+
+#define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num *2)
+
+typedef struct
+ {
+ size_t sigalgcnt;
+ int sigalgs[MAX_SIGALGLEN];
+ } sig_cb_st;
+
+static int sig_cb(const char *elem, int len, void *arg)
+ {
+ sig_cb_st *sarg = arg;
+ size_t i;
+ char etmp[20], *p;
+ int sig_alg, hash_alg;
+ if (sarg->sigalgcnt == MAX_SIGALGLEN)
+ return 0;
+ if (len > (int)(sizeof(etmp) - 1))
+ return 0;
+ memcpy(etmp, elem, len);
+ etmp[len] = 0;
+ p = strchr(etmp, '+');
+ if (!p)
+ return 0;
+ *p = 0;
+ p++;
+ if (!*p)
+ return 0;
+
+ if (!strcmp(etmp, "RSA"))
+ sig_alg = EVP_PKEY_RSA;
+ else if (!strcmp(etmp, "DSA"))
+ sig_alg = EVP_PKEY_DSA;
+ else if (!strcmp(etmp, "ECDSA"))
+ sig_alg = EVP_PKEY_EC;
+ else return 0;
+
+ hash_alg = OBJ_sn2nid(p);
+ if (hash_alg == NID_undef)
+ hash_alg = OBJ_ln2nid(p);
+ if (hash_alg == NID_undef)
+ return 0;
+
+ for (i = 0; i < sarg->sigalgcnt; i+=2)
+ {
+ if (sarg->sigalgs[i] == sig_alg
+ && sarg->sigalgs[i + 1] == hash_alg)
+ return 0;
+ }
+ sarg->sigalgs[sarg->sigalgcnt++] = hash_alg;
+ sarg->sigalgs[sarg->sigalgcnt++] = sig_alg;
+ return 1;
+ }
+
+/* Set suppored signature algorithms based on a colon separated list
+ * of the form sig+hash e.g. RSA+SHA512:DSA+SHA512 */
+int tls1_set_sigalgs_list(CERT *c, const char *str)
+ {
+ sig_cb_st sig;
+ sig.sigalgcnt = 0;
+ if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
+ return 0;
+ return tls1_set_sigalgs(c, sig.sigalgs, sig.sigalgcnt);
+ }
+
+int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen)
+ {
+ TLS_SIGALGS *sigalgs, *sptr;
+ int rhash, rsign;
+ size_t i;
+ if (salglen & 1)
+ return 0;
+ salglen /= 2;
+ sigalgs = OPENSSL_malloc(sizeof(TLS_SIGALGS) * salglen);
+ if (sigalgs == NULL)
+ return 0;
+ for (i = 0, sptr = sigalgs; i < salglen; i++, sptr++)
+ {
+ sptr->hash_nid = *salg++;
+ sptr->sign_nid = *salg++;
+ rhash = tls12_find_id(sptr->hash_nid, tls12_md,
+ sizeof(tls12_md)/sizeof(tls12_lookup));
+ rsign = tls12_find_id(sptr->sign_nid, tls12_sig,
+ sizeof(tls12_sig)/sizeof(tls12_lookup));
+
+ if (rhash == -1 || rsign == -1)
+ goto err;
+
+ if (!OBJ_find_sigid_by_algs(&sptr->signandhash_nid,
+ sptr->hash_nid,
+ sptr->sign_nid))
+ sptr->signandhash_nid = NID_undef;
+ sptr->rhash = rhash;
+ sptr->rsign = rsign;
+ }
+
+ if (c->conf_sigalgs)
+ OPENSSL_free(c->conf_sigalgs);
+
+ c->conf_sigalgs = sigalgs;
+ c->conf_sigalgslen = salglen;
+ return 1;
+
+ err:
+ OPENSSL_free(sigalgs);
+ return 0;
+ }