{NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
{NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
{NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
- {NID_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
+ {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
};
static const unsigned char ecformats_default[] = {
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA512, NID_secp521r1},
{"ed25519", TLSEXT_SIGALG_ed25519,
- NID_undef, -1, NID_ED25519, SSL_PKEY_ED25519,
+ NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
NID_undef, NID_undef},
{NULL, TLSEXT_SIGALG_ecdsa_sha224,
NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
return SSL_PKEY_ECC;
- case NID_ED25519:
+ case EVP_PKEY_ED25519:
return SSL_PKEY_ED25519;
#endif
#ifndef OPENSSL_NO_GOST
break;
#endif
#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_ED25519:
case EVP_PKEY_EC:
if (!have_ecdsa && tls12_sigalg_allowed(s, op, lu))
have_ecdsa = 1;
return 0;
}
} else if (!ssl_has_cert(s, idx)) {
- if (al == NULL)
- return 1;
- *al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_TLS_CHOOSE_SIGALG, ERR_R_INTERNAL_ERROR);
- return 0;
+ /* Allow Ed25519 if no EC certificate */
+ if (idx == SSL_PKEY_ECC && ssl_has_cert(s, SSL_PKEY_ED25519)) {
+ idx = SSL_PKEY_ED25519;
+ } else {
+ if (al == NULL)
+ return 1;
+ *al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_TLS_CHOOSE_SIGALG, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
}
} else {
/* Find index for client certificate */
if (lu->sig_idx == idx
&& (curve == -1 || lu->curve == curve))
break;
+ if (idx == SSL_PKEY_ECC && lu->sig == EVP_PKEY_ED25519) {
+ idx = SSL_PKEY_ED25519;
+ break;
+ }
#endif
if (idx == SSL_PKEY_RSA && lu->sig == EVP_PKEY_RSA_PSS)
break;
projects / openssl.git / blobdiff