Support alternate PRF hashes in TLS 1.2. Add support for the SHA-384

ciphersuites.

1 files changed, 2 insertions, 16 deletions

diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp
index 140a3cb59..18cc51b96 100644
--- a/src/tls/finished.cpp
+++ b/src/tls/finished.cpp
@@ -6,9 +6,6 @@
 */
 
 #include <botan/internal/tls_messages.h>
-#include <botan/prf_tls.h>
-#include <botan/hmac.h>
-#include <botan/sha2_32.h>
 #include <memory>
 
 namespace Botan {
@@ -17,17 +14,6 @@ namespace TLS {
 
 namespace {
 
-KDF* choose_tls_prf(Protocol_Version version)
-   {
-   if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11)
-      return new TLS_PRF;
-   else if(version == Protocol_Version::TLS_V12)
-      return new TLS_12_PRF(new HMAC(new SHA_256)); // might depend on ciphersuite
-   else
-      throw TLS_Exception(Alert::PROTOCOL_VERSION,
-                          "Unknown version for PRF");
-   }
-
 /*
 * Compute the verify_data
 */
@@ -60,7 +46,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state,
          0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69,
          0x73, 0x68, 0x65, 0x64 };
 
-      std::auto_ptr<KDF> prf(choose_tls_prf(state->version));
+      std::auto_ptr<KDF> prf(state->protocol_specific_prf());
 
       MemoryVector<byte> input;
       if(side == CLIENT)
@@ -68,7 +54,7 @@ MemoryVector<byte> finished_compute_verify(Handshake_State* state,
       else
          input += std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL));
 
-      input += state->hash.final(state->version);
+      input += state->hash.final(state->version, state->suite.mac_algo());
 
       return prf->derive_key(12, state->keys.master_secret(), input);
       }