diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-06-28 23:18:59 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-07-30 14:43:35 +0100 |
commit | 12053a81c875473355e441d00ac81ed3c501dc9b (patch) | |
tree | 34d0cb46e5a4c1de1f3c137cf5f9ecc5e2e942cb /ssl | |
parent | adc5506adf4f4cb2719026354a8512e3a7807f8a (diff) |
PSK PRF correction.
For SHA384 PRF PSK ciphersuites we have to switch to default PRF for
TLS < 1.2
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/s3_lib.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6046580420..527ec1f946 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4217,13 +4217,19 @@ int ssl3_renegotiate_check(SSL *s) /* * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and * handshake macs if required. + * + * If PSK and using SHA384 for TLS < 1.2 switch to default. */ long ssl_get_algorithm2(SSL *s) { long alg2 = s->s3->tmp.new_cipher->algorithm2; - if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF - && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) { + if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) { + if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384)) + return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF; + } return alg2; } |