Functions
IS_GOSTEC()
#define IS_GOSTEC(x)
HAVE_UNKNOWN_SIGAID()
#define HAVE_UNKNOWN_SIGAID(aid) ((aid)->id[0] == 255 && (aid)->id[1] == 255)
unlikely ()
if
unlikely ();
mac_to_entry()
#define mac_to_entry(x) _gnutls_mac_to_entry(x)
hash_to_entry()
#define hash_to_entry(x) mac_to_entry((gnutls_mac_algorithm_t)(x))
cipher_to_entry()
#define cipher_to_entry(x) _gnutls_cipher_to_entry(x)
cipher_name_to_entry ()
const cipher_entry_st *
cipher_name_to_entry (const char *name
);
curve_is_modern_ecdh ()
int
curve_is_modern_ecdh ();
Types and Values
SYSTEM_CONFIG_OR_CONST
# define SYSTEM_CONFIG_OR_CONST const
version_to_entry
#define version_to_entry _gnutls_version_to_entry
GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR
#define GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR 0x00
GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR
#define GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR 0xFF
GNUTLS_FALLBACK_SCSV_MAJOR
#define GNUTLS_FALLBACK_SCSV_MAJOR 0x56
GNUTLS_FALLBACK_SCSV_MINOR
#define GNUTLS_FALLBACK_SCSV_MINOR 0x00
SIG_SEM_PRE_TLS12
#define SIG_SEM_PRE_TLS12 (1<<1)
SIG_SEM_TLS13
#define SIG_SEM_TLS13 (1<<2)
SIG_SEM_DEFAULT
#define SIG_SEM_DEFAULT (SIG_SEM_PRE_TLS12|SIG_SEM_TLS13)
TLS_SIGN_AID_UNKNOWN
#define TLS_SIGN_AID_UNKNOWN {{255, 255}, 0}
CS_INVALID_MAJOR
#define CS_INVALID_MAJOR 0x00
CS_INVALID_MINOR
#define CS_INVALID_MINOR 0x00
GNUTLS_SIGN_FLAG_TLS13_OK
#define GNUTLS_SIGN_FLAG_TLS13_OK 1 /* if it is ok to use under TLS1.3 */
GNUTLS_SIGN_FLAG_CRT_VRFY_REVERSE
#define GNUTLS_SIGN_FLAG_CRT_VRFY_REVERSE (1 << 1) /* reverse order of bytes in CrtVrfy signature */
GNUTLS_SIGN_FLAG_INSECURE_REVERTIBLE
#define GNUTLS_SIGN_FLAG_INSECURE_REVERTIBLE (1 << 2)
GNUTLS_SIGN_FLAG_ALLOW_INSECURE_REVERTIBLE
#define GNUTLS_SIGN_FLAG_ALLOW_INSECURE_REVERTIBLE (1 << 3)
struct gnutls_sign_entry_st
struct gnutls_sign_entry_st {
const char *name;
const char *oid;
gnutls_sign_algorithm_t id;
gnutls_pk_algorithm_t pk;
gnutls_digest_algorithm_t hash;
/* if non-zero it must be the algorithm of the
* private key used or certificate. This is for algorithms
* which can have a different public key type than the
* private key (e.g., RSA PKCS#1 1.5 certificate, but
* an RSA-PSS private key, or an RSA private key and
* an RSA-PSS certificate). */
gnutls_pk_algorithm_t priv_pk;
gnutls_pk_algorithm_t cert_pk;
unsigned flags;
/* if this signature algorithm is restricted to a curve
* under TLS 1.3. */
gnutls_ecc_curve_t curve;
/* See RFC 5246 HashAlgorithm and SignatureAlgorithm
for values to use in aid struct. */
const sign_algorithm_st aid;
hash_security_level_t slevel; /* contains values of hash_security_level_t */
/* 0 if it matches the predefined hash output size, otherwise
* it is truncated or expanded (with XOF) */
unsigned hash_output_size;
};
gnutls_ecc_curve_entry_st
typedef struct {
const char *name;
const char *oid;
gnutls_ecc_curve_t id;
gnutls_pk_algorithm_t pk;
unsigned size; /* the size in bytes */
unsigned sig_size; /* the size of curve signatures in bytes (EdDSA) */
unsigned gost_curve;
bool supported;
bool supported_revertible;
gnutls_group_t group;
} gnutls_ecc_curve_entry_st;
MAX_ECC_CURVE_SIZE
#define MAX_ECC_CURVE_SIZE 66
pk
gnutls_pk_algorithm_t pk = se->pk;