aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2011-11-27 19:48:34 (GMT)
committerJouni Malinen <j@w1.fi>2011-11-27 19:48:34 (GMT)
commit20b4cdcd41e3c35d4c7592093158b36841efb038 (patch)
tree04d92c66ad3ca58ca8102d54b953452ef5534fc7
parentca84eed7ad13dc23bd5363aaa1fd5ed34b3bb5e3 (diff)
downloadhostap-20b4cdcd41e3c35d4c7592093158b36841efb038.zip
hostap-20b4cdcd41e3c35d4c7592093158b36841efb038.tar.gz
hostap-20b4cdcd41e3c35d4c7592093158b36841efb038.tar.bz2
TLS: Maintain SHA256-based hash values for TLS v1.2
Signed-hostap: Jouni Malinen <j@w1.fi>
-rw-r--r--src/tls/tlsv1_common.c29
-rw-r--r--src/tls/tlsv1_common.h3
2 files changed, 32 insertions, 0 deletions
diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c
index 19c50c2..17fc8a1 100644
--- a/src/tls/tlsv1_common.c
+++ b/src/tls/tlsv1_common.c
@@ -204,6 +204,19 @@ int tls_verify_hash_init(struct tls_verify_hash *verify)
tls_verify_hash_free(verify);
return -1;
}
+#ifdef CONFIG_TLSV12
+ verify->sha256_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL,
+ 0);
+ verify->sha256_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL,
+ 0);
+ verify->sha256_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL,
+ 0);
+ if (verify->sha256_client == NULL || verify->sha256_server == NULL ||
+ verify->sha256_cert == NULL) {
+ tls_verify_hash_free(verify);
+ return -1;
+ }
+#endif /* CONFIG_TLSV12 */
return 0;
}
@@ -223,6 +236,14 @@ void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
crypto_hash_update(verify->md5_cert, buf, len);
crypto_hash_update(verify->sha1_cert, buf, len);
}
+#ifdef CONFIG_TLSV12
+ if (verify->sha256_client)
+ crypto_hash_update(verify->sha256_client, buf, len);
+ if (verify->sha256_server)
+ crypto_hash_update(verify->sha256_server, buf, len);
+ if (verify->sha256_cert)
+ crypto_hash_update(verify->sha256_cert, buf, len);
+#endif /* CONFIG_TLSV12 */
}
@@ -240,6 +261,14 @@ void tls_verify_hash_free(struct tls_verify_hash *verify)
verify->sha1_client = NULL;
verify->sha1_server = NULL;
verify->sha1_cert = NULL;
+#ifdef CONFIG_TLSV12
+ crypto_hash_finish(verify->sha256_client, NULL, NULL);
+ crypto_hash_finish(verify->sha256_server, NULL, NULL);
+ crypto_hash_finish(verify->sha256_cert, NULL, NULL);
+ verify->sha256_client = NULL;
+ verify->sha256_server = NULL;
+ verify->sha256_cert = NULL;
+#endif /* CONFIG_TLSV12 */
}
diff --git a/src/tls/tlsv1_common.h b/src/tls/tlsv1_common.h
index 91a0380..9442649 100644
--- a/src/tls/tlsv1_common.h
+++ b/src/tls/tlsv1_common.h
@@ -208,10 +208,13 @@ struct tls_cipher_data {
struct tls_verify_hash {
struct crypto_hash *md5_client;
struct crypto_hash *sha1_client;
+ struct crypto_hash *sha256_client;
struct crypto_hash *md5_server;
struct crypto_hash *sha1_server;
+ struct crypto_hash *sha256_server;
struct crypto_hash *md5_cert;
struct crypto_hash *sha1_cert;
+ struct crypto_hash *sha256_cert;
};