Lines Matching refs:lu
25 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
813 int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
816 if (lu == NULL)
818 /* lu->hash == NID_undef means no associated digest */
819 if (lu->hash == NID_undef) {
822 md = ssl_md(lu->hash_idx);
839 static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
845 if (!tls1_lookup_md(lu, &md) || md == NULL)
896 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
898 if (!tls1_lookup_md(lu, NULL))
900 if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
902 return lu;
912 const SIGALG_LOOKUP *lu;
916 lu = tls1_get_legacy_sigalg(s, idx);
917 if (lu == NULL)
919 s->s3->tmp.peer_sigalg = lu;
980 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]);
982 if (lu == NULL)
984 if (lu->sig == EVP_PKEY_EC
985 && lu->curve != NID_undef
986 && curve == lu->curve)
998 static int sigalg_security_bits(const SIGALG_LOOKUP *lu)
1003 if (!tls1_lookup_md(lu, &md))
1011 if (lu->sigalg == TLSEXT_SIGALG_ed25519)
1013 else if (lu->sigalg == TLSEXT_SIGALG_ed448)
1031 const SIGALG_LOOKUP *lu;
1048 lu = tls1_lookup_sigalg(sig);
1053 if (lu == NULL
1054 || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224))
1055 lu->sig
1056 && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
1063 || lu->sig_idx != (int)cidx) {
1085 if (lu->curve != NID_undef && curve != lu->curve) {
1123 if (i == sent_sigslen && (lu->hash != NID_sha1
1129 if (!tls1_lookup_md(lu, &md)) {
1140 secbits = sigalg_security_bits(lu);
1150 s->s3->tmp.peer_sigalg = lu;
1269 const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i);
1272 if (lu == NULL)
1276 if (lu->sigalg == sent_sigs[j]) {
1593 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
1599 if (!tls1_lookup_md(lu, NULL))
1602 if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
1606 && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
1607 || lu->hash_idx == SSL_MD_MD5_IDX
1608 || lu->hash_idx == SSL_MD_SHA224_IDX))
1612 if (ssl_cert_is_disabled(lu->sig_idx))
1615 if (lu->sig == NID_id_GostR3410_2012_256
1616 || lu->sig == NID_id_GostR3410_2012_512
1617 || lu->sig == NID_id_GostR3410_2001) {
1655 secbits = sigalg_security_bits(lu);
1656 sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
1657 sigalgstr[1] = lu->sigalg & 0xff;
1658 return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
1678 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
1681 if (lu == NULL)
1684 clu = ssl_cert_lookup_by_idx(lu->sig_idx);
1690 && tls12_sigalg_allowed(s, op, lu))
1703 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*psig);
1705 if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
1714 || (lu->sig != EVP_PKEY_RSA
1715 && lu->hash != NID_sha1
1716 && lu->hash != NID_sha224)))
1732 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*ptmp);
1735 if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu))
1741 *shsig++ = lu;
1884 const SIGALG_LOOKUP *lu;
1893 lu = tls1_lookup_sigalg(*psig);
1895 *psign = lu != NULL ? lu->sig : NID_undef;
1897 *phash = lu != NULL ? lu->hash : NID_undef;
1899 *psignhash = lu != NULL ? lu->sigandhash : NID_undef;
2279 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*p);
2281 if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign)
2577 * with the signature algorithm "lu" and return index of certificate.
2580 static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
2582 int sig_idx = lu->sig_idx;
2604 const SIGALG_LOOKUP *lu;
2620 lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
2621 if (lu == NULL
2630 if (mdnid == lu->hash && pknid == lu->sig)
2683 const SIGALG_LOOKUP *lu = NULL;
2692 lu = s->shared_sigalgs[i];
2695 if (lu->hash == NID_sha1
2696 || lu->hash == NID_sha224
2697 || lu->sig == EVP_PKEY_DSA
2698 || lu->sig == EVP_PKEY_RSA)
2701 if (!tls1_lookup_md(lu, NULL))
2703 if ((pkey == NULL && !has_usable_cert(s, lu, -1))
2704 || (pkey != NULL && !is_cert_usable(s, lu, x, pkey)))
2708 : s->cert->pkeys[lu->sig_idx].privatekey;
2710 if (lu->sig == EVP_PKEY_EC) {
2716 if (lu->curve != NID_undef && curve != lu->curve)
2721 } else if (lu->sig == EVP_PKEY_RSA_PSS) {
2723 if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(tmppkey), lu))
2732 return lu;
2748 const SIGALG_LOOKUP *lu = NULL;
2755 lu = find_sig_alg(s, NULL, NULL);
2756 if (lu == NULL) {
2790 lu = s->shared_sigalgs[i];
2793 if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1)
2798 sig_idx = lu->sig_idx;
2803 if (!has_usable_cert(s, lu, sig_idx))
2805 if (lu->sig == EVP_PKEY_RSA_PSS) {
2809 if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
2813 if (curve == -1 || lu->curve == curve)
2824 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
2833 sig_idx = lu->sig_idx;
2852 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
2863 if (lu->sigalg == *sent_sigs
2864 && has_usable_cert(s, lu, lu->sig_idx))
2877 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
2887 sig_idx = lu->sig_idx;
2890 s->s3->tmp.sigalg = lu;
Indexes created Wed Apr 22 00:22:44 UTC 2026