diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2017-01-30 16:05:23 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-01-31 00:03:01 +0000 |
| commit | 17ae384e4995f107f6743ffd61ccb28aed839e1b (patch) | |
| tree | 51500ee80249de915993fc9a40a5f76b81444ae8 /ssl | |
| parent | 05b8486e47c50db658474f9a36eab91cd41d1a13 (diff) | |
Add digest and key indices to table.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_locl.h | 10 | ||||
| -rw-r--r-- | ssl/t1_lib.c | 59 |
2 files changed, 49 insertions, 20 deletions
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index c2139cbd90..69bf8b177c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -407,6 +407,12 @@ */ # define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1 +/* + * TODO(TLS1.3) for now use RSA_SIGN keys for PSS + */ + +#define SSL_PKEY_RSA_PSS_SIGN SSL_PKEY_RSA_SIGN + /*- * SSL_kRSA <- RSA_ENC * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN) @@ -1191,8 +1197,12 @@ typedef struct sigalg_lookup_st { uint16_t sigalg; /* NID of hash algorithm */ int hash; + /* Index of hash algorithm */ + int hash_idx; /* NID of signature algorithm */ int sig; + /* Index of signature algorithm */ + int sig_idx; /* Combined hash and signature NID, if any */ int sigandhash; /* Required public key curve (ECDSA only) */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3e2f07c6c4..18470922d2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -708,47 +708,66 @@ static const uint16_t suiteb_sigalgs[] = { static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { #ifndef OPENSSL_NO_EC {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256, - NID_sha256, EVP_PKEY_EC, NID_ecdsa_with_SHA256, NID_X9_62_prime256v1}, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA256, NID_X9_62_prime256v1}, {"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384, - NID_sha384, EVP_PKEY_EC, NID_ecdsa_with_SHA384, NID_secp384r1}, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA384, NID_secp384r1}, {"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512, - NID_sha512, EVP_PKEY_EC, NID_ecdsa_with_SHA512, NID_secp521r1}, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA512, NID_secp521r1}, {NULL, TLSEXT_SIGALG_ecdsa_sha1, - NID_sha1, EVP_PKEY_EC, NID_ecdsa_with_SHA1, NID_undef}, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, + NID_ecdsa_with_SHA1, NID_undef}, #endif {"rsa_pss_sha256", TLSEXT_SIGALG_rsa_pss_sha256, - NID_sha256, EVP_PKEY_RSA_PSS, NID_undef, NID_undef}, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef}, {"rsa_pss_sha384", TLSEXT_SIGALG_rsa_pss_sha384, - NID_sha384, EVP_PKEY_RSA_PSS, NID_undef, NID_undef}, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef}, {"rsa_pss_sha512", TLSEXT_SIGALG_rsa_pss_sha512, - NID_sha512, EVP_PKEY_RSA_PSS, NID_undef, NID_undef}, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, + NID_undef, NID_undef}, {"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256, - NID_sha256, EVP_PKEY_RSA, NID_sha256WithRSAEncryption, NID_undef}, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA_SIGN, + NID_sha256WithRSAEncryption, NID_undef}, {"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384, - NID_sha384, EVP_PKEY_RSA, NID_sha384WithRSAEncryption, NID_undef}, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA_SIGN, + NID_sha384WithRSAEncryption, NID_undef}, {"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512, - NID_sha512, EVP_PKEY_RSA, NID_sha512WithRSAEncryption, NID_undef}, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA_SIGN, + NID_sha512WithRSAEncryption, NID_undef}, {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1, - NID_sha1, EVP_PKEY_RSA, NID_sha1WithRSAEncryption, NID_undef}, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA_SIGN, + NID_sha1WithRSAEncryption, NID_undef}, #ifndef OPENSSL_NO_DSA {NULL, TLSEXT_SIGALG_dsa_sha256, - NID_sha256, EVP_PKEY_DSA, NID_dsa_with_SHA256, NID_undef}, + NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_dsa_with_SHA256, NID_undef}, {NULL, TLSEXT_SIGALG_dsa_sha384, - NID_sha384, EVP_PKEY_DSA, NID_undef, NID_undef}, + NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef}, {NULL, TLSEXT_SIGALG_dsa_sha512, - NID_sha512, EVP_PKEY_DSA, NID_undef, NID_undef}, + NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_undef, NID_undef}, {NULL, TLSEXT_SIGALG_dsa_sha1, - NID_sha1, EVP_PKEY_DSA, NID_dsaWithSHA1, NID_undef}, + NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, + NID_dsaWithSHA1, NID_undef}, #endif #ifndef OPENSSL_NO_GOST {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, - NID_id_GostR3411_2012_256, NID_id_GostR3410_2012_256, NID_undef, - NID_undef}, + NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, + NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, + NID_undef, NID_undef}, {NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, - NID_id_GostR3411_2012_512, NID_id_GostR3410_2012_512, NID_undef, - NID_undef}, + NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, + NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, + NID_undef, NID_undef}, {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, - NID_id_GostR3411_94, NID_id_GostR3410_2001, NID_undef, NID_undef} + NID_id_GostR3411_94, SSL_MD_GOST94_IDX, + NID_id_GostR3410_2001, SSL_PKEY_GOST01, + NID_undef, NID_undef} #endif }; |