/*
+ * Copyright (C) 2020 Tobias Brunner
+ * Copyright (C) 2020 Pascal Knecht
+ * Copyright (C) 2020 Méline Sieber
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010-2014 Martin Willi
* Copyright (C) 2010-2014 revosec AG
*
*/
bool ecdsa;
- /**
- * MD5 supported?
- */
- bool md5;
-
- /**
- * SHA1 supported?
- */
- bool sha1;
- /**
- * SHA224 supported?
- */
- bool sha224;
-
- /*
- * SHA256 supported?
- */
- bool sha256;
-
- /**
- * SHA384 supported?
- */
- bool sha384;
-
- /**
- * SHA512 supported?
- */
- bool sha512;
-
/**
* TLS context
*/
private_tls_crypto_t *this, bio_writer_t *writer)
{
bio_writer_t *supported;
+ tls_version_t version;
int i;
supported = bio_writer_create(32);
+ version = this->tls->get_version_max(this->tls);
for (i = 0; i < countof(schemes); i++)
{
{
continue;
}
- if (schemes[i].hash == TLS_HASH_MD5 && !this->md5)
- {
- continue;
- }
- if (schemes[i].hash == TLS_HASH_SHA1 && !this->sha1)
- {
- continue;
- }
- if (schemes[i].hash == TLS_HASH_SHA224 && !this->sha224)
- {
- continue;
- }
- if (schemes[i].hash == TLS_HASH_SHA256 && !this->sha256)
+ if (schemes[i].hash == TLS_HASH_MD5 && version >= TLS_1_3)
{
continue;
}
- if (schemes[i].hash == TLS_HASH_SHA384 && !this->sha384)
- {
- continue;
- }
- if (schemes[i].hash == TLS_HASH_SHA512 && !this->sha512)
+ if (schemes[i].hash == TLS_HASH_SHA224 && version >= TLS_1_3)
{
continue;
}
enumerator_t *enumerator;
credential_type_t type;
int subtype;
- int hash_algorithm;
- const char *plugin;
INIT(this,
.public = {
}
enumerator->destroy(enumerator);
- enumerator = lib->crypto->create_hasher_enumerator(lib->crypto);
- while (enumerator->enumerate(enumerator, &hash_algorithm, &plugin))
- {
- switch (hash_algorithm)
- {
- case TLS_HASH_MD5:
- if (tls->get_version_max(tls) < TLS_1_3)
- {
- this->md5 = TRUE;
- }
- else
- {
- this->md5 = FALSE;
- }
- break;
- case TLS_HASH_SHA1:
- this->sha1 = TRUE;
- break;
- case TLS_HASH_SHA224:
- if (tls->get_version_max(tls) < TLS_1_3)
- {
- this->sha224 = TRUE;
- }
- else
- {
- this->sha224 = FALSE;
- }
- break;
- case TLS_HASH_SHA384:
- this->sha384 = TRUE;
- break;
- case TLS_HASH_SHA256:
- this->sha256 = TRUE;
- break;
- case TLS_HASH_SHA512:
- this->sha512 = TRUE;
- break;
- default:
- continue;
- }
- }
- enumerator->destroy(enumerator);
-
switch (tls->get_purpose(tls))
{
case TLS_PURPOSE_EAP_TLS: