#ifndef OPENSSL_NO_TLSEXT
+/* List of supported signature algorithms and hashes. Should make this
+ * customisable at some point, for now include everything we support.
+ */
+
+#ifdef OPENSSL_NO_RSA
+#define tlsext_sigalg_rsa(md) /* */
+#else
+#define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
+#endif
+
+#ifdef OPENSSL_NO_DSA
+#define tlsext_sigalg_dsa(md) /* */
+#else
+#define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
+#endif
+
+#ifdef OPENSSL_NO_ECDSA
+#define tlsext_sigalg_ecdsa(md) /* */
+#else
+#define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_dsa,
+#endif
+
+#define tlsext_sigalg(md) \
+ tlsext_sigalg_rsa(md) \
+ tlsext_sigalg_dsa(md) \
+ tlsext_sigalg_ecdsa(md)
+
+static unsigned char tls12_sigalgs[] = {
+#ifndef OPENSSL_NO_SHA512
+ tlsext_sigalg(TLSEXT_hash_sha512)
+ tlsext_sigalg(TLSEXT_hash_sha384)
+#endif
+#ifndef OPENSSL_NO_SHA256
+ tlsext_sigalg(TLSEXT_hash_sha256)
+ tlsext_sigalg(TLSEXT_hash_sha224)
+#endif
+#ifndef OPENSSL_NO_SHA
+ tlsext_sigalg(TLSEXT_hash_sha1)
+#endif
+#ifndef OPENSSL_NO_MD5
+ tlsext_sigalg_rsa(TLSEXT_hash_md5)
+#endif
+};
+
int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
{
if (p)
}
skip_ext:
- if (s->version >= TLS1_2_VERSION)
+ if (TLS1_get_version(s) >= TLS1_2_VERSION)
{
- /* List of supported signature algorithms and hashes.
- * Should make this customisable at some point, for
- * now include everything we support.
- */
- static unsigned char sigalgs[] = {
-#ifndef OPENSSL_NO_RSA
-# ifndef OPENSSL_NO_SHA512
- TLSEXT_hash_sha512, TLSEXT_signature_rsa,
- TLSEXT_hash_sha384, TLSEXT_signature_rsa,
-# endif
-# ifndef OPENSSL_NO_SHA256
- TLSEXT_hash_sha256, TLSEXT_signature_rsa,
- TLSEXT_hash_sha224, TLSEXT_signature_rsa,
-# endif
-# ifndef OPENSSL_NO_SHA
- TLSEXT_hash_sha1, TLSEXT_signature_rsa,
-# endif
-#endif
-#ifndef OPENSSL_NO_ECDSA
-# ifndef OPENSSL_NO_SHA512
- TLSEXT_hash_sha512, TLSEXT_signature_ecdsa,
- TLSEXT_hash_sha384, TLSEXT_signature_ecdsa,
-# endif
-# ifndef OPENSSL_NO_SHA256
- TLSEXT_hash_sha256, TLSEXT_signature_ecdsa,
- TLSEXT_hash_sha224, TLSEXT_signature_ecdsa,
-# endif
-# ifndef OPENSSL_NO_SHA
- TLSEXT_hash_sha1, TLSEXT_signature_ecdsa,
-# endif
-#endif
-#ifndef OPENSSL_NO_DSA
-# ifndef OPENSSL_NO_SHA512
- TLSEXT_hash_sha512, TLSEXT_signature_dsa,
- TLSEXT_hash_sha384, TLSEXT_signature_dsa,
-# endif
-# ifndef OPENSSL_NO_SHA256
- TLSEXT_hash_sha256, TLSEXT_signature_dsa,
- TLSEXT_hash_sha224, TLSEXT_signature_dsa,
-# endif
-# ifndef OPENSSL_NO_SHA
- TLSEXT_hash_sha1, TLSEXT_signature_dsa
-# endif
-#endif
- };
- if ((size_t)(limit - ret) < sizeof(sigalgs) + 6)
+ if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
return NULL;
s2n(TLSEXT_TYPE_signature_algorithms,ret);
- s2n(sizeof(sigalgs) + 2, ret);
- s2n(sizeof(sigalgs), ret);
- memcpy(ret, sigalgs, sizeof(sigalgs));
- ret += sizeof(sigalgs);
+ s2n(sizeof(tls12_sigalgs) + 2, ret);
+ s2n(sizeof(tls12_sigalgs), ret);
+ memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
+ ret += sizeof(tls12_sigalgs);
}
#ifdef TLSEXT_TYPE_opaque_prf_input
const EVP_MD *md;
CERT *c = s->cert;
/* Extension ignored for TLS versions below 1.2 */
- if (s->version < TLS1_2_VERSION)
+ if (TLS1_get_version(s) < TLS1_2_VERSION)
return 1;
/* Should never happen */
if (!c)
projects / oweals / openssl.git / blobdiff