From 18292fe205a152f1a412bb7ee88152db65da731b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 21 Aug 2020 20:42:32 +0200 Subject: [PATCH] cert_write: discover hash algorithms automatically Discover hash algorithms automatically rather than hard-coding a list. Signed-off-by: Gilles Peskine --- programs/x509/cert_write.c | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 1eeb861e8..18174d804 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -118,8 +118,9 @@ int main( void ) " is_ca=%%d default: 0 (disabled)\n" \ " max_pathlen=%%d default: -1 (none)\n" \ " md=%%s default: SHA256\n" \ - " Supported values:\n" \ - " MD2, MD4, MD5, SHA1, SHA256, SHA512\n"\ + " Supported values (if enabled):\n" \ + " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \ + " SHA224, SHA256, SHA384, SHA512\n" \ " version=%%d default: 3\n" \ " Possible values: 1, 2, 3\n"\ " subject_identifier=%%s default: 1\n" \ @@ -353,27 +354,14 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "md" ) == 0 ) { - if( strcmp( q, "SHA1" ) == 0 ) - opt.md = MBEDTLS_MD_SHA1; - else if( strcmp( q, "SHA224" ) == 0 ) - opt.md = MBEDTLS_MD_SHA224; - else if( strcmp( q, "SHA256" ) == 0 ) - opt.md = MBEDTLS_MD_SHA256; - else if( strcmp( q, "SHA384" ) == 0 ) - opt.md = MBEDTLS_MD_SHA384; - else if( strcmp( q, "SHA512" ) == 0 ) - opt.md = MBEDTLS_MD_SHA512; - else if( strcmp( q, "MD2" ) == 0 ) - opt.md = MBEDTLS_MD_MD2; - else if( strcmp( q, "MD4" ) == 0 ) - opt.md = MBEDTLS_MD_MD4; - else if( strcmp( q, "MD5" ) == 0 ) - opt.md = MBEDTLS_MD_MD5; - else + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_string( q ); + if( md_info == NULL ) { mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } + opt.md = mbedtls_md_get_type( md_info ); } else if( strcmp( p, "version" ) == 0 ) {