TLS: Remove placeholders for SIGN_ALG_DSA support
It does not look likely that the old DSA design would be added into the internal TLS implement, so remove this otherwise dead code. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
2eb64ea437
commit
efb40081ab
3 changed files with 34 additions and 49 deletions
|
@ -432,7 +432,6 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
|
|||
u8 *pos, *rhdr, *hs_start, *hs_length, *signed_start;
|
||||
size_t rlen, hlen, clen;
|
||||
u8 hash[100], *hpos;
|
||||
enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
|
||||
|
||||
pos = *msgpos;
|
||||
|
||||
|
@ -505,21 +504,17 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
|
|||
} else {
|
||||
#endif /* CONFIG_TLSV12 */
|
||||
|
||||
if (alg == SIGN_ALG_RSA) {
|
||||
hlen = MD5_MAC_LEN;
|
||||
if (conn->verify.md5_cert == NULL ||
|
||||
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
|
||||
{
|
||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||
TLS_ALERT_INTERNAL_ERROR);
|
||||
conn->verify.md5_cert = NULL;
|
||||
crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
|
||||
conn->verify.sha1_cert = NULL;
|
||||
return -1;
|
||||
}
|
||||
hpos += MD5_MAC_LEN;
|
||||
} else
|
||||
crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
|
||||
hlen = MD5_MAC_LEN;
|
||||
if (conn->verify.md5_cert == NULL ||
|
||||
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
|
||||
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||
TLS_ALERT_INTERNAL_ERROR);
|
||||
conn->verify.md5_cert = NULL;
|
||||
crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
|
||||
conn->verify.sha1_cert = NULL;
|
||||
return -1;
|
||||
}
|
||||
hpos += MD5_MAC_LEN;
|
||||
|
||||
conn->verify.md5_cert = NULL;
|
||||
hlen = SHA1_MAC_LEN;
|
||||
|
@ -532,8 +527,7 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
|
|||
}
|
||||
conn->verify.sha1_cert = NULL;
|
||||
|
||||
if (alg == SIGN_ALG_RSA)
|
||||
hlen += MD5_MAC_LEN;
|
||||
hlen += MD5_MAC_LEN;
|
||||
|
||||
#ifdef CONFIG_TLSV12
|
||||
}
|
||||
|
|
|
@ -366,23 +366,20 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
|
|||
{
|
||||
u8 *hpos;
|
||||
size_t hlen;
|
||||
enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
|
||||
struct crypto_hash *ctx;
|
||||
|
||||
hpos = hash;
|
||||
|
||||
if (alg == SIGN_ALG_RSA) {
|
||||
ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
|
||||
if (ctx == NULL)
|
||||
return -1;
|
||||
crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN);
|
||||
crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
|
||||
crypto_hash_update(ctx, server_params, server_params_len);
|
||||
hlen = MD5_MAC_LEN;
|
||||
if (crypto_hash_finish(ctx, hash, &hlen) < 0)
|
||||
return -1;
|
||||
hpos += hlen;
|
||||
}
|
||||
ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
|
||||
if (ctx == NULL)
|
||||
return -1;
|
||||
crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN);
|
||||
crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
|
||||
crypto_hash_update(ctx, server_params, server_params_len);
|
||||
hlen = MD5_MAC_LEN;
|
||||
if (crypto_hash_finish(ctx, hash, &hlen) < 0)
|
||||
return -1;
|
||||
hpos += hlen;
|
||||
|
||||
ctx = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
|
||||
if (ctx == NULL)
|
||||
|
|
|
@ -775,7 +775,6 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
|
|||
u8 type;
|
||||
size_t hlen;
|
||||
u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN], *hpos;
|
||||
enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
|
||||
u8 alert;
|
||||
|
||||
if (ct == TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC) {
|
||||
|
@ -883,21 +882,17 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
|
|||
} else {
|
||||
#endif /* CONFIG_TLSV12 */
|
||||
|
||||
if (alg == SIGN_ALG_RSA) {
|
||||
hlen = MD5_MAC_LEN;
|
||||
if (conn->verify.md5_cert == NULL ||
|
||||
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
|
||||
{
|
||||
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||
TLS_ALERT_INTERNAL_ERROR);
|
||||
conn->verify.md5_cert = NULL;
|
||||
crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
|
||||
conn->verify.sha1_cert = NULL;
|
||||
return -1;
|
||||
}
|
||||
hpos += MD5_MAC_LEN;
|
||||
} else
|
||||
crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
|
||||
hlen = MD5_MAC_LEN;
|
||||
if (conn->verify.md5_cert == NULL ||
|
||||
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
|
||||
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||
TLS_ALERT_INTERNAL_ERROR);
|
||||
conn->verify.md5_cert = NULL;
|
||||
crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
|
||||
conn->verify.sha1_cert = NULL;
|
||||
return -1;
|
||||
}
|
||||
hpos += MD5_MAC_LEN;
|
||||
|
||||
conn->verify.md5_cert = NULL;
|
||||
hlen = SHA1_MAC_LEN;
|
||||
|
@ -910,8 +905,7 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
|
|||
}
|
||||
conn->verify.sha1_cert = NULL;
|
||||
|
||||
if (alg == SIGN_ALG_RSA)
|
||||
hlen += MD5_MAC_LEN;
|
||||
hlen += MD5_MAC_LEN;
|
||||
|
||||
#ifdef CONFIG_TLSV12
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue