diff options
author | lloyd <[email protected]> | 2012-04-02 16:48:54 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-04-02 16:48:54 +0000 |
commit | 7f0df78e77eedaf299a8dcbea2d10290b99d3521 (patch) | |
tree | 3eb0cce53f5ff3a844b6af64801d77fc5b4bc38a /src/tls | |
parent | 4b4edaa984cb0b26e8246f19e594cb8d173ae833 (diff) |
Use SHA-256 when MD5 is negotiated as the HMAC hash in TLS 1.2,
previously negotiating any MD5-based ciphersuite in TLS 1.2 would
cause MAC failures as the master secret would come out differently due
to using the wrong PRF.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/tls_handshake_hash.cpp | 2 | ||||
-rw-r--r-- | src/tls/tls_handshake_state.cpp | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 61295a95c..d0c74136b 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -43,7 +43,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version, } else if(version == Protocol_Version::TLS_V12) { - if(mac_algo == "SHA-1" || mac_algo == "SHA-256") + if(mac_algo == "MD5" || mac_algo == "SHA-1" || mac_algo == "SHA-256") hash.reset(af.make_hash_function("SHA-256")); else hash.reset(af.make_hash_function(mac_algo)); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 6ddd8d346..48d9abbeb 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -163,8 +163,12 @@ KDF* Handshake_State::protocol_specific_prf() } else if(version() == Protocol_Version::TLS_V12) { - if(suite.mac_algo() == "SHA-1" || suite.mac_algo() == "SHA-256") + if(suite.mac_algo() == "MD5" || + suite.mac_algo() == "SHA-1" || + suite.mac_algo() == "SHA-256") + { return get_kdf("TLS-12-PRF(SHA-256)"); + } return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")"); } |