{NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */
{NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */
{NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */
- {EVP_PKEY_ED25519, SSL_aECDSA} /* SSL_PKEY_ED25519 */
+ {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */
+ {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */
};
# define SSL_PKEY_GOST12_256 5
# define SSL_PKEY_GOST12_512 6
# define SSL_PKEY_ED25519 7
-# define SSL_PKEY_NUM 8
+# define SSL_PKEY_ED448 8
+# define SSL_PKEY_NUM 9
/*
* Pseudo-constant. GOST cipher suites can use different certs for 1
* SSL_CIPHER. So let's see which one we have in fact.
#define TLSEXT_SIGALG_gostr34102001_gostr3411 0xeded
#define TLSEXT_SIGALG_ed25519 0x0807
+#define TLSEXT_SIGALG_ed448 0x0808
/* Known PSK key exchange modes */
#define TLSEXT_KEX_MODE_KE 0x00
{NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
{NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
{EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
+ {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */
};
static const unsigned char ecformats_default[] = {
static const uint16_t eccurves_default[] = {
29, /* X25519 (29) */
23, /* secp256r1 (23) */
+ 30, /* X448 (30) */
25, /* secp521r1 (25) */
24, /* secp384r1 (24) */
};
TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
TLSEXT_SIGALG_ed25519,
+ TLSEXT_SIGALG_ed448,
#endif
TLSEXT_SIGALG_rsa_pss_pss_sha256,
{"ed25519", TLSEXT_SIGALG_ed25519,
NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
NID_undef, NID_undef},
+ {"ed448", TLSEXT_SIGALG_ed448,
+ NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448,
+ NID_undef, NID_undef},
{NULL, TLSEXT_SIGALG_ecdsa_sha224,
NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA224, NID_undef},
TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */
TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */
TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */
- 0 /* SSL_PKEY_ED25519 */
+ 0, /* SSL_PKEY_ED25519 */
+ 0, /* SSL_PKEY_ED448 */
};
/* Lookup TLS signature algorithm */
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519);
+ tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448);
}
/* User level utility function to check a chain is suitable */
{27, "brainpoolP384r1"},
{28, "brainpoolP512r1"},
{29, "ecdh_x25519"},
+ {30, "ecdh_x448"},
{256, "ffdhe2048"},
{257, "ffdhe3072"},
{258, "ffdhe4096"},
{TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"},
{TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"},
{TLSEXT_SIGALG_ed25519, "ed25519"},
+ {TLSEXT_SIGALG_ed448, "ed448"},
{TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"},
{TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256"},
{TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384"},
projects / oweals / openssl.git / commitdiff