Lines Matching refs:lu
31 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
1171 const SIGALG_LOOKUP *lu; in ssl_setup_sig_algs() local
1173 = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); in ssl_setup_sig_algs()
1181 for (i = 0, lu = sigalg_lookup_tbl; in ssl_setup_sig_algs()
1182 i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { in ssl_setup_sig_algs()
1185 cache[i] = *lu; in ssl_setup_sig_algs()
1195 if (lu->hash != NID_undef in ssl_setup_sig_algs()
1196 && ctx->ssl_digest_methods[lu->hash_idx] == NULL) { in ssl_setup_sig_algs()
1201 if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { in ssl_setup_sig_algs()
1226 const SIGALG_LOOKUP *lu; in tls1_lookup_sigalg() local
1228 for (i = 0, lu = s->ctx->sigalg_lookup_cache; in tls1_lookup_sigalg()
1231 lu++, i++) { in tls1_lookup_sigalg()
1232 if (lu->sigalg == sigalg) { in tls1_lookup_sigalg()
1233 if (!lu->enabled) in tls1_lookup_sigalg()
1235 return lu; in tls1_lookup_sigalg()
1241 int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd) in tls1_lookup_md() argument
1244 if (lu == NULL) in tls1_lookup_md()
1247 if (lu->hash == NID_undef) { in tls1_lookup_md()
1250 md = ssl_md(ctx, lu->hash_idx); in tls1_lookup_md()
1268 const SIGALG_LOOKUP *lu) in rsa_pss_check_min_key_size() argument
1274 if (!tls1_lookup_md(ctx, lu, &md) || md == NULL) in rsa_pss_check_min_key_size()
1342 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, tls_default_sigalg[idx]); in tls1_get_legacy_sigalg() local
1344 if (lu == NULL) in tls1_get_legacy_sigalg()
1346 if (!tls1_lookup_md(s->ctx, lu, NULL)) in tls1_get_legacy_sigalg()
1348 if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) in tls1_get_legacy_sigalg()
1350 return lu; in tls1_get_legacy_sigalg()
1360 const SIGALG_LOOKUP *lu; in tls1_set_peer_legacy_sigalg() local
1364 lu = tls1_get_legacy_sigalg(s, idx); in tls1_set_peer_legacy_sigalg()
1365 if (lu == NULL) in tls1_set_peer_legacy_sigalg()
1367 s->s3.tmp.peer_sigalg = lu; in tls1_set_peer_legacy_sigalg()
1425 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, sigs[i]); in tls_check_sigalg_curve() local
1427 if (lu == NULL) in tls_check_sigalg_curve()
1429 if (lu->sig == EVP_PKEY_EC in tls_check_sigalg_curve()
1430 && lu->curve != NID_undef in tls_check_sigalg_curve()
1431 && curve == lu->curve) in tls_check_sigalg_curve()
1442 static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu) in sigalg_security_bits() argument
1447 if (!tls1_lookup_md(ctx, lu, &md)) in sigalg_security_bits()
1473 if (lu->sigalg == TLSEXT_SIGALG_ed25519) in sigalg_security_bits()
1475 else if (lu->sigalg == TLSEXT_SIGALG_ed448) in sigalg_security_bits()
1493 const SIGALG_LOOKUP *lu; in tls12_check_peer_sigalg() local
1510 lu = tls1_lookup_sigalg(s, sig); in tls12_check_peer_sigalg()
1515 if (lu == NULL in tls12_check_peer_sigalg()
1516 || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224)) in tls12_check_peer_sigalg()
1517 || (pkeyid != lu->sig in tls12_check_peer_sigalg()
1518 && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) { in tls12_check_peer_sigalg()
1524 || lu->sig_idx != (int)cidx) { in tls12_check_peer_sigalg()
1542 if (lu->curve != NID_undef && curve != lu->curve) { in tls12_check_peer_sigalg()
1575 if (i == sent_sigslen && (lu->hash != NID_sha1 in tls12_check_peer_sigalg()
1580 if (!tls1_lookup_md(s->ctx, lu, &md)) { in tls12_check_peer_sigalg()
1590 secbits = sigalg_security_bits(s->ctx, lu); in tls12_check_peer_sigalg()
1599 s->s3.tmp.peer_sigalg = lu; in tls12_check_peer_sigalg()
1718 const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i); in tls1_set_server_sigalgs() local
1721 if (lu == NULL) in tls1_set_server_sigalgs()
1725 if (lu->sigalg == sent_sigs[j]) { in tls1_set_server_sigalgs()
2071 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) in tls12_sigalg_allowed() argument
2076 if (lu == NULL || !lu->enabled) in tls12_sigalg_allowed()
2079 if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) in tls12_sigalg_allowed()
2086 && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX in tls12_sigalg_allowed()
2087 || lu->hash_idx == SSL_MD_MD5_IDX in tls12_sigalg_allowed()
2088 || lu->hash_idx == SSL_MD_SHA224_IDX)) in tls12_sigalg_allowed()
2092 if (ssl_cert_is_disabled(s->ctx, lu->sig_idx)) in tls12_sigalg_allowed()
2095 if (lu->sig == NID_id_GostR3410_2012_256 in tls12_sigalg_allowed()
2096 || lu->sig == NID_id_GostR3410_2012_512 in tls12_sigalg_allowed()
2097 || lu->sig == NID_id_GostR3410_2001) { in tls12_sigalg_allowed()
2135 secbits = sigalg_security_bits(s->ctx, lu); in tls12_sigalg_allowed()
2136 sigalgstr[0] = (lu->sigalg >> 8) & 0xff; in tls12_sigalg_allowed()
2137 sigalgstr[1] = lu->sigalg & 0xff; in tls12_sigalg_allowed()
2138 return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr); in tls12_sigalg_allowed()
2158 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *sigalgs); in ssl_set_sig_mask() local
2161 if (lu == NULL) in ssl_set_sig_mask()
2164 clu = ssl_cert_lookup_by_idx(lu->sig_idx); in ssl_set_sig_mask()
2170 && tls12_sigalg_allowed(s, op, lu)) in ssl_set_sig_mask()
2183 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *psig); in tls12_copy_sigalgs() local
2185 if (lu == NULL in tls12_copy_sigalgs()
2186 || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) in tls12_copy_sigalgs()
2195 || (lu->sig != EVP_PKEY_RSA in tls12_copy_sigalgs()
2196 && lu->hash != NID_sha1 in tls12_copy_sigalgs()
2197 && lu->hash != NID_sha224))) in tls12_copy_sigalgs()
2213 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *ptmp); in tls12_shared_sigalgs() local
2216 if (lu == NULL in tls12_shared_sigalgs()
2217 || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu)) in tls12_shared_sigalgs()
2223 *shsig++ = lu; in tls12_shared_sigalgs()
2366 const SIGALG_LOOKUP *lu; in SSL_get_sigalgs() local
2375 lu = tls1_lookup_sigalg(s, *psig); in SSL_get_sigalgs()
2377 *psign = lu != NULL ? lu->sig : NID_undef; in SSL_get_sigalgs()
2379 *phash = lu != NULL ? lu->hash : NID_undef; in SSL_get_sigalgs()
2381 *psignhash = lu != NULL ? lu->sigandhash : NID_undef; in SSL_get_sigalgs()
2761 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *p); in tls1_check_chain() local
2763 if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign) in tls1_check_chain()
3068 static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu) in tls12_get_cert_sigalg_idx() argument
3070 int sig_idx = lu->sig_idx; in tls12_get_cert_sigalg_idx()
3092 const SIGALG_LOOKUP *lu; in check_cert_usable() local
3117 lu = tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]); in check_cert_usable()
3118 if (lu == NULL) in check_cert_usable()
3127 if (mdnid == lu->hash && pknid == lu->sig) in check_cert_usable()
3185 const SIGALG_LOOKUP *lu = NULL; in find_sig_alg() local
3192 lu = s->shared_sigalgs[i]; in find_sig_alg()
3195 if (lu->hash == NID_sha1 in find_sig_alg()
3196 || lu->hash == NID_sha224 in find_sig_alg()
3197 || lu->sig == EVP_PKEY_DSA in find_sig_alg()
3198 || lu->sig == EVP_PKEY_RSA) in find_sig_alg()
3201 if (!tls1_lookup_md(s->ctx, lu, NULL)) in find_sig_alg()
3203 if ((pkey == NULL && !has_usable_cert(s, lu, -1)) in find_sig_alg()
3204 || (pkey != NULL && !is_cert_usable(s, lu, x, pkey))) in find_sig_alg()
3208 : s->cert->pkeys[lu->sig_idx].privatekey; in find_sig_alg()
3210 if (lu->sig == EVP_PKEY_EC) { in find_sig_alg()
3213 if (lu->curve != NID_undef && curve != lu->curve) in find_sig_alg()
3215 } else if (lu->sig == EVP_PKEY_RSA_PSS) { in find_sig_alg()
3217 if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu)) in find_sig_alg()
3226 return lu; in find_sig_alg()
3242 const SIGALG_LOOKUP *lu = NULL; in tls_choose_sigalg() local
3249 lu = find_sig_alg(s, NULL, NULL); in tls_choose_sigalg()
3250 if (lu == NULL) { in tls_choose_sigalg()
3279 lu = s->shared_sigalgs[i]; in tls_choose_sigalg()
3282 if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1) in tls_choose_sigalg()
3287 sig_idx = lu->sig_idx; in tls_choose_sigalg()
3292 if (!has_usable_cert(s, lu, sig_idx)) in tls_choose_sigalg()
3294 if (lu->sig == EVP_PKEY_RSA_PSS) { in tls_choose_sigalg()
3298 if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu)) in tls_choose_sigalg()
3301 if (curve == -1 || lu->curve == curve) in tls_choose_sigalg()
3311 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
3319 sig_idx = lu->sig_idx; in tls_choose_sigalg()
3337 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
3348 if (lu->sigalg == *sent_sigs in tls_choose_sigalg()
3349 && has_usable_cert(s, lu, lu->sig_idx)) in tls_choose_sigalg()
3361 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { in tls_choose_sigalg()
3371 sig_idx = lu->sig_idx; in tls_choose_sigalg()
3374 s->s3.tmp.sigalg = lu; in tls_choose_sigalg()