Commit 7665cb196b for openssl.org
commit 7665cb196bf106ef5e91e139da760a2e8c31d860
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date: Tue Jun 2 12:51:45 2026 +0200
curve448: make locally-used functions static and remove unused ones
ossl_c448_ed448_derive_public_key(), ossl_c448_ed448_sign(),
and ossl_c448_ed448_verify() are only called from within the compilation
unit, while ossl_c448_ed448_convert_private_key_to_x448(),
ossl_c448_ed448_sign_prehash() and ossl_c448_ed448_verify_prehash()
are not used anywhere, seemingly. Make the former static (removing
them from the header, removing the ossl_ prefix, and moving
the descriptions to the definitions) and remove the latter.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Bob Beck <beck@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Fri Jun 12 13:11:48 2026
(Merged from https://github.com/openssl/openssl/pull/31362)
diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h
index 29e732d629..bb045fce87 100644
--- a/crypto/ec/curve448/ed448.h
+++ b/crypto/ec/curve448/ed448.h
@@ -32,128 +32,6 @@
/* EdDSA decoding ratio. */
#define C448_EDDSA_DECODE_RATIO (4 / 4)
-/*
- * EdDSA key generation. This function uses a different (non-Decaf) encoding.
- *
- * pubkey (out): The public key.
- * privkey (in): The private key.
- */
-c448_error_t
-ossl_c448_ed448_derive_public_key(
- OSSL_LIB_CTX *ctx,
- uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const char *propq);
-
-/*
- * EdDSA signing.
- *
- * signature (out): The signature.
- * privkey (in): The private key.
- * pubkey (in): The public key.
- * message (in): The message to sign.
- * message_len (in): The length of the message.
- * prehashed (in): Nonzero if the message is actually the hash of something
- * you want to sign.
- * context (in): A "context" for this signature of up to 255 bytes.
- * context_len (in): Length of the context.
- *
- * For Ed25519, it is unsafe to use the same key for both prehashed and
- * non-prehashed messages, at least without some very careful protocol-level
- * disambiguation. For Ed448 it is safe.
- */
-c448_error_t
-ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- size_t context_len,
- const char *propq);
-
-/*
- * EdDSA signing with prehash.
- *
- * signature (out): The signature.
- * privkey (in): The private key.
- * pubkey (in): The public key.
- * hash (in): The hash of the message. This object will not be modified by the
- * call.
- * context (in): A "context" for this signature of up to 255 bytes. Must be the
- * same as what was used for the prehash.
- * context_len (in): Length of the context.
- *
- * For Ed25519, it is unsafe to use the same key for both prehashed and
- * non-prehashed messages, at least without some very careful protocol-level
- * disambiguation. For Ed448 it is safe.
- */
-c448_error_t
-ossl_c448_ed448_sign_prehash(OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t hash[64],
- const uint8_t *context,
- size_t context_len,
- const char *propq);
-
-/*
- * EdDSA signature verification.
- *
- * Uses the standard (i.e. less-strict) verification formula.
- *
- * signature (in): The signature.
- * pubkey (in): The public key.
- * message (in): The message to verify.
- * message_len (in): The length of the message.
- * prehashed (in): Nonzero if the message is actually the hash of something you
- * want to verify.
- * context (in): A "context" for this signature of up to 255 bytes.
- * context_len (in): Length of the context.
- *
- * For Ed25519, it is unsafe to use the same key for both prehashed and
- * non-prehashed messages, at least without some very careful protocol-level
- * disambiguation. For Ed448 it is safe.
- */
-c448_error_t
-ossl_c448_ed448_verify(OSSL_LIB_CTX *ctx,
- const uint8_t
- signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t
- pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- uint8_t context_len,
- const char *propq);
-
-/*
- * EdDSA signature verification.
- *
- * Uses the standard (i.e. less-strict) verification formula.
- *
- * signature (in): The signature.
- * pubkey (in): The public key.
- * hash (in): The hash of the message. This object will not be modified by the
- * call.
- * context (in): A "context" for this signature of up to 255 bytes. Must be the
- * same as what was used for the prehash.
- * context_len (in): Length of the context.
- *
- * For Ed25519, it is unsafe to use the same key for both prehashed and
- * non-prehashed messages, at least without some very careful protocol-level
- * disambiguation. For Ed448 it is safe.
- */
-c448_error_t
-ossl_c448_ed448_verify_prehash(
- OSSL_LIB_CTX *ctx,
- const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t hash[64],
- const uint8_t *context,
- uint8_t context_len,
- const char *propq);
-
/*
* EdDSA point encoding. Used internally, exposed externally.
* Multiplies by C448_EDDSA_ENCODE_RATIO first.
@@ -195,19 +73,4 @@ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
curve448_point_t p,
const uint8_t enc[EDDSA_448_PUBLIC_BYTES]);
-/*
- * EdDSA to ECDH private key conversion
- * Using the appropriate hash function, hash the EdDSA private key
- * and keep only the lower bytes to get the ECDH private key
- *
- * x (out): The ECDH private key as in RFC7748
- * ed (in): The EdDSA private key
- */
-c448_error_t
-ossl_c448_ed448_convert_private_key_to_x448(
- OSSL_LIB_CTX *ctx,
- uint8_t x[X448_PRIVATE_BYTES],
- const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
- const char *propq);
-
#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index f90ee2e82d..bed93c86d4 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -89,22 +89,14 @@ static c448_error_t hash_init_with_dom(OSSL_LIB_CTX *ctx, EVP_MD_CTX *hashctx,
return C448_SUCCESS;
}
-/* In this file because it uses the hash */
-c448_error_t
-ossl_c448_ed448_convert_private_key_to_x448(
- OSSL_LIB_CTX *ctx,
- uint8_t x[X448_PRIVATE_BYTES],
- const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
- const char *propq)
-{
- /* pass the private key through oneshot_hash function */
- /* and keep the first X448_PRIVATE_BYTES bytes */
- return oneshot_hash(ctx, x, X448_PRIVATE_BYTES, ed,
- EDDSA_448_PRIVATE_BYTES, propq);
-}
-
-c448_error_t
-ossl_c448_ed448_derive_public_key(
+/*
+ * EdDSA key generation. This function uses a different (non-Decaf) encoding.
+ *
+ * pubkey (out): The public key.
+ * privkey (in): The private key.
+ */
+static c448_error_t
+c448_ed448_derive_public_key(
OSSL_LIB_CTX *ctx,
uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
@@ -151,8 +143,25 @@ ossl_c448_ed448_derive_public_key(
return C448_SUCCESS;
}
-c448_error_t
-ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx,
+/*
+ * EdDSA signing.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in): The public key.
+ * message (in): The message to sign.
+ * message_len (in): The length of the message.
+ * prehashed (in): Nonzero if the message is actually the hash of something
+ * you want to sign.
+ * context (in): A "context" for this signature of up to 255 bytes.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation. For Ed448 it is safe.
+ */
+static c448_error_t
+c448_ed448_sign(OSSL_LIB_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@@ -259,19 +268,6 @@ err:
return ret;
}
-c448_error_t
-ossl_c448_ed448_sign_prehash(
- OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t hash[64], const uint8_t *context,
- size_t context_len, const char *propq)
-{
- return ossl_c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
- context, context_len, propq);
-}
-
static c448_error_t
c448_ed448_pubkey_verify(const uint8_t *pub, size_t pub_len)
{
@@ -283,8 +279,26 @@ c448_ed448_pubkey_verify(const uint8_t *pub, size_t pub_len)
return ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pub);
}
-c448_error_t
-ossl_c448_ed448_verify(
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * message (in): The message to verify.
+ * message_len (in): The length of the message.
+ * prehashed (in): Nonzero if the message is actually the hash of something you
+ * want to verify.
+ * context (in): A "context" for this signature of up to 255 bytes.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation. For Ed448 it is safe.
+ */
+static c448_error_t
+c448_ed448_verify(
OSSL_LIB_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@@ -365,25 +379,13 @@ ossl_c448_ed448_verify(
return c448_succeed_if(ossl_curve448_point_eq(pk_point, r_point));
}
-c448_error_t
-ossl_c448_ed448_verify_prehash(
- OSSL_LIB_CTX *ctx,
- const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t hash[64], const uint8_t *context,
- uint8_t context_len, const char *propq)
-{
- return ossl_c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
- context_len, propq);
-}
-
int ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig,
const uint8_t *message, size_t message_len,
const uint8_t public_key[57], const uint8_t private_key[57],
const uint8_t *context, size_t context_len,
const uint8_t phflag, const char *propq)
{
- return ossl_c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
+ return c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
message_len, phflag, context, context_len,
propq)
== C448_SUCCESS;
@@ -405,7 +407,7 @@ int ossl_ed448_verify(OSSL_LIB_CTX *ctx,
const uint8_t *context, size_t context_len,
const uint8_t phflag, const char *propq)
{
- return ossl_c448_ed448_verify(ctx, signature, public_key, message,
+ return c448_ed448_verify(ctx, signature, public_key, message,
message_len, phflag, context, (uint8_t)context_len,
propq)
== C448_SUCCESS;
@@ -414,7 +416,7 @@ int ossl_ed448_verify(OSSL_LIB_CTX *ctx,
int ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
const uint8_t private_key[57], const char *propq)
{
- return ossl_c448_ed448_derive_public_key(ctx, out_public_key, private_key,
+ return c448_ed448_derive_public_key(ctx, out_public_key, private_key,
propq)
== C448_SUCCESS;
}