ECC TLSv1.2 hash/algo fix

2011-03-01 15:03:47 -08:00 · 2011-03-01 15:03:47 -08:00 · f25ad654f0
commit f25ad654f0
parent be03706dce
2 changed files with 17 additions and 9 deletions
--- a/include/cyassl_int.h
+++ b/include/cyassl_int.h
@ -337,8 +337,6 @@ enum Misc {
    SNIFF              =   1,  /* currently sniffing */

    HASH_SIG_SIZE      =   2,  /* default SHA1 RSA */
-    SHA1_ID            =   2,  /* hash id */
-    RSA_ID             =   1,  /* sig id */

    NO_COPY            =   0,  /* should we copy static buffer for write */
    COPY               =   1   /* should we copy static buffer for write */
@ -642,11 +640,14 @@ enum BulkCipherAlgorithm {

 /* Supported Message Authentication Codes from page 43 */
 enum MACAlgorithm { 
-    no_mac,
+    no_mac = 0,
    md5_mac,
    sha_mac,
-    rmd_mac,
-    sha256_mac
+    sha224_mac,
+    sha256_mac,
+    sha384_mac,
+    sha512_mac,
+    rmd_mac
 };


--- a/src/cyassl_int.c
+++ b/src/cyassl_int.c
@ -2595,8 +2595,8 @@ int SendCertificateRequest(SSL* ssl)
        c16toa(HASH_SIG_SIZE, &output[i]);
        i += LENGTH_SZ;

-        output[i++] = SHA1_ID;   /* hash */
-        output[i++] = RSA_ID;    /* sig  */ 
+        output[i++] = sha_mac;      /* hash */
+        output[i++] = rsa_sa_algo;  /* sig  */
    }

    c16toa(0, &output[i]);  /* auth's */
@ -4141,8 +4141,8 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
            #endif
            length = RsaEncryptSize(&key);
            if (IsAtLeastTLSv1_2(ssl)) {
-                verify[0] = SHA1_ID;
-                verify[1] = RSA_ID;
+                verify[0] = sha_mac;
+                verify[1] = rsa_sa_algo;
                extraSz = HASH_SIG_SIZE;
            }
            c16toa((word16)length, verify + extraSz); /* prepend verify header*/
@ -4431,6 +4431,9 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
            }
            length += sigSz;

+            if (IsAtLeastTLSv1_2(ssl))
+                length += HASH_SIG_SIZE;
+
            sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;

            #ifdef CYASSL_DTLS 
@ -4459,6 +4462,10 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
            output[idx++] = expSz;
            XMEMCPY(output + idx, export, expSz);
            idx += expSz;
+            if (IsAtLeastTLSv1_2(ssl)) {
+                output[idx++] = sha_mac;
+                output[idx++] = ssl->specs.sig_algo;
+            }
            c16toa(sigSz, output + idx);
            idx += LENGTH_SZ;