1 files changed, 291 insertions, 125 deletions
diff --git a/src/lib/libcrypto/objects/obj_xref.c b/src/lib/libcrypto/objects/obj_xref.c
index ac1459c123..7cd3141d14 100644
--- a/src/lib/libcrypto/objects/obj_xref.c
+++ b/src/lib/libcrypto/objects/obj_xref.c
@@ -1,147 +1,313 @@
-/* $OpenBSD: obj_xref.c,v 1.10 2023/07/22 18:12:09 tb Exp $ */
+/*      $OpenBSD: obj_xref.c,v 1.11 2023/07/22 18:32:05 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
+/*
- */
+ * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
 *
- * This product includes cryptographic software written by Eric Young
+ * Permission to use, copy, modify, and distribute this software for any
- * (eay@cryptsoft.com).  This product includes software written by Tim
+ * purpose with or without fee is hereby granted, provided that the above
- * Hudson (tjh@cryptsoft.com).
+ * copyright notice and this permission notice appear in all copies.
 *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
 #include <openssl/objects.h>
-#include "obj_xref.h"
-DECLARE_STACK_OF(nid_triple)
+/*
+ * Map between signature nids and pairs of (hash, pkey) nids. If the hash nid
-static int
+ * is NID_undef, this indicates to ASN1_item_{sign,verify}() that the pkey's
-sig_cmp(const nid_triple *a, const nid_triple *b)
+ * ASN.1 method needs to handle algorithm identifiers and part of the message
-{
+ * digest.
-        return a->sign_id - b->sign_id;
+ */
-}
-static int
+static const struct {
-sig_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
+        int sign_nid;
-{
+        int hash_nid;
-        nid_triple const *a = a_;
+        int pkey_nid;
-        nid_triple const *b = b_;
+} nid_triple[] = {
-        return sig_cmp(a, b);
+        {
-}
+                .sign_nid = NID_md2WithRSAEncryption,
+                .hash_nid = NID_md2,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_md5WithRSAEncryption,
+                .hash_nid = NID_md5,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_shaWithRSAEncryption,
+                .hash_nid = NID_sha,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_sha1WithRSAEncryption,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_dsaWithSHA,
+                .hash_nid = NID_sha,
+                .pkey_nid = NID_dsa,
+        },
+        {
+                .sign_nid = NID_dsaWithSHA1_2,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_dsa_2,
+        },
+        {
+                .sign_nid = NID_mdc2WithRSA,
+                .hash_nid = NID_mdc2,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_md5WithRSA,
+                .hash_nid = NID_md5,
+                .pkey_nid = NID_rsa,
+        },
+        {
+                .sign_nid = NID_dsaWithSHA1,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_dsa,
+        },
+        {
+                .sign_nid = NID_sha1WithRSA,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_rsa,
+        },
+        {
+                .sign_nid = NID_ripemd160WithRSA,
+                .hash_nid = NID_ripemd160,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_md4WithRSAEncryption,
+                .hash_nid = NID_md4,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA1,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_sha256WithRSAEncryption,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_sha384WithRSAEncryption,
+                .hash_nid = NID_sha384,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_sha512WithRSAEncryption,
+                .hash_nid = NID_sha512,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_sha224WithRSAEncryption,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_Recommended,
+                .hash_nid = NID_undef,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_Specified,
+                .hash_nid = NID_undef,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA224,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA256,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA384,
+                .hash_nid = NID_sha384,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_ecdsa_with_SHA512,
+                .hash_nid = NID_sha512,
+                .pkey_nid = NID_X9_62_id_ecPublicKey,
+        },
+        {
+                .sign_nid = NID_dsa_with_SHA224,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_dsa,
+        },
+        {
+                .sign_nid = NID_dsa_with_SHA256,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_dsa,
+        },
+        {
+                .sign_nid = NID_id_GostR3411_94_with_GostR3410_2001,
+                .hash_nid = NID_id_GostR3411_94,
+                .pkey_nid = NID_id_GostR3410_2001,
+        },
+        {
+                .sign_nid = NID_id_GostR3411_94_with_GostR3410_94,
+                .hash_nid = NID_id_GostR3411_94,
+                .pkey_nid = NID_id_GostR3410_94,
+        },
+        {
+                .sign_nid = NID_id_GostR3411_94_with_GostR3410_94_cc,
+                .hash_nid = NID_id_GostR3411_94,
+                .pkey_nid = NID_id_GostR3410_94_cc,
+        },
+        {
+                .sign_nid = NID_id_GostR3411_94_with_GostR3410_2001_cc,
+                .hash_nid = NID_id_GostR3411_94,
+                .pkey_nid = NID_id_GostR3410_2001_cc,
+        },
+        {
+                .sign_nid = NID_rsassaPss,
+                .hash_nid = NID_undef,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_256,
+                .hash_nid = NID_id_tc26_gost3411_2012_256,
+                .pkey_nid = NID_id_GostR3410_2001,
+        },
+        {
+                .sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_512,
+                .hash_nid = NID_id_tc26_gost3411_2012_512,
+                .pkey_nid = NID_id_GostR3410_2001,
+        },
+        {
+                .sign_nid = NID_Ed25519,
+                .hash_nid = NID_undef,
+                .pkey_nid = NID_Ed25519,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha1kdf_scheme,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha224kdf_scheme,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha256kdf_scheme,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha384kdf_scheme,
+                .hash_nid = NID_sha384,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_stdDH_sha512kdf_scheme,
+                .hash_nid = NID_sha512,
+                .pkey_nid = NID_dh_std_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha1kdf_scheme,
+                .hash_nid = NID_sha1,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha224kdf_scheme,
+                .hash_nid = NID_sha224,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha256kdf_scheme,
+                .hash_nid = NID_sha256,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha384kdf_scheme,
+                .hash_nid = NID_sha384,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_dhSinglePass_cofactorDH_sha512kdf_scheme,
+                .hash_nid = NID_sha512,
+                .pkey_nid = NID_dh_cofactor_kdf,
+        },
+        {
+                .sign_nid = NID_RSA_SHA3_224,
+                .hash_nid = NID_sha3_224,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_RSA_SHA3_256,
+                .hash_nid = NID_sha3_256,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_RSA_SHA3_384,
+                .hash_nid = NID_sha3_384,
+                .pkey_nid = NID_rsaEncryption,
+        },
+        {
+                .sign_nid = NID_RSA_SHA3_512,
+                .hash_nid = NID_sha3_512,
+                .pkey_nid = NID_rsaEncryption,
+        },
+};
-static const nid_triple *
+#define N_NID_TRIPLES (sizeof(nid_triple) / sizeof(nid_triple[0]))
-OBJ_bsearch_sig(nid_triple *key, nid_triple const *base, int num)
-{
-        return OBJ_bsearch_(key, base, num, sizeof(nid_triple),
-            sig_cmp_BSEARCH_CMP_FN);
-}
-static int
+int
-sigx_cmp(const nid_triple * const *a, const nid_triple * const *b)
+OBJ_find_sigid_algs(int sign_nid, int *hash_nid, int *pkey_nid)
 {
-        int ret;
+        size_t i;
-        ret = (*a)->hash_id - (*b)->hash_id;
+        for (i = 0; i < N_NID_TRIPLES; i++) {
-        if (ret)
+                if (sign_nid != nid_triple[i].sign_nid)
-                return ret;
+                        continue;
-        return (*a)->pkey_id - (*b)->pkey_id;
-}
-static int
+                if (hash_nid != NULL)
-sigx_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
+                        *hash_nid = nid_triple[i].hash_nid;
-{
+                if (pkey_nid != NULL)
-        const nid_triple * const *a = a_;
+                        *pkey_nid = nid_triple[i].pkey_nid;
-        const nid_triple * const *b = b_;
-        return sigx_cmp(a, b);
-}
-static const nid_triple * const*
+                return 1;
-OBJ_bsearch_sigx(const nid_triple * *key, const nid_triple * const *base, int num)
+        }
-{
-        return OBJ_bsearch_(key, base, num, sizeof(const nid_triple *),
-            sigx_cmp_BSEARCH_CMP_FN);
-}
-int
+        return 0;
-OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
-{
-        nid_triple tmp;
-        const nid_triple *rv = NULL;
-        tmp.sign_id = signid;
-        if ((rv = OBJ_bsearch_sig(&tmp, sigoid_srt,
-            sizeof(sigoid_srt) / sizeof(nid_triple))) == NULL)
-                return 0;
-        if (pdig_nid)
-                *pdig_nid = rv->hash_id;
-        if (ppkey_nid)
-                *ppkey_nid = rv->pkey_id;
-        return 1;
 }
 LCRYPTO_ALIAS(OBJ_find_sigid_algs);
 int
-OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
+OBJ_find_sigid_by_algs(int *sign_nid, int hash_nid, int pkey_nid)
 {
-        nid_triple tmp;
+        size_t i;
-        const nid_triple *t = &tmp;
-        const nid_triple *const *rv;
+        for (i = 0; i < N_NID_TRIPLES; i++) {
+                if (hash_nid != nid_triple[i].hash_nid)
-        tmp.hash_id = dig_nid;
+                        continue;
-        tmp.pkey_id = pkey_nid;
+                if (pkey_nid != nid_triple[i].pkey_nid)
+                        continue;
-        if ((rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref,
-            sizeof(sigoid_srt_xref) / sizeof(nid_triple *))) == NULL)
+                if (sign_nid != NULL)
-                return 0;
+                        *sign_nid = nid_triple[i].sign_nid;
-        if (psignid)
-                *psignid = (*rv)->sign_id;
+                return 1;
-        return 1;
+        }
+        return 0;
 }
 LCRYPTO_ALIAS(OBJ_find_sigid_by_algs);

diff --git a/src/lib/libcrypto/objects/obj_xref.c b/src/lib/libcrypto/objects/obj_xref.c index ac1459c123..7cd3141d14 100644 --- a/src/lib/libcrypto/objects/obj_xref.c +++ b/src/lib/libcrypto/objects/obj_xref.c
@@ -1,147 +1,313 @@
1	/* $OpenBSD: obj_xref.c,v 1.10 2023/07/22 18:12:09 tb Exp $ */	1	/* $OpenBSD: obj_xref.c,v 1.11 2023/07/22 18:32:05 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2
3	* project 2006.	3	/*
4	*/	4	* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
5	/* ====================================================================
6	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*	5	*
53	* This product includes cryptographic software written by Eric Young	6	* Permission to use, copy, modify, and distribute this software for any
54	* (eay@cryptsoft.com). This product includes software written by Tim	7	* purpose with or without fee is hereby granted, provided that the above
55	* Hudson (tjh@cryptsoft.com).	8	* copyright notice and this permission notice appear in all copies.
56	*	9	*
		10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
57	*/	17	*/
58		18
59	#include <openssl/objects.h>	19	#include <openssl/objects.h>
60	#include "obj_xref.h"
61		20
62	DECLARE_STACK_OF(nid_triple)	21	/*
63		22	* Map between signature nids and pairs of (hash, pkey) nids. If the hash nid
64	static int	23	* is NID_undef, this indicates to ASN1_item_{sign,verify}() that the pkey's
65	sig_cmp(const nid_triple a, const nid_triple b)	24	* ASN.1 method needs to handle algorithm identifiers and part of the message
66	{	25	* digest.
67	return a->sign_id - b->sign_id;	26	*/
68	}
69		27
70	static int	28	static const struct {
71	sig_cmp_BSEARCH_CMP_FN(const void a_, const void b_)	29	int sign_nid;
72	{	30	int hash_nid;
73	nid_triple const *a = a_;	31	int pkey_nid;
74	nid_triple const *b = b_;	32	} nid_triple[] = {
75	return sig_cmp(a, b);	33	{
76	}	34	.sign_nid = NID_md2WithRSAEncryption,
		35	.hash_nid = NID_md2,
		36	.pkey_nid = NID_rsaEncryption,
		37	},
		38	{
		39	.sign_nid = NID_md5WithRSAEncryption,
		40	.hash_nid = NID_md5,
		41	.pkey_nid = NID_rsaEncryption,
		42	},
		43	{
		44	.sign_nid = NID_shaWithRSAEncryption,
		45	.hash_nid = NID_sha,
		46	.pkey_nid = NID_rsaEncryption,
		47	},
		48	{
		49	.sign_nid = NID_sha1WithRSAEncryption,
		50	.hash_nid = NID_sha1,
		51	.pkey_nid = NID_rsaEncryption,
		52	},
		53	{
		54	.sign_nid = NID_dsaWithSHA,
		55	.hash_nid = NID_sha,
		56	.pkey_nid = NID_dsa,
		57	},
		58	{
		59	.sign_nid = NID_dsaWithSHA1_2,
		60	.hash_nid = NID_sha1,
		61	.pkey_nid = NID_dsa_2,
		62	},
		63	{
		64	.sign_nid = NID_mdc2WithRSA,
		65	.hash_nid = NID_mdc2,
		66	.pkey_nid = NID_rsaEncryption,
		67	},
		68	{
		69	.sign_nid = NID_md5WithRSA,
		70	.hash_nid = NID_md5,
		71	.pkey_nid = NID_rsa,
		72	},
		73	{
		74	.sign_nid = NID_dsaWithSHA1,
		75	.hash_nid = NID_sha1,
		76	.pkey_nid = NID_dsa,
		77	},
		78	{
		79	.sign_nid = NID_sha1WithRSA,
		80	.hash_nid = NID_sha1,
		81	.pkey_nid = NID_rsa,
		82	},
		83	{
		84	.sign_nid = NID_ripemd160WithRSA,
		85	.hash_nid = NID_ripemd160,
		86	.pkey_nid = NID_rsaEncryption,
		87	},
		88	{
		89	.sign_nid = NID_md4WithRSAEncryption,
		90	.hash_nid = NID_md4,
		91	.pkey_nid = NID_rsaEncryption,
		92	},
		93	{
		94	.sign_nid = NID_ecdsa_with_SHA1,
		95	.hash_nid = NID_sha1,
		96	.pkey_nid = NID_X9_62_id_ecPublicKey,
		97	},
		98	{
		99	.sign_nid = NID_sha256WithRSAEncryption,
		100	.hash_nid = NID_sha256,
		101	.pkey_nid = NID_rsaEncryption,
		102	},
		103	{
		104	.sign_nid = NID_sha384WithRSAEncryption,
		105	.hash_nid = NID_sha384,
		106	.pkey_nid = NID_rsaEncryption,
		107	},
		108	{
		109	.sign_nid = NID_sha512WithRSAEncryption,
		110	.hash_nid = NID_sha512,
		111	.pkey_nid = NID_rsaEncryption,
		112	},
		113	{
		114	.sign_nid = NID_sha224WithRSAEncryption,
		115	.hash_nid = NID_sha224,
		116	.pkey_nid = NID_rsaEncryption,
		117	},
		118	{
		119	.sign_nid = NID_ecdsa_with_Recommended,
		120	.hash_nid = NID_undef,
		121	.pkey_nid = NID_X9_62_id_ecPublicKey,
		122	},
		123	{
		124	.sign_nid = NID_ecdsa_with_Specified,
		125	.hash_nid = NID_undef,
		126	.pkey_nid = NID_X9_62_id_ecPublicKey,
		127	},
		128	{
		129	.sign_nid = NID_ecdsa_with_SHA224,
		130	.hash_nid = NID_sha224,
		131	.pkey_nid = NID_X9_62_id_ecPublicKey,
		132	},
		133	{
		134	.sign_nid = NID_ecdsa_with_SHA256,
		135	.hash_nid = NID_sha256,
		136	.pkey_nid = NID_X9_62_id_ecPublicKey,
		137	},
		138	{
		139	.sign_nid = NID_ecdsa_with_SHA384,
		140	.hash_nid = NID_sha384,
		141	.pkey_nid = NID_X9_62_id_ecPublicKey,
		142	},
		143	{
		144	.sign_nid = NID_ecdsa_with_SHA512,
		145	.hash_nid = NID_sha512,
		146	.pkey_nid = NID_X9_62_id_ecPublicKey,
		147	},
		148	{
		149	.sign_nid = NID_dsa_with_SHA224,
		150	.hash_nid = NID_sha224,
		151	.pkey_nid = NID_dsa,
		152	},
		153	{
		154	.sign_nid = NID_dsa_with_SHA256,
		155	.hash_nid = NID_sha256,
		156	.pkey_nid = NID_dsa,
		157	},
		158	{
		159	.sign_nid = NID_id_GostR3411_94_with_GostR3410_2001,
		160	.hash_nid = NID_id_GostR3411_94,
		161	.pkey_nid = NID_id_GostR3410_2001,
		162	},
		163	{
		164	.sign_nid = NID_id_GostR3411_94_with_GostR3410_94,
		165	.hash_nid = NID_id_GostR3411_94,
		166	.pkey_nid = NID_id_GostR3410_94,
		167	},
		168	{
		169	.sign_nid = NID_id_GostR3411_94_with_GostR3410_94_cc,
		170	.hash_nid = NID_id_GostR3411_94,
		171	.pkey_nid = NID_id_GostR3410_94_cc,
		172	},
		173	{
		174	.sign_nid = NID_id_GostR3411_94_with_GostR3410_2001_cc,
		175	.hash_nid = NID_id_GostR3411_94,
		176	.pkey_nid = NID_id_GostR3410_2001_cc,
		177	},
		178	{
		179	.sign_nid = NID_rsassaPss,
		180	.hash_nid = NID_undef,
		181	.pkey_nid = NID_rsaEncryption,
		182	},
		183	{
		184	.sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_256,
		185	.hash_nid = NID_id_tc26_gost3411_2012_256,
		186	.pkey_nid = NID_id_GostR3410_2001,
		187	},
		188	{
		189	.sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_512,
		190	.hash_nid = NID_id_tc26_gost3411_2012_512,
		191	.pkey_nid = NID_id_GostR3410_2001,
		192	},
		193	{
		194	.sign_nid = NID_Ed25519,
		195	.hash_nid = NID_undef,
		196	.pkey_nid = NID_Ed25519,
		197	},
		198	{
		199	.sign_nid = NID_dhSinglePass_stdDH_sha1kdf_scheme,
		200	.hash_nid = NID_sha1,
		201	.pkey_nid = NID_dh_std_kdf,
		202	},
		203	{
		204	.sign_nid = NID_dhSinglePass_stdDH_sha224kdf_scheme,
		205	.hash_nid = NID_sha224,
		206	.pkey_nid = NID_dh_std_kdf,
		207	},
		208	{
		209	.sign_nid = NID_dhSinglePass_stdDH_sha256kdf_scheme,
		210	.hash_nid = NID_sha256,
		211	.pkey_nid = NID_dh_std_kdf,
		212	},
		213	{
		214	.sign_nid = NID_dhSinglePass_stdDH_sha384kdf_scheme,
		215	.hash_nid = NID_sha384,
		216	.pkey_nid = NID_dh_std_kdf,
		217	},
		218	{
		219	.sign_nid = NID_dhSinglePass_stdDH_sha512kdf_scheme,
		220	.hash_nid = NID_sha512,
		221	.pkey_nid = NID_dh_std_kdf,
		222	},
		223	{
		224	.sign_nid = NID_dhSinglePass_cofactorDH_sha1kdf_scheme,
		225	.hash_nid = NID_sha1,
		226	.pkey_nid = NID_dh_cofactor_kdf,
		227	},
		228	{
		229	.sign_nid = NID_dhSinglePass_cofactorDH_sha224kdf_scheme,
		230	.hash_nid = NID_sha224,
		231	.pkey_nid = NID_dh_cofactor_kdf,
		232	},
		233	{
		234	.sign_nid = NID_dhSinglePass_cofactorDH_sha256kdf_scheme,
		235	.hash_nid = NID_sha256,
		236	.pkey_nid = NID_dh_cofactor_kdf,
		237	},
		238	{
		239	.sign_nid = NID_dhSinglePass_cofactorDH_sha384kdf_scheme,
		240	.hash_nid = NID_sha384,
		241	.pkey_nid = NID_dh_cofactor_kdf,
		242	},
		243	{
		244	.sign_nid = NID_dhSinglePass_cofactorDH_sha512kdf_scheme,
		245	.hash_nid = NID_sha512,
		246	.pkey_nid = NID_dh_cofactor_kdf,
		247	},
		248	{
		249	.sign_nid = NID_RSA_SHA3_224,
		250	.hash_nid = NID_sha3_224,
		251	.pkey_nid = NID_rsaEncryption,
		252	},
		253	{
		254	.sign_nid = NID_RSA_SHA3_256,
		255	.hash_nid = NID_sha3_256,
		256	.pkey_nid = NID_rsaEncryption,
		257	},
		258	{
		259	.sign_nid = NID_RSA_SHA3_384,
		260	.hash_nid = NID_sha3_384,
		261	.pkey_nid = NID_rsaEncryption,
		262	},
		263	{
		264	.sign_nid = NID_RSA_SHA3_512,
		265	.hash_nid = NID_sha3_512,
		266	.pkey_nid = NID_rsaEncryption,
		267	},
		268	};
77		269
78	static const nid_triple *	270	#define N_NID_TRIPLES (sizeof(nid_triple) / sizeof(nid_triple[0]))
79	OBJ_bsearch_sig(nid_triple key, nid_triple const base, int num)
80	{
81	return OBJ_bsearch_(key, base, num, sizeof(nid_triple),
82	sig_cmp_BSEARCH_CMP_FN);
83	}
84		271
85	static int	272	int
86	sigx_cmp(const nid_triple * const a, const nid_triple const *b)	273	OBJ_find_sigid_algs(int sign_nid, int hash_nid, int pkey_nid)
87	{	274	{
88	int ret;	275	size_t i;
89		276
90	ret = (a)->hash_id - (b)->hash_id;	277	for (i = 0; i < N_NID_TRIPLES; i++) {
91	if (ret)	278	if (sign_nid != nid_triple[i].sign_nid)
92	return ret;	279	continue;
93	return (a)->pkey_id - (b)->pkey_id;
94	}
95		280
96	static int	281	if (hash_nid != NULL)
97	sigx_cmp_BSEARCH_CMP_FN(const void a_, const void b_)	282	*hash_nid = nid_triple[i].hash_nid;
98	{	283	if (pkey_nid != NULL)
99	const nid_triple * const *a = a_;	284	*pkey_nid = nid_triple[i].pkey_nid;
100	const nid_triple * const *b = b_;
101	return sigx_cmp(a, b);
102	}
103		285
104	static const nid_triple * const*	286	return 1;
105	OBJ_bsearch_sigx(const nid_triple * key, const nid_triple const *base, int num)	287	}
106	{
107	return OBJ_bsearch_(key, base, num, sizeof(const nid_triple *),
108	sigx_cmp_BSEARCH_CMP_FN);
109	}
110		288
111	int	289	return 0;
112	OBJ_find_sigid_algs(int signid, int pdig_nid, int ppkey_nid)
113	{
114	nid_triple tmp;
115	const nid_triple *rv = NULL;
116	tmp.sign_id = signid;
117
118	if ((rv = OBJ_bsearch_sig(&tmp, sigoid_srt,
119	sizeof(sigoid_srt) / sizeof(nid_triple))) == NULL)
120	return 0;
121	if (pdig_nid)
122	*pdig_nid = rv->hash_id;
123	if (ppkey_nid)
124	*ppkey_nid = rv->pkey_id;
125	return 1;
126	}	290	}
127	LCRYPTO_ALIAS(OBJ_find_sigid_algs);	291	LCRYPTO_ALIAS(OBJ_find_sigid_algs);
128		292
129	int	293	int
130	OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)	294	OBJ_find_sigid_by_algs(int *sign_nid, int hash_nid, int pkey_nid)
131	{	295	{
132	nid_triple tmp;	296	size_t i;
133	const nid_triple *t = &tmp;	297
134	const nid_triple const rv;	298	for (i = 0; i < N_NID_TRIPLES; i++) {
135		299	if (hash_nid != nid_triple[i].hash_nid)
136	tmp.hash_id = dig_nid;	300	continue;
137	tmp.pkey_id = pkey_nid;	301	if (pkey_nid != nid_triple[i].pkey_nid)
138		302	continue;
139	if ((rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref,	303
140	sizeof(sigoid_srt_xref) / sizeof(nid_triple *))) == NULL)	304	if (sign_nid != NULL)
141	return 0;	305	*sign_nid = nid_triple[i].sign_nid;
142	if (psignid)	306
143	psignid = (rv)->sign_id;	307	return 1;
144	return 1;	308	}
		309
		310	return 0;
145	}	311	}
146	LCRYPTO_ALIAS(OBJ_find_sigid_by_algs);	312	LCRYPTO_ALIAS(OBJ_find_sigid_by_algs);
147		313