diff options
-rw-r--r-- | crypto/src/crypto/tls/DtlsClientProtocol.cs | 16 | ||||
-rw-r--r-- | crypto/src/crypto/tls/DtlsRecordLayer.cs | 12 | ||||
-rw-r--r-- | crypto/src/crypto/tls/DtlsServerProtocol.cs | 34 |
3 files changed, 55 insertions, 7 deletions
diff --git a/crypto/src/crypto/tls/DtlsClientProtocol.cs b/crypto/src/crypto/tls/DtlsClientProtocol.cs index abb402077..90430d772 100644 --- a/crypto/src/crypto/tls/DtlsClientProtocol.cs +++ b/crypto/src/crypto/tls/DtlsClientProtocol.cs @@ -53,19 +53,29 @@ namespace Org.BouncyCastle.Crypto.Tls } catch (TlsFatalAlert fatalAlert) { - recordLayer.Fail(fatalAlert.AlertDescription); + AbortClientHandshake(state, recordLayer, fatalAlert.AlertDescription); throw fatalAlert; } catch (IOException e) { - recordLayer.Fail(AlertDescription.internal_error); + AbortClientHandshake(state, recordLayer, AlertDescription.internal_error); throw e; } catch (Exception e) { - recordLayer.Fail(AlertDescription.internal_error); + AbortClientHandshake(state, recordLayer, AlertDescription.internal_error); throw new TlsFatalAlert(AlertDescription.internal_error, e); } + finally + { + securityParameters.Clear(); + } + } + + internal virtual void AbortClientHandshake(ClientHandshakeState state, DtlsRecordLayer recordLayer, byte alertDescription) + { + recordLayer.Fail(alertDescription); + InvalidateSession(state); } internal virtual DtlsTransport ClientHandshake(ClientHandshakeState state, DtlsRecordLayer recordLayer) diff --git a/crypto/src/crypto/tls/DtlsRecordLayer.cs b/crypto/src/crypto/tls/DtlsRecordLayer.cs index 6796f4cbb..4a781b5b5 100644 --- a/crypto/src/crypto/tls/DtlsRecordLayer.cs +++ b/crypto/src/crypto/tls/DtlsRecordLayer.cs @@ -237,7 +237,7 @@ namespace Org.BouncyCastle.Crypto.Tls if (alertLevel == AlertLevel.fatal) { - Fail(alertDescription); + Failed(); throw new TlsFatalAlert(alertDescription); } @@ -375,6 +375,16 @@ namespace Org.BouncyCastle.Crypto.Tls } } + internal virtual void Failed() + { + if (!mClosed) + { + mFailed = true; + + CloseTransport(); + } + } + internal virtual void Fail(byte alertDescription) { if (!mClosed) diff --git a/crypto/src/crypto/tls/DtlsServerProtocol.cs b/crypto/src/crypto/tls/DtlsServerProtocol.cs index d05af193c..fbf33045b 100644 --- a/crypto/src/crypto/tls/DtlsServerProtocol.cs +++ b/crypto/src/crypto/tls/DtlsServerProtocol.cs @@ -54,19 +54,29 @@ namespace Org.BouncyCastle.Crypto.Tls } catch (TlsFatalAlert fatalAlert) { - recordLayer.Fail(fatalAlert.AlertDescription); + AbortServerHandshake(state, recordLayer, fatalAlert.AlertDescription); throw fatalAlert; } catch (IOException e) { - recordLayer.Fail(AlertDescription.internal_error); + AbortServerHandshake(state, recordLayer, AlertDescription.internal_error); throw e; } catch (Exception e) { - recordLayer.Fail(AlertDescription.internal_error); + AbortServerHandshake(state, recordLayer, AlertDescription.internal_error); throw new TlsFatalAlert(AlertDescription.internal_error, e); } + finally + { + securityParameters.Clear(); + } + } + + internal virtual void AbortServerHandshake(ServerHandshakeState state, DtlsRecordLayer recordLayer, byte alertDescription) + { + recordLayer.Fail(alertDescription); + InvalidateSession(state); } internal virtual DtlsTransport ServerHandshake(ServerHandshakeState state, DtlsRecordLayer recordLayer) @@ -263,6 +273,21 @@ namespace Org.BouncyCastle.Crypto.Tls return new DtlsTransport(recordLayer); } + protected virtual void InvalidateSession(ServerHandshakeState state) + { + if (state.sessionParameters != null) + { + state.sessionParameters.Clear(); + state.sessionParameters = null; + } + + if (state.tlsSession != null) + { + state.tlsSession.Invalidate(); + state.tlsSession = null; + } + } + protected virtual byte[] GenerateCertificateRequest(ServerHandshakeState state, CertificateRequest certificateRequest) { MemoryStream buf = new MemoryStream(); @@ -650,6 +675,9 @@ namespace Org.BouncyCastle.Crypto.Tls { internal TlsServer server = null; internal TlsServerContextImpl serverContext = null; + internal TlsSession tlsSession = null; + internal SessionParameters sessionParameters = null; + internal SessionParameters.Builder sessionParametersBuilder = null; internal int[] offeredCipherSuites = null; internal byte[] offeredCompressionMethods = null; internal IDictionary clientExtensions = null; |