1 files changed, 69 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
new file mode 100644
index 0000000000..b0ed70b7fc
--- /dev/null
+++ b/src/lib/libssl/ssl_sigalgs.h
@@ -0,0 +1,69 @@
+/* $OpenBSD: ssl_sigalgs.h,v 1.1 2018/11/09 00:34:55 beck Exp $ */
+/*
+ * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#define SIGALG_NONE                     0x0000
+/*
+ * RFC 8446 Section 4.2.3
+ * RFC 5246 Section 7.4.1.4.1
+ */
+#define SIGALG_RSA_PKCS1_SHA224         0x0301
+#define SIGALG_RSA_PKCS1_SHA256         0x0401
+#define SIGALG_RSA_PKCS1_SHA384         0x0501
+#define SIGALG_RSA_PKCS1_SHA512         0x0601
+#define SIGALG_ECDSA_SECP224R1_SHA224   0x0303
+#define SIGALG_ECDSA_SECP256R1_SHA256   0x0403
+#define SIGALG_ECDSA_SECP384R1_SHA384   0x0503
+#define SIGALG_ECDSA_SECP512R1_SHA512   0x0603
+#define SIGALG_RSA_PSS_RSAE_SHA256      0x0804
+#define SIGALG_RSA_PSS_RSAE_SHA384      0x0805
+#define SIGALG_RSA_PSS_RSAE_SHA512      0x0806
+#define SIGALG_ED25519                  0x0807
+#define SIGALG_ED448                    0x0808
+#define SIGALG_RSA_PSS_PSS_SHA256       0x0809
+#define SIGALG_RSA_PSS_PSS_SHA384       0x080a
+#define SIGALG_RSA_PSS_PSS_SHA512       0x080b
+#define SIGALG_RSA_PKCS1_SHA1           0x0201
+#define SIGALG_ECDSA_SHA1               0x0203
+#define SIGALG_PRIVATE_START            0xFE00
+#define SIGALG_PRIVATE_END              0xFFFF
+/*
+ * If Russia can elect the US President, surely
+ * IANA could fix this problem.
+ */
+#define SIGALG_GOSTR12_512_STREEBOG_512 0xEFEF
+#define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE
+#define SIGALG_GOSTR01_GOST94           0xEDED
+#define SIGALG_FLAG_RSA_PSS     0x00000001
+struct ssl_sigalg{
+        uint16_t value;
+        const EVP_MD *(*md)(void);
+        int key_type;
+        int pkey_idx; /* XXX get rid of this eventually */
+        int curve_nid;
+        int flags;
+};
+const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
+const EVP_MD * ssl_sigalg_md(uint16_t sigalg);
+uint16_t ssl_sigalg_value(const EVP_PKEY *pk, const EVP_MD *md);
+int ssl_sigalgs_build(CBB *cbb);
+int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);

diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h new file mode 100644 index 0000000000..b0ed70b7fc --- /dev/null +++ b/src/lib/libssl/ssl_sigalgs.h
@@ -0,0 +1,69 @@
	1	/* $OpenBSD: ssl_sigalgs.h,v 1.1 2018/11/09 00:34:55 beck Exp $ */
	2	/*
	3	* Copyright (c) 2018, Bob Beck <beck@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and/or distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	12	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	14	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	15	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18
	19	#define SIGALG_NONE 0x0000
	20
	21	/*
	22	* RFC 8446 Section 4.2.3
	23	* RFC 5246 Section 7.4.1.4.1
	24	*/
	25	#define SIGALG_RSA_PKCS1_SHA224 0x0301
	26	#define SIGALG_RSA_PKCS1_SHA256 0x0401
	27	#define SIGALG_RSA_PKCS1_SHA384 0x0501
	28	#define SIGALG_RSA_PKCS1_SHA512 0x0601
	29	#define SIGALG_ECDSA_SECP224R1_SHA224 0x0303
	30	#define SIGALG_ECDSA_SECP256R1_SHA256 0x0403
	31	#define SIGALG_ECDSA_SECP384R1_SHA384 0x0503
	32	#define SIGALG_ECDSA_SECP512R1_SHA512 0x0603
	33	#define SIGALG_RSA_PSS_RSAE_SHA256 0x0804
	34	#define SIGALG_RSA_PSS_RSAE_SHA384 0x0805
	35	#define SIGALG_RSA_PSS_RSAE_SHA512 0x0806
	36	#define SIGALG_ED25519 0x0807
	37	#define SIGALG_ED448 0x0808
	38	#define SIGALG_RSA_PSS_PSS_SHA256 0x0809
	39	#define SIGALG_RSA_PSS_PSS_SHA384 0x080a
	40	#define SIGALG_RSA_PSS_PSS_SHA512 0x080b
	41	#define SIGALG_RSA_PKCS1_SHA1 0x0201
	42	#define SIGALG_ECDSA_SHA1 0x0203
	43	#define SIGALG_PRIVATE_START 0xFE00
	44	#define SIGALG_PRIVATE_END 0xFFFF
	45
	46	/*
	47	* If Russia can elect the US President, surely
	48	* IANA could fix this problem.
	49	*/
	50	#define SIGALG_GOSTR12_512_STREEBOG_512 0xEFEF
	51	#define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE
	52	#define SIGALG_GOSTR01_GOST94 0xEDED
	53
	54	#define SIGALG_FLAG_RSA_PSS 0x00000001
	55
	56	struct ssl_sigalg{
	57	uint16_t value;
	58	const EVP_MD (md)(void);
	59	int key_type;
	60	int pkey_idx; /* XXX get rid of this eventually */
	61	int curve_nid;
	62	int flags;
	63	};
	64
	65	const struct ssl_sigalg *ssl_sigalg_lookup(uint16_t sigalg);
	66	const EVP_MD * ssl_sigalg_md(uint16_t sigalg);
	67	uint16_t ssl_sigalg_value(const EVP_PKEY pk, const EVP_MD md);
	68	int ssl_sigalgs_build(CBB *cbb);
	69	int ssl_sigalg_pkey_check(uint16_t sigalg, EVP_PKEY *pk);