]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Use SHA256 for PRF if TLS 1.2.
authorDaiki Ueno <ueno@unixuser.org>
Mon, 31 Aug 2009 05:44:51 +0000 (14:44 +0900)
committerSimon Josefsson <simon@josefsson.org>
Mon, 31 Aug 2009 13:00:12 +0000 (15:00 +0200)
Use SHA256 for the basis of PRF, and for the hash over handshake messages.

Signed-off-by: Simon Josefsson <simon@josefsson.org>
lib/gnutls_handshake.c
lib/gnutls_pk.c
lib/gnutls_state.c

index 7c10fbbc67f4cc7278d0a333a1bfd24e0f7d0fe6..83dc54e78cd1e8454e112607d3211a5dac2b5bd9 100644 (file)
@@ -236,7 +236,7 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret)
   else
     {
       _gnutls_hash_deinit (&td_sha, concat);
-      len = 20;
+      len = _gnutls_hash_get_algo_len (td_sha.algorithm);
     }
 
   if (type == GNUTLS_SERVER)
@@ -2170,6 +2170,8 @@ _gnutls_abort_handshake (gnutls_session_t session, int ret)
 inline static int
 _gnutls_handshake_hash_init (gnutls_session_t session)
 {
+  gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+  gnutls_digest_algorithm_t hash_algo = GNUTLS_MAC_SHA1;
 
   if (session->internals.handshake_mac_handle_init == 0)
     {
@@ -2183,9 +2185,15 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
          return ret;
        }
 
+      /* The algorithm to compute hash over handshake messages must be
+        same as the one used as the basis for PRF.  By now we use
+        SHA256. */
+      if (_gnutls_version_has_selectable_prf (ver))
+       hash_algo = GNUTLS_MAC_SHA256;
+
       ret =
        _gnutls_hash_init (&session->internals.handshake_mac_handle_sha,
-                          GNUTLS_MAC_SHA1);
+                          hash_algo);
       if (ret < 0)
        {
          gnutls_assert ();
index ff9fbf1887e0776fabd347da581547ca6b943c25..ccd98a4a574ae297a64eca2373525b532b4d9e07 100644 (file)
@@ -500,8 +500,8 @@ _gnutls_dsa_verify (const gnutls_datum_t * vdata,
     pk_params.params[i] = params[i];
   pk_params.params_nr = params_len;
 
-  if (vdata->size != 20)
-    {                          /* sha-1 only */
+  if (vdata->size > 20)
+    {                          /* SHA1 or better only */
       gnutls_assert ();
       return GNUTLS_E_PK_SIG_VERIFY_FAILED;
     }
index e1bfc66fecda9affed8ee46d0303cee9941691f9..fede2a001146531eb12a88dab8df9e897dc4bd04 100644 (file)
@@ -785,7 +785,7 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
 
   digest_hd_st td2;
   int i, times, how, blocksize, A_size;
-  opaque final[20], Atmp[MAX_SEED_SIZE];
+  opaque final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
   int output_bytes, result;
 
   if (seed_size > MAX_SEED_SIZE || total_bytes <= 0)
@@ -906,7 +906,7 @@ _gnutls_PRF (gnutls_session_t session,
   if (_gnutls_version_has_selectable_prf(ver))
     {
       result =
-       _gnutls_P_hash (GNUTLS_MAC_SHA1, secret, secret_size,
+       _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size,
                        s_seed, s_seed_size, total_bytes, ret);
       if (result < 0)
        {