Support Ed25519 in TLS.
This only works at TLS 1.2 and above as, before TLS 1.2, there is no way
to advertise support for Ed25519 or negotiate the correct signature
algorithm. Add tests for this accordingly.
For now, this is disabled by default on the verifying side but may be
enabled per SSL_CTX. Notably, projects like Chromium which use an
external verifier may need changes elsewhere before they can enable it.
(On the signing side, we can assume that if the caller gave us an
Ed25519 certificate, they mean for us to use it.)
BUG=187
Change-Id: Id25b0a677dcbe205ddd26d8dbba11c04bb520756
Reviewed-on: https://boringssl-review.googlesource.com/14450
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index 500cb9d..af33458 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@@ -555,23 +555,10 @@
CBB sigalgs_cbb;
if (!ssl->method->init_message(ssl, &cbb, &body,
SSL3_MT_CERTIFICATE_REQUEST) ||
- !CBB_add_u8(&body, 0 /* no certificate_request_context. */)) {
- goto err;
- }
-
- const uint16_t *sigalgs;
- size_t num_sigalgs = tls12_get_verify_sigalgs(ssl, &sigalgs);
- if (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb)) {
- goto err;
- }
-
- for (size_t i = 0; i < num_sigalgs; i++) {
- if (!CBB_add_u16(&sigalgs_cbb, sigalgs[i])) {
- goto err;
- }
- }
-
- if (!ssl_add_client_CA_list(ssl, &body) ||
+ !CBB_add_u8(&body, 0 /* no certificate_request_context. */) ||
+ !CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
+ !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb) ||
+ !ssl_add_client_CA_list(ssl, &body) ||
!CBB_add_u16(&body, 0 /* empty certificate_extensions. */) ||
!ssl_add_message_cbb(ssl, &cbb)) {
goto err;