diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2017-04-08 23:34:26 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2017-04-08 23:34:26 +0700 |
| commit | 44c1a7c05913560362d3d241dbd0bc58a5b6dbac (patch) | |
| tree | ad93d6b026042caa46cc6acd7973ab287a115b29 | |
| parent | Check candidate cipher suites against signature_algorithms (diff) | |
| download | BouncyCastle.NET-ed25519-44c1a7c05913560362d3d241dbd0bc58a5b6dbac.tar.xz | |
Fix a bunch of RFC references in comments
| -rw-r--r-- | crypto/src/crypto/tls/AbstractTlsKeyExchange.cs | 6 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/DtlsClientProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/DtlsRecordLayer.cs | 2 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/DtlsServerProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/RecordStream.cs | 16 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsClientProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsRsaSigner.cs | 2 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsServerProtocol.cs | 2 |
8 files changed, 17 insertions, 17 deletions
diff --git a/crypto/src/crypto/tls/AbstractTlsKeyExchange.cs b/crypto/src/crypto/tls/AbstractTlsKeyExchange.cs index 09fb8782d..294b24929 100644 --- a/crypto/src/crypto/tls/AbstractTlsKeyExchange.cs +++ b/crypto/src/crypto/tls/AbstractTlsKeyExchange.cs @@ -38,7 +38,7 @@ namespace Org.BouncyCastle.Crypto.Tls if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion)) { /* - * RFC 5264 7.4.1.4.1. If the client does not send the signature_algorithms extension, + * RFC 5246 7.4.1.4.1. If the client does not send the signature_algorithms extension, * the server MUST do the following: * * - If the negotiated key exchange algorithm is one of (RSA, DHE_RSA, DH_RSA, RSA_PSK, @@ -106,14 +106,14 @@ namespace Org.BouncyCastle.Crypto.Tls if (mSupportedSignatureAlgorithms == null) { /* - * TODO RFC 2264 7.4.2. Unless otherwise specified, the signing algorithm for the + * TODO RFC 2246 7.4.2. Unless otherwise specified, the signing algorithm for the * certificate must be the same as the algorithm for the certificate key. */ } else { /* - * TODO RFC 5264 7.4.2. If the client provided a "signature_algorithms" extension, then + * TODO RFC 5246 7.4.2. If the client provided a "signature_algorithms" extension, then * all certificates provided by the server MUST be signed by a hash/signature algorithm * pair that appears in that extension. */ diff --git a/crypto/src/crypto/tls/DtlsClientProtocol.cs b/crypto/src/crypto/tls/DtlsClientProtocol.cs index 90430d772..ae6e6a573 100644 --- a/crypto/src/crypto/tls/DtlsClientProtocol.cs +++ b/crypto/src/crypto/tls/DtlsClientProtocol.cs @@ -776,7 +776,7 @@ namespace Org.BouncyCastle.Crypto.Tls securityParameters.CipherSuite); /* - * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has + * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has * a verify_data_length equal to 12. This includes all existing cipher suites. */ securityParameters.verifyDataLength = 12; diff --git a/crypto/src/crypto/tls/DtlsRecordLayer.cs b/crypto/src/crypto/tls/DtlsRecordLayer.cs index 4a781b5b5..3c3e1821f 100644 --- a/crypto/src/crypto/tls/DtlsRecordLayer.cs +++ b/crypto/src/crypto/tls/DtlsRecordLayer.cs @@ -491,7 +491,7 @@ namespace Org.BouncyCastle.Crypto.Tls throw new TlsFatalAlert(AlertDescription.internal_error); /* - * RFC 5264 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert, + * RFC 5246 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert, * or ChangeCipherSpec content types. */ if (len < 1 && contentType != ContentType.application_data) diff --git a/crypto/src/crypto/tls/DtlsServerProtocol.cs b/crypto/src/crypto/tls/DtlsServerProtocol.cs index fbf33045b..3032269d1 100644 --- a/crypto/src/crypto/tls/DtlsServerProtocol.cs +++ b/crypto/src/crypto/tls/DtlsServerProtocol.cs @@ -425,7 +425,7 @@ namespace Org.BouncyCastle.Crypto.Tls securityParameters.CipherSuite); /* - * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify verify_data_length + * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length * has a verify_data_length equal to 12. This includes all existing cipher suites. */ securityParameters.verifyDataLength = 12; diff --git a/crypto/src/crypto/tls/RecordStream.cs b/crypto/src/crypto/tls/RecordStream.cs index cddd5e6d7..46673cf7e 100644 --- a/crypto/src/crypto/tls/RecordStream.cs +++ b/crypto/src/crypto/tls/RecordStream.cs @@ -208,7 +208,7 @@ namespace Org.BouncyCastle.Crypto.Tls CheckLength(decoded.Length, mCompressedLimit, AlertDescription.record_overflow); /* - * TODO RFC5264 6.2.2. Implementation note: Decompression functions are responsible for + * TODO 5246 6.2.2. Implementation note: Decompression functions are responsible for * ensuring that messages cannot cause internal buffer overflows. */ Stream cOut = mReadCompression.Decompress(mBuffer); @@ -220,14 +220,14 @@ namespace Org.BouncyCastle.Crypto.Tls } /* - * RFC 5264 6.2.2. If the decompression function encounters a TLSCompressed.fragment that + * RFC 5246 6.2.2. If the decompression function encounters a TLSCompressed.fragment that * would decompress to a length in excess of 2^14 bytes, it should report a fatal * decompression failure error. */ CheckLength(decoded.Length, mPlaintextLimit, AlertDescription.decompression_failure); /* - * RFC 5264 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert, + * RFC 5246 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert, * or ChangeCipherSpec content types. */ if (decoded.Length < 1 && type != ContentType.application_data) @@ -243,18 +243,18 @@ namespace Org.BouncyCastle.Crypto.Tls return; /* - * RFC 5264 6. Implementations MUST NOT send record types not defined in this document + * RFC 5246 6. Implementations MUST NOT send record types not defined in this document * unless negotiated by some extension. */ CheckType(type, AlertDescription.internal_error); /* - * RFC 5264 6.2.1 The length should not exceed 2^14. + * RFC 5246 6.2.1 The length should not exceed 2^14. */ CheckLength(plaintextLength, mPlaintextLimit, AlertDescription.internal_error); /* - * RFC 5264 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert, + * RFC 5246 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert, * or ChangeCipherSpec content types. */ if (plaintextLength < 1 && type != ContentType.application_data) @@ -274,7 +274,7 @@ namespace Org.BouncyCastle.Crypto.Tls byte[] compressed = GetBufferContents(); /* - * RFC5264 6.2.2. Compression must be lossless and may not increase the content length + * RFC 5246 6.2.2. Compression must be lossless and may not increase the content length * by more than 1024 bytes. */ CheckLength(compressed.Length, plaintextLength + 1024, AlertDescription.internal_error); @@ -283,7 +283,7 @@ namespace Org.BouncyCastle.Crypto.Tls } /* - * RFC 5264 6.2.3. The length may not exceed 2^14 + 2048. + * RFC 5246 6.2.3. The length may not exceed 2^14 + 2048. */ CheckLength(ciphertext.Length, mCiphertextLimit, AlertDescription.internal_error); diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs index 4e4a7a492..0ea84c05c 100644 --- a/crypto/src/crypto/tls/TlsClientProtocol.cs +++ b/crypto/src/crypto/tls/TlsClientProtocol.cs @@ -790,7 +790,7 @@ namespace Org.BouncyCastle.Crypto.Tls this.mSecurityParameters.prfAlgorithm = GetPrfAlgorithm(Context, this.mSecurityParameters.CipherSuite); /* - * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify + * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify * verify_data_length has a verify_data_length equal to 12. This includes all * existing cipher suites. */ diff --git a/crypto/src/crypto/tls/TlsRsaSigner.cs b/crypto/src/crypto/tls/TlsRsaSigner.cs index 6da1c5e9b..1614f503b 100644 --- a/crypto/src/crypto/tls/TlsRsaSigner.cs +++ b/crypto/src/crypto/tls/TlsRsaSigner.cs @@ -91,7 +91,7 @@ namespace Org.BouncyCastle.Crypto.Tls protected virtual IAsymmetricBlockCipher CreateRsaImpl() { /* - * RFC 5264 7.4.7.1. Implementation note: It is now known that remote timing-based attacks + * RFC 5246 7.4.7.1. Implementation note: It is now known that remote timing-based attacks * on TLS are possible, at least when the client and server are on the same LAN. * Accordingly, implementations that use static RSA keys MUST use RSA blinding or some other * anti-timing technique, as described in [TIMING]. diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs index db823539a..5f3ce18e2 100644 --- a/crypto/src/crypto/tls/TlsServerProtocol.cs +++ b/crypto/src/crypto/tls/TlsServerProtocol.cs @@ -786,7 +786,7 @@ namespace Org.BouncyCastle.Crypto.Tls mSecurityParameters.prfAlgorithm = GetPrfAlgorithm(Context, mSecurityParameters.CipherSuite); /* - * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has + * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has * a verify_data_length equal to 12. This includes all existing cipher suites. */ mSecurityParameters.verifyDataLength = 12; |