xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

libsec: fix verifyDHparams() for version <= TLS1.1

Browse source 
for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange
message and the signature digest algorithm is fixed to md5+sha1 and we
only support RSA signatures (TLS1.1 doesnt know about ECDSA).
This commit is contained in:
cinap_lenrek 2016-03-01 11:30:01 +01:00
parent bb81a10687
commit 169bfb4610
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sys/src/libsec/port/tlshand.c
View file

@ -1035,6 +1035,7 @@ verifyDHparams(TlsConnection *c, Bytes *par, Bytes *sig, int sigalg)
digestlen = MD5dlen + SHA1dlen;
md5(blob->data, blob->len, digest, nil);
sha1(blob->data, blob->len, digest+MD5dlen, nil);
sigalg = 1; // only RSA signatures supported for version <= TLS1.1
} else {
int hashalg = (sigalg>>8) & 0xFF;
digestlen = -1;