diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-06 15:09:50 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-03-09 17:01:10 +0100 |
| commit | 51d21634c9329463a8d7def24550ef268bc9b88c (patch) | |
| tree | 49a8e2370b632040c8fbdbd03b9f8b51cef34677 /lib/priority.c | |
| parent | 02354f173e66df3dad4ac9447e4965aecfad65e8 (diff) | |
| download | gnutls-51d21634c9329463a8d7def24550ef268bc9b88c.tar.gz | |
signatures: distinguish RSA-PSS signatures with RSA PKCS#1 1.5 certificates from "pure"
This change enhances signature algorithms to have a private key algorithm
parameter. That is, to allow signature algorithms operating with a private
key of type X while the public key is of type Y. That is useful for the
RSA-PSS signatures which are of two types; one which is seen from servers
having PKCS#1 1.5 certificates, the other with RSA-PSS certificates, while
both utilize RSA-PSS private keys.
This is a draft-ietf-tls-tls13-23 change.
Resolves #400
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/priority.c')
| -rw-r--r-- | lib/priority.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/priority.c b/lib/priority.c index a83a1ffc78..8e2132ffea 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -349,6 +349,7 @@ static const int* cipher_priority_secure192 = _cipher_priority_secure192; static const int _sign_priority_default[] = { GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, @@ -356,11 +357,13 @@ static const int _sign_priority_default[] = { GNUTLS_SIGN_RSA_SHA384, GNUTLS_SIGN_RSA_PSS_SHA384, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA384, GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_RSA_PSS_SHA512, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_SIGN_ECDSA_SECP521R1_SHA512, @@ -391,17 +394,20 @@ static const int* sign_priority_suiteb192 = _sign_priority_suiteb192; static const int _sign_priority_secure128[] = { GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_RSA_SHA384, GNUTLS_SIGN_RSA_PSS_SHA384, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA384, GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_RSA_PSS_SHA512, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_SIGN_ECDSA_SECP521R1_SHA512, @@ -412,10 +418,12 @@ static const int* sign_priority_secure128 = _sign_priority_secure128; static const int _sign_priority_secure192[] = { GNUTLS_SIGN_RSA_SHA384, GNUTLS_SIGN_RSA_PSS_SHA384, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA384, GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_RSA_PSS_SHA512, + GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_SIGN_ECDSA_SECP521R1_SHA512, |