Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF
This commit is contained in:
parent
a0234377fc
commit
b7149bcc90
3 changed files with 8 additions and 11 deletions
|
@ -1347,8 +1347,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
|||
* Reason: Otherwise we should have running hashes for SHA512 and SHA224
|
||||
* in order to satisfy 'weird' needs from the server side.
|
||||
*/
|
||||
if( ssl->transform_negotiate->ciphersuite_info->cipher ==
|
||||
POLARSSL_CIPHER_AES_256_GCM )
|
||||
if( ssl->transform_negotiate->ciphersuite_info->mac ==
|
||||
POLARSSL_MD_SHA384 )
|
||||
{
|
||||
hash_id = SIG_RSA_SHA384;
|
||||
hashlen = 48;
|
||||
|
|
|
@ -1068,8 +1068,8 @@ static int ssl_write_certificate_request( ssl_context *ssl )
|
|||
*p++ = 0;
|
||||
*p++ = 2;
|
||||
|
||||
if( ssl->transform_negotiate->ciphersuite_info->cipher ==
|
||||
POLARSSL_CIPHER_AES_256_GCM )
|
||||
if( ssl->transform_negotiate->ciphersuite_info->mac ==
|
||||
POLARSSL_MD_SHA384 )
|
||||
{
|
||||
ssl->handshake->verify_sig_alg = SSL_HASH_SHA384;
|
||||
}
|
||||
|
|
|
@ -346,8 +346,8 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
handshake->calc_finished = ssl_calc_finished_tls;
|
||||
}
|
||||
#if defined(POLARSSL_SHA4_C)
|
||||
else if( transform->ciphersuite_info->cipher ==
|
||||
POLARSSL_CIPHER_AES_256_GCM )
|
||||
else if( transform->ciphersuite_info->mac ==
|
||||
POLARSSL_MD_SHA384 )
|
||||
{
|
||||
handshake->tls_prf = tls_prf_sha384;
|
||||
handshake->calc_verify = ssl_calc_verify_tls_sha384;
|
||||
|
@ -963,10 +963,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* TODO: Use digest version when integrated!
|
||||
*/
|
||||
#define POLARSSL_SSL_MAX_MAC_SIZE 32
|
||||
#define POLARSSL_SSL_MAX_MAC_SIZE 48
|
||||
|
||||
static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
{
|
||||
|
@ -2161,7 +2158,7 @@ void ssl_optimize_checksum( ssl_context *ssl,
|
|||
if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
|
||||
ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
|
||||
#if defined(POLARSSL_SHA4_C)
|
||||
else if( ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM )
|
||||
else if( ciphersuite_info->mac == POLARSSL_MD_SHA384 )
|
||||
{
|
||||
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue