diff options
-rw-r--r-- | crypto/src/tls/DtlsClientProtocol.cs | 5 | ||||
-rw-r--r-- | crypto/src/tls/DtlsProtocol.cs | 18 | ||||
-rw-r--r-- | crypto/src/tls/DtlsServerProtocol.cs | 8 | ||||
-rw-r--r-- | crypto/src/tls/TlsClientProtocol.cs | 8 | ||||
-rw-r--r-- | crypto/src/tls/TlsProtocol.cs | 13 | ||||
-rw-r--r-- | crypto/src/tls/TlsServerProtocol.cs | 4 | ||||
-rw-r--r-- | crypto/src/tls/TlsUtilities.cs | 17 |
7 files changed, 32 insertions, 41 deletions
diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs index b6876bdd1..e96e161d4 100644 --- a/crypto/src/tls/DtlsClientProtocol.cs +++ b/crypto/src/tls/DtlsClientProtocol.cs @@ -893,9 +893,8 @@ namespace Org.BouncyCastle.Tls securityParameters.m_encryptThenMac = serverSentEncryptThenMac; } - securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension( - securityParameters.IsResumedSession, sessionClientExtensions, sessionServerExtensions, - AlertDescription.illegal_parameter); + securityParameters.m_maxFragmentLength = TlsUtilities.ProcessMaxFragmentLengthExtension( + sessionClientExtensions, sessionServerExtensions, AlertDescription.illegal_parameter); securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension( sessionServerExtensions); diff --git a/crypto/src/tls/DtlsProtocol.cs b/crypto/src/tls/DtlsProtocol.cs index 745535148..566d07cb4 100644 --- a/crypto/src/tls/DtlsProtocol.cs +++ b/crypto/src/tls/DtlsProtocol.cs @@ -39,24 +39,6 @@ namespace Org.BouncyCastle.Tls } /// <exception cref="IOException"/> - internal static short EvaluateMaxFragmentLengthExtension(bool resumedSession, - IDictionary<int, byte[]> clientExtensions, IDictionary<int, byte[]> serverExtensions, - short alertDescription) - { - short maxFragmentLength = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(serverExtensions); - if (maxFragmentLength >= 0) - { - if (!MaxFragmentLength.IsValid(maxFragmentLength) - || (!resumedSession && maxFragmentLength != TlsExtensionsUtilities - .GetMaxFragmentLengthExtension(clientExtensions))) - { - throw new TlsFatalAlert(alertDescription); - } - } - return maxFragmentLength; - } - - /// <exception cref="IOException"/> internal static byte[] GenerateCertificate(TlsContext context, Certificate certificate, Stream endPointHash) { MemoryStream buf = new MemoryStream(); diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs index 82c6ff290..66ab6d294 100644 --- a/crypto/src/tls/DtlsServerProtocol.cs +++ b/crypto/src/tls/DtlsServerProtocol.cs @@ -581,10 +581,12 @@ namespace Org.BouncyCastle.Tls securityParameters.m_encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension( state.serverExtensions); - securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension(resumedSession, - state.clientExtensions, state.serverExtensions, AlertDescription.internal_error); + securityParameters.m_maxFragmentLength = TlsUtilities.ProcessMaxFragmentLengthExtension( + resumedSession ? null : state.clientExtensions, state.serverExtensions, + AlertDescription.internal_error); - securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension(state.serverExtensions); + securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension( + state.serverExtensions); /* * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs index 7b2f148d3..731638467 100644 --- a/crypto/src/tls/TlsClientProtocol.cs +++ b/crypto/src/tls/TlsClientProtocol.cs @@ -1306,8 +1306,8 @@ namespace Org.BouncyCastle.Tls securityParameters.m_encryptThenMac = serverSentEncryptThenMAC; } - securityParameters.m_maxFragmentLength = ProcessMaxFragmentLengthExtension(sessionClientExtensions, - sessionServerExtensions, AlertDescription.illegal_parameter); + securityParameters.m_maxFragmentLength = TlsUtilities.ProcessMaxFragmentLengthExtension( + sessionClientExtensions, sessionServerExtensions, AlertDescription.illegal_parameter); securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension( sessionServerExtensions); @@ -1431,8 +1431,8 @@ namespace Org.BouncyCastle.Tls sessionServerExtensions = m_sessionParameters.ReadServerExtensions(); } - securityParameters.m_maxFragmentLength = ProcessMaxFragmentLengthExtension(sessionClientExtensions, - sessionServerExtensions, AlertDescription.illegal_parameter); + securityParameters.m_maxFragmentLength = TlsUtilities.ProcessMaxFragmentLengthExtension( + sessionClientExtensions, sessionServerExtensions, AlertDescription.illegal_parameter); securityParameters.m_encryptThenMac = false; securityParameters.m_truncatedHmac = false; diff --git a/crypto/src/tls/TlsProtocol.cs b/crypto/src/tls/TlsProtocol.cs index 3689f3a76..9b8039a5e 100644 --- a/crypto/src/tls/TlsProtocol.cs +++ b/crypto/src/tls/TlsProtocol.cs @@ -1814,20 +1814,11 @@ namespace Org.BouncyCastle.Tls } /// <exception cref="IOException"/> + [Obsolete("Will be removed")] protected virtual short ProcessMaxFragmentLengthExtension(IDictionary<int, byte[]> clientExtensions, IDictionary<int, byte[]> serverExtensions, short alertDescription) { - short maxFragmentLength = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(serverExtensions); - if (maxFragmentLength >= 0) - { - if (!MaxFragmentLength.IsValid(maxFragmentLength) || - (clientExtensions != null && - maxFragmentLength != TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions))) - { - throw new TlsFatalAlert(alertDescription); - } - } - return maxFragmentLength; + return TlsUtilities.ProcessMaxFragmentLengthExtension(clientExtensions, serverExtensions, alertDescription); } /// <exception cref="IOException"/> diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs index 6d66b065d..def8ae49b 100644 --- a/crypto/src/tls/TlsServerProtocol.cs +++ b/crypto/src/tls/TlsServerProtocol.cs @@ -315,7 +315,7 @@ namespace Org.BouncyCastle.Tls if (serverEncryptedExtensions.Count > 0) { - securityParameters.m_maxFragmentLength = ProcessMaxFragmentLengthExtension( + securityParameters.m_maxFragmentLength = TlsUtilities.ProcessMaxFragmentLengthExtension( securityParameters.IsResumedSession ? null : clientHelloExtensions, serverEncryptedExtensions, AlertDescription.internal_error); } @@ -692,7 +692,7 @@ namespace Org.BouncyCastle.Tls securityParameters.m_encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension( m_serverExtensions); - securityParameters.m_maxFragmentLength = ProcessMaxFragmentLengthExtension( + securityParameters.m_maxFragmentLength = TlsUtilities.ProcessMaxFragmentLengthExtension( resumedSession ? null : m_clientExtensions, m_serverExtensions, AlertDescription.internal_error); securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension( diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index 2f95e71ab..a9c7629d6 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -5731,6 +5731,23 @@ namespace Org.BouncyCastle.Tls return v; } + /// <exception cref="IOException"/> + internal static short ProcessMaxFragmentLengthExtension(IDictionary<int, byte[]> clientExtensions, + IDictionary<int, byte[]> serverExtensions, short alertDescription) + { + short maxFragmentLength = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(serverExtensions); + if (maxFragmentLength >= 0) + { + if (!MaxFragmentLength.IsValid(maxFragmentLength) || + (clientExtensions != null && + maxFragmentLength != TlsExtensionsUtilities.GetMaxFragmentLengthExtension(clientExtensions))) + { + throw new TlsFatalAlert(alertDescription); + } + } + return maxFragmentLength; + } + // TODO[api] Not needed once GetHandshakeResendTimeMillis() has been added to TlsPeer internal static int GetHandshakeResendTimeMillis(TlsPeer tlsPeer) { |