• Filippo Valsorda's avatar
    crypto/tls: add support for Ed25519 certificates in TLS 1.2 and 1.3 · f3533858
    Filippo Valsorda authored
    Support for Ed25519 certificates was added in CL 175478, this wires them
    up into the TLS stack according to RFC 8422 (TLS 1.2) and RFC 8446 (TLS 1.3).
    
    RFC 8422 also specifies support for TLS 1.0 and 1.1, and I initially
    implemented that, but even OpenSSL doesn't take the complexity, so I
    just dropped it. It would have required keeping a buffer of the
    handshake transcript in order to do the direct Ed25519 signatures. We
    effectively need to support TLS 1.2 because it shares ClientHello
    signature algorithms with TLS 1.3.
    
    While at it, reordered the advertised signature algorithms in the rough
    order we would want to use them, also based on what curves have fast
    constant-time implementations.
    
    Client and client auth tests changed because of the change in advertised
    signature algorithms in ClientHello and CertificateRequest.
    
    Fixes #25355
    
    Change-Id: I9fdd839afde4fd6b13fcbc5cc7017fd8c35085ee
    Reviewed-on: https://go-review.googlesource.com/c/go/+/177698
    Run-TryBot: Filippo Valsorda <filippo@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    Reviewed-by: default avatarAdam Langley <agl@golang.org>
    f3533858
Client-TLSv12-ClientCert-RSA-RSAPSS 10.1 KB