return 1;
}
+/* --------------------------------------------------------------- */
+
+#if !defined(OPENSSL_NO_ML_DSA)
+
+typedef struct tls_sigalg_constants_st {
+ unsigned int code_point;
+ unsigned int sec_bits; /* Bits of security */
+ int min_tls; /* Minimum TLS version, -1 unsupported */
+ int max_tls; /* Maximum TLS version (or 0 for undefined) */
+} TLS_SIGALG_CONSTANTS;
+
+static const TLS_SIGALG_CONSTANTS sigalg_constants_list[3] = {
+ { 0x0904, 128, TLS1_3_VERSION, 0 },
+ { 0x0905, 192, TLS1_3_VERSION, 0 },
+ { 0x0906, 256, TLS1_3_VERSION, 0 },
+};
+
+# define TLS_SIGALG_ENTRY(tlsname, algorithm, oid, idx) \
+ { \
+ OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, \
+ tlsname, sizeof(tlsname)), \
+ OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, \
+ algorithm, sizeof(algorithm)), \
+ OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, \
+ oid, sizeof(oid)), \
+ OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, \
+ (unsigned int *)&sigalg_constants_list[idx].code_point),\
+ OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, \
+ (unsigned int *)&sigalg_constants_list[idx].sec_bits), \
+ OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, \
+ (unsigned int *)&sigalg_constants_list[idx].min_tls), \
+ OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, \
+ (unsigned int *)&sigalg_constants_list[idx].max_tls), \
+ OSSL_PARAM_END \
+ }
+
+static const OSSL_PARAM param_sigalg_list[][8] = {
+ TLS_SIGALG_ENTRY("mldsa44", "ML-DSA-44", "2.16.840.1.101.3.4.3.17", 0),
+ TLS_SIGALG_ENTRY("mldsa65", "ML-DSA-65", "2.16.840.1.101.3.4.3.18", 1),
+ TLS_SIGALG_ENTRY("mldsa87", "ML-DSA-87", "2.16.840.1.101.3.4.3.19", 2),
+};
+#endif /* OPENSSL_NO_ML_DSA */
+
+static int tls_sigalg_capability(OSSL_CALLBACK *cb, void *arg)
+{
+#if !defined(OPENSSL_NO_ML_DSA)
+ size_t i;
+
+ for (i = 0; i < OSSL_NELEM(param_sigalg_list); i++)
+ if (!cb(param_sigalg_list[i], arg))
+ return 0;
+#endif
+ return 1;
+}
+
int ossl_prov_get_capabilities(void *provctx, const char *capability,
OSSL_CALLBACK *cb, void *arg)
{
if (OPENSSL_strcasecmp(capability, "TLS-GROUP") == 0)
return tls_group_capability(cb, arg);
+ if (OPENSSL_strcasecmp(capability, "TLS-SIGALG") == 0)
+ return tls_sigalg_capability(cb, arg);
/* We don't support this capability */
return 0;
{"name" : "test-tls13-certificate-verify.py",
"arguments" : ["-k", "tests/clientX509Key.pem",
"-c", "tests/clientX509Cert.pem",
- "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
+ "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224 9+4 9+5 9+6",
"-p", "@PORT@"]},
{"name" : "test-tls13-ecdsa-in-certificate-verify.py",
"arguments" : ["-k", "tests/serverECKey.pem",
"-c", "tests/serverECCert.pem",
- "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224",
+ "-s", "ecdsa_secp256r1_sha256 ecdsa_secp384r1_sha384 ecdsa_secp521r1_sha512 ed25519 ed448 8+26 8+27 8+28 rsa_pss_pss_sha256 rsa_pss_pss_sha384 rsa_pss_pss_sha512 rsa_pss_rsae_sha256 rsa_pss_rsae_sha384 rsa_pss_rsae_sha512 rsa_pkcs1_sha256 rsa_pkcs1_sha384 rsa_pkcs1_sha512 ecdsa_sha224 rsa_pkcs1_sha224 9+4 9+5 9+6",
"-p", "@PORT@"]}
]
},
projects / thirdparty / openssl.git / commitdiff
