]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
tls-crypto: Simplify hash algorithm handling
authorTobias Brunner <tobias@strongswan.org>
Tue, 25 Aug 2020 11:14:05 +0000 (13:14 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 10:45:44 +0000 (11:45 +0100)
src/libtls/tls_crypto.c

index bef8184ee67a04e290d26c772a2495765c51f96e..fea04a9ebcb9a4a77b71b3b20a932735dae9c0e1 100644 (file)
@@ -1,4 +1,9 @@
 /*
+ * Copyright (C) 2020 Tobias Brunner
+ * Copyright (C) 2020 Pascal Knecht
+ * Copyright (C) 2020 Méline Sieber
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2010-2014 Martin Willi
  * Copyright (C) 2010-2014 revosec AG
  *
@@ -391,35 +396,6 @@ struct private_tls_crypto_t {
         */
        bool ecdsa;
 
-       /**
-        * MD5 supported?
-        */
-       bool md5;
-
-       /**
-        * SHA1 supported?
-        */
-       bool sha1;
-       /**
-        * SHA224 supported?
-        */
-       bool sha224;
-
-       /*
-        * SHA256 supported?
-        */
-       bool sha256;
-
-       /**
-        * SHA384 supported?
-        */
-       bool sha384;
-
-       /**
-        * SHA512 supported?
-        */
-       bool sha512;
-
        /**
         * TLS context
         */
@@ -1422,9 +1398,11 @@ METHOD(tls_crypto_t, get_signature_algorithms, void,
        private_tls_crypto_t *this, bio_writer_t *writer)
 {
        bio_writer_t *supported;
+       tls_version_t version;
        int i;
 
        supported = bio_writer_create(32);
+       version = this->tls->get_version_max(this->tls);
 
        for (i = 0; i < countof(schemes); i++)
        {
@@ -1436,27 +1414,11 @@ METHOD(tls_crypto_t, get_signature_algorithms, void,
                {
                        continue;
                }
-               if (schemes[i].hash == TLS_HASH_MD5 && !this->md5)
-               {
-                       continue;
-               }
-               if (schemes[i].hash == TLS_HASH_SHA1 && !this->sha1)
-               {
-                       continue;
-               }
-               if (schemes[i].hash == TLS_HASH_SHA224 && !this->sha224)
-               {
-                       continue;
-               }
-               if (schemes[i].hash == TLS_HASH_SHA256 && !this->sha256)
+               if (schemes[i].hash == TLS_HASH_MD5 && version >= TLS_1_3)
                {
                        continue;
                }
-               if (schemes[i].hash == TLS_HASH_SHA384 && !this->sha384)
-               {
-                       continue;
-               }
-               if (schemes[i].hash == TLS_HASH_SHA512 && !this->sha512)
+               if (schemes[i].hash == TLS_HASH_SHA224 && version >= TLS_1_3)
                {
                        continue;
                }
@@ -2242,8 +2204,6 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
        enumerator_t *enumerator;
        credential_type_t type;
        int subtype;
-       int hash_algorithm;
-       const char *plugin;
 
        INIT(this,
                .public = {
@@ -2293,49 +2253,6 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
        }
        enumerator->destroy(enumerator);
 
-       enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
-       while (enumerator->enumerate(enumerator, &hash_algorithm, &plugin))
-       {
-               switch (hash_algorithm)
-               {
-                       case TLS_HASH_MD5:
-                               if (tls->get_version_max(tls) < TLS_1_3)
-                               {
-                                       this->md5 = TRUE;
-                               }
-                               else
-                               {
-                                       this->md5 = FALSE;
-                               }
-                               break;
-                       case TLS_HASH_SHA1:
-                               this->sha1 = TRUE;
-                               break;
-                       case TLS_HASH_SHA224:
-                               if (tls->get_version_max(tls) < TLS_1_3)
-                               {
-                                       this->sha224 = TRUE;
-                               }
-                               else
-                               {
-                                       this->sha224 = FALSE;
-                               }
-                               break;
-                       case TLS_HASH_SHA384:
-                               this->sha384 = TRUE;
-                               break;
-                       case TLS_HASH_SHA256:
-                               this->sha256 = TRUE;
-                               break;
-                       case TLS_HASH_SHA512:
-                               this->sha512 = TRUE;
-                               break;
-                       default:
-                               continue;
-               }
-       }
-       enumerator->destroy(enumerator);
-
        switch (tls->get_purpose(tls))
        {
                case TLS_PURPOSE_EAP_TLS: