mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

SHA-2 ciphersuites now require TLS 1.x

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-07-13 14:43:28 +02:00
parent e73b26391d
commit 8d4ad07706
5 changed files with 28 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -5,6 +5,10 @@ Bugfix
* Support escaping of commas in x509_string_to_names() * Support escaping of commas in x509_string_to_names()
* Fix compile error in ssl_pthread_server (found by Julian Ospald). * Fix compile error in ssl_pthread_server (found by Julian Ospald).
Changes
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
standard defining how to use SHA-2 with SSL 3.0).
= PolarSSL 1.3.8 released 2014-07-11 = PolarSSL 1.3.8 released 2014-07-11
Security Security
* Fix length checking for AEAD ciphersuites (found by Codenomicon). * Fix length checking for AEAD ciphersuites (found by Codenomicon).

4
include/polarssl/ssl.h
View File

@ -560,8 +560,8 @@ struct _ssl_transform
#if defined(POLARSSL_SSL_PROTO_SSL3) #if defined(POLARSSL_SSL_PROTO_SSL3)
/* Needed only for SSL v3.0 secret */ /* Needed only for SSL v3.0 secret */
unsigned char mac_enc[48]; /*!< SSL v3.0 secret (enc) */ unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
unsigned char mac_dec[48]; /*!< SSL v3.0 secret (dec) */ unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
#endif /* POLARSSL_SSL_PROTO_SSL3 */ #endif /* POLARSSL_SSL_PROTO_SSL3 */
md_context_t md_ctx_enc; /*!< MAC (encryption) */ md_context_t md_ctx_enc; /*!< MAC (encryption) */

38
library/ssl_ciphersuites.c
View File

@ -1077,7 +1077,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", { TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA256_C */ #endif /* POLARSSL_SHA256_C */
@ -1085,7 +1085,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", { TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_SHA512_C */
@ -1133,7 +1133,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256", { TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA256_C */ #endif /* POLARSSL_SHA256_C */
@ -1141,7 +1141,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", { TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_SHA512_C */
@ -1213,7 +1213,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", { TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA256_C */ #endif /* POLARSSL_SHA256_C */
@ -1221,7 +1221,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", { TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_SHA512_C */
@ -1269,7 +1269,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256", { TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA256_C */ #endif /* POLARSSL_SHA256_C */
@ -1277,7 +1277,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", { TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_SHA512_C */
@ -1428,7 +1428,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", { TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA256_C */ #endif /* POLARSSL_SHA256_C */
@ -1436,7 +1436,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", { TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_SHA512_C */
@ -1462,7 +1462,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256", { TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA256_C */ #endif /* POLARSSL_SHA256_C */
@ -1470,7 +1470,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", { TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
0 }, 0 },
#endif /* POLARSSL_SHA512_C */ #endif /* POLARSSL_SHA512_C */
@ -1540,7 +1540,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", { TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA, POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_WEAK },
#endif #endif
@ -1558,7 +1558,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", { TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_WEAK },
#endif #endif
@ -1566,7 +1566,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", { TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK, POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_WEAK },
#endif #endif
@ -1584,7 +1584,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", { TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_WEAK },
#endif #endif
@ -1592,7 +1592,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", { TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK, POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_DHE_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_WEAK },
#endif #endif
@ -1636,7 +1636,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA256_C) #if defined(POLARSSL_SHA256_C)
{ TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", { TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_RSA_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_WEAK },
#endif #endif
@ -1644,7 +1644,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
#if defined(POLARSSL_SHA512_C) #if defined(POLARSSL_SHA512_C)
{ TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", { TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK, POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_RSA_PSK,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
POLARSSL_CIPHERSUITE_WEAK }, POLARSSL_CIPHERSUITE_WEAK },
#endif #endif

9
library/ssl_tls.c
View File

@ -991,18 +991,15 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
{ {
unsigned char header[11]; unsigned char header[11];
unsigned char padding[48]; unsigned char padding[48];
int padlen = 0; int padlen;
int md_size = md_get_size( md_ctx->md_info ); int md_size = md_get_size( md_ctx->md_info );
int md_type = md_get_type( md_ctx->md_info ); int md_type = md_get_type( md_ctx->md_info );
/* Only MD5 and SHA-1 supported */
if( md_type == POLARSSL_MD_MD5 ) if( md_type == POLARSSL_MD_MD5 )
padlen = 48; padlen = 48;
else if( md_type == POLARSSL_MD_SHA1 ) else
padlen = 40; padlen = 40;
else if( md_type == POLARSSL_MD_SHA256 )
padlen = 32;
else if( md_type == POLARSSL_MD_SHA384 )
padlen = 16;
memcpy( header, ctr, 8 ); memcpy( header, ctr, 8 );
header[ 8] = (unsigned char) type; header[ 8] = (unsigned char) type;

6
tests/compat.sh
View File

@ -586,12 +586,6 @@ add_polarssl_ciphersuites()
;; ;;
"RSA") "RSA")
if [ "$MODE" == "ssl3" ];
then
P_CIPHERS="$P_CIPHERS \
TLS-RSA-WITH-NULL-SHA256 \
"
fi
if [ "$MODE" = "tls1_2" ]; if [ "$MODE" = "tls1_2" ];
then then
P_CIPHERS="$P_CIPHERS \ P_CIPHERS="$P_CIPHERS \