void OpenSSL_add_all_digests(void) { #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl2-md5"); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) EVP_add_digest(EVP_sha()); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss()); #endif #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); #ifndef OPENSSL_NO_DSA EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif #endif #ifndef OPENSSL_NO_GOST EVP_add_digest(EVP_gostr341194()); EVP_add_digest(EVP_gost2814789imit()); EVP_add_digest(EVP_streebog256()); EVP_add_digest(EVP_streebog512()); #endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif #ifndef OPENSSL_NO_RIPEMD EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif #ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); #endif #ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); #endif #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif }
const EVP_MD * tls12_get_hash(unsigned char hash_alg) { switch (hash_alg) { case TLSEXT_hash_sha1: return EVP_sha1(); case TLSEXT_hash_sha224: return EVP_sha224(); case TLSEXT_hash_sha256: return EVP_sha256(); case TLSEXT_hash_sha384: return EVP_sha384(); case TLSEXT_hash_sha512: return EVP_sha512(); #ifndef OPENSSL_NO_GOST case TLSEXT_hash_gost94: return EVP_gostr341194(); case TLSEXT_hash_streebog_256: return EVP_streebog256(); case TLSEXT_hash_streebog_512: return EVP_streebog512(); #endif default: return NULL; } }
static void ssl_cert_set_default_md(CERT *cert) { /* Set digest values to defaults */ cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #ifndef OPENSSL_NO_GOST cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); #endif }
int tls1_process_sigalgs(SSL *s, CBS *cbs) { const EVP_MD *md; CERT *c = s->cert; int idx; /* Extension ignored for inappropriate versions */ if (!SSL_USE_SIGALGS(s)) return 1; /* Should never happen */ if (c == NULL) return 0; c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL; c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL; c->pkeys[SSL_PKEY_ECC].digest = NULL; c->pkeys[SSL_PKEY_GOST01].digest = NULL; while (CBS_len(cbs) > 0) { uint8_t hash_alg, sig_alg; if (!CBS_get_u8(cbs, &hash_alg) || !CBS_get_u8(cbs, &sig_alg)) return 0; switch (sig_alg) { case TLSEXT_signature_rsa: idx = SSL_PKEY_RSA_SIGN; break; case TLSEXT_signature_ecdsa: idx = SSL_PKEY_ECC; break; case TLSEXT_signature_gostr01: case TLSEXT_signature_gostr12_256: case TLSEXT_signature_gostr12_512: idx = SSL_PKEY_GOST01; break; default: continue; } if (c->pkeys[idx].digest == NULL) { md = tls12_get_hash(hash_alg); if (md) { c->pkeys[idx].digest = md; if (idx == SSL_PKEY_RSA_SIGN) c->pkeys[SSL_PKEY_RSA_ENC].digest = md; } } } /* * Set any remaining keys to default values. NOTE: if alg is not * supported it stays as NULL. */ if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); } if (!c->pkeys[SSL_PKEY_ECC].digest) c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #ifndef OPENSSL_NO_GOST if (!c->pkeys[SSL_PKEY_GOST01].digest) c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194(); #endif return 1; }