aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-02-28 13:32:18 (GMT)
committerJouni Malinen <j@w1.fi>2015-02-28 13:45:16 (GMT)
commitefb40081ab1aa6deaffe0bc5bac8ae2453db85b6 (patch)
tree93c696fb0f23cdd51811cfdfb2437697d0a3908e /src/tls
parent2eb64ea4373e3ad673f20f34be518d8850c9c23f (diff)
downloadhostap-efb40081ab1aa6deaffe0bc5bac8ae2453db85b6.zip
hostap-efb40081ab1aa6deaffe0bc5bac8ae2453db85b6.tar.gz
hostap-efb40081ab1aa6deaffe0bc5bac8ae2453db85b6.tar.bz2
TLS: Remove placeholders for SIGN_ALG_DSA support
It does not look likely that the old DSA design would be added into the internal TLS implement, so remove this otherwise dead code. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/tlsv1_client_write.c30
-rw-r--r--src/tls/tlsv1_common.c23
-rw-r--r--src/tls/tlsv1_server_read.c30
3 files changed, 34 insertions, 49 deletions
diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c
index 839eb90..d192f44 100644
--- a/src/tls/tlsv1_client_write.c
+++ b/src/tls/tlsv1_client_write.c
@@ -432,7 +432,6 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
u8 *pos, *rhdr, *hs_start, *hs_length, *signed_start;
size_t rlen, hlen, clen;
u8 hash[100], *hpos;
- enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
pos = *msgpos;
@@ -505,21 +504,17 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
} else {
#endif /* CONFIG_TLSV12 */
- if (alg == SIGN_ALG_RSA) {
- hlen = MD5_MAC_LEN;
- if (conn->verify.md5_cert == NULL ||
- crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
- {
- tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
- TLS_ALERT_INTERNAL_ERROR);
- conn->verify.md5_cert = NULL;
- crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
- conn->verify.sha1_cert = NULL;
- return -1;
- }
- hpos += MD5_MAC_LEN;
- } else
- crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
+ hlen = MD5_MAC_LEN;
+ if (conn->verify.md5_cert == NULL ||
+ crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
+ tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ conn->verify.md5_cert = NULL;
+ crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
+ conn->verify.sha1_cert = NULL;
+ return -1;
+ }
+ hpos += MD5_MAC_LEN;
conn->verify.md5_cert = NULL;
hlen = SHA1_MAC_LEN;
@@ -532,8 +527,7 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
}
conn->verify.sha1_cert = NULL;
- if (alg == SIGN_ALG_RSA)
- hlen += MD5_MAC_LEN;
+ hlen += MD5_MAC_LEN;
#ifdef CONFIG_TLSV12
}
diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c
index ced28cf..dabc12a 100644
--- a/src/tls/tlsv1_common.c
+++ b/src/tls/tlsv1_common.c
@@ -366,23 +366,20 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
{
u8 *hpos;
size_t hlen;
- enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
struct crypto_hash *ctx;
hpos = hash;
- if (alg == SIGN_ALG_RSA) {
- ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
- if (ctx == NULL)
- return -1;
- crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN);
- crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
- crypto_hash_update(ctx, server_params, server_params_len);
- hlen = MD5_MAC_LEN;
- if (crypto_hash_finish(ctx, hash, &hlen) < 0)
- return -1;
- hpos += hlen;
- }
+ ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
+ if (ctx == NULL)
+ return -1;
+ crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN);
+ crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
+ crypto_hash_update(ctx, server_params, server_params_len);
+ hlen = MD5_MAC_LEN;
+ if (crypto_hash_finish(ctx, hash, &hlen) < 0)
+ return -1;
+ hpos += hlen;
ctx = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
if (ctx == NULL)
diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c
index 310966c..0f237ba 100644
--- a/src/tls/tlsv1_server_read.c
+++ b/src/tls/tlsv1_server_read.c
@@ -775,7 +775,6 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
u8 type;
size_t hlen;
u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN], *hpos;
- enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
u8 alert;
if (ct == TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC) {
@@ -883,21 +882,17 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
} else {
#endif /* CONFIG_TLSV12 */
- if (alg == SIGN_ALG_RSA) {
- hlen = MD5_MAC_LEN;
- if (conn->verify.md5_cert == NULL ||
- crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
- {
- tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
- TLS_ALERT_INTERNAL_ERROR);
- conn->verify.md5_cert = NULL;
- crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
- conn->verify.sha1_cert = NULL;
- return -1;
- }
- hpos += MD5_MAC_LEN;
- } else
- crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
+ hlen = MD5_MAC_LEN;
+ if (conn->verify.md5_cert == NULL ||
+ crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
+ tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
+ TLS_ALERT_INTERNAL_ERROR);
+ conn->verify.md5_cert = NULL;
+ crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
+ conn->verify.sha1_cert = NULL;
+ return -1;
+ }
+ hpos += MD5_MAC_LEN;
conn->verify.md5_cert = NULL;
hlen = SHA1_MAC_LEN;
@@ -910,8 +905,7 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
}
conn->verify.sha1_cert = NULL;
- if (alg == SIGN_ALG_RSA)
- hlen += MD5_MAC_LEN;
+ hlen += MD5_MAC_LEN;
#ifdef CONFIG_TLSV12
}