🔑 Support Ed25519 for LibreSSL 3.7.1+ (#407)

rnouri-steinberg · prince-chrismc · web-flow · commit 971b897d7b51 · 2026-02-16T21:02:20.000-08:00
* Support Ed25519 for LibreSSL 3.7.1+

* fix EdDSACertificate error code test for new implementation

---------

Co-authored-by: Chris McArthur &lt;prince.chrismc@gmail.com&gt;
diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h
@@ -57,7 +57,9 @@
 #endif
 
 #if defined(LIBRESSL_VERSION_NUMBER)
-#if LIBRESSL_VERSION_NUMBER >= 0x3050300fL
+#if LIBRESSL_VERSION_NUMBER >= 0x3070100fL // 3.7.1 - EdDSA support
+#define JWT_OPENSSL_1_1_1
+#elif LIBRESSL_VERSION_NUMBER >= 0x3050300fL // 3.5.3
 #define JWT_OPENSSL_1_1_0
 #else
 #define JWT_OPENSSL_1_0_0
@@ -1806,6 +1808,7 @@ namespace jwt {
 		 *
 		 * The EdDSA algorithms were introduced in [OpenSSL v1.1.1](https://www.openssl.org/news/openssl-1.1.1-notes.html),
 		 * so these algorithms are only available when building against this version or higher.
+		 * LibreSSL added EdDSA (Ed25519) functionality in [LibreSSL 3.7.1](https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.1-relnotes.txt)
 		 */
 		struct eddsa {
 			/**
@@ -1849,10 +1852,9 @@ namespace jwt {
 				size_t len = EVP_PKEY_size(pkey.get());
 				std::string res(len, '\0');
 
-// LibreSSL is the special kid in the block, as it does not support EVP_DigestSign.
-// OpenSSL on the otherhand does not support using EVP_DigestSignUpdate for eddsa, which is why we end up with this
-// mess.
-#if defined(LIBRESSL_VERSION_NUMBER) || defined(LIBWOLFSSL_VERSION_HEX)
+// LibreSSL and OpenSSL, require the oneshot EVP_DigestSign API.
+// wolfSSL uses the Update/Final pattern.
+#if defined(LIBWOLFSSL_VERSION_HEX)
 				ERR_clear_error();
 				if (EVP_DigestSignUpdate(ctx.get(), reinterpret_cast<const unsigned char*>(data.data()), data.size()) !=
 					1) {
@@ -1893,10 +1895,9 @@ namespace jwt {
 					ec = error::signature_verification_error::verifyinit_failed;
 					return;
 				}
-// LibreSSL is the special kid in the block, as it does not support EVP_DigestVerify.
-// OpenSSL on the otherhand does not support using EVP_DigestVerifyUpdate for eddsa, which is why we end up with this
-// mess.
-#if defined(LIBRESSL_VERSION_NUMBER) || defined(LIBWOLFSSL_VERSION_HEX)
+// LibreSSL and OpenSSL, require the oneshot EVP_DigestVerify API.
+// wolfSSL uses the Update/Final pattern.
+#if defined(LIBWOLFSSL_VERSION_HEX)
 				if (EVP_DigestVerifyUpdate(ctx.get(), reinterpret_cast<const unsigned char*>(data.data()),
 										   data.size()) != 1) {
 					ec = error::signature_verification_error::verifyupdate_failed;
@@ -2210,7 +2211,7 @@ namespace jwt {
 		 *
 		 * https://en.wikipedia.org/wiki/EdDSA#Ed25519
 		 *
-		 * Requires at least OpenSSL 1.1.1.
+		 * Requires at least OpenSSL 1.1.1 or LibreSSL 3.7.1.
 		 */
 		struct ed25519 : public eddsa {
 			/**
@@ -2227,12 +2228,13 @@ namespace jwt {
 				: eddsa(public_key, private_key, public_key_password, private_key_password, "EdDSA") {}
 		};
 
+#if !defined(LIBRESSL_VERSION_NUMBER)
 		/**
 		 * Ed448 algorithm
 		 *
 		 * https://en.wikipedia.org/wiki/EdDSA#Ed448
 		 *
-		 * Requires at least OpenSSL 1.1.1.
+		 * Requires at least OpenSSL 1.1.1. Note: Not supported by LibreSSL.
 		 */
 		struct ed448 : public eddsa {
 			/**
@@ -2248,7 +2250,8 @@ namespace jwt {
 						   const std::string& public_key_password = "", const std::string& private_key_password = "")
 				: eddsa(public_key, private_key, public_key_password, private_key_password, "EdDSA") {}
 		};
-#endif
+#endif // !LIBRESSL_VERSION_NUMBER
+#endif // !JWT_OPENSSL_1_0_0 && !JWT_OPENSSL_1_1_0
 
 		/**
 		 * PS256 algorithm
diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp
@@ -1346,16 +1346,23 @@ TEST(OpenSSLErrorTest, EdDSAKey) {
 }
 
 TEST(OpenSSLErrorTest, EdDSACertificate) {
-	std::vector<multitest_entry> mapping{// load_public_key_from_string
-										 {&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed},
-										 {&fail_BIO_write, 1, jwt::error::rsa_error::load_key_bio_write},
-										 {&fail_PEM_read_bio_PUBKEY, 1, jwt::error::rsa_error::load_key_bio_read},
-										 // extract_pubkey_from_cert
-										 {&fail_BIO_new, 2, jwt::error::rsa_error::create_mem_bio_failed},
-										 {&fail_PEM_read_bio_X509, 1, jwt::error::rsa_error::cert_load_failed},
-										 {&fail_X509_get_pubkey, 1, jwt::error::rsa_error::get_key_failed},
-										 {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::write_key_failed},
-										 {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}};
+	std::vector<multitest_entry> mapping {
+		// load_public_key_from_string
+		{&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed},
+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x3070100fL // 3.7.1 - EdDSA support
+			{&fail_BIO_write, 1, jwt::error::rsa_error::load_key_bio_write},
+#else
+			{&fail_BIO_write, 1, jwt::error::rsa_error::write_key_failed},
+#endif
+			{&fail_PEM_read_bio_PUBKEY, 1, jwt::error::rsa_error::load_key_bio_read},
+			// extract_pubkey_from_cert
+			{&fail_BIO_new, 2, jwt::error::rsa_error::create_mem_bio_failed},
+			{&fail_PEM_read_bio_X509, 1, jwt::error::rsa_error::cert_load_failed},
+			{&fail_X509_get_pubkey, 1, jwt::error::rsa_error::get_key_failed},
+			{&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::write_key_failed}, {
+			&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed
+		}
+	};
 
 	run_multitest(mapping, [](std::error_code& ec) {
 		try {
diff --git a/tests/TokenTest.cpp b/tests/TokenTest.cpp
@@ -279,6 +279,7 @@ TEST(TokenTest, CreateTokenEd25519) {
 		jwt::verify().allow_algorithm(jwt::algorithm::ed25519(ed25519_pub_key, "", "", "")).verify(decoded));
 }
 
+#if !defined(LIBRESSL_VERSION_NUMBER)
 TEST(TokenTest, CreateTokenEd448) {
 
 	auto token =
@@ -291,7 +292,8 @@ TEST(TokenTest, CreateTokenEd448) {
 		jwt::error::signature_verification_exception);
 	ASSERT_NO_THROW(jwt::verify().allow_algorithm(jwt::algorithm::ed448(ed448_pub_key, "", "", "")).verify(decoded));
 }
-#endif
+#endif // !LIBRESSL_VERSION_NUMBER
+#endif // !JWT_OPENSSL_1_0_0 && !JWT_OPENSSL_1_1_0
 
 TEST(TokenTest, VerifyTokenWrongAlgorithm) {
 	std::string token =
@@ -779,6 +781,7 @@ TEST(TokenTest, VerifyTokenEd25519Fail) {
 	ASSERT_THROW(verify.verify(decoded_token), jwt::error::signature_verification_exception);
 }
 
+#if !defined(LIBRESSL_VERSION_NUMBER)
 TEST(TokenTest, VerifyTokenEd448) {
 	const std::string token =
 		"eyJhbGciOiJFZERTQSIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.Aldes9jrXZXxfNjuovqmIZ3r2WF4yVXVr2Q8B8SkAmv"
@@ -802,7 +805,8 @@ TEST(TokenTest, VerifyTokenEd448Fail) {
 
 	ASSERT_THROW(verify.verify(decoded_token), jwt::error::signature_verification_exception);
 }
-#endif
+#endif // !LIBRESSL_VERSION_NUMBER
+#endif // !JWT_OPENSSL_1_0_0 && !JWT_OPENSSL_1_1_0
 
 struct test_clock {
 	jwt::date n;
