diff options
| author | Dmitry Shmidt <dimitrysh@google.com> | 2015-03-05 14:16:04 -0800 |
|---|---|---|
| committer | Dmitry Shmidt <dimitrysh@google.com> | 2015-03-10 11:04:48 -0700 |
| commit | 203eadb9eda41a1dde4a583edb4684319e3f399e (patch) | |
| tree | 3b91f63844f16aeca8e1e122ef4c6d49f8164b17 /src/tls | |
| parent | 34c1202b3e71c63661a850aad81f663e40e48ca1 (diff) | |
| download | android_external_wpa_supplicant_8-203eadb9eda41a1dde4a583edb4684319e3f399e.tar.gz android_external_wpa_supplicant_8-203eadb9eda41a1dde4a583edb4684319e3f399e.tar.bz2 android_external_wpa_supplicant_8-203eadb9eda41a1dde4a583edb4684319e3f399e.zip | |
Cumulative patch from commit 6e9023ea499ea9a89b0e858c85e32b455d57264c
6e9023e DFS: Allow wpa_supplicant AP mode to use non-offloaded DFS
02e42ab nl80211: Add vendor event parsing for DFS offload events
bd0f68c DFS: wpa_supplicant event processing
d7f1aa8 DFS offload: P2P changes for autonomous GO
1e2aaff DFS offload: Indicate AP-CSA-FINISHED for DFS offloaded case
c13578c DFS offload: Add main DFS handler for offloaded case
5de81d7 DFS offload: Skip user space processing for CAC operations
192ad3d Interworking: Clear SCANNING state if no match found
95d7b86 P2P: Consider 5 GHz channels also for auto GO
a51c40a P2P: Fix regression in start-GO/AP through a "fake" scan
dd5c155 eap_proxy: Callback to notify any updates from eap_proxy
9a05d98 atheros: Add a new flag for OSEN support
9feadba Remove unnecessary NULL check to make function more consistent
1772d34 P2P: Fix interface deinit for failed group interface initialization
3f9ebc4 P2P: Allow AP/GO interface to be started while P2P-in-progress
b4a9292 RADIUS client: Fix server failover on return-to-primary on error case
9836cb5 Add option to force a specific RADIUS client address to be used
1a7ed38 RADIUS client: Fix a copy-paste error in accounting server failover
de7c06e P2P: Continue find in GO-Neg-Resp-fail status corner cases
c280590 Do not add blacklist entries based on normal disconnect request cases
bdf0518 P2P: Direct P2P_CONNECT command to proper interface
44b9ea5 P2P: Do not allow scan or normal association on cfg80211 P2P Device
9542f21 Clean up p2p_find command parsing and execution
fa9f381 P2P: Allow a specific channel to be specified in P2P_FIND
eb78a8d P2P: Restore P2P_SCAN_SPECIFIC
d988ff7 hostapd: Disable VHT caps for STAs when no valid VHT MCS found
70fd828 RADIUS client: Fix previous failover change
c3dabf5 Fix merge issue with IBSS VHT support
8b2b718 Fix minor issue in HT40 max rate determination
347c55e RADIUS client: Re-try connection if socket is closed on retransmit
94b39e5 RADIUS client: Fix server connection recovery after initial failure
bbee36e Allow RADIUS server address to be replaced
efb4008 TLS: Remove placeholders for SIGN_ALG_DSA support
Change-Id: I8e5d0dfd5fddb6de2f8d8211b708c3bb6674098b
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'src/tls')
| -rw-r--r-- | src/tls/tlsv1_client_write.c | 30 | ||||
| -rw-r--r-- | src/tls/tlsv1_common.c | 23 | ||||
| -rw-r--r-- | src/tls/tlsv1_server_read.c | 30 |
3 files changed, 34 insertions, 49 deletions
diff --git a/src/tls/tlsv1_client_write.c b/src/tls/tlsv1_client_write.c index 839eb90a..d192f44f 100644 --- a/src/tls/tlsv1_client_write.c +++ b/src/tls/tlsv1_client_write.c @@ -432,7 +432,6 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn, u8 *pos, *rhdr, *hs_start, *hs_length, *signed_start; size_t rlen, hlen, clen; u8 hash[100], *hpos; - enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA; pos = *msgpos; @@ -505,21 +504,17 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn, } else { #endif /* CONFIG_TLSV12 */ - if (alg == SIGN_ALG_RSA) { - hlen = MD5_MAC_LEN; - if (conn->verify.md5_cert == NULL || - crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) - { - tls_alert(conn, TLS_ALERT_LEVEL_FATAL, - TLS_ALERT_INTERNAL_ERROR); - conn->verify.md5_cert = NULL; - crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL); - conn->verify.sha1_cert = NULL; - return -1; - } - hpos += MD5_MAC_LEN; - } else - crypto_hash_finish(conn->verify.md5_cert, NULL, NULL); + hlen = MD5_MAC_LEN; + if (conn->verify.md5_cert == NULL || + crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) { + tls_alert(conn, TLS_ALERT_LEVEL_FATAL, + TLS_ALERT_INTERNAL_ERROR); + conn->verify.md5_cert = NULL; + crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL); + conn->verify.sha1_cert = NULL; + return -1; + } + hpos += MD5_MAC_LEN; conn->verify.md5_cert = NULL; hlen = SHA1_MAC_LEN; @@ -532,8 +527,7 @@ static int tls_write_client_certificate_verify(struct tlsv1_client *conn, } conn->verify.sha1_cert = NULL; - if (alg == SIGN_ALG_RSA) - hlen += MD5_MAC_LEN; + hlen += MD5_MAC_LEN; #ifdef CONFIG_TLSV12 } diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c index ced28cff..dabc12a1 100644 --- a/src/tls/tlsv1_common.c +++ b/src/tls/tlsv1_common.c @@ -366,23 +366,20 @@ int tls_key_x_server_params_hash(u16 tls_version, const u8 *client_random, { u8 *hpos; size_t hlen; - enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA; struct crypto_hash *ctx; hpos = hash; - if (alg == SIGN_ALG_RSA) { - ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0); - if (ctx == NULL) - return -1; - crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN); - crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN); - crypto_hash_update(ctx, server_params, server_params_len); - hlen = MD5_MAC_LEN; - if (crypto_hash_finish(ctx, hash, &hlen) < 0) - return -1; - hpos += hlen; - } + ctx = crypto_hash_init(CRYPTO_HASH_ALG_MD5, NULL, 0); + if (ctx == NULL) + return -1; + crypto_hash_update(ctx, client_random, TLS_RANDOM_LEN); + crypto_hash_update(ctx, server_random, TLS_RANDOM_LEN); + crypto_hash_update(ctx, server_params, server_params_len); + hlen = MD5_MAC_LEN; + if (crypto_hash_finish(ctx, hash, &hlen) < 0) + return -1; + hpos += hlen; ctx = crypto_hash_init(CRYPTO_HASH_ALG_SHA1, NULL, 0); if (ctx == NULL) diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c index 310966c2..0f237baf 100644 --- a/src/tls/tlsv1_server_read.c +++ b/src/tls/tlsv1_server_read.c @@ -775,7 +775,6 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct, u8 type; size_t hlen; u8 hash[MD5_MAC_LEN + SHA1_MAC_LEN], *hpos; - enum { SIGN_ALG_RSA, SIGN_ALG_DSA } alg = SIGN_ALG_RSA; u8 alert; if (ct == TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC) { @@ -883,21 +882,17 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct, } else { #endif /* CONFIG_TLSV12 */ - if (alg == SIGN_ALG_RSA) { - hlen = MD5_MAC_LEN; - if (conn->verify.md5_cert == NULL || - crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) - { - tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, - TLS_ALERT_INTERNAL_ERROR); - conn->verify.md5_cert = NULL; - crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL); - conn->verify.sha1_cert = NULL; - return -1; - } - hpos += MD5_MAC_LEN; - } else - crypto_hash_finish(conn->verify.md5_cert, NULL, NULL); + hlen = MD5_MAC_LEN; + if (conn->verify.md5_cert == NULL || + crypto_hash_finish(conn->verify.md5_cert, hpos, &hlen) < 0) { + tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL, + TLS_ALERT_INTERNAL_ERROR); + conn->verify.md5_cert = NULL; + crypto_hash_finish(conn->verify.sha1_cert, NULL, NULL); + conn->verify.sha1_cert = NULL; + return -1; + } + hpos += MD5_MAC_LEN; conn->verify.md5_cert = NULL; hlen = SHA1_MAC_LEN; @@ -910,8 +905,7 @@ static int tls_process_certificate_verify(struct tlsv1_server *conn, u8 ct, } conn->verify.sha1_cert = NULL; - if (alg == SIGN_ALG_RSA) - hlen += MD5_MAC_LEN; + hlen += MD5_MAC_LEN; #ifdef CONFIG_TLSV12 } |