diff options
Diffstat (limited to 'lib/algorithms/sign.c')
-rw-r--r-- | lib/algorithms/sign.c | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 7a3c41d6ad..0b012d4639 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -48,19 +48,19 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_RSA_SHA256, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 1}, 0}}, + .aid = {{4, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA384", .oid = SIG_RSA_SHA384_OID, .id = GNUTLS_SIGN_RSA_SHA384, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 1}, 0}}, + .aid = {{5, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA512", .oid = SIG_RSA_SHA512_OID, .id = GNUTLS_SIGN_RSA_SHA512, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 1}, 0}}, + .aid = {{6, 1}, SIG_SEM_DEFAULT}}, /* RSA-PSS */ {.name = "RSA-PSS-SHA256", @@ -68,37 +68,37 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_RSA_PSS_SHA256, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA256, - .aid = {{8, 4}, 0}}, + .aid = {{8, 4}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA256", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA256, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{8, 4}, 0}}, + .aid = {{8, 4}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA384", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA384, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA384, - .aid = {{8, 5}, 0}}, + .aid = {{8, 5}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA384", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA384, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{8, 5}, 0}}, + .aid = {{8, 5}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA512", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA512, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 6}, 0}}, + .aid = {{8, 6}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA512", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA512, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 6}, 0}}, + .aid = {{8, 6}, SIG_SEM_DEFAULT}}, /* Ed25519: The hash algorithm here is set to be SHA512, although that is * an internal detail of Ed25519; we set it, because CMS/PKCS#7 requires @@ -108,7 +108,7 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_EDDSA_ED25519, .pk = GNUTLS_PK_EDDSA_ED25519, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 7}, 0}}, + .aid = {{8, 7}, SIG_SEM_DEFAULT}}, /* ECDSA */ /* The following three signature algorithms @@ -125,38 +125,38 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_ECDSA_SHA256, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 3}, 0}}, + .aid = {{4, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SHA384", .oid = "1.2.840.10045.4.3.3", .id = GNUTLS_SIGN_ECDSA_SHA384, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 3}, 0}}, + .aid = {{5, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SHA512", .oid = "1.2.840.10045.4.3.4", .id = GNUTLS_SIGN_ECDSA_SHA512, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 3}, 0}}, + .aid = {{6, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SECP256R1-SHA256", .id = GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP256R1, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 3}, 1}}, + .aid = {{4, 3}, SIG_SEM_TLS13}}, {.name = "ECDSA-SECP384R1-SHA384", .id = GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP384R1, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 3}, 1}}, + .aid = {{5, 3}, SIG_SEM_TLS13}}, {.name = "ECDSA-SECP521R1-SHA512", .id = GNUTLS_SIGN_ECDSA_SECP521R1_SHA512, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP521R1, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 3}, 1}}, + .aid = {{6, 3}, SIG_SEM_TLS13}}, /* ECDSA-SHA3 */ {.name = "ECDSA-SHA3-224", @@ -248,14 +248,14 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA1, .slevel = SHA1_SECURE_VAL, - .aid = {{2, 1}, 0}}, + .aid = {{2, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA1", .oid = ISO_SIG_RSA_SHA1_OID, .id = GNUTLS_SIGN_RSA_SHA1, .pk = GNUTLS_PK_RSA, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 1}, 0}}, + .aid = {{2, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA224", .oid = SIG_RSA_SHA224_OID, .id = GNUTLS_SIGN_RSA_SHA224, @@ -275,14 +275,14 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_DSA, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 2}}}, + .aid = {{2, 2}, SIG_SEM_PRE_TLS12}}, {.name = "DSA-SHA1", .oid = "1.3.14.3.2.27", .id = GNUTLS_SIGN_DSA_SHA1, .pk = GNUTLS_PK_DSA, .hash = GNUTLS_DIG_SHA1, .slevel = SHA1_SECURE_VAL, - .aid = {{2, 2}}}, + .aid = {{2, 2}, SIG_SEM_PRE_TLS12}}, {.name = "DSA-SHA224", .oid = SIG_DSA_SHA224_OID, .id = GNUTLS_SIGN_DSA_SHA224, @@ -322,7 +322,7 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_EC, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 3}, 0}}, + .aid = {{2, 3}, SIG_SEM_DEFAULT}}, {.name = "ECDSA-SHA224", .oid = "1.2.840.10045.4.3.1", .id = GNUTLS_SIGN_ECDSA_SHA224, @@ -641,7 +641,7 @@ _gnutls_tls_aid_to_sign(uint8_t id0, uint8_t id1, const version_entry_st *ver) GNUTLS_SIGN_LOOP( if (p->aid.id[0] == id0 && p->aid.id[1] == id1 && - p->aid.tls_sem == ver->tls_sig_sem) { + ((p->aid.tls_sem & ver->tls_sig_sem) != 0)) { ret = p->id; break; |