projects
/
BearSSL
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Added API for external hashing of ServerKeyExchange, and signature algorithm identifi...
[BearSSL]
/
src
/
ssl
/
ssl_hs_client.t0
diff --git
a/src/ssl/ssl_hs_client.t0
b/src/ssl/ssl_hs_client.t0
index
4067b4d
..
5bc3d3d
100644
(file)
--- a/
src/ssl/ssl_hs_client.t0
+++ b/
src/ssl/ssl_hs_client.t0
@@
-230,7
+230,7
@@
make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
{
int curve;
unsigned char key[66], point[133];
{
int curve;
unsigned char key[66], point[133];
- const unsigned char *
generator, *
order, *point_src;
+ const unsigned char *order, *point_src;
size_t glen, olen, point_len;
unsigned char mask;
size_t glen, olen, point_len;
unsigned char mask;
@@
-271,7
+271,7
@@
make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
* Compute the common ECDH point, whose X coordinate is the
* pre-master secret.
*/
* Compute the common ECDH point, whose X coordinate is the
* pre-master secret.
*/
-
generator =
ctx->eng.iec->generator(curve, &glen);
+ ctx->eng.iec->generator(curve, &glen);
if (glen != point_len) {
return -BR_ERR_INVALID_ALGORITHM;
}
if (glen != point_len) {
return -BR_ERR_INVALID_ALGORITHM;
}
@@
-286,10
+286,7
@@
make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
*/
br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
*/
br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
- memcpy(point, generator, glen);
- if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
- return -BR_ERR_INVALID_ALGORITHM;
- }
+ ctx->eng.iec->mulgen(point, key, olen, curve);
memcpy(ctx->eng.pad, point, glen);
return (int)glen;
}
memcpy(ctx->eng.pad, point, glen);
return (int)glen;
}
@@
-1026,7
+1023,7
@@
cc: get-client-chain ( auth_types -- ) {
\ - There is an explicit list of supported sign+hash.
\ - The ECDH flags must be adjusted for RSA/ECDSA
\ support.
\ - There is an explicit list of supported sign+hash.
\ - The ECDH flags must be adjusted for RSA/ECDSA
\ support.
- read-list-sign-algos dup addr-hashes set
16
+ read-list-sign-algos dup addr-hashes set
32
\ Trim down the list depending on what hash functions
\ we support (since the hashing itself is done by the SSL
\ Trim down the list depending on what hash functions
\ we support (since the hashing itself is done by the SSL