aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto/sha1-tlsprf.c
Commit message (Collapse)AuthorAgeFilesLines
* More forceful clearing of stack memory with keysJouni Malinen2019-05-261-4/+4
| | | | | | | | | | | | gcc 8.3.0 was apparently clever enough to optimize away the previously used os_memset() to explicitly clear a stack buffer that contains keys when that clearing happened just before returning from the function. Since memset_s() is not exactly portable (or commonly available yet..), use a less robust mechanism that is still pretty likely to prevent current compilers from optimizing the explicit clearing of the memory away. Signed-off-by: Jouni Malinen <j@w1.fi>
* crypto: Fix unreachable code in tls_prf_sha1_md5()Ilan Peer2019-04-061-3/+0
| | | | | | | | | | While commit 1c156e783d35 ("Fixed tls_prf() to handle keys with odd length") added support for keys with odd length, the function never reached this code as the function would return earlier in case the key length was odd. Fix this by removing the first check for the key length. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Explicitly clear temporary stack buffers in tls_prf_sha1_md5()Jouni Malinen2015-03-291-0/+5
| | | | | | | | The local buffers may contain information used to generate parts of the derived key, so clear these explicitly to minimize amount of unnecessary private key-related material in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
* FIPS: Remove md5-non-fips.cJouni Malinen2012-08-191-6/+3
| | | | | | | | | | | Commit c9e08af24fd7dda3f21674cdc744579b8c38fa28 removed the only user of the special case MD5 use that would be allowed in FIPS mode in tls_prf_sha1_md5(). Commit 271dbf1594bea461ea2ea7946a773a30bfa254aa removed the file from the build, but left the implementation into the repository. To clean things up even further, remove this functionality completely since it is not expected to be needed for FIPS mode anymore. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Rename tls_prf() to tls_prf_sha1_md5()Jouni Malinen2011-11-271-3/+3
| | | | | | | | Prepare for multiple TLS PRF functions by renaming the SHA1+MD5 based TLS PRF function to more specific name and add tls_prf() within the internal TLS implementation as a wrapper for this for now. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove unnecessary include file inclusionJouni Malinen2011-11-131-1/+0
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Allow non-FIPS MD5 to be used with TLS PRF even in FIPS modeJouni Malinen2009-08-161-3/+6
| | | | | This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on both MD5 and SHA-1.
* Crypto build cleanup: remove CONFIG_NO_TLS_PRFJohannes Berg2009-08-111-0/+106
Instead of using a define and conditional building of sha1.c parts, move the TLS PRF implementation into a separate file.