summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/ssl_sigalgs.c22
-rw-r--r--src/lib/libssl/ssl_sigalgs.h3
2 files changed, 23 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
index daf735a8ff..79239ef597 100644
--- a/src/lib/libssl/ssl_sigalgs.c
+++ b/src/lib/libssl/ssl_sigalgs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sigalgs.c,v 1.41 2022/02/05 14:54:10 jsing Exp $ */ 1/* $OpenBSD: ssl_sigalgs.c,v 1.42 2022/06/29 07:53:00 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
@@ -32,11 +32,13 @@ const struct ssl_sigalg sigalgs[] = {
32 .value = SIGALG_RSA_PKCS1_SHA512, 32 .value = SIGALG_RSA_PKCS1_SHA512,
33 .key_type = EVP_PKEY_RSA, 33 .key_type = EVP_PKEY_RSA,
34 .md = EVP_sha512, 34 .md = EVP_sha512,
35 .security_level = 5,
35 }, 36 },
36 { 37 {
37 .value = SIGALG_ECDSA_SECP521R1_SHA512, 38 .value = SIGALG_ECDSA_SECP521R1_SHA512,
38 .key_type = EVP_PKEY_EC, 39 .key_type = EVP_PKEY_EC,
39 .md = EVP_sha512, 40 .md = EVP_sha512,
41 .security_level = 5,
40 .curve_nid = NID_secp521r1, 42 .curve_nid = NID_secp521r1,
41 }, 43 },
42#ifndef OPENSSL_NO_GOST 44#ifndef OPENSSL_NO_GOST
@@ -44,28 +46,33 @@ const struct ssl_sigalg sigalgs[] = {
44 .value = SIGALG_GOSTR12_512_STREEBOG_512, 46 .value = SIGALG_GOSTR12_512_STREEBOG_512,
45 .key_type = EVP_PKEY_GOSTR12_512, 47 .key_type = EVP_PKEY_GOSTR12_512,
46 .md = EVP_streebog512, 48 .md = EVP_streebog512,
49 .security_level = 0,
47 }, 50 },
48#endif 51#endif
49 { 52 {
50 .value = SIGALG_RSA_PKCS1_SHA384, 53 .value = SIGALG_RSA_PKCS1_SHA384,
51 .key_type = EVP_PKEY_RSA, 54 .key_type = EVP_PKEY_RSA,
52 .md = EVP_sha384, 55 .md = EVP_sha384,
56 .security_level = 4,
53 }, 57 },
54 { 58 {
55 .value = SIGALG_ECDSA_SECP384R1_SHA384, 59 .value = SIGALG_ECDSA_SECP384R1_SHA384,
56 .key_type = EVP_PKEY_EC, 60 .key_type = EVP_PKEY_EC,
57 .md = EVP_sha384, 61 .md = EVP_sha384,
62 .security_level = 4,
58 .curve_nid = NID_secp384r1, 63 .curve_nid = NID_secp384r1,
59 }, 64 },
60 { 65 {
61 .value = SIGALG_RSA_PKCS1_SHA256, 66 .value = SIGALG_RSA_PKCS1_SHA256,
62 .key_type = EVP_PKEY_RSA, 67 .key_type = EVP_PKEY_RSA,
63 .md = EVP_sha256, 68 .md = EVP_sha256,
69 .security_level = 3,
64 }, 70 },
65 { 71 {
66 .value = SIGALG_ECDSA_SECP256R1_SHA256, 72 .value = SIGALG_ECDSA_SECP256R1_SHA256,
67 .key_type = EVP_PKEY_EC, 73 .key_type = EVP_PKEY_EC,
68 .md = EVP_sha256, 74 .md = EVP_sha256,
75 .security_level = 3,
69 .curve_nid = NID_X9_62_prime256v1, 76 .curve_nid = NID_X9_62_prime256v1,
70 }, 77 },
71#ifndef OPENSSL_NO_GOST 78#ifndef OPENSSL_NO_GOST
@@ -73,73 +80,86 @@ const struct ssl_sigalg sigalgs[] = {
73 .value = SIGALG_GOSTR12_256_STREEBOG_256, 80 .value = SIGALG_GOSTR12_256_STREEBOG_256,
74 .key_type = EVP_PKEY_GOSTR12_256, 81 .key_type = EVP_PKEY_GOSTR12_256,
75 .md = EVP_streebog256, 82 .md = EVP_streebog256,
83 .security_level = 0,
76 }, 84 },
77 { 85 {
78 .value = SIGALG_GOSTR01_GOST94, 86 .value = SIGALG_GOSTR01_GOST94,
79 .key_type = EVP_PKEY_GOSTR01, 87 .key_type = EVP_PKEY_GOSTR01,
80 .md = EVP_gostr341194, 88 .md = EVP_gostr341194,
89 .security_level = 0, /* XXX */
81 }, 90 },
82#endif 91#endif
83 { 92 {
84 .value = SIGALG_RSA_PSS_RSAE_SHA256, 93 .value = SIGALG_RSA_PSS_RSAE_SHA256,
85 .key_type = EVP_PKEY_RSA, 94 .key_type = EVP_PKEY_RSA,
86 .md = EVP_sha256, 95 .md = EVP_sha256,
96 .security_level = 3,
87 .flags = SIGALG_FLAG_RSA_PSS, 97 .flags = SIGALG_FLAG_RSA_PSS,
88 }, 98 },
89 { 99 {
90 .value = SIGALG_RSA_PSS_RSAE_SHA384, 100 .value = SIGALG_RSA_PSS_RSAE_SHA384,
91 .key_type = EVP_PKEY_RSA, 101 .key_type = EVP_PKEY_RSA,
92 .md = EVP_sha384, 102 .md = EVP_sha384,
103 .security_level = 4,
93 .flags = SIGALG_FLAG_RSA_PSS, 104 .flags = SIGALG_FLAG_RSA_PSS,
94 }, 105 },
95 { 106 {
96 .value = SIGALG_RSA_PSS_RSAE_SHA512, 107 .value = SIGALG_RSA_PSS_RSAE_SHA512,
97 .key_type = EVP_PKEY_RSA, 108 .key_type = EVP_PKEY_RSA,
98 .md = EVP_sha512, 109 .md = EVP_sha512,
110 .security_level = 5,
99 .flags = SIGALG_FLAG_RSA_PSS, 111 .flags = SIGALG_FLAG_RSA_PSS,
100 }, 112 },
101 { 113 {
102 .value = SIGALG_RSA_PSS_PSS_SHA256, 114 .value = SIGALG_RSA_PSS_PSS_SHA256,
103 .key_type = EVP_PKEY_RSA, 115 .key_type = EVP_PKEY_RSA,
104 .md = EVP_sha256, 116 .md = EVP_sha256,
117 .security_level = 3,
105 .flags = SIGALG_FLAG_RSA_PSS, 118 .flags = SIGALG_FLAG_RSA_PSS,
106 }, 119 },
107 { 120 {
108 .value = SIGALG_RSA_PSS_PSS_SHA384, 121 .value = SIGALG_RSA_PSS_PSS_SHA384,
109 .key_type = EVP_PKEY_RSA, 122 .key_type = EVP_PKEY_RSA,
110 .md = EVP_sha384, 123 .md = EVP_sha384,
124 .security_level = 4,
111 .flags = SIGALG_FLAG_RSA_PSS, 125 .flags = SIGALG_FLAG_RSA_PSS,
112 }, 126 },
113 { 127 {
114 .value = SIGALG_RSA_PSS_PSS_SHA512, 128 .value = SIGALG_RSA_PSS_PSS_SHA512,
115 .key_type = EVP_PKEY_RSA, 129 .key_type = EVP_PKEY_RSA,
116 .md = EVP_sha512, 130 .md = EVP_sha512,
131 .security_level = 5,
117 .flags = SIGALG_FLAG_RSA_PSS, 132 .flags = SIGALG_FLAG_RSA_PSS,
118 }, 133 },
119 { 134 {
120 .value = SIGALG_RSA_PKCS1_SHA224, 135 .value = SIGALG_RSA_PKCS1_SHA224,
121 .key_type = EVP_PKEY_RSA, 136 .key_type = EVP_PKEY_RSA,
122 .md = EVP_sha224, 137 .md = EVP_sha224,
138 .security_level = 2,
123 }, 139 },
124 { 140 {
125 .value = SIGALG_ECDSA_SECP224R1_SHA224, 141 .value = SIGALG_ECDSA_SECP224R1_SHA224,
126 .key_type = EVP_PKEY_EC, 142 .key_type = EVP_PKEY_EC,
127 .md = EVP_sha224, 143 .md = EVP_sha224,
144 .security_level = 2,
128 }, 145 },
129 { 146 {
130 .value = SIGALG_RSA_PKCS1_SHA1, 147 .value = SIGALG_RSA_PKCS1_SHA1,
131 .key_type = EVP_PKEY_RSA, 148 .key_type = EVP_PKEY_RSA,
132 .md = EVP_sha1, 149 .md = EVP_sha1,
150 .security_level = 1,
133 }, 151 },
134 { 152 {
135 .value = SIGALG_ECDSA_SHA1, 153 .value = SIGALG_ECDSA_SHA1,
136 .key_type = EVP_PKEY_EC, 154 .key_type = EVP_PKEY_EC,
137 .md = EVP_sha1, 155 .md = EVP_sha1,
156 .security_level = 1,
138 }, 157 },
139 { 158 {
140 .value = SIGALG_RSA_PKCS1_MD5_SHA1, 159 .value = SIGALG_RSA_PKCS1_MD5_SHA1,
141 .key_type = EVP_PKEY_RSA, 160 .key_type = EVP_PKEY_RSA,
142 .md = EVP_md5_sha1, 161 .md = EVP_md5_sha1,
162 .security_level = 1,
143 }, 163 },
144 { 164 {
145 .value = SIGALG_NONE, 165 .value = SIGALG_NONE,
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
index beab11afd6..9f4a3a3c33 100644
--- a/src/lib/libssl/ssl_sigalgs.h
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sigalgs.h,v 1.23 2021/06/29 19:25:59 jsing Exp $ */ 1/* $OpenBSD: ssl_sigalgs.h,v 1.24 2022/06/29 07:53:00 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -64,6 +64,7 @@ struct ssl_sigalg {
64 uint16_t value; 64 uint16_t value;
65 int key_type; 65 int key_type;
66 const EVP_MD *(*md)(void); 66 const EVP_MD *(*md)(void);
67 int security_level;
67 int curve_nid; 68 int curve_nid;
68 int flags; 69 int flags;
69}; 70};
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 23:29:45 +0000