Commit 0e1d6ecf authored by Matt Caswell's avatar Matt Caswell
Browse files

Add X448/Ed448 support to libssl 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5470)
parent 24c34608

apps/s_cb.c

+3 −0
Original line number Diff line number Diff line
@@ -231,6 +231,9 @@ static const char *get_sigtype(int nid) 
     case NID_ED25519:

        return "Ed25519";



     case NID_ED448:

        return "Ed448";



    default:

        return NULL;

    }

ssl/ssl_cert_table.h

+2 −1
Original line number Diff line number Diff line
@@ -18,5 +18,6 @@ static const SSL_CERT_LOOKUP ssl_cert_info [] = { 
    {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */

    {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */

    {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */

    {EVP_PKEY_ED25519, SSL_aECDSA} /* SSL_PKEY_ED25519 */

    {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */

    {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */

};

ssl/ssl_lib.c

+6 −0
Original line number Diff line number Diff line
@@ -3258,6 +3258,12 @@ void ssl_set_masks(SSL *s) 
            && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN

            && TLS1_get_version(s) == TLS1_2_VERSION)

            mask_a |= SSL_aECDSA;



    /* Allow Ed448 for TLS 1.2 if peer supports it */

    if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)

            && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN

            && TLS1_get_version(s) == TLS1_2_VERSION)

            mask_a |= SSL_aECDSA;

#endif



#ifndef OPENSSL_NO_EC

ssl/ssl_locl.h

+3 −1
Original line number Diff line number Diff line
@@ -381,7 +381,8 @@ 
# define SSL_PKEY_GOST12_256     5

# define SSL_PKEY_GOST12_512     6

# define SSL_PKEY_ED25519        7

# define SSL_PKEY_NUM            8

# define SSL_PKEY_ED448          8

# define SSL_PKEY_NUM            9

/*

 * Pseudo-constant. GOST cipher suites can use different certs for 1

 * SSL_CIPHER. So let's see which one we have in fact.
@@ -1962,6 +1963,7 @@ typedef enum downgrade_en { 
#define TLSEXT_SIGALG_gostr34102001_gostr3411                   0xeded



#define TLSEXT_SIGALG_ed25519                                   0x0807

#define TLSEXT_SIGALG_ed448                                     0x0808



/* Known PSK key exchange modes */

#define TLSEXT_KEX_MODE_KE                                      0x00

ssl/t1_lib.c

+9 −1
Original line number Diff line number Diff line
@@ -165,6 +165,7 @@ static const TLS_GROUP_INFO nid_list[] = { 
    {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */

    {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */

    {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */

    {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */

};



static const unsigned char ecformats_default[] = {
@@ -177,6 +178,7 @@ static const unsigned char ecformats_default[] = { 
static const uint16_t eccurves_default[] = {

    29,                      /* X25519 (29) */

    23,                      /* secp256r1 (23) */

    30,                      /* X448 (30) */

    25,                      /* secp521r1 (25) */

    24,                      /* secp384r1 (24) */

};
@@ -622,6 +624,7 @@ static const uint16_t tls12_sigalgs[] = { 
    TLSEXT_SIGALG_ecdsa_secp384r1_sha384,

    TLSEXT_SIGALG_ecdsa_secp521r1_sha512,

    TLSEXT_SIGALG_ed25519,

    TLSEXT_SIGALG_ed448,

#endif



    TLSEXT_SIGALG_rsa_pss_pss_sha256,
@@ -672,6 +675,9 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { 
    {"ed25519", TLSEXT_SIGALG_ed25519,

     NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,

     NID_undef, NID_undef},

    {"ed448", TLSEXT_SIGALG_ed448,

     NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448,

     NID_undef, NID_undef},

    {NULL, TLSEXT_SIGALG_ecdsa_sha224,

     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,

     NID_ecdsa_with_SHA224, NID_undef},
@@ -764,7 +770,8 @@ static const uint16_t tls_default_sigalg[] = { 
    TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */

    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */

    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */

    0 /* SSL_PKEY_ED25519 */

    0, /* SSL_PKEY_ED25519 */

    0, /* SSL_PKEY_ED448 */

};



/* Lookup TLS signature algorithm */
@@ -2180,6 +2187,7 @@ void tls1_set_cert_validity(SSL *s) 
    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);

    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);

    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519);

    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448);

}



/* User level utility function to check a chain is suitable */