diff options
author | David Benjamin <davidben@google.com> | 2021-02-25 01:37:16 -0500 |
---|---|---|
committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2024-06-18 01:47:29 +0000 |
commit | 66d274dfbab9e4f84599f06504987c418ca087d9 (patch) | |
tree | 92fcba5c66690cc9cf1a3008c3f4f5ab8a827d35 /include | |
parent | e1d209d4432846d28c31d84f269f4edcb9a63509 (diff) | |
download | boringssl-66d274dfbab9e4f84599f06504987c418ca087d9.zip boringssl-66d274dfbab9e4f84599f06504987c418ca087d9.tar.gz boringssl-66d274dfbab9e4f84599f06504987c418ca087d9.tar.bz2 |
Implement rsa_pkcs1_sha256_legacy.
See draft-ietf-tls13-pkcs1-00. The code point is disabled by default
and must be configured in SSL_set_verify_algorithm_prefs and
SSL_set_signing_algorithm_prefs. It is also only defined for TLS 1.3
client certificates and otherwise ignored.
This required reworking the tests a bit since this is the first
signature algorithm that's disabled by default, and the first algorithm
that behaves differently between client and server.
Bug: 347047841
Change-Id: If4f653a456799ed9f0173159da291a9b6b6556fb
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/69368
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 63b66b4..9d7abe8 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1205,6 +1205,11 @@ OPENSSL_EXPORT int SSL_set_ocsp_response(SSL *ssl, #define SSL_SIGN_RSA_PSS_RSAE_SHA512 0x0806 #define SSL_SIGN_ED25519 0x0807 +// SSL_SIGN_RSA_PKCS1_SHA256_LEGACY is a backport of RSASSA-PKCS1-v1_5 with +// SHA-256 to TLS 1.3. It is disabled by default and only defined for client +// certificates. +#define SSL_SIGN_RSA_PKCS1_SHA256_LEGACY 0x0420 + // SSL_SIGN_RSA_PKCS1_MD5_SHA1 is an internal signature algorithm used to // specify raw RSASSA-PKCS1-v1_5 with an MD5/SHA-1 concatenation, as used in TLS // before TLS 1.2. |