X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_hs_client.t0;h=cfe5f782b270616225a261f00d5577437bb9f0c0;hp=5bc3d3d568b6c908125f3a38f86598734b39d888;hb=ea95d8264c6aefe742a9c3f4f9d834b188566a29;hpb=ef318ef83a3a58b0a9e036676b84d11261ed7bb4;ds=sidebyside diff --git a/src/ssl/ssl_hs_client.t0 b/src/ssl/ssl_hs_client.t0 index 5bc3d3d..cfe5f78 100644 --- a/src/ssl/ssl_hs_client.t0 +++ b/src/ssl/ssl_hs_client.t0 @@ -115,32 +115,12 @@ make_pms_rsa(br_ssl_client_context *ctx, int prf_id) /* * OID for hash functions in RSA signatures. */ -static const unsigned char HASH_OID_SHA1[] = { - 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A -}; - -static const unsigned char HASH_OID_SHA224[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04 -}; - -static const unsigned char HASH_OID_SHA256[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 -}; - -static const unsigned char HASH_OID_SHA384[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 -}; - -static const unsigned char HASH_OID_SHA512[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 -}; - static const unsigned char *HASH_OID[] = { - HASH_OID_SHA1, - HASH_OID_SHA224, - HASH_OID_SHA256, - HASH_OID_SHA384, - HASH_OID_SHA512 + BR_HASH_OID_SHA1, + BR_HASH_OID_SHA224, + BR_HASH_OID_SHA256, + BR_HASH_OID_SHA384, + BR_HASH_OID_SHA512 }; /* @@ -231,7 +211,7 @@ make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id) int curve; unsigned char key[66], point[133]; const unsigned char *order, *point_src; - size_t glen, olen, point_len; + size_t glen, olen, point_len, xoff, xlen; unsigned char mask; if (ecdhe) { @@ -284,7 +264,8 @@ make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id) /* * The pre-master secret is the X coordinate. */ - br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1); + xoff = ctx->eng.iec->xoff(curve, &xlen); + br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen); ctx->eng.iec->mulgen(point, key, olen, curve); memcpy(ctx->eng.pad, point, glen); @@ -317,12 +298,12 @@ make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id) } memcpy(point, pk->key.ec.q, point_len); if (!(*ctx->client_auth_vtable)->do_keyx( - ctx->client_auth_vtable, point, point_len)) + ctx->client_auth_vtable, point, &point_len)) { return -1; } br_ssl_engine_compute_master(&ctx->eng, - prf_id, point + 1, point_len >> 1); + prf_id, point, point_len); return 0; } @@ -390,10 +371,9 @@ addr-ctx: hash_id \ Length of Signatures extension. : ext-signatures-length ( -- len ) - supported-hash-functions { x } drop - 0 - supports-rsa-sign? if x + then - supports-ecdsa? if x + then + supported-hash-functions { num } drop 0 + supports-rsa-sign? if num + then + supports-ecdsa? if num + then dup if 1 << 6 + then ; \ Write supported hash functions ( sign -- ) @@ -535,13 +515,16 @@ cc: ext-ALPN-length ( -- len ) { supports-rsa-sign? if 1 write-hashes then then \ TODO: add an API to specify preference order for curves. - \ Right now we use increasing id order, which makes P-256 - \ the preferred curve. + \ Right now we send Curve25519 first, then other curves in + \ increasing ID values (hence P-256 in second). ext-supported-curves-length dup if 0x000A write16 \ extension type (10) 4 - dup write16 \ extension length 2- write16 \ list length supported-curves 0 + dup 0x20000000 and if + 0xDFFFFFFF and 29 write16 + then begin dup 32 < while dup2 >> 1 and if dup write16 then 1+