Accueil Explorer Aide
S'inscrire Connexion
wareck
/
krackattacks
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

TLS: Remove placeholders for SIGN_ALG_DSA support

It does not look likely that the old DSA design would be added into the
internal TLS implement, so remove this otherwise dead code.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen il y a 10 ans
Parent
2eb64ea437
commit
efb40081ab
3 fichiers modifiés avec 34 ajouts et 49 suppressions
Vue séparée Afficher les stats Diff
  1. 12 18
      src/tls/tlsv1_client_write.c
  2. 10 13
      src/tls/tlsv1_common.c
  3. 12 18
      src/tls/tlsv1_server_read.c

+ 12 - 18
src/tls/tlsv1_client_write.c
Voir le fichier 

@@ -432,7 +432,6 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
 
 	u8 *pos, *rhdr, *hs_start, *hs_length, *signed_start;
 
 	size_t rlen, hlen, clen;
 
 	u8 hash[100], *hpos;
 
-	enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
 
 
 	pos = *msgpos;
 
 
@@ -505,21 +504,17 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
 
 	} else {
 
 #endif /* CONFIG_TLSV12 */
 
 
-	if (alg == SIGN_ALG_RSA) {
 
-		hlen = MD5_MAC_LEN;
 
-		if (conn->verify.md5_cert == NULL ||
 
-		    crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
 
-		{
 
-			tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
 
-				  TLS_ALERT_INTERNAL_ERROR);
 
-			conn->verify.md5_cert = NULL;
 
-			crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
 
-			conn->verify.sha1_cert = NULL;
 
-			return -1;
 
-		}
 
-		hpos += MD5_MAC_LEN;
 
-	} else
 
-		crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
 
+	hlen = MD5_MAC_LEN;
 
+	if (conn->verify.md5_cert == NULL ||
 
+	    crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
 
+		tls_alert(conn, TLS_ALERT_LEVEL_FATAL,
 
+			  TLS_ALERT_INTERNAL_ERROR);
 
+		conn->verify.md5_cert = NULL;
 
+		crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
 
+		conn->verify.sha1_cert = NULL;
 
+		return -1;
 
+	}
 
+	hpos += MD5_MAC_LEN;
 
 
 	conn->verify.md5_cert = NULL;
 
 	hlen = SHA1_MAC_LEN;
 
@@ -532,8 +527,7 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn,
 
 	}
 
 	conn->verify.sha1_cert = NULL;
 
 
-	if (alg == SIGN_ALG_RSA)
 
-		hlen += MD5_MAC_LEN;
 
+	hlen += MD5_MAC_LEN;
 
 
 #ifdef CONFIG_TLSV12
 
 	}

+ 10 - 13
src/tls/tlsv1_common.c
Voir le fichier 

@@ -366,23 +366,20 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random,
 
 {
 
 	u8 *hpos;
 
 	size_t hlen;
 
-	enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
 
 	struct crypto_hash *ctx;
 
 
 	hpos = hash;
 
 
-	if (alg == SIGN_ALG_RSA) {
 
-		ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
 
-		if (ctx == NULL)
 
-			return -1;
 
-		crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN);
 
-		crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
 
-		crypto_hash_update(ctx, server_params, server_params_len);
 
-		hlen = MD5_MAC_LEN;
 
-		if (crypto_hash_finish(ctx, hash, &hlen) < 0)
 
-			return -1;
 
-		hpos += hlen;
 
-	}
 
+	ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0);
 
+	if (ctx == NULL)
 
+		return -1;
 
+	crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN);
 
+	crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN);
 
+	crypto_hash_update(ctx, server_params, server_params_len);
 
+	hlen = MD5_MAC_LEN;
 
+	if (crypto_hash_finish(ctx, hash, &hlen) < 0)
 
+		return -1;
 
+	hpos += hlen;
 
 
 	ctx = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0);
 
 	if (ctx == NULL)

+ 12 - 18
src/tls/tlsv1_server_read.c
Voir le fichier 

@@ -775,7 +775,6 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
 
 	u8 type;
 
 	size_t hlen;
 
 	u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN], *hpos;
 
-	enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA;
 
 	u8 alert;
 
 
 	if (ct == TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC) {
 
@@ -883,21 +882,17 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
 
 	} else {
 
 #endif /* CONFIG_TLSV12 */
 
 
-	if (alg == SIGN_ALG_RSA) {
 
-		hlen = MD5_MAC_LEN;
 
-		if (conn->verify.md5_cert == NULL ||
 
-		    crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0)
 
-		{
 
-			tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
 
-					   TLS_ALERT_INTERNAL_ERROR);
 
-			conn->verify.md5_cert = NULL;
 
-			crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
 
-			conn->verify.sha1_cert = NULL;
 
-			return -1;
 
-		}
 
-		hpos += MD5_MAC_LEN;
 
-	} else
 
-		crypto_hash_finish(conn->verify.md5_cert, NULL, NULL);
 
+	hlen = MD5_MAC_LEN;
 
+	if (conn->verify.md5_cert == NULL ||
 
+	    crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) {
 
+		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
 
+				   TLS_ALERT_INTERNAL_ERROR);
 
+		conn->verify.md5_cert = NULL;
 
+		crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL);
 
+		conn->verify.sha1_cert = NULL;
 
+		return -1;
 
+	}
 
+	hpos += MD5_MAC_LEN;
 
 
 	conn->verify.md5_cert = NULL;
 
 	hlen = SHA1_MAC_LEN;
 
@@ -910,8 +905,7 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct,
 
 	}
 
 	conn->verify.sha1_cert = NULL;
 
 
-	if (alg == SIGN_ALG_RSA)
 
-		hlen += MD5_MAC_LEN;
 
+	hlen += MD5_MAC_LEN;
 
 
 #ifdef CONFIG_TLSV12
 
 	}