diff --git a/include/cyassl_int.h b/include/cyassl_int.h index 1ecc0e088..684237551 100644 --- a/include/cyassl_int.h +++ b/include/cyassl_int.h @@ -337,8 +337,6 @@ enum Misc { SNIFF = 1, /* currently sniffing */ HASH_SIG_SIZE = 2, /* default SHA1 RSA */ - SHA1_ID = 2, /* hash id */ - RSA_ID = 1, /* sig id */ NO_COPY = 0, /* should we copy static buffer for write */ COPY = 1 /* should we copy static buffer for write */ @@ -642,11 +640,14 @@ enum BulkCipherAlgorithm { /* Supported Message Authentication Codes from page 43 */ enum MACAlgorithm { - no_mac, + no_mac = 0, md5_mac, sha_mac, - rmd_mac, - sha256_mac + sha224_mac, + sha256_mac, + sha384_mac, + sha512_mac, + rmd_mac }; diff --git a/src/cyassl_int.c b/src/cyassl_int.c index b8d236b58..ffdc9ae7e 100644 --- a/src/cyassl_int.c +++ b/src/cyassl_int.c @@ -2595,8 +2595,8 @@ int SendCertificateRequest(SSL* ssl) c16toa(HASH_SIG_SIZE, &output[i]); i += LENGTH_SZ; - output[i++] = SHA1_ID; /* hash */ - output[i++] = RSA_ID; /* sig */ + output[i++] = sha_mac; /* hash */ + output[i++] = rsa_sa_algo; /* sig */ } c16toa(0, &output[i]); /* auth's */ @@ -4141,8 +4141,8 @@ int SetCipherList(SSL_CTX* ctx, const char* list) #endif length = RsaEncryptSize(&key); if (IsAtLeastTLSv1_2(ssl)) { - verify[0] = SHA1_ID; - verify[1] = RSA_ID; + verify[0] = sha_mac; + verify[1] = rsa_sa_algo; extraSz = HASH_SIG_SIZE; } c16toa((word16)length, verify + extraSz); /* prepend verify header*/ @@ -4431,6 +4431,9 @@ int SetCipherList(SSL_CTX* ctx, const char* list) } length += sigSz; + if (IsAtLeastTLSv1_2(ssl)) + length += HASH_SIG_SIZE; + sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; #ifdef CYASSL_DTLS @@ -4459,6 +4462,10 @@ int SetCipherList(SSL_CTX* ctx, const char* list) output[idx++] = expSz; XMEMCPY(output + idx, export, expSz); idx += expSz; + if (IsAtLeastTLSv1_2(ssl)) { + output[idx++] = sha_mac; + output[idx++] = ssl->specs.sig_algo; + } c16toa(sigSz, output + idx); idx += LENGTH_SZ;