, 2022 04:32

slontis marked this pull request as ready for review July 19, 2022 04:32

slontis marked this pull request as draft July 20, 2022 06:55

slontis force-pushed the ecdsa_dsa_deterministic_sign branch from d3dd5e4 to a62294c Compare July 25, 2022 04:51

slontis marked this pull request as ready for review July 25, 2022 05:15

t8m added the triaged: feature The issue/pr requests/adds a feature label Jul 27, 2022

paulidale reviewed Jul 29, 2022

View reviewed changes

Comment thread doc/man7/EVP_KDF-HMAC-DRBG.pod Outdated

Comment thread doc/man7/EVP_KDF-HMAC-DRBG.pod Outdated

Comment thread doc/man7/EVP_KDF-HMAC-DRBG.pod Outdated

Comment thread providers/implementations/kdfs/hmacdrbg_kdf.c

paulidale approved these changes Jul 29, 2022

View reviewed changes

FdaSilvaYY reviewed Jul 29, 2022

View reviewed changes

Comment thread doc/man7/EVP_KDF-HMAC-DRBG.pod Outdated

slontis force-pushed the ecdsa_dsa_deterministic_sign branch from cee578d to 8d7220c Compare September 13, 2022 07:40

paulidale approved these changes Sep 28, 2022

View reviewed changes

t8m reviewed Nov 22, 2022

View reviewed changes

Comment thread providers/implementations/kdfs/hmacdrbg_kdf.c

fixup! Implement deterministic ECDSA sign (RFC6979)

ca0a24a

t8m reviewed Nov 23, 2022

View reviewed changes

paulidale approved these changes Nov 23, 2022

View reviewed changes

fixup! [test/recipes] Add RFC6979 deterministic DSA KATs in evptest f…

6c4695e

…ormat

paulidale approved these changes Nov 23, 2022

View reviewed changes

t8m approved these changes Nov 24, 2022

View reviewed changes

t8m added approval: done This pull request has the required number of approvals tests: present The PR has suitable tests present and removed approval: review pending This pull request needs review by a committer labels Nov 24, 2022

openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Nov 25, 2022

hlandau closed this Nov 30, 2022

jamuir reviewed Dec 1, 2022

View reviewed changes

jamuir mentioned this pull request Dec 2, 2022

Missing deterministic ECDSA signatures support #2078

Closed

utzig mentioned this pull request Feb 24, 2023

Make EC signatures deterministic mcu-tools/mcuboot#1623

Closed

ivaylo-yordanov mentioned this pull request Apr 11, 2023

Support deterministic ECDSA sign (RFC6979) pyca/cryptography#8709

Closed

rhenium mentioned this pull request Aug 31, 2023

There is no way to perform a ECDSA sign with a deterministic K value ruby/openssl#426

Open

Uh oh!

Conversation

slontis commented Jul 15, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Checklist

Uh oh!

Uh oh!

Uh oh!

Uh oh!

slontis commented Jul 19, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

slontis commented Jul 19, 2022

Uh oh!

slontis commented Jul 19, 2022

Uh oh!

slontis commented Jul 20, 2022

Uh oh!

slontis commented Jul 20, 2022

Uh oh!

paulidale commented Jul 20, 2022

Uh oh!

paulidale left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

paulidale left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

openssl-machine commented Aug 29, 2022

Uh oh!

slontis commented Sep 13, 2022

Uh oh!

Uh oh!

slontis commented Nov 23, 2022

Uh oh!

t8m Nov 23, 2022

Choose a reason for hiding this comment

Uh oh!

t8m Nov 23, 2022

Choose a reason for hiding this comment

Uh oh!

slontis Nov 23, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

openssl-machine commented Nov 25, 2022

Uh oh!

openssl-machine commented Nov 25, 2022

Uh oh!

hlandau commented Nov 30, 2022

Uh oh!

jamuir Dec 1, 2022

Choose a reason for hiding this comment

Uh oh!

slontis Dec 1, 2022

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

slontis commented Jul 15, 2022 •

edited

Loading

slontis commented Jul 19, 2022 •

edited

Loading

slontis Nov 23, 2022 •

edited

Loading