feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

For TLSv1.2, cert and key messages use SHA-256 or SHA-384 as expected.

Browse Source
This commit is contained in:
John Safranek
2013-02-06 13:08:28 -08:00
parent 24e22d4b6e
commit 30004498c5
3 changed files with 282 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cyassl/internal.h
View File

@@ -1164,14 +1164,15 @@ CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
CYASSL_LOCAL void FreeCiphers(CYASSL* ssl); CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
#ifdef CYASSL_SHA384
#define HASHES_SZ SHA384_DIGEST_SIZE
#else
#define HASHES_SZ FINISHED_SZ
#endif
/* hashes type */ /* hashes type */
typedef struct Hashes { typedef struct Hashes {
#ifndef NO_MD5 byte hash[HASHES_SZ];
byte md5[MD5_DIGEST_SIZE];
byte sha[SHA_DIGEST_SIZE];
#else
byte hash[FINISHED_SZ];
#endif
} Hashes; } Hashes;

338
src/internal.c
View File

@@ -2270,7 +2270,7 @@ static void BuildMD5(CYASSL* ssl, Hashes* hashes, const byte* sender)
Md5Update(&ssl->hashMd5, PAD2, PAD_MD5); Md5Update(&ssl->hashMd5, PAD2, PAD_MD5);
Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE); Md5Update(&ssl->hashMd5, md5_result, MD5_DIGEST_SIZE);
Md5Final(&ssl->hashMd5, hashes->md5); Md5Final(&ssl->hashMd5, &hashes->hash[0]);
} }
@@ -2290,7 +2290,7 @@ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender)
ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA); ShaUpdate(&ssl->hashSha, PAD2, PAD_SHA);
ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE); ShaUpdate(&ssl->hashSha, sha_result, SHA_DIGEST_SIZE);
ShaFinal(&ssl->hashSha, hashes->sha); ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]);
} }
#endif #endif
@@ -4322,29 +4322,58 @@ static void BuildCertHashes(CYASSL* ssl, Hashes* hashes)
/* store current states, building requires get_digest which resets state */ /* store current states, building requires get_digest which resets state */
Md5 md5 = ssl->hashMd5; Md5 md5 = ssl->hashMd5;
Sha sha = ssl->hashSha; Sha sha = ssl->hashSha;
#ifndef NO_SHA256 /* for possible future changes */ #ifndef NO_SHA256
Sha256 sha256; Sha256 sha256;
InitSha256(&sha256); #endif
if (IsAtLeastTLSv1_2(ssl)) #ifdef CYASSL_SHA384
sha256 = ssl->hashSha256; Sha384 sha384;
#endif #endif
#ifndef NO_SHA256
InitSha256(&sha256);
if (IsAtLeastTLSv1_2(ssl))
sha256 = ssl->hashSha256;
#endif
#ifdef CYASSL_SHA384
InitSha384(&sha384);
if (IsAtLeastTLSv1_2(ssl))
sha384 = ssl->hashSha384;
#endif
if (ssl->options.tls) { if (ssl->options.tls) {
Md5Final(&ssl->hashMd5, hashes->md5); if (IsAtLeastTLSv1_2(ssl)) {
ShaFinal(&ssl->hashSha, hashes->sha); if (ssl->specs.mac_algorithm <= sha256_mac) {
#ifndef NO_SHA256
Sha256Final(&ssl->hashSha256, hashes->hash);
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
Sha384Final(&ssl->hashSha384, hashes->hash);
#endif
}
}
else {
Md5Final(&ssl->hashMd5, &hashes->hash[0]);
ShaFinal(&ssl->hashSha, &hashes->hash[MD5_DIGEST_SIZE]);
}
} }
else { else {
BuildMD5_CertVerify(ssl, hashes->md5); BuildMD5_CertVerify(ssl, &hashes->hash[0]);
BuildSHA_CertVerify(ssl, hashes->sha); BuildSHA_CertVerify(ssl, &hashes->hash[MD5_DIGEST_SIZE]);
} }
/* restore */ /* restore */
ssl->hashMd5 = md5; ssl->hashMd5 = md5;
ssl->hashSha = sha; ssl->hashSha = sha;
#ifndef NO_SHA256 #ifndef NO_SHA256
if (IsAtLeastTLSv1_2(ssl)) if (IsAtLeastTLSv1_2(ssl))
ssl->hashSha256 = sha256; ssl->hashSha256 = sha256;
#endif #endif
#ifdef CYASSL_SHA384
if (IsAtLeastTLSv1_2(ssl))
ssl->hashSha384 = sha384;
#endif
} }
#endif #endif
@@ -6403,6 +6432,14 @@ int SetCipherList(Suites* s, const char* list)
Md5 md5; Md5 md5;
Sha sha; Sha sha;
byte hash[FINISHED_SZ]; byte hash[FINISHED_SZ];
#ifndef NO_SHA256
Sha256 sha256;
byte hash256[SHA256_DIGEST_SIZE];
#endif
#ifdef CYASSL_SHA384
Sha384 sha384;
byte hash384[SHA384_DIGEST_SIZE];
#endif
byte messageVerify[MAX_DH_SZ]; byte messageVerify[MAX_DH_SZ];
/* adjust from start idx */ /* adjust from start idx */
@@ -6442,6 +6479,22 @@ int SetCipherList(Suites* s, const char* list)
ShaUpdate(&sha, messageVerify, verifySz); ShaUpdate(&sha, messageVerify, verifySz);
ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
#ifndef NO_SHA256
InitSha256(&sha256);
Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
Sha256Update(&sha256, messageVerify, verifySz);
Sha256Final(&sha256, hash256);
#endif
#ifdef CYASSL_SHA384
InitSha384(&sha384);
Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
Sha384Update(&sha384, messageVerify, verifySz);
Sha384Final(&sha384, hash384);
#endif
/* rsa */ /* rsa */
if (ssl->specs.sig_algo == rsa_sa_algo) if (ssl->specs.sig_algo == rsa_sa_algo)
{ {
@@ -6456,14 +6509,24 @@ int SetCipherList(Suites* s, const char* list)
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
byte encodedSig[MAX_ENCODED_SIG_SZ]; byte encodedSig[MAX_ENCODED_SIG_SZ];
word32 encSigSz; word32 encSigSz;
byte* digest; byte* digest = &hash[MD5_DIGEST_SIZE];
int typeH; int typeH = SHAh;
int digestSz; int digestSz = SHA_DIGEST_SIZE;
/* sha1 for now */ if (ssl->specs.mac_algorithm <= sha256_mac) {
digest = &hash[MD5_DIGEST_SIZE]; #ifndef NO_SHA256
typeH = SHAh; digest = hash256;
digestSz = SHA_DIGEST_SIZE; typeH = SHA256h;
digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
digest = hash384;
typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE;
#endif
}
encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); encSigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
@@ -6480,11 +6543,28 @@ int SetCipherList(Suites* s, const char* list)
/* ecdsa */ /* ecdsa */
else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) {
int verify = 0, ret; int verify = 0, ret;
byte* digest = &hash[MD5_DIGEST_SIZE];
word32 digestSz = SHA_DIGEST_SIZE;
if (!ssl->peerEccDsaKeyPresent) if (!ssl->peerEccDsaKeyPresent)
return NO_PEER_KEY; return NO_PEER_KEY;
ret = ecc_verify_hash(signature, sigLen, &hash[MD5_DIGEST_SIZE], if (IsAtLeastTLSv1_2(ssl)) {
SHA_DIGEST_SIZE, &verify, ssl->peerEccDsaKey); if (ssl->specs.mac_algorithm <= sha256_mac) {
#ifndef NO_SHA256
digest = hash256;
digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
digest = hash384;
digestSz = SHA384_DIGEST_SIZE;
#endif
}
}
ret = ecc_verify_hash(signature, sigLen, digest, digestSz,
&verify, ssl->peerEccDsaKey);
if (ret != 0 || verify == 0) if (ret != 0 || verify == 0)
return VERIFY_SIGN_ERROR; return VERIFY_SIGN_ERROR;
} }
@@ -6799,8 +6879,8 @@ int SetCipherList(Suites* s, const char* list)
if (ret == 0) { if (ret == 0) {
byte* verify = (byte*)&output[RECORD_HEADER_SZ + byte* verify = (byte*)&output[RECORD_HEADER_SZ +
HANDSHAKE_HEADER_SZ]; HANDSHAKE_HEADER_SZ];
byte* signBuffer = ssl->certHashes.md5; byte* signBuffer = ssl->certHashes.hash;
word32 signSz = sizeof(Hashes); word32 signSz = FINISHED_SZ;
byte encodedSig[MAX_ENCODED_SIG_SZ]; byte encodedSig[MAX_ENCODED_SIG_SZ];
word32 extraSz = 0; /* tls 1.2 hash/sig */ word32 extraSz = 0; /* tls 1.2 hash/sig */
@@ -6810,7 +6890,7 @@ int SetCipherList(Suites* s, const char* list)
#endif #endif
length = sigOutSz; length = sigOutSz;
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
verify[0] = sha_mac; verify[0] = ssl->specs.mac_algorithm;
verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo; verify[1] = usingEcc ? ecc_dsa_sa_algo : rsa_sa_algo;
extraSz = HASH_SIG_SIZE; extraSz = HASH_SIG_SIZE;
} }
@@ -6819,21 +6899,46 @@ int SetCipherList(Suites* s, const char* list)
if (usingEcc) { if (usingEcc) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
word32 localSz = sigOutSz; word32 localSz = sigOutSz;
ret = ecc_sign_hash(signBuffer + MD5_DIGEST_SIZE, word32 digestSz = SHA_DIGEST_SIZE;
SHA_DIGEST_SIZE, verify + extraSz + VERIFY_HEADER, byte* digest = signBuffer + MD5_DIGEST_SIZE;
if (IsAtLeastTLSv1_2(ssl)) {
digest = ssl->certHashes.hash;
if (ssl->specs.mac_algorithm <= sha256_mac) {
#ifndef NO_SHA256
digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
digestSz = SHA384_DIGEST_SIZE;
#endif
}
}
ret = ecc_sign_hash(digest, digestSz,
verify + extraSz + VERIFY_HEADER,
&localSz, ssl->rng, &eccKey); &localSz, ssl->rng, &eccKey);
#endif #endif
} }
else { else {
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
byte* digest; byte* digest = ssl->certHashes.hash;
int typeH; int digestSz = SHA_DIGEST_SIZE;
int digestSz; int typeH = SHAh;
/* sha1 for now */ if (ssl->specs.mac_algorithm <= sha256_mac) {
digest = ssl->certHashes.sha; #ifndef NO_SHA256
typeH = SHAh; typeH = SHA256h;
digestSz = SHA_DIGEST_SIZE; digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE;
#endif
}
signSz = EncodeSignature(encodedSig, digest,digestSz,typeH); signSz = EncodeSignature(encodedSig, digest,digestSz,typeH);
signBuffer = encodedSig; signBuffer = encodedSig;
@@ -7183,6 +7288,14 @@ int SetCipherList(Suites* s, const char* list)
Md5 md5; Md5 md5;
Sha sha; Sha sha;
byte hash[FINISHED_SZ]; byte hash[FINISHED_SZ];
#ifndef NO_SHA256
Sha256 sha256;
byte hash256[SHA256_DIGEST_SIZE];
#endif
#ifdef CYASSL_SHA384
Sha384 sha384;
byte hash384[SHA384_DIGEST_SIZE];
#endif
/* md5 */ /* md5 */
InitMd5(&md5); InitMd5(&md5);
@@ -7198,22 +7311,48 @@ int SetCipherList(Suites* s, const char* list)
ShaUpdate(&sha, output + preSigIdx, preSigSz); ShaUpdate(&sha, output + preSigIdx, preSigSz);
ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
#ifndef NO_SHA256
InitSha256(&sha256);
Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
Sha256Update(&sha256, output + preSigIdx, preSigSz);
Sha256Final(&sha256, hash256);
#endif
#ifdef CYASSL_SHA384
InitSha384(&sha384);
Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
Sha384Update(&sha384, output + preSigIdx, preSigSz);
Sha384Final(&sha384, hash384);
#endif
if (ssl->specs.sig_algo == rsa_sa_algo) { if (ssl->specs.sig_algo == rsa_sa_algo) {
byte* signBuffer = hash; byte* signBuffer = hash;
word32 signSz = sizeof(hash); word32 signSz = sizeof(hash);
byte encodedSig[MAX_ENCODED_SIG_SZ]; byte encodedSig[MAX_ENCODED_SIG_SZ];
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
byte* digest; byte* digest = &hash[MD5_DIGEST_SIZE];
int hType; int typeH = SHAh;
int digestSz; int digestSz = SHA_DIGEST_SIZE;
/* sha1 for now */ if (ssl->specs.mac_algorithm <= sha256_mac) {
digest = &hash[MD5_DIGEST_SIZE]; #ifndef NO_SHA256
hType = SHAh; digest = hash256;
digestSz = SHA_DIGEST_SIZE; typeH = SHA256h;
digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
digest = hash384;
typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE;
#endif
}
signSz = EncodeSignature(encodedSig, digest, digestSz, signSz = EncodeSignature(encodedSig, digest, digestSz,
hType); typeH);
signBuffer = encodedSig; signBuffer = encodedSig;
} }
ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz, ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz,
@@ -7226,9 +7365,26 @@ int SetCipherList(Suites* s, const char* list)
return ret; return ret;
} }
else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) { else if (ssl->specs.sig_algo == ecc_dsa_sa_algo) {
byte* digest = &hash[MD5_DIGEST_SIZE];
word32 digestSz = SHA_DIGEST_SIZE;
word32 sz = sigSz; word32 sz = sigSz;
ret = ecc_sign_hash(&hash[MD5_DIGEST_SIZE], SHA_DIGEST_SIZE, if (IsAtLeastTLSv1_2(ssl)) {
if (ssl->specs.mac_algorithm <= sha256_mac) {
#ifndef NO_SHA256
digest = hash256;
digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
digest = hash384;
digestSz = SHA384_DIGEST_SIZE;
#endif
}
}
ret = ecc_sign_hash(digest, digestSz,
output + idx, &sz, ssl->rng, &dsaKey); output + idx, &sz, ssl->rng, &dsaKey);
FreeRsaKey(&rsaKey); FreeRsaKey(&rsaKey);
ecc_free(&dsaKey); ecc_free(&dsaKey);
@@ -7385,6 +7541,14 @@ int SetCipherList(Suites* s, const char* list)
Md5 md5; Md5 md5;
Sha sha; Sha sha;
byte hash[FINISHED_SZ]; byte hash[FINISHED_SZ];
#ifndef NO_SHA256
Sha256 sha256;
byte hash256[SHA256_DIGEST_SIZE];
#endif
#ifdef CYASSL_SHA384
Sha384 sha384;
byte hash384[SHA384_DIGEST_SIZE];
#endif
/* md5 */ /* md5 */
InitMd5(&md5); InitMd5(&md5);
@@ -7400,19 +7564,45 @@ int SetCipherList(Suites* s, const char* list)
ShaUpdate(&sha, output + preSigIdx, preSigSz); ShaUpdate(&sha, output + preSigIdx, preSigSz);
ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]); ShaFinal(&sha, &hash[MD5_DIGEST_SIZE]);
#ifndef NO_SHA256
InitSha256(&sha256);
Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
Sha256Update(&sha256, output + preSigIdx, preSigSz);
Sha256Final(&sha256, hash256);
#endif
#ifdef CYASSL_SHA384
InitSha384(&sha384);
Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
Sha384Update(&sha384, output + preSigIdx, preSigSz);
Sha384Final(&sha384, hash384);
#endif
if (ssl->specs.sig_algo == rsa_sa_algo) { if (ssl->specs.sig_algo == rsa_sa_algo) {
byte* signBuffer = hash; byte* signBuffer = hash;
word32 signSz = sizeof(hash); word32 signSz = sizeof(hash);
byte encodedSig[MAX_ENCODED_SIG_SZ]; byte encodedSig[MAX_ENCODED_SIG_SZ];
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
byte* digest; byte* digest = &hash[MD5_DIGEST_SIZE];
int typeH; int typeH = SHAh;
int digestSz; int digestSz = SHA_DIGEST_SIZE;
/* sha1 for now */ if (ssl->specs.mac_algorithm <= sha256_mac) {
digest = &hash[MD5_DIGEST_SIZE]; #ifndef NO_SHA256
typeH = SHAh; digest = hash256;
digestSz = SHA_DIGEST_SIZE; typeH = SHA256h;
digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
digest = hash384;
typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE;
#endif
}
signSz = EncodeSignature(encodedSig, digest, digestSz, signSz = EncodeSignature(encodedSig, digest, digestSz,
typeH); typeH);
@@ -8304,14 +8494,22 @@ int SetCipherList(Suites* s, const char* list)
if (IsAtLeastTLSv1_2(ssl)) { if (IsAtLeastTLSv1_2(ssl)) {
byte encodedSig[MAX_ENCODED_SIG_SZ]; byte encodedSig[MAX_ENCODED_SIG_SZ];
word32 sigSz; word32 sigSz;
byte* digest; byte* digest = ssl->certHashes.hash;
int typeH; int typeH = SHAh;
int digestSz; int digestSz = SHA_DIGEST_SIZE;
/* sha1 for now */ if (ssl->specs.mac_algorithm <= sha256_mac) {
digest = ssl->certHashes.sha; #ifndef NO_SHA256
typeH = SHAh; typeH = SHA256h;
digestSz = SHA_DIGEST_SIZE; digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE;
#endif
}
sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH); sigSz = EncodeSignature(encodedSig, digest, digestSz, typeH);
@@ -8320,8 +8518,8 @@ int SetCipherList(Suites* s, const char* list)
ret = 0; /* verified */ ret = 0; /* verified */
} }
else { else {
if (outLen == sizeof(ssl->certHashes) && XMEMCMP(out, if (outLen == FINISHED_SZ && XMEMCMP(out,
&ssl->certHashes, sizeof(ssl->certHashes)) == 0) &ssl->certHashes, FINISHED_SZ) == 0)
ret = 0; /* verified */ ret = 0; /* verified */
} }
} }
@@ -8330,10 +8528,24 @@ int SetCipherList(Suites* s, const char* list)
if (ssl->peerEccDsaKeyPresent) { if (ssl->peerEccDsaKeyPresent) {
int verify = 0; int verify = 0;
int err = -1; int err = -1;
byte* digest = ssl->certHashes.hash;
word32 digestSz = SHA_DIGEST_SIZE;
CYASSL_MSG("Doing ECC peer cert verify"); CYASSL_MSG("Doing ECC peer cert verify");
err = ecc_verify_hash(sig, sz, ssl->certHashes.sha, SHA_DIGEST_SIZE, if (IsAtLeastTLSv1_2(ssl)) {
if (ssl->specs.mac_algorithm <= sha256_mac) {
#ifndef NO_SHA256
digestSz = SHA256_DIGEST_SIZE;
#endif
}
else if (ssl->specs.mac_algorithm == sha384_mac) {
#ifdef CYASSL_SHA384
digestSz = SHA384_DIGEST_SIZE;
#endif
}
}
err = ecc_verify_hash(sig, sz, digest, digestSz,
&verify, ssl->peerEccDsaKey); &verify, ssl->peerEccDsaKey);
if (err == 0 && verify == 1) if (err == 0 && verify == 1)

6
src/tls.c
View File

@@ -239,15 +239,9 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender)
else else
side = tls_server; side = tls_server;
#ifndef NO_MD5
PRF(hashes->md5, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN,
side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl),
ssl->specs.mac_algorithm);
#else
PRF(hashes->hash, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, PRF(hashes->hash, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN,
side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl),
ssl->specs.mac_algorithm); ssl->specs.mac_algorithm);
#endif
} }