Zilog EZ80F91AZA User Manual

UM020107-1211

SSL Configuration

ZTP Network Security SSL Plug-In

User Manual

25

Each of the four supported digest algorithms has an entry that follows the

NullHash_New

function pointer.

Each entry in the array is a function pointer that is used to initialize a data structure that the
SSL handshake protocols use to perform digest operations.

NullHash

does not perform

any useful function, but it must be included in the

HashGen

array for proper operation of

the SSL protocol.

The ordering of entries in the

HashGen

array is not arbitrary, and is determined by the

ordinal values of the following macros (see the

ez80_hash.h

header file); the values of

these macros must not be altered.

#define SSL_HASH_NULL

0

#define SSL_HASH_MD5

1

#define SSL_HASH_HMAC_MD5

2

#define SSL_HASH_SHA1

3

#define SSL_HASH_HMAC_SHA1

4

Table 5 shows which digest algorithms are required for each of the SSL handshake proto-
cols. If the application uses combinations of protocols, select the last row in the table that
matches one of the SSL handshake protocols used. For example, if your project requires
the SSLv2 and TLSv1 handshake protocols, then the digest algorithms corresponding to
the TLSv1 handshake protocol must appear in the

HashGen

array.

If a digest algorithm is not required, replace the corresponding entry in the

HashGen

array

with

NullHash_New

. For example, in an application required to support SSLv2 and

SSLv3, it is not necessary to include the

HMAC_MD5

or

HMAC_SHA1

digest algorithms;

therefore the project can be made slightly smaller by using the following

HashGen

array.

HASH_NEW

HashGen[ SSL_MAX_HASH ] =

{

NullHash_New,

MD5_New,

Table 5. Mandatory Digest Algorithm by SSL Protocol Version

SSL Handshake



Protocol version

Mandatory Digest Algorithms

SSLv2

MD5

SSLv3

MD5, SHA1

TLSv1

MD5, SHA1, HMAC_MD5, HMAC_SHA1

Note: