Loading src/ssl.cpp +11 −11 Original line number Diff line number Diff line Loading @@ -1427,27 +1427,27 @@ std::vector<uint8_t> netplus::ssl::_tls13_build_certificate_verify() std::vector<uint8_t> sig; std::vector<uint8_t> cv; // Use RSA-PKCS1-SHA256 (0x0401) for maximum compatibility // This is the classic RSA signature algorithm, widely supported // TLS 1.3 RFC 8446 Section 4.4.3: For RSA signatures, RSASSA-PSS algorithms MUST be used. // rsa_pkcs1_* algorithms are NOT allowed for CertificateVerify in TLS 1.3. if (_rsa) { // For TLS 1.3, we need to use RSA-PKCS1-SHA256 (0x0401) // which is RSA signature with PKCS#1 v1.5 padding sig = _rsa_sha256_pkcs15_sign(toSign); // For TLS 1.3, we MUST use RSA-PSS-RSAE-SHA256 (0x0804) // PKCS#1 v1.5 (0x0401) is NOT allowed for CertificateVerify in TLS 1.3 sig = _rsa_pss_sha256_sign(toSign); if (sig.empty()) throwSSL(NetException::Error, "TLS1.3 CertificateVerify: RSA signature empty"); throwSSL(NetException::Error, "TLS1.3 CertificateVerify: RSA-PSS signature empty"); // DEBUG: Log RSA signature details fprintf(stderr, "[TLS] RSA-PKCS1-SHA256 signature generated: size=%zu\n", sig.size()); fprintf(stderr, "[TLS] RSA signature (first 16 bytes): "); // DEBUG: Log RSA-PSS signature details fprintf(stderr, "[TLS] RSA-PSS-SHA256 signature generated: size=%zu\n", sig.size()); fprintf(stderr, "[TLS] RSA-PSS signature (first 16 bytes): "); for (int i = 0; i < 16 && i < (int)sig.size(); i++) fprintf(stderr, "%02x ", sig[i]); fprintf(stderr, "\n"); fprintf(stderr, "[TLS] RSA signature (last 16 bytes): "); fprintf(stderr, "[TLS] RSA-PSS signature (last 16 bytes): "); for (int i = (int)sig.size() - 16; i < (int)sig.size(); i++) if (i >= 0) fprintf(stderr, "%02x ", sig[i]); fprintf(stderr, "\n"); cv.push_back(0x04); cv.push_back(0x01); // rsa_pkcs1_sha256 cv.push_back(0x08); cv.push_back(0x04); // rsa_pss_rsae_sha256 (TLS 1.3 required) } else if (_has_ec_key) { // Use ECDSA-SHA256 with P-256 curve (0x0403) sig = _ecdsa_sha256_sign(toSign); Loading Loading
src/ssl.cpp +11 −11 Original line number Diff line number Diff line Loading @@ -1427,27 +1427,27 @@ std::vector<uint8_t> netplus::ssl::_tls13_build_certificate_verify() std::vector<uint8_t> sig; std::vector<uint8_t> cv; // Use RSA-PKCS1-SHA256 (0x0401) for maximum compatibility // This is the classic RSA signature algorithm, widely supported // TLS 1.3 RFC 8446 Section 4.4.3: For RSA signatures, RSASSA-PSS algorithms MUST be used. // rsa_pkcs1_* algorithms are NOT allowed for CertificateVerify in TLS 1.3. if (_rsa) { // For TLS 1.3, we need to use RSA-PKCS1-SHA256 (0x0401) // which is RSA signature with PKCS#1 v1.5 padding sig = _rsa_sha256_pkcs15_sign(toSign); // For TLS 1.3, we MUST use RSA-PSS-RSAE-SHA256 (0x0804) // PKCS#1 v1.5 (0x0401) is NOT allowed for CertificateVerify in TLS 1.3 sig = _rsa_pss_sha256_sign(toSign); if (sig.empty()) throwSSL(NetException::Error, "TLS1.3 CertificateVerify: RSA signature empty"); throwSSL(NetException::Error, "TLS1.3 CertificateVerify: RSA-PSS signature empty"); // DEBUG: Log RSA signature details fprintf(stderr, "[TLS] RSA-PKCS1-SHA256 signature generated: size=%zu\n", sig.size()); fprintf(stderr, "[TLS] RSA signature (first 16 bytes): "); // DEBUG: Log RSA-PSS signature details fprintf(stderr, "[TLS] RSA-PSS-SHA256 signature generated: size=%zu\n", sig.size()); fprintf(stderr, "[TLS] RSA-PSS signature (first 16 bytes): "); for (int i = 0; i < 16 && i < (int)sig.size(); i++) fprintf(stderr, "%02x ", sig[i]); fprintf(stderr, "\n"); fprintf(stderr, "[TLS] RSA signature (last 16 bytes): "); fprintf(stderr, "[TLS] RSA-PSS signature (last 16 bytes): "); for (int i = (int)sig.size() - 16; i < (int)sig.size(); i++) if (i >= 0) fprintf(stderr, "%02x ", sig[i]); fprintf(stderr, "\n"); cv.push_back(0x04); cv.push_back(0x01); // rsa_pkcs1_sha256 cv.push_back(0x08); cv.push_back(0x04); // rsa_pss_rsae_sha256 (TLS 1.3 required) } else if (_has_ec_key) { // Use ECDSA-SHA256 with P-256 curve (0x0403) sig = _ecdsa_sha256_sign(toSign); Loading