Add TLS::Protocol_Version::supports_ciphersuite_specific_prf

4 files changed, 16 insertions, 14 deletions

diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp
index fd9d93bb2..ba3ee52db 100644
--- a/src/tls/tls_handshake_hash.cpp
+++ b/src/tls/tls_handshake_hash.cpp
@@ -25,20 +25,15 @@ secure_vector<byte> Handshake_Hash::final(Protocol_Version version,
 
    std::unique_ptr<HashFunction> hash;
 
-   if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11)
+   if(version.supports_ciphersuite_specific_prf())
       {
-      hash.reset(af.make_hash_function("TLS.Digest.0"));
-      }
-   else if(version == Protocol_Version::TLS_V12)
-      {
-      if(mac_algo == "MD5" || mac_algo == "SHA-1" || mac_algo == "SHA-256")
+      if(mac_algo == "MD5" || mac_algo == "SHA-1")
          hash.reset(af.make_hash_function("SHA-256"));
       else
          hash.reset(af.make_hash_function(mac_algo));
       }
    else
-      throw TLS_Exception(Alert::PROTOCOL_VERSION,
-                          "Unknown version for handshake hashes");
+      hash.reset(af.make_hash_function("TLS.Digest.0"));
 
    hash->update(data);
    return hash->final();
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 304366719..d79ed15d4 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -157,14 +157,10 @@ KDF* Handshake_State::protocol_specific_prf()
       {
       return get_kdf("TLS-PRF");
       }
-   else if(version() == Protocol_Version::TLS_V12)
+   else if(version().supports_ciphersuite_specific_prf())
       {
-      if(suite.mac_algo() == "MD5" ||
-         suite.mac_algo() == "SHA-1" ||
-         suite.mac_algo() == "SHA-256")
-         {
+      if(suite.mac_algo() == "MD5" || suite.mac_algo() == "SHA-1")
          return get_kdf("TLS-12-PRF(SHA-256)");
-         }
 
       return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")");
       }
diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp
index f451da70e..32a408830 100644
--- a/src/tls/tls_version.cpp
+++ b/src/tls/tls_version.cpp
@@ -80,6 +80,12 @@ bool Protocol_Version::supports_explicit_cbc_ivs() const
            m_version == Protocol_Version::DTLS_V12);
    }
 
+bool Protocol_Version::supports_ciphersuite_specific_prf() const
+   {
+   return (m_version == Protocol_Version::TLS_V12 ||
+           m_version == Protocol_Version::DTLS_V12);
+   }
+
 }
 
 }
diff --git a/src/tls/tls_version.h b/src/tls/tls_version.h
index 8112b2a11..651eebafc 100644
--- a/src/tls/tls_version.h
+++ b/src/tls/tls_version.h
@@ -94,6 +94,11 @@ class BOTAN_DLL Protocol_Version
       bool supports_explicit_cbc_ivs() const;
 
       /**
+      * @return true if this version uses a ciphersuite specific PRF
+      */
+      bool supports_ciphersuite_specific_prf() const;
+
+      /**
       * @return if this version is equal to other
       */
       bool operator==(const Protocol_Version& other) const