Merge branch 'fix-srp-rsa'

tlsfuzzer · Nov 5, 2015 · 58d6da9 · 58d6da9
2 parents 5133390 + c5a57a9
commit 58d6da9
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
@@ -852,6 +852,8 @@ def _clientSRPKeyExchange(self, settings, cipherSuite, certificateType,
         if cipherSuite in CipherSuite.srpCertSuites:
             #Hash ServerKeyExchange/ServerSRPParams
             hashBytes = serverKeyExchange.hash(clientRandom, serverRandom)
+            if self.version == (3, 3):
+                hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes)
 
             #Extract signature bytes from ServerKeyExchange
             sigBytes = serverKeyExchange.signature
@@ -1730,6 +1732,8 @@ def _serverSRPKeyExchange(self, clientHello, serverHello, verifierDB,
         if cipherSuite in CipherSuite.srpCertSuites:
             hashBytes = serverKeyExchange.hash(clientHello.random,
                                                serverHello.random)
+            if self.version == (3, 3):
+                hashBytes = RSAKey.addPKCS1SHA1Prefix(hashBytes)
             serverKeyExchange.signature = privateKey.sign(hashBytes)
             if self.version == (3, 3):
                 # TODO signing algorithm not negotiatied