From 7951d59c4f69b5cf733ddf0f1911e82d56dc3217 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 16 Mar 2022 15:49:34 +0700
Subject: Refactoring

---
 crypto/src/tls/crypto/TlsCryptoUtilities.cs  | 18 ++++++++++++++++++
 crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs | 20 +++++++++++++++++---
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
index a22049e5d..757eda1be 100644
--- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs
+++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
@@ -68,6 +68,24 @@ namespace Org.BouncyCastle.Tls.Crypto
             }
         }
 
+        public static int GetHashInternalSize(int cryptoHashAlgorithm)
+        {
+            switch (cryptoHashAlgorithm)
+            {
+            case CryptoHashAlgorithm.md5:
+            case CryptoHashAlgorithm.sha1:
+            case CryptoHashAlgorithm.sha224:
+            case CryptoHashAlgorithm.sha256:
+            case CryptoHashAlgorithm.sm3:
+                return 64;
+            case CryptoHashAlgorithm.sha384:
+            case CryptoHashAlgorithm.sha512:
+                return 128;
+            default:
+                throw new ArgumentException();
+            }
+        }
+
         public static int GetHashOutputSize(int cryptoHashAlgorithm)
         {
             switch (cryptoHashAlgorithm)
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
index 69e353bae..e763422ed 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
@@ -139,9 +139,10 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
 
         public override TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial)
         {
-            IDigest digest = CreateDigest(CryptoHashAlgorithm.sha256);
+            int cryptoHashAlgorithm = CryptoHashAlgorithm.sha256;
+            IDigest digest = CreateDigest(cryptoHashAlgorithm);
 
-            byte[] seed = new byte[digest.GetDigestSize()];
+            byte[] seed = new byte[TlsCryptoUtilities.GetHashOutputSize(cryptoHashAlgorithm)];
             SecureRandom.NextBytes(seed);
 
             DigestRandomGenerator randomGenerator = new DigestRandomGenerator(digest);
@@ -187,7 +188,20 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
 
         public override bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm)
         {
-            return true;
+            switch (cryptoHashAlgorithm)
+            {
+            case CryptoHashAlgorithm.md5:
+            case CryptoHashAlgorithm.sha1:
+            case CryptoHashAlgorithm.sha224:
+            case CryptoHashAlgorithm.sha256:
+            case CryptoHashAlgorithm.sha384:
+            case CryptoHashAlgorithm.sha512:
+            case CryptoHashAlgorithm.sm3:
+                return true;
+
+            default:
+                return false;
+            }
         }
 
         public override bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)
-- 
cgit 1.4.1