diff options
author | Michael Brown | 2012-03-20 05:07:53 +0100 |
---|---|---|
committer | Michael Brown | 2012-03-20 17:57:16 +0100 |
commit | a156c157465dde3e4a07034a3201a4ec19cdf750 (patch) | |
tree | 4dd19c9631f214e06fbd8ec9301d4f55906b07ab /src/include/ipxe/tls.h | |
parent | [tls] Check certificate validity period against current date and time (diff) | |
download | ipxe-a156c157465dde3e4a07034a3201a4ec19cdf750.tar.gz ipxe-a156c157465dde3e4a07034a3201a4ec19cdf750.tar.xz ipxe-a156c157465dde3e4a07034a3201a4ec19cdf750.zip |
[tls] Use hybrid MD5+SHA1 algorithm
TLSv1.1 and earlier use a hybrid of MD5 and SHA-1 to generate digests
over the handshake messages. Formalise this as a separate digest
algorithm "md5+sha1".
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe/tls.h')
-rw-r--r-- | src/include/ipxe/tls.h | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index a2504f19..a491b795 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -145,6 +145,28 @@ struct tls_client_random { uint8_t random[28]; } __attribute__ (( packed )); +/** An MD5+SHA1 context */ +struct md5_sha1_context { + /** MD5 context */ + uint8_t md5[MD5_CTX_SIZE]; + /** SHA-1 context */ + uint8_t sha1[SHA1_CTX_SIZE]; +} __attribute__ (( packed )); + +/** MD5+SHA1 context size */ +#define MD5_SHA1_CTX_SIZE sizeof ( struct md5_sha1_context ) + +/** An MD5+SHA1 digest */ +struct md5_sha1_digest { + /** MD5 digest */ + uint8_t md5[MD5_DIGEST_SIZE]; + /** SHA-1 digest */ + uint8_t sha1[SHA1_DIGEST_SIZE]; +} __attribute__ (( packed )); + +/** MD5+SHA1 digest size */ +#define MD5_SHA1_DIGEST_SIZE sizeof ( struct md5_sha1_digest ) + /** A TLS session */ struct tls_session { /** Reference counter */ @@ -175,10 +197,8 @@ struct tls_session { uint8_t server_random[32]; /** Client random bytes */ struct tls_client_random client_random; - /** MD5 context for handshake verification */ - uint8_t handshake_md5_ctx[MD5_CTX_SIZE]; - /** SHA1 context for handshake verification */ - uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE]; + /** MD5+SHA1 context for handshake verification */ + uint8_t handshake_md5_sha1_ctx[MD5_SHA1_CTX_SIZE]; /** SHA256 context for handshake verification */ uint8_t handshake_sha256_ctx[SHA256_CTX_SIZE]; |