Commit 3d234c9e authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Add Ed25519 signature algorithm 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
parent b04d4e38

ssl/ssl_locl.h

+4 −2
Original line number Diff line number Diff line
@@ -1318,9 +1318,9 @@ typedef struct sigalg_lookup_st { 
    const char *name;

    /* Raw value used in extension */

    uint16_t sigalg;

    /* NID of hash algorithm */

    /* NID of hash algorithm or NID_undef if no hash */

    int hash;

    /* Index of hash algorithm */

    /* Index of hash algorithm or -1 if no hash algorithm */

    int hash_idx;

    /* NID of signature algorithm */

    int sig;
@@ -1849,6 +1849,8 @@ typedef enum downgrade_en { 
#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512       0xefef

#define TLSEXT_SIGALG_gostr34102001_gostr3411                   0xeded



#define TLSEXT_SIGALG_ed25519                                   0x0807



/* Known PSK key exchange modes */

#define TLSEXT_KEX_MODE_KE                                      0x00

#define TLSEXT_KEX_MODE_KE_DHE                                  0x01

ssl/t1_lib.c

+2 −0
Original line number Diff line number Diff line
@@ -673,6 +673,7 @@ static const uint16_t tls12_sigalgs[] = { 
    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,

    TLSEXT_SIGALG_ecdsa_secp384r1_sha384,

    TLSEXT_SIGALG_ecdsa_secp521r1_sha512,

    TLSEXT_SIGALG_ed25519,

#endif



    TLSEXT_SIGALG_rsa_pss_sha256,
@@ -2136,6 +2137,7 @@ void tls1_set_cert_validity(SSL *s) 
    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);

    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);

    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);

    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519);

}



/* User level utility function to check a chain is suitable */