summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--crypto/src/tls/crypto/TlsCryptoUtilities.cs18
-rw-r--r--crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs20
2 files changed, 35 insertions, 3 deletions
diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
index a22049e5d..757eda1be 100644
--- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs
+++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
@@ -68,6 +68,24 @@ namespace Org.BouncyCastle.Tls.Crypto
             }
         }
 
+        public static int GetHashInternalSize(int cryptoHashAlgorithm)
+        {
+            switch (cryptoHashAlgorithm)
+            {
+            case CryptoHashAlgorithm.md5:
+            case CryptoHashAlgorithm.sha1:
+            case CryptoHashAlgorithm.sha224:
+            case CryptoHashAlgorithm.sha256:
+            case CryptoHashAlgorithm.sm3:
+                return 64;
+            case CryptoHashAlgorithm.sha384:
+            case CryptoHashAlgorithm.sha512:
+                return 128;
+            default:
+                throw new ArgumentException();
+            }
+        }
+
         public static int GetHashOutputSize(int cryptoHashAlgorithm)
         {
             switch (cryptoHashAlgorithm)
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
index 69e353bae..e763422ed 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
@@ -139,9 +139,10 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
 
         public override TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial)
         {
-            IDigest digest = CreateDigest(CryptoHashAlgorithm.sha256);
+            int cryptoHashAlgorithm = CryptoHashAlgorithm.sha256;
+            IDigest digest = CreateDigest(cryptoHashAlgorithm);
 
-            byte[] seed = new byte[digest.GetDigestSize()];
+            byte[] seed = new byte[TlsCryptoUtilities.GetHashOutputSize(cryptoHashAlgorithm)];
             SecureRandom.NextBytes(seed);
 
             DigestRandomGenerator randomGenerator = new DigestRandomGenerator(digest);
@@ -187,7 +188,20 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
 
         public override bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm)
         {
-            return true;
+            switch (cryptoHashAlgorithm)
+            {
+            case CryptoHashAlgorithm.md5:
+            case CryptoHashAlgorithm.sha1:
+            case CryptoHashAlgorithm.sha224:
+            case CryptoHashAlgorithm.sha256:
+            case CryptoHashAlgorithm.sha384:
+            case CryptoHashAlgorithm.sha512:
+            case CryptoHashAlgorithm.sm3:
+                return true;
+
+            default:
+                return false;
+            }
         }
 
         public override bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)