Lines Matching refs:lu
25 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
813 int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd) in tls1_lookup_md() argument
816 if (lu == NULL) in tls1_lookup_md()
819 if (lu->hash == NID_undef) { in tls1_lookup_md()
822 md = ssl_md(lu->hash_idx); in tls1_lookup_md()
839 static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu) in rsa_pss_check_min_key_size() argument
845 if (!tls1_lookup_md(lu, &md) || md == NULL) in rsa_pss_check_min_key_size()
896 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]); in tls1_get_legacy_sigalg() local
898 if (!tls1_lookup_md(lu, NULL)) in tls1_get_legacy_sigalg()
900 if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) in tls1_get_legacy_sigalg()
902 return lu; in tls1_get_legacy_sigalg()
912 const SIGALG_LOOKUP *lu; in tls1_set_peer_legacy_sigalg() local
916 lu = tls1_get_legacy_sigalg(s, idx); in tls1_set_peer_legacy_sigalg()
917 if (lu == NULL) in tls1_set_peer_legacy_sigalg()
919 s->s3->tmp.peer_sigalg = lu; in tls1_set_peer_legacy_sigalg()
980 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]); in tls_check_sigalg_curve() local
982 if (lu == NULL) in tls_check_sigalg_curve()
984 if (lu->sig == EVP_PKEY_EC in tls_check_sigalg_curve()
985 && lu->curve != NID_undef in tls_check_sigalg_curve()
986 && curve == lu->curve) in tls_check_sigalg_curve()
998 static int sigalg_security_bits(const SIGALG_LOOKUP *lu) in sigalg_security_bits() argument
1003 if (!tls1_lookup_md(lu, &md)) in sigalg_security_bits()
1011 if (lu->sigalg == TLSEXT_SIGALG_ed25519) in sigalg_security_bits()
1013 else if (lu->sigalg == TLSEXT_SIGALG_ed448) in sigalg_security_bits()
1031 const SIGALG_LOOKUP *lu; in tls12_check_peer_sigalg() local
1048 lu = tls1_lookup_sigalg(sig); in tls12_check_peer_sigalg()
1053 if (lu == NULL in tls12_check_peer_sigalg()
1054 || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) in tls12_check_peer_sigalg()
1055 || (pkeyid != lu->sig in tls12_check_peer_sigalg()
1056 && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { in tls12_check_peer_sigalg()
1063 || lu->sig_idx != (int)cidx) { in tls12_check_peer_sigalg()
1085 if (lu->curve != NID_undef && curve != lu->curve) { in tls12_check_peer_sigalg()
1123 if (i == sent_sigslen && (lu->hash != NID_sha1 in tls12_check_peer_sigalg()
1129 if (!tls1_lookup_md(lu, &md)) { in tls12_check_peer_sigalg()
1140 secbits = sigalg_security_bits(lu); in tls12_check_peer_sigalg()
1150 s->s3->tmp.peer_sigalg = lu; in tls12_check_peer_sigalg()
1269 const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i); in tls1_set_server_sigalgs() local
1272 if (lu == NULL) in tls1_set_server_sigalgs()
1276 if (lu->sigalg == sent_sigs[j]) { in tls1_set_server_sigalgs()
1593 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) in tls12_sigalg_allowed() argument
1599 if (!tls1_lookup_md(lu, NULL)) in tls12_sigalg_allowed()
1602 if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) in tls12_sigalg_allowed()
1606 && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX in tls12_sigalg_allowed()
1607 || lu->hash_idx == SSL_MD_MD5_IDX in tls12_sigalg_allowed()
1608 || lu->hash_idx == SSL_MD_SHA224_IDX)) in tls12_sigalg_allowed()
1612 if (ssl_cert_is_disabled(lu->sig_idx)) in tls12_sigalg_allowed()
1615 if (lu->sig == NID_id_GostR3410_2012_256 in tls12_sigalg_allowed()
1616 || lu->sig == NID_id_GostR3410_2012_512 in tls12_sigalg_allowed()
1617 || lu->sig == NID_id_GostR3410_2001) { in tls12_sigalg_allowed()
1655 secbits = sigalg_security_bits(lu); in tls12_sigalg_allowed()
1656 sigalgstr[0] = (lu->sigalg >> 8) & 0xff; in tls12_sigalg_allowed()
1657 sigalgstr[1] = lu->sigalg & 0xff; in tls12_sigalg_allowed()
1658 return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr); in tls12_sigalg_allowed()
1678 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs); in ssl_set_sig_mask() local
1681 if (lu == NULL) in ssl_set_sig_mask()
1684 clu = ssl_cert_lookup_by_idx(lu->sig_idx); in ssl_set_sig_mask()
1690 && tls12_sigalg_allowed(s, op, lu)) in ssl_set_sig_mask()
1703 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*psig); in tls12_copy_sigalgs() local
1705 if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) in tls12_copy_sigalgs()
1714 || (lu->sig != EVP_PKEY_RSA in tls12_copy_sigalgs()
1715 && lu->hash != NID_sha1 in tls12_copy_sigalgs()
1716 && lu->hash != NID_sha224))) in tls12_copy_sigalgs()
1732 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*ptmp); in tls12_shared_sigalgs() local
1735 if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu)) in tls12_shared_sigalgs()
1741 *shsig++ = lu; in tls12_shared_sigalgs()
1884 const SIGALG_LOOKUP *lu; in SSL_get_sigalgs() local
1893 lu = tls1_lookup_sigalg(*psig); in SSL_get_sigalgs()
1895 *psign = lu != NULL ? lu->sig : NID_undef; in SSL_get_sigalgs()
1897 *phash = lu != NULL ? lu->hash : NID_undef; in SSL_get_sigalgs()
1899 *psignhash = lu != NULL ? lu->sigandhash : NID_undef; in SSL_get_sigalgs()
2279 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*p); in tls1_check_chain() local
2281 if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign) in tls1_check_chain()
2580 static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) in tls12_get_cert_sigalg_idx() argument
2582 int sig_idx = lu->sig_idx; in tls12_get_cert_sigalg_idx()
2604 const SIGALG_LOOKUP *lu; in check_cert_usable() local
2620 lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]); in check_cert_usable()
2621 if (lu == NULL in check_cert_usable()
2630 if (mdnid == lu->hash && pknid == lu->sig) in check_cert_usable()
2683 const SIGALG_LOOKUP *lu = NULL; in find_sig_alg() local
2692 lu = s->shared_sigalgs[i]; in find_sig_alg()
2695 if (lu->hash == NID_sha1 in find_sig_alg()
2696 || lu->hash == NID_sha224 in find_sig_alg()
2697 || lu->sig == EVP_PKEY_DSA in find_sig_alg()
2698 || lu->sig == EVP_PKEY_RSA) in find_sig_alg()
2701 if (!tls1_lookup_md(lu, NULL)) in find_sig_alg()
2703 if ((pkey == NULL && !has_usable_cert(s, lu, -1)) in find_sig_alg()
2704 || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) in find_sig_alg()
2708 : s->cert->pkeys[lu->sig_idx].privatekey; in find_sig_alg()
2710 if (lu->sig == EVP_PKEY_EC) { in find_sig_alg()
2716 if (lu->curve != NID_undef && curve != lu->curve) in find_sig_alg()
2721 } else if (lu->sig == EVP_PKEY_RSA_PSS) { in find_sig_alg()
2723 if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(tmppkey), lu)) in find_sig_alg()
2732 return lu; in find_sig_alg()
2748 const SIGALG_LOOKUP *lu = NULL; in tls_choose_sigalg() local
2755 lu = find_sig_alg(s, NULL, NULL); in tls_choose_sigalg()
2756 if (lu == NULL) { in tls_choose_sigalg()
2790 lu = s->shared_sigalgs[i]; in tls_choose_sigalg()
2793 if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1) in tls_choose_sigalg()
2798 sig_idx = lu->sig_idx; in tls_choose_sigalg()
2803 if (!has_usable_cert(s, lu, sig_idx)) in tls_choose_sigalg()
2805 if (lu->sig == EVP_PKEY_RSA_PSS) { in tls_choose_sigalg()
2809 if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu)) in tls_choose_sigalg()
2813 if (curve == -1 || lu->curve == curve) in tls_choose_sigalg()
2824 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
2833 sig_idx = lu->sig_idx; in tls_choose_sigalg()
2852 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
2863 if (lu->sigalg == *sent_sigs in tls_choose_sigalg()
2864 && has_usable_cert(s, lu, lu->sig_idx)) in tls_choose_sigalg()
2877 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
2887 sig_idx = lu->sig_idx; in tls_choose_sigalg()
2890 s->s3->tmp.sigalg = lu; in tls_choose_sigalg()