提交 17ae384e 编写于 作者: D Dr. Stephen Henson

Add digest and key indices to table.

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2324)
上级 05b8486e
......@@ -407,6 +407,12 @@
*/
# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1
/*
* TODO(TLS1.3) for now use RSA_SIGN keys for PSS
*/
#define SSL_PKEY_RSA_PSS_SIGN SSL_PKEY_RSA_SIGN
/*-
* SSL_kRSA <- RSA_ENC
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
......@@ -1191,8 +1197,12 @@ typedef struct sigalg_lookup_st {
uint16_t sigalg;
/* NID of hash algorithm */
int hash;
/* Index of hash algorithm */
int hash_idx;
/* NID of signature algorithm */
int sig;
/* Index of signature algorithm */
int sig_idx;
/* Combined hash and signature NID, if any */
int sigandhash;
/* Required public key curve (ECDSA only) */
......
......@@ -708,47 +708,66 @@ static const uint16_t suiteb_sigalgs[] = {
static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
#ifndef OPENSSL_NO_EC
{"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
NID_sha256, EVP_PKEY_EC, NID_ecdsa_with_SHA256, NID_X9_62_prime256v1},
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA256, NID_X9_62_prime256v1},
{"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
NID_sha384, EVP_PKEY_EC, NID_ecdsa_with_SHA384, NID_secp384r1},
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA384, NID_secp384r1},
{"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
NID_sha512, EVP_PKEY_EC, NID_ecdsa_with_SHA512, NID_secp521r1},
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA512, NID_secp521r1},
{NULL, TLSEXT_SIGALG_ecdsa_sha1,
NID_sha1, EVP_PKEY_EC, NID_ecdsa_with_SHA1, NID_undef},
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
NID_ecdsa_with_SHA1, NID_undef},
#endif
{"rsa_pss_sha256", TLSEXT_SIGALG_rsa_pss_sha256,
NID_sha256, EVP_PKEY_RSA_PSS, NID_undef, NID_undef},
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
{"rsa_pss_sha384", TLSEXT_SIGALG_rsa_pss_sha384,
NID_sha384, EVP_PKEY_RSA_PSS, NID_undef, NID_undef},
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
{"rsa_pss_sha512", TLSEXT_SIGALG_rsa_pss_sha512,
NID_sha512, EVP_PKEY_RSA_PSS, NID_undef, NID_undef},
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
NID_undef, NID_undef},
{"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256,
NID_sha256, EVP_PKEY_RSA, NID_sha256WithRSAEncryption, NID_undef},
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA_SIGN,
NID_sha256WithRSAEncryption, NID_undef},
{"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384,
NID_sha384, EVP_PKEY_RSA, NID_sha384WithRSAEncryption, NID_undef},
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA_SIGN,
NID_sha384WithRSAEncryption, NID_undef},
{"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512,
NID_sha512, EVP_PKEY_RSA, NID_sha512WithRSAEncryption, NID_undef},
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA_SIGN,
NID_sha512WithRSAEncryption, NID_undef},
{"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
NID_sha1, EVP_PKEY_RSA, NID_sha1WithRSAEncryption, NID_undef},
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA_SIGN,
NID_sha1WithRSAEncryption, NID_undef},
#ifndef OPENSSL_NO_DSA
{NULL, TLSEXT_SIGALG_dsa_sha256,
NID_sha256, EVP_PKEY_DSA, NID_dsa_with_SHA256, NID_undef},
NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_dsa_with_SHA256, NID_undef},
{NULL, TLSEXT_SIGALG_dsa_sha384,
NID_sha384, EVP_PKEY_DSA, NID_undef, NID_undef},
NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_undef, NID_undef},
{NULL, TLSEXT_SIGALG_dsa_sha512,
NID_sha512, EVP_PKEY_DSA, NID_undef, NID_undef},
NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_undef, NID_undef},
{NULL, TLSEXT_SIGALG_dsa_sha1,
NID_sha1, EVP_PKEY_DSA, NID_dsaWithSHA1, NID_undef},
NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
NID_dsaWithSHA1, NID_undef},
#endif
#ifndef OPENSSL_NO_GOST
{NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
NID_id_GostR3411_2012_256, NID_id_GostR3410_2012_256, NID_undef,
NID_undef},
NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
NID_undef, NID_undef},
{NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
NID_id_GostR3411_2012_512, NID_id_GostR3410_2012_512, NID_undef,
NID_undef},
NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
NID_undef, NID_undef},
{NULL, TLSEXT_SIGALG_gostr34102001_gostr3411,
NID_id_GostR3411_94, NID_id_GostR3410_2001, NID_undef, NID_undef}
NID_id_GostR3411_94, SSL_MD_GOST94_IDX,
NID_id_GostR3410_2001, SSL_PKEY_GOST01,
NID_undef, NID_undef}
#endif
};
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册