From b7149bcc90b83cb13131074b48b86451a711c49b Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Wed, 20 Mar 2013 15:30:09 +0100
Subject: [PATCH] Corrected behaviour for CBC-based suites using the SHA384 MAC
 and PRF

---
 library/ssl_cli.c |  4 ++--
 library/ssl_srv.c |  4 ++--
 library/ssl_tls.c | 11 ++++-------
 3 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 68c06cc51..dae98fa21 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1347,8 +1347,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
          * Reason: Otherwise we should have running hashes for SHA512 and SHA224
          *         in order to satisfy 'weird' needs from the server side.
          */
-        if( ssl->transform_negotiate->ciphersuite_info->cipher ==
-            POLARSSL_CIPHER_AES_256_GCM )
+        if( ssl->transform_negotiate->ciphersuite_info->mac ==
+            POLARSSL_MD_SHA384 )
         {
             hash_id = SIG_RSA_SHA384;
             hashlen = 48;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index bab0aa819..c7c736756 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1068,8 +1068,8 @@ static int ssl_write_certificate_request( ssl_context *ssl )
         *p++ = 0;
         *p++ = 2;
 
-        if( ssl->transform_negotiate->ciphersuite_info->cipher ==
-            POLARSSL_CIPHER_AES_256_GCM )
+        if( ssl->transform_negotiate->ciphersuite_info->mac ==
+            POLARSSL_MD_SHA384 )
         {
             ssl->handshake->verify_sig_alg = SSL_HASH_SHA384;
         }
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 60ef3bee5..2d09c598b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -346,8 +346,8 @@ int ssl_derive_keys( ssl_context *ssl )
         handshake->calc_finished = ssl_calc_finished_tls;
     }
 #if defined(POLARSSL_SHA4_C)
-    else if( transform->ciphersuite_info->cipher ==
-             POLARSSL_CIPHER_AES_256_GCM )
+    else if( transform->ciphersuite_info->mac ==
+             POLARSSL_MD_SHA384 )
     {
         handshake->tls_prf = tls_prf_sha384;
         handshake->calc_verify = ssl_calc_verify_tls_sha384;
@@ -963,10 +963,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
     return( 0 );
 }
 
-/*
- * TODO: Use digest version when integrated!
- */
-#define POLARSSL_SSL_MAX_MAC_SIZE   32
+#define POLARSSL_SSL_MAX_MAC_SIZE   48
 
 static int ssl_decrypt_buf( ssl_context *ssl )
 {
@@ -2161,7 +2158,7 @@ void ssl_optimize_checksum( ssl_context *ssl,
     if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
         ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
 #if defined(POLARSSL_SHA4_C)
-    else if( ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM )
+    else if( ciphersuite_info->mac == POLARSSL_MD_SHA384 )
     {
         ssl->handshake->update_checksum = ssl_update_checksum_sha384;
     }