*/
# define SSL_PKEY_GOST_EC SSL_PKEY_NUM+1
+/*
+ * TODO(TLS1.3) for now use RSA_SIGN keys for PSS
+ */
+
+#define SSL_PKEY_RSA_PSS_SIGN SSL_PKEY_RSA_SIGN
+
/*-
* SSL_kRSA <- RSA_ENC
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
/* Have we attempted to find/parse SCTs yet? */
int scts_parsed;
# endif
- SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
-# ifndef OPENSSL_NO_NEXTPROTONEG
-# endif
-# define session_ctx initial_ctx
+ SSL_CTX *session_ctx; /* initial ctx, used to store sessions */
/* What we'll do */
STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
/* What's been chosen */
uint16_t sigalg;
/* NID of hash algorithm */
int hash;
+ /* Index of hash algorithm */
+ int hash_idx;
/* NID of signature algorithm */
int sig;
+ /* Index of signature algorithm */
+ int sig_idx;
/* Combined hash and signature NID, if any */
int sigandhash;
/* Required public key curve (ECDSA only) */
size_t peer_sigalgslen;
/* Sigalg peer actualy uses */
const SIGALG_LOOKUP *peer_sigalg;
- /* Digest peer uses for signing */
- const EVP_MD *peer_md;
/* Array of digests used for signing */
const EVP_MD *md[SSL_PKEY_NUM];
/*
__owur int tls12_get_sigandhash(SSL *s, WPACKET *pkt, const EVP_PKEY *pk,
const EVP_MD *md, int *ispss);
-__owur const EVP_MD *tls12_get_hash(int hash_nid);
void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);