Use SHA256 for the basis of PRF, and for the hash over handshake messages.
Signed-off-by: Simon Josefsson <simon@josefsson.org>
else
{
_gnutls_hash_deinit (&td_sha, concat);
- len = 20;
+ len = _gnutls_hash_get_algo_len (td_sha.algorithm);
}
if (type == GNUTLS_SERVER)
inline static int
_gnutls_handshake_hash_init (gnutls_session_t session)
{
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ gnutls_digest_algorithm_t hash_algo = GNUTLS_MAC_SHA1;
if (session->internals.handshake_mac_handle_init == 0)
{
return ret;
}
+ /* The algorithm to compute hash over handshake messages must be
+ same as the one used as the basis for PRF. By now we use
+ SHA256. */
+ if (_gnutls_version_has_selectable_prf (ver))
+ hash_algo = GNUTLS_MAC_SHA256;
+
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle_sha,
- GNUTLS_MAC_SHA1);
+ hash_algo);
if (ret < 0)
{
gnutls_assert ();
pk_params.params[i] = params[i];
pk_params.params_nr = params_len;
- if (vdata->size != 20)
- { /* sha-1 only */
+ if (vdata->size > 20)
+ { /* SHA1 or better only */
gnutls_assert ();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
digest_hd_st td2;
int i, times, how, blocksize, A_size;
- opaque final[20], Atmp[MAX_SEED_SIZE];
+ opaque final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
int output_bytes, result;
if (seed_size > MAX_SEED_SIZE || total_bytes <= 0)
if (_gnutls_version_has_selectable_prf(ver))
{
result =
- _gnutls_P_hash (GNUTLS_MAC_SHA1, secret, secret_size,
+ _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size,
s_seed, s_seed_size, total_bytes, ret);
if (result < 0)
{