diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 68c06cc51..dae98fa21 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1347,8 +1347,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) * Reason: Otherwise we should have running hashes for SHA512 and SHA224 * in order to satisfy 'weird' needs from the server side. */ - if( ssl->transform_negotiate->ciphersuite_info->cipher == - POLARSSL_CIPHER_AES_256_GCM ) + if( ssl->transform_negotiate->ciphersuite_info->mac == + POLARSSL_MD_SHA384 ) { hash_id = SIG_RSA_SHA384; hashlen = 48; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index bab0aa819..c7c736756 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1068,8 +1068,8 @@ static int ssl_write_certificate_request( ssl_context *ssl ) *p++ = 0; *p++ = 2; - if( ssl->transform_negotiate->ciphersuite_info->cipher == - POLARSSL_CIPHER_AES_256_GCM ) + if( ssl->transform_negotiate->ciphersuite_info->mac == + POLARSSL_MD_SHA384 ) { ssl->handshake->verify_sig_alg = SSL_HASH_SHA384; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 60ef3bee5..2d09c598b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -346,8 +346,8 @@ int ssl_derive_keys( ssl_context *ssl ) handshake->calc_finished = ssl_calc_finished_tls; } #if defined(POLARSSL_SHA4_C) - else if( transform->ciphersuite_info->cipher == - POLARSSL_CIPHER_AES_256_GCM ) + else if( transform->ciphersuite_info->mac == + POLARSSL_MD_SHA384 ) { handshake->tls_prf = tls_prf_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384; @@ -963,10 +963,7 @@ static int ssl_encrypt_buf( ssl_context *ssl ) return( 0 ); } -/* - * TODO: Use digest version when integrated! - */ -#define POLARSSL_SSL_MAX_MAC_SIZE 32 +#define POLARSSL_SSL_MAX_MAC_SIZE 48 static int ssl_decrypt_buf( ssl_context *ssl ) { @@ -2161,7 +2158,7 @@ void ssl_optimize_checksum( ssl_context *ssl, if( ssl->minor_ver < SSL_MINOR_VERSION_3 ) ssl->handshake->update_checksum = ssl_update_checksum_md5sha1; #if defined(POLARSSL_SHA4_C) - else if( ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM ) + else if( ciphersuite_info->mac == POLARSSL_MD_SHA384 ) { ssl->handshake->update_checksum = ssl_update_checksum_sha384; }