Lines Matching refs:lu
30 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
1150 const SIGALG_LOOKUP *lu;
1152 = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
1160 for (i = 0, lu = sigalg_lookup_tbl;
1161 i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
1164 cache[i] = *lu;
1174 if (lu->hash != NID_undef
1175 && ctx->ssl_digest_methods[lu->hash_idx] == NULL) {
1180 if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
1205 const SIGALG_LOOKUP *lu;
1207 for (i = 0, lu = s->ctx->sigalg_lookup_cache;
1210 lu++, i++) {
1211 if (lu->sigalg == sigalg) {
1212 if (!lu->enabled)
1214 return lu;
1220 int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
1223 if (lu == NULL)
1225 /* lu->hash == NID_undef means no associated digest */
1226 if (lu->hash == NID_undef) {
1229 md = ssl_md(ctx, lu->hash_idx);
1247 const SIGALG_LOOKUP *lu)
1253 if (!tls1_lookup_md(ctx, lu, &md) || md == NULL)
1321 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, tls_default_sigalg[idx]);
1323 if (lu == NULL)
1325 if (!tls1_lookup_md(s->ctx, lu, NULL))
1327 if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
1329 return lu;
1339 const SIGALG_LOOKUP *lu;
1343 lu = tls1_get_legacy_sigalg(s, idx);
1344 if (lu == NULL)
1346 s->s3.tmp.peer_sigalg = lu;
1404 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, sigs[i]);
1406 if (lu == NULL)
1408 if (lu->sig == EVP_PKEY_EC
1409 && lu->curve != NID_undef
1410 && curve == lu->curve)
1421 static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu)
1426 if (!tls1_lookup_md(ctx, lu, &md))
1452 if (lu->sigalg == TLSEXT_SIGALG_ed25519)
1454 else if (lu->sigalg == TLSEXT_SIGALG_ed448)
1472 const SIGALG_LOOKUP *lu;
1489 lu = tls1_lookup_sigalg(s, sig);
1494 if (lu == NULL
1495 || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224))
1496 || (pkeyid != lu->sig
1497 && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
1503 || lu->sig_idx != (int)cidx) {
1521 if (lu->curve != NID_undef && curve != lu->curve) {
1554 if (i == sent_sigslen && (lu->hash != NID_sha1
1559 if (!tls1_lookup_md(s->ctx, lu, &md)) {
1569 secbits = sigalg_security_bits(s->ctx, lu);
1578 s->s3.tmp.peer_sigalg = lu;
1697 const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i);
1700 if (lu == NULL)
1704 if (lu->sigalg == sent_sigs[j]) {
2050 static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
2055 if (lu == NULL || !lu->enabled)
2058 if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
2065 && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
2066 || lu->hash_idx == SSL_MD_MD5_IDX
2067 || lu->hash_idx == SSL_MD_SHA224_IDX))
2071 if (ssl_cert_is_disabled(s->ctx, lu->sig_idx))
2074 if (lu->sig == NID_id_GostR3410_2012_256
2075 || lu->sig == NID_id_GostR3410_2012_512
2076 || lu->sig == NID_id_GostR3410_2001) {
2114 secbits = sigalg_security_bits(s->ctx, lu);
2115 sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
2116 sigalgstr[1] = lu->sigalg & 0xff;
2117 return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
2137 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *sigalgs);
2140 if (lu == NULL)
2143 clu = ssl_cert_lookup_by_idx(lu->sig_idx);
2149 && tls12_sigalg_allowed(s, op, lu))
2162 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *psig);
2164 if (lu == NULL
2165 || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
2174 || (lu->sig != EVP_PKEY_RSA
2175 && lu->hash != NID_sha1
2176 && lu->hash != NID_sha224)))
2192 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *ptmp);
2195 if (lu == NULL
2196 || !tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu))
2202 *shsig++ = lu;
2345 const SIGALG_LOOKUP *lu;
2354 lu = tls1_lookup_sigalg(s, *psig);
2356 *psign = lu != NULL ? lu->sig : NID_undef;
2358 *phash = lu != NULL ? lu->hash : NID_undef;
2360 *psignhash = lu != NULL ? lu->sigandhash : NID_undef;
2740 const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *p);
2742 if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign)
3044 * with the signature algorithm "lu" and return index of certificate.
3047 static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
3049 int sig_idx = lu->sig_idx;
3071 const SIGALG_LOOKUP *lu;
3096 lu = tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]);
3097 if (lu == NULL)
3106 if (mdnid == lu->hash && pknid == lu->sig)
3164 const SIGALG_LOOKUP *lu = NULL;
3171 lu = s->shared_sigalgs[i];
3174 if (lu->hash == NID_sha1
3175 || lu->hash == NID_sha224
3176 || lu->sig == EVP_PKEY_DSA
3177 || lu->sig == EVP_PKEY_RSA)
3180 if (!tls1_lookup_md(s->ctx, lu, NULL))
3182 if ((pkey == NULL && !has_usable_cert(s, lu, -1))
3183 || (pkey != NULL && !is_cert_usable(s, lu, x, pkey)))
3187 : s->cert->pkeys[lu->sig_idx].privatekey;
3189 if (lu->sig == EVP_PKEY_EC) {
3192 if (lu->curve != NID_undef && curve != lu->curve)
3194 } else if (lu->sig == EVP_PKEY_RSA_PSS) {
3196 if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu))
3205 return lu;
3221 const SIGALG_LOOKUP *lu = NULL;
3228 lu = find_sig_alg(s, NULL, NULL);
3229 if (lu == NULL) {
3258 lu = s->shared_sigalgs[i];
3261 if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1)
3266 sig_idx = lu->sig_idx;
3271 if (!has_usable_cert(s, lu, sig_idx))
3273 if (lu->sig == EVP_PKEY_RSA_PSS) {
3277 if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu))
3280 if (curve == -1 || lu->curve == curve)
3290 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
3298 sig_idx = lu->sig_idx;
3316 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
3327 if (lu->sigalg == *sent_sigs
3328 && has_usable_cert(s, lu, lu->sig_idx))
3340 if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
3350 sig_idx = lu->sig_idx;
3353 s->s3.tmp.sigalg = lu;