diff options
-rw-r--r-- | src/tls/tls_handshake_hash.cpp | 11 | ||||
-rw-r--r-- | src/tls/tls_handshake_state.cpp | 8 | ||||
-rw-r--r-- | src/tls/tls_version.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_version.h | 5 |
4 files changed, 16 insertions, 14 deletions
diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index fd9d93bb2..ba3ee52db 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -25,20 +25,15 @@ secure_vector<byte> Handshake_Hash::final(Protocol_Version version, std::unique_ptr<HashFunction> hash; - if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11) + if(version.supports_ciphersuite_specific_prf()) { - hash.reset(af.make_hash_function("TLS.Digest.0")); - } - else if(version == Protocol_Version::TLS_V12) - { - if(mac_algo == "MD5" || mac_algo == "SHA-1" || mac_algo == "SHA-256") + if(mac_algo == "MD5" || mac_algo == "SHA-1") hash.reset(af.make_hash_function("SHA-256")); else hash.reset(af.make_hash_function(mac_algo)); } else - throw TLS_Exception(Alert::PROTOCOL_VERSION, - "Unknown version for handshake hashes"); + hash.reset(af.make_hash_function("TLS.Digest.0")); hash->update(data); return hash->final(); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 304366719..d79ed15d4 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -157,14 +157,10 @@ KDF* Handshake_State::protocol_specific_prf() { return get_kdf("TLS-PRF"); } - else if(version() == Protocol_Version::TLS_V12) + else if(version().supports_ciphersuite_specific_prf()) { - if(suite.mac_algo() == "MD5" || - suite.mac_algo() == "SHA-1" || - suite.mac_algo() == "SHA-256") - { + if(suite.mac_algo() == "MD5" || suite.mac_algo() == "SHA-1") return get_kdf("TLS-12-PRF(SHA-256)"); - } return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")"); } diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp index f451da70e..32a408830 100644 --- a/src/tls/tls_version.cpp +++ b/src/tls/tls_version.cpp @@ -80,6 +80,12 @@ bool Protocol_Version::supports_explicit_cbc_ivs() const m_version == Protocol_Version::DTLS_V12); } +bool Protocol_Version::supports_ciphersuite_specific_prf() const + { + return (m_version == Protocol_Version::TLS_V12 || + m_version == Protocol_Version::DTLS_V12); + } + } } diff --git a/src/tls/tls_version.h b/src/tls/tls_version.h index 8112b2a11..651eebafc 100644 --- a/src/tls/tls_version.h +++ b/src/tls/tls_version.h @@ -94,6 +94,11 @@ class BOTAN_DLL Protocol_Version bool supports_explicit_cbc_ivs() const; /** + * @return true if this version uses a ciphersuite specific PRF + */ + bool supports_ciphersuite_specific_prf() const; + + /** * @return if this version is equal to other */ bool operator==(const Protocol_Version& other) const |