From: Dr. Stephen Henson Date: Wed, 24 May 2017 20:56:38 +0000 (+0100) Subject: Add Ed25519 signature algorithm X-Git-Tag: OpenSSL_1_1_1-pre1~1266 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=3d234c9e5c88b8d5ac21c1c49a32cb4644616623 Add Ed25519 signature algorithm Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3585) --- diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 4607bc7904..a368870197 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1318,9 +1318,9 @@ typedef struct sigalg_lookup_st { const char *name; /* Raw value used in extension */ uint16_t sigalg; - /* NID of hash algorithm */ + /* NID of hash algorithm or NID_undef if no hash */ int hash; - /* Index of hash algorithm */ + /* Index of hash algorithm or -1 if no hash algorithm */ int hash_idx; /* NID of signature algorithm */ int sig; @@ -1849,6 +1849,8 @@ typedef enum downgrade_en { #define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 0xefef #define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded +#define TLSEXT_SIGALG_ed25519 0x0807 + /* Known PSK key exchange modes */ #define TLSEXT_KEX_MODE_KE 0x00 #define TLSEXT_KEX_MODE_KE_DHE 0x01 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1324a31f1f..64e5ae6d8e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -673,6 +673,7 @@ static const uint16_t tls12_sigalgs[] = { TLSEXT_SIGALG_ecdsa_secp256r1_sha256, TLSEXT_SIGALG_ecdsa_secp384r1_sha384, TLSEXT_SIGALG_ecdsa_secp521r1_sha512, + TLSEXT_SIGALG_ed25519, #endif TLSEXT_SIGALG_rsa_pss_sha256, @@ -2136,6 +2137,7 @@ void tls1_set_cert_validity(SSL *s) tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256); tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512); + tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519); } /* User level utility function to check a chain is suitable */