Kinda maybe working TLS 1.2 for clients. Not well tested at all, but a

basic connection with a GnuTLS server does work. Currently we don't respect the signature_algorithms extension at all, and using SHA-256 with a 12-byte finished value is hardcoded though the spec is that it can depend on the ciphersuite (likely relevant for GOST ciphersuites in particular).
author: lloyd <[email protected]> 2012-01-19 18:14:20 +0000
committer: lloyd <[email protected]> 2012-01-19 18:14:20 +0000
commit: 265cf8e312723e688f4dbc8e4d90e0eae5445c97 (patch)
tree: 4532f1435286ad17cc3752ba77b71e59af622bbf /src/libstate/get_enc.cpp
parent: 239241568d4d3ff14d2d1994e5829f3d548f2078 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/src/libstate/get_enc.cpp b/src/libstate/get_enc.cpp
index 6a87268e8..6b74f8793 100644
--- a/src/libstate/get_enc.cpp
+++ b/src/libstate/get_enc.cpp
@@ -200,9 +200,14 @@ KDF* get_kdf(const std::string& algo_spec)
       return new TLS_PRF;
 #endif
 
-#if defined(BOTAN_HAS_SSL_V3_PRF)
-   if(request.algo_name() == "SSL3-PRF" && request.arg_count() == 0)
-      return new SSL3_PRF;
+#if defined(BOTAN_HAS_TLS_V10_PRF)
+   if(request.algo_name() == "TLS-PRF" && request.arg_count() == 0)
+      return new TLS_PRF;
+#endif
+
+#if defined(BOTAN_HAS_TLS_V12_PRF)
+   if(request.algo_name() == "TLS-12-PRF" && request.arg_count() == 1)
+      return new TLS_12_PRF(af.make_mac("HMAC(" + request.arg(0) + ")"));
 #endif
 
    throw Algorithm_Not_Found(algo_spec);
author	lloyd <[email protected]>	2012-01-19 18:14:20 +0000
committer	lloyd <[email protected]>	2012-01-19 18:14:20 +0000
commit	265cf8e312723e688f4dbc8e4d90e0eae5445c97 (patch)
tree	4532f1435286ad17cc3752ba77b71e59af622bbf /src/libstate/get_enc.cpp
parent	239241568d4d3ff14d2d1994e5829f3d548f2078 (diff)