Add Ed25519 signature algorithm
authorDr. Stephen Henson <steve@openssl.org>
Wed, 24 May 2017 20:56:38 +0000 (21:56 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 21 Jun 2017 13:11:01 +0000 (14:11 +0100)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)

ssl/ssl_locl.h
ssl/t1_lib.c

index 4607bc7..a368870 100644 (file)
@@ -1318,9 +1318,9 @@ typedef struct sigalg_lookup_st {
     const char *name;
     /* Raw value used in extension */
     uint16_t sigalg;
-    /* NID of hash algorithm */
+    /* NID of hash algorithm or NID_undef if no hash */
     int hash;
-    /* Index of hash algorithm */
+    /* Index of hash algorithm or -1 if no hash algorithm */
     int hash_idx;
     /* NID of signature algorithm */
     int sig;
@@ -1849,6 +1849,8 @@ typedef enum downgrade_en {
 #define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512       0xefef
 #define TLSEXT_SIGALG_gostr34102001_gostr3411                   0xeded
 
+#define TLSEXT_SIGALG_ed25519                                   0x0807
+
 /* Known PSK key exchange modes */
 #define TLSEXT_KEX_MODE_KE                                      0x00
 #define TLSEXT_KEX_MODE_KE_DHE                                  0x01
index 1324a31..64e5ae6 100644 (file)
@@ -673,6 +673,7 @@ static const uint16_t tls12_sigalgs[] = {
     TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
     TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
     TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+    TLSEXT_SIGALG_ed25519,
 #endif
 
     TLSEXT_SIGALG_rsa_pss_sha256,
@@ -2136,6 +2137,7 @@ void tls1_set_cert_validity(SSL *s)
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519);
 }
 
 /* User level utility function to check a chain is suitable */