WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

ECC TLSv1.2 hash/algo fix

pull/1/head
Todd A Ouska 2011-03-01 15:03:47 -08:00
parent be03706dce
commit f25ad654f0
2 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
include/cyassl_int.h
View File

@ -337,8 +337,6 @@ enum Misc {
SNIFF = 1, /* currently sniffing */ SNIFF = 1, /* currently sniffing */
HASH_SIG_SIZE = 2, /* default SHA1 RSA */ HASH_SIG_SIZE = 2, /* default SHA1 RSA */
SHA1_ID = 2, /* hash id */
RSA_ID = 1, /* sig id */
NO_COPY = 0, /* should we copy static buffer for write */ NO_COPY = 0, /* should we copy static buffer for write */
COPY = 1 /* should we copy static buffer for write */ COPY = 1 /* should we copy static buffer for write */
@ -642,11 +640,14 @@ enum BulkCipherAlgorithm {
/* Supported Message Authentication Codes from page 43 */ /* Supported Message Authentication Codes from page 43 */
enum MACAlgorithm { enum MACAlgorithm {
no_mac, no_mac = 0,
md5_mac, md5_mac,
sha_mac, sha_mac,
rmd_mac, sha224_mac,
sha256_mac sha256_mac,
sha384_mac,
sha512_mac,
rmd_mac
}; };

15
src/cyassl_int.c
View File

@ -2595,8 +2595,8 @@ int SendCertificateRequest(SSL* ssl)
c16toa(HASH_SIG_SIZE, &output[i]); c16toa(HASH_SIG_SIZE, &output[i]);
i += LENGTH_SZ; i += LENGTH_SZ;
output[i++] = SHA1_ID; /* hash */ output[i++] = sha_mac; /* hash */
output[i++] = RSA_ID; /* sig */ output[i++] = rsa_sa_algo; /* sig */
} }
c16toa(0, &output[i]); /* auth's */ c16toa(0, &output[i]); /* auth's */
@ -4141,8 +4141,8 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
#endif #endif
length = RsaEncryptSize(&key); length = RsaEncryptSize(&key);
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
verify[0] = SHA1_ID; verify[0] = sha_mac;
verify[1] = RSA_ID; verify[1] = rsa_sa_algo;
extraSz = HASH_SIG_SIZE; extraSz = HASH_SIG_SIZE;
} }
c16toa((word16)length, verify + extraSz); /* prepend verify header*/ c16toa((word16)length, verify + extraSz); /* prepend verify header*/
@ -4431,6 +4431,9 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
} }
length += sigSz; length += sigSz;
if (IsAtLeastTLSv1_2(ssl))
length += HASH_SIG_SIZE;
sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
@ -4459,6 +4462,10 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
output[idx++] = expSz; output[idx++] = expSz;
XMEMCPY(output + idx, export, expSz); XMEMCPY(output + idx, export, expSz);
idx += expSz; idx += expSz;
if (IsAtLeastTLSv1_2(ssl)) {
output[idx++] = sha_mac;
output[idx++] = ssl->specs.sig_algo;
}
c16toa(sigSz, output + idx); c16toa(sigSz, output + idx);
idx += LENGTH_SZ; idx += LENGTH_SZ;