aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-04-02 16:48:54 +0000
committerlloyd <[email protected]>2012-04-02 16:48:54 +0000
commit7f0df78e77eedaf299a8dcbea2d10290b99d3521 (patch)
tree3eb0cce53f5ff3a844b6af64801d77fc5b4bc38a /src/tls
parent4b4edaa984cb0b26e8246f19e594cb8d173ae833 (diff)
Use SHA-256 when MD5 is negotiated as the HMAC hash in TLS 1.2,
previously negotiating any MD5-based ciphersuite in TLS 1.2 would cause MAC failures as the master secret would come out differently due to using the wrong PRF.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/tls_handshake_hash.cpp2
-rw-r--r--src/tls/tls_handshake_state.cpp6
2 files changed, 6 insertions, 2 deletions
diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp
index 61295a95c..d0c74136b 100644
--- a/src/tls/tls_handshake_hash.cpp
+++ b/src/tls/tls_handshake_hash.cpp
@@ -43,7 +43,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version,
}
else if(version == Protocol_Version::TLS_V12)
{
- if(mac_algo == "SHA-1" || mac_algo == "SHA-256")
+ if(mac_algo == "MD5" || mac_algo == "SHA-1" || mac_algo == "SHA-256")
hash.reset(af.make_hash_function("SHA-256"));
else
hash.reset(af.make_hash_function(mac_algo));
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 6ddd8d346..48d9abbeb 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -163,8 +163,12 @@ KDF* Handshake_State::protocol_specific_prf()
}
else if(version() == Protocol_Version::TLS_V12)
{
- if(suite.mac_algo() == "SHA-1" || suite.mac_algo() == "SHA-256")
+ if(suite.mac_algo() == "MD5" ||
+ suite.mac_algo() == "SHA-1" ||
+ suite.mac_algo() == "SHA-256")
+ {
return get_kdf("TLS-12-PRF(SHA-256)");
+ }
return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")");
}