diff options
| author | Andreas Schultz <[email protected]> | 2012-08-15 10:52:39 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2012-08-22 14:00:46 +0200 |
| commit | 332716f059f291eba836fb46071a9b3e718f43c0 (patch) | |
| tree | 5c5724d480e0b932931618883300c2e6009cf923 /lib/ssl/src/ssl_connection.erl | |
| parent | 6c53c50ca047dc006af75dd6045e096a4bd97153 (diff) | |
| download | otp-332716f059f291eba836fb46071a9b3e718f43c0.tar.gz otp-332716f059f291eba836fb46071a9b3e718f43c0.tar.bz2 otp-332716f059f291eba836fb46071a9b3e718f43c0.zip | |
ssl: Add Signature Algorithms hello extension from TLS 1.2
This is also avoids triggering some bugs in OpenSSL.
Diffstat (limited to 'lib/ssl/src/ssl_connection.erl')
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index ad02c6c0cf..c09e07018d 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1606,18 +1606,18 @@ handle_server_key( ?UINT16(GLen), G/binary, ?UINT16(YLen), ServerPublicDhKey/binary>>), - - case verify_dh_params(Version, Signed, Hash, PubKeyInfo) of + + case verify_dh_params(Version, Signed, Hash, HashAlgo, PubKeyInfo) of true -> dh_master_secret(P, G, ServerPublicDhKey, undefined, State); false -> ?ALERT_REC(?FATAL, ?DECRYPT_ERROR) end. -verify_dh_params({3, Minor}, Signed, Hashes, {?rsaEncryption, PubKey, _PubKeyParams}) +verify_dh_params({3, Minor}, Signed, Hashes, HashAlgo, {?rsaEncryption, PubKey, _PubKeyParams}) when Minor >= 3 -> - public_key:verify({digest, Hashes}, sha, Signed, PubKey); -verify_dh_params(_Version, Signed, Hashes, {?rsaEncryption, PubKey, _PubKeyParams}) -> + public_key:verify({digest, Hashes}, HashAlgo, Signed, PubKey); +verify_dh_params(_Version, Signed, Hashes, _HashAlgo, {?rsaEncryption, PubKey, _PubKeyParams}) -> case public_key:decrypt_public(Signed, PubKey, [{rsa_pad, rsa_pkcs1_padding}]) of Hashes -> @@ -1625,8 +1625,10 @@ verify_dh_params(_Version, Signed, Hashes, {?rsaEncryption, PubKey, _PubKeyParam _ -> false end; -verify_dh_params(_Version, Signed, Hash, {?'id-dsa', PublicKey, PublicKeyParams}) -> - public_key:verify({digest, Hash}, sha, Signed, {PublicKey, PublicKeyParams}). +verify_dh_params(_Version, Signed, Hash, undefined, {?'id-dsa', PublicKey, PublicKeyParams}) -> + public_key:verify({digest, Hash}, sha, Signed, {PublicKey, PublicKeyParams}); +verify_dh_params(_Version, Signed, Hash, HashAlgo, {?'id-dsa', PublicKey, PublicKeyParams}) -> + public_key:verify({digest, Hash}, HashAlgo, Signed, {PublicKey, PublicKeyParams}). dh_master_secret(Prime, Base, PublicDhKey, undefined, State) -> PMpint = mpint_binary(Prime), |