diff options
| author | Erlang/OTP <[email protected]> | 2016-06-13 13:21:22 +0200 |
|---|---|---|
| committer | Erlang/OTP <[email protected]> | 2016-06-13 13:21:22 +0200 |
| commit | 60b02048d3b51e4e59d324f52d482dcb338b3c47 (patch) | |
| tree | b9d04bd7d034e15cd45b1a4c1bd9e8a8dc149e9d /lib/ssl/src | |
| parent | d76ad05a499556d3b82e10ab08c4aa0d819d598f (diff) | |
| parent | 7001063d331e5702ba21bfec3b3d84c06a31fefb (diff) | |
| download | otp-60b02048d3b51e4e59d324f52d482dcb338b3c47.tar.gz otp-60b02048d3b51e4e59d324f52d482dcb338b3c47.tar.bz2 otp-60b02048d3b51e4e59d324f52d482dcb338b3c47.zip | |
Merge branch 'kennethlakin/maint/tls-use-negotiated-prf/PR-1042/OTP-13546' into maint-18
* kennethlakin/maint/tls-use-negotiated-prf/PR-1042/OTP-13546:
ssl: Use cipher suite's PRF in prf/5
Diffstat (limited to 'lib/ssl/src')
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 5 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 12 |
2 files changed, 8 insertions, 9 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index f774873269..0f0072ba34 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -821,7 +821,8 @@ handle_sync_event({prf, Secret, Label, Seed, WantedLength}, _, StateName, SecParams = ConnectionState#connection_state.security_parameters, #security_parameters{master_secret = MasterSecret, client_random = ClientRandom, - server_random = ServerRandom} = SecParams, + server_random = ServerRandom, + prf_algorithm = PRFAlgorithm} = SecParams, Reply = try SecretToUse = case Secret of _ when is_binary(Secret) -> Secret; @@ -832,7 +833,7 @@ handle_sync_event({prf, Secret, Label, Seed, WantedLength}, _, StateName, (client_random, Acc) -> [ClientRandom|Acc]; (server_random, Acc) -> [ServerRandom|Acc] end, [], Seed)), - ssl_handshake:prf(Version, SecretToUse, Label, SeedToUse, WantedLength) + ssl_handshake:prf(Version, PRFAlgorithm, SecretToUse, Label, SeedToUse, WantedLength) catch exit:_ -> {error, badarg}; error:Reason -> {error, Reason} diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 644903cf4b..235d6efbb6 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -74,7 +74,7 @@ ]). %% MISC --export([select_version/3, prf/5, select_hashsign/5, +-export([select_version/3, prf/6, select_hashsign/5, select_hashsign_algs/3, premaster_secret/2, premaster_secret/3, premaster_secret/4]). @@ -564,17 +564,15 @@ server_key_exchange_hash(md5sha, Value) -> server_key_exchange_hash(Hash, Value) -> crypto:hash(Hash, Value). %%-------------------------------------------------------------------- --spec prf(ssl_record:ssl_version(), binary(), binary(), [binary()], non_neg_integer()) -> +-spec prf(ssl_record:ssl_version(), non_neg_integer(), binary(), binary(), [binary()], non_neg_integer()) -> {ok, binary()} | {error, undefined}. %% %% Description: use the TLS PRF to generate key material %%-------------------------------------------------------------------- -prf({3,0}, _, _, _, _) -> +prf({3,0}, _, _, _, _, _) -> {error, undefined}; -prf({3,1}, Secret, Label, Seed, WantedLength) -> - {ok, tls_v1:prf(?MD5SHA, Secret, Label, Seed, WantedLength)}; -prf({3,_N}, Secret, Label, Seed, WantedLength) -> - {ok, tls_v1:prf(?SHA256, Secret, Label, Seed, WantedLength)}. +prf({3,_N}, PRFAlgo, Secret, Label, Seed, WantedLength) -> + {ok, tls_v1:prf(PRFAlgo, Secret, Label, Seed, WantedLength)}. %%-------------------------------------------------------------------- |