TLS: Maintain SHA256-based hash values for TLS v1.2

author Jouni Malinen <j@w1.fi>

Sun, 27 Nov 2011 19:48:34 +0000 (21:48 +0200)

committer Jouni Malinen <j@w1.fi>

Sun, 27 Nov 2011 19:48:34 +0000 (21:48 +0200)
author Jouni Malinen <j@w1.fi>
Sun, 27 Nov 2011 19:48:34 +0000 (21:48 +0200)
committer Jouni Malinen <j@w1.fi>
Sun, 27 Nov 2011 19:48:34 +0000 (21:48 +0200)
diff --git a/src/tls/tlsv1_common.c b/src/tls/tlsv1_common.c

index 19c50c2f0ca3815c201caa994b6efc50c73f8a6f..17fc8a18b996d9c0f181e5526c0f03746ec9fdc5 100644 (file)
--- a/src/tls/tlsv1_common.c
+++ b/src/tls/tlsv1_common.c
@@ -204,6 +204,19 @@ int tls_verify_hash_init(struct tls_verify_hash *verify)
                 tls_verify_hash_free(verify);
                 return -1;
         }
+#ifdef CONFIG_TLSV12
+       verify->sha256_client = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL,
+                                                0);
+       verify->sha256_server = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL,
+                                                0);
+       verify->sha256_cert = crypto_hash_init(CRYPTO_HASH_ALG_SHA256, NULL,
+                                              0);
+       if (verify->sha256_client == NULL || verify->sha256_server == NULL ||
+           verify->sha256_cert == NULL) {
+               tls_verify_hash_free(verify);
+               return -1;
+       }
+#endif /* CONFIG_TLSV12 */
         return 0;
  }
  
@@ -223,6 +236,14 @@ void tls_verify_hash_add(struct tls_verify_hash *verify, const u8 *buf,
                 crypto_hash_update(verify->md5_cert, buf, len);
                 crypto_hash_update(verify->sha1_cert, buf, len);
         }
+#ifdef CONFIG_TLSV12
+       if (verify->sha256_client)
+               crypto_hash_update(verify->sha256_client, buf, len);
+       if (verify->sha256_server)
+               crypto_hash_update(verify->sha256_server, buf, len);
+       if (verify->sha256_cert)
+               crypto_hash_update(verify->sha256_cert, buf, len);
+#endif /* CONFIG_TLSV12 */
  }
  
  
@@ -240,6 +261,14 @@ void tls_verify_hash_free(struct tls_verify_hash *verify)
         verify->sha1_client = NULL;
         verify->sha1_server = NULL;
         verify->sha1_cert = NULL;
+#ifdef CONFIG_TLSV12
+       crypto_hash_finish(verify->sha256_client, NULL, NULL);
+       crypto_hash_finish(verify->sha256_server, NULL, NULL);
+       crypto_hash_finish(verify->sha256_cert, NULL, NULL);
+       verify->sha256_client = NULL;
+       verify->sha256_server = NULL;
+       verify->sha256_cert = NULL;
+#endif /* CONFIG_TLSV12 */
  }
  
  
diff --git a/src/tls/tlsv1_common.h b/src/tls/tlsv1_common.h

index 91a03806b4cd915d1b71e89a959339f4bde1f33e..944264954432e538d4715f2e620cf058d40d4a17 100644 (file)
--- a/src/tls/tlsv1_common.h
+++ b/src/tls/tlsv1_common.h
@@ -208,10 +208,13 @@ struct tls_cipher_data {
  struct tls_verify_hash {
         struct crypto_hash *md5_client;
         struct crypto_hash *sha1_client;
+       struct crypto_hash *sha256_client;
         struct crypto_hash *md5_server;
         struct crypto_hash *sha1_server;
+       struct crypto_hash *sha256_server;
         struct crypto_hash *md5_cert;
         struct crypto_hash *sha1_cert;
+       struct crypto_hash *sha256_cert;
  };
author	Jouni Malinen <j@w1.fi>
	Sun, 27 Nov 2011 19:48:34 +0000 (21:48 +0200)
committer	Jouni Malinen <j@w1.fi>
	Sun, 27 Nov 2011 19:48:34 +0000 (21:48 +0200)
src/tls/tlsv1_common.c		patch \| blob \| blame \| history
src/tls/tlsv1_common.h		patch \| blob \| blame \| history