Finish ed25519 and ed448 support in x509 module (#4972)

* Support ed25519 in csr/crl creation

* Tests for ed25519/x509

* Support ed448 in crt/csr/crl creation

* Tests for ed448/x509

* Support ed25519/ed448 in OCSPResponseBuilder

* Tests for eddsa in OCSPResponseBuilder

* Builder check missing in create_x509_csr

* Documentation update for ed25519+ed448 in x509

1 files changed, 8 insertions, 1 deletions

diff --git a/src/cryptography/x509/ocsp.py b/src/cryptography/x509/ocsp.py
index aae9b626..b15063d1 100644
--- a/src/cryptography/x509/ocsp.py
+++ b/src/cryptography/x509/ocsp.py
@@ -12,6 +12,7 @@ import six
 
 from cryptography import x509
 from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import ed25519, ed448
 from cryptography.x509.base import (
     _EARLIEST_UTC_TIME, _convert_to_naive_utc_time, _reject_duplicate_extension
 )
@@ -241,7 +242,13 @@ class OCSPResponseBuilder(object):
         if self._responder_id is None:
             raise ValueError("You must add a responder_id before signing")
 
-        if not isinstance(algorithm, hashes.HashAlgorithm):
+        if isinstance(private_key,
+                      (ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey)):
+            if algorithm is not None:
+                raise ValueError(
+                    "algorithm must be None when signing via ed25519 or ed448"
+                )
+        elif not isinstance(algorithm, hashes.HashAlgorithm):
             raise TypeError("Algorithm must be a registered hash algorithm.")
 
         return backend.create_ocsp_response(