jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

TLS: Remove placeholders for SIGN_ALG_DSA support

Browse source 
It does not look likely that the old DSA design would be added into the
internal TLS implement, so remove this otherwise dead code.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-02-28 15:32:18 +02:00
parent 2eb64ea437
commit efb40081ab
3 changed files with 34 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/tls/tlsv1_client_write.c
View file

@ -432,7 +432,6 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
u8 *pos, *rhdr, *hs_start, *hs_length, *signed_start;
size_t rlen, hlen, clen;
u8 hash[100], *hpos;
enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
pos = *msgpos;
@ -505,11 +504,9 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
} else {
#endif /* CONFIG_TLSV12 */
if (alg == SIGN_ALG_RSA) {
hlen = MD5_MAC_LEN;
if (conn->verify.md5_cert == NULL ||
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
{
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
conn->verify.md5_cert = NULL;
@ -518,8 +515,6 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
return -1;
}
hpos += MD5_MAC_LEN;
} else
crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
conn->verify.md5_cert = NULL;
hlen = SHA1_MAC_LEN;
@ -532,7 +527,6 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
}
conn->verify.sha1_cert = NULL;
if (alg == SIGN_ALG_RSA)
hlen += MD5_MAC_LEN;
#ifdef CONFIG_TLSV12

3
src/tls/tlsv1_common.c
View file

@ -366,12 +366,10 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
{
u8 *hpos;
size_t hlen;
enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
struct crypto_hash *ctx;
hpos = hash;
if (alg == SIGN_ALG_RSA) {
ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
if (ctx == NULL)
return -1;
@ -382,7 +380,6 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
if (crypto_hash_finish(ctx, hash, &hlen) < 0)
return -1;
hpos += hlen;
}
ctx = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
if (ctx == NULL)

8
src/tls/tlsv1_server_read.c
View file

@ -775,7 +775,6 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
u8 type;
size_t hlen;
u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN], *hpos;
enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
u8 alert;
if (ct == TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC) {
@ -883,11 +882,9 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
} else {
#endif /* CONFIG_TLSV12 */
if (alg == SIGN_ALG_RSA) {
hlen = MD5_MAC_LEN;
if (conn->verify.md5_cert == NULL ||
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
{
crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
TLS_ALERT_INTERNAL_ERROR);
conn->verify.md5_cert = NULL;
@ -896,8 +893,6 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
return -1;
}
hpos += MD5_MAC_LEN;
} else
crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
conn->verify.md5_cert = NULL;
hlen = SHA1_MAC_LEN;
@ -910,7 +905,6 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
}
conn->verify.sha1_cert = NULL;
if (alg == SIGN_ALG_RSA)
hlen += MD5_MAC_LEN;
#ifdef CONFIG_TLSV12