void
OpenSSL_add_all_digests(void)
{
#ifndef OPENSSL_NO_MD4
EVP_add_digest(EVP_md4());
#endif
#ifndef OPENSSL_NO_MD5
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl2-md5");
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
EVP_add_digest(EVP_sha());
#ifndef OPENSSL_NO_DSA
EVP_add_digest(EVP_dss());
#endif
#endif
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
#ifndef OPENSSL_NO_DSA
EVP_add_digest(EVP_dss1());
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
#endif
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
#endif
#ifndef OPENSSL_NO_GOST
EVP_add_digest(EVP_gostr341194());
EVP_add_digest(EVP_gost2814789imit());
EVP_add_digest(EVP_streebog256());
EVP_add_digest(EVP_streebog512());
#endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
EVP_add_digest(EVP_mdc2());
#endif
#ifndef OPENSSL_NO_RIPEMD
EVP_add_digest(EVP_ripemd160());
EVP_add_digest_alias(SN_ripemd160, "ripemd");
EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
#endif
#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
#endif
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
}
const EVP_MD *
tls12_get_hash(unsigned char hash_alg)
{
switch (hash_alg) {
case TLSEXT_hash_sha1:
return EVP_sha1();
case TLSEXT_hash_sha224:
return EVP_sha224();
case TLSEXT_hash_sha256:
return EVP_sha256();
case TLSEXT_hash_sha384:
return EVP_sha384();
case TLSEXT_hash_sha512:
return EVP_sha512();
#ifndef OPENSSL_NO_GOST
case TLSEXT_hash_gost94:
return EVP_gostr341194();
case TLSEXT_hash_streebog_256:
return EVP_streebog256();
case TLSEXT_hash_streebog_512:
return EVP_streebog512();
#endif
default:
return NULL;
}
}
static void
ssl_cert_set_default_md(CERT *cert)
{
/* Set digest values to defaults */
cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#ifndef OPENSSL_NO_GOST
cert->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
#endif
}
int
tls1_process_sigalgs(SSL *s, CBS *cbs)
{
const EVP_MD *md;
CERT *c = s->cert;
int idx;
/* Extension ignored for inappropriate versions */
if (!SSL_USE_SIGALGS(s))
return 1;
/* Should never happen */
if (c == NULL)
return 0;
c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
c->pkeys[SSL_PKEY_ECC].digest = NULL;
c->pkeys[SSL_PKEY_GOST01].digest = NULL;
while (CBS_len(cbs) > 0) {
uint8_t hash_alg, sig_alg;
if (!CBS_get_u8(cbs, &hash_alg) || !CBS_get_u8(cbs, &sig_alg))
return 0;
switch (sig_alg) {
case TLSEXT_signature_rsa:
idx = SSL_PKEY_RSA_SIGN;
break;
case TLSEXT_signature_ecdsa:
idx = SSL_PKEY_ECC;
break;
case TLSEXT_signature_gostr01:
case TLSEXT_signature_gostr12_256:
case TLSEXT_signature_gostr12_512:
idx = SSL_PKEY_GOST01;
break;
default:
continue;
}
if (c->pkeys[idx].digest == NULL) {
md = tls12_get_hash(hash_alg);
if (md) {
c->pkeys[idx].digest = md;
if (idx == SSL_PKEY_RSA_SIGN)
c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
}
}
}
/*
* Set any remaining keys to default values. NOTE: if alg is not
* supported it stays as NULL.
*/
if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) {
c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
}
if (!c->pkeys[SSL_PKEY_ECC].digest)
c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#ifndef OPENSSL_NO_GOST
if (!c->pkeys[SSL_PKEY_GOST01].digest)
c->pkeys[SSL_PKEY_GOST01].digest = EVP_gostr341194();
#endif
return 1;
}
