diff options
Diffstat (limited to 'crypto/src/tls')
| -rw-r--r-- | crypto/src/tls/DtlsClientProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsServerProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsVerifier.cs | 4 | ||||
| -rw-r--r-- | crypto/src/tls/PskIdentity.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/TlsClientProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/TlsProtocol.cs | 4 | ||||
| -rw-r--r-- | crypto/src/tls/TlsServerProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/TlsUtilities.cs | 2 |
9 files changed, 11 insertions, 11 deletions
diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs index 0a4a711ae..92478dc46 100644 --- a/crypto/src/tls/DtlsClientProtocol.cs +++ b/crypto/src/tls/DtlsClientProtocol.cs @@ -805,7 +805,7 @@ namespace Org.BouncyCastle.Tls */ securityParameters.m_secureRenegotiation = true; - if (!Arrays.ConstantTimeAreEqual(renegExtData, + if (!Arrays.FixedTimeEquals(renegExtData, TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes))) { throw new TlsFatalAlert(AlertDescription.handshake_failure); diff --git a/crypto/src/tls/DtlsProtocol.cs b/crypto/src/tls/DtlsProtocol.cs index 3d72bca9f..745535148 100644 --- a/crypto/src/tls/DtlsProtocol.cs +++ b/crypto/src/tls/DtlsProtocol.cs @@ -21,7 +21,7 @@ namespace Org.BouncyCastle.Tls TlsProtocol.AssertEmpty(buf); - if (!Arrays.ConstantTimeAreEqual(expected_verify_data, verify_data)) + if (!Arrays.FixedTimeEquals(expected_verify_data, verify_data)) throw new TlsFatalAlert(AlertDescription.handshake_failure); } diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs index 5edd5595e..43d4e5539 100644 --- a/crypto/src/tls/DtlsServerProtocol.cs +++ b/crypto/src/tls/DtlsServerProtocol.cs @@ -769,7 +769,7 @@ namespace Org.BouncyCastle.Tls */ securityParameters.m_secureRenegotiation = true; - if (!Arrays.ConstantTimeAreEqual(renegExtData, + if (!Arrays.FixedTimeEquals(renegExtData, TlsProtocol.CreateRenegotiationInfo(TlsUtilities.EmptyBytes))) { throw new TlsFatalAlert(AlertDescription.handshake_failure); diff --git a/crypto/src/tls/DtlsVerifier.cs b/crypto/src/tls/DtlsVerifier.cs index edadeae70..e691685e6 100644 --- a/crypto/src/tls/DtlsVerifier.cs +++ b/crypto/src/tls/DtlsVerifier.cs @@ -57,14 +57,14 @@ namespace Org.BouncyCastle.Tls //} //case 1: //{ - // if (Arrays.ConstantTimeAreEqual(expectedCookie, request.ClientHello.Cookie)) + // if (Arrays.FixedTimeEquals(expectedCookie, request.ClientHello.Cookie)) // return request; // break; //} //} - if (Arrays.ConstantTimeAreEqual(expectedCookie, request.ClientHello.Cookie)) + if (Arrays.FixedTimeEquals(expectedCookie, request.ClientHello.Cookie)) return request; DtlsReliableHandshake.SendHelloVerifyRequest(sender, request.RecordSeq, expectedCookie); diff --git a/crypto/src/tls/PskIdentity.cs b/crypto/src/tls/PskIdentity.cs index 1887d0af4..2d4a0b0c7 100644 --- a/crypto/src/tls/PskIdentity.cs +++ b/crypto/src/tls/PskIdentity.cs @@ -58,7 +58,7 @@ namespace Org.BouncyCastle.Tls return false; return this.m_obfuscatedTicketAge == that.m_obfuscatedTicketAge - && Arrays.ConstantTimeAreEqual(this.m_identity, that.m_identity); + && Arrays.FixedTimeEquals(this.m_identity, that.m_identity); } public override int GetHashCode() diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs index b7295bcc5..ec1cd28d5 100644 --- a/crypto/src/tls/TlsClientProtocol.cs +++ b/crypto/src/tls/TlsClientProtocol.cs @@ -1211,7 +1211,7 @@ namespace Org.BouncyCastle.Tls */ securityParameters.m_secureRenegotiation = true; - if (!Arrays.ConstantTimeAreEqual(renegExtData, CreateRenegotiationInfo(TlsUtilities.EmptyBytes))) + if (!Arrays.FixedTimeEquals(renegExtData, CreateRenegotiationInfo(TlsUtilities.EmptyBytes))) throw new TlsFatalAlert(AlertDescription.handshake_failure); } } diff --git a/crypto/src/tls/TlsProtocol.cs b/crypto/src/tls/TlsProtocol.cs index 437a51447..16bc1385e 100644 --- a/crypto/src/tls/TlsProtocol.cs +++ b/crypto/src/tls/TlsProtocol.cs @@ -1517,7 +1517,7 @@ namespace Org.BouncyCastle.Tls /* * Compare both checksums. */ - if (!Arrays.ConstantTimeAreEqual(expected_verify_data, verify_data)) + if (!Arrays.FixedTimeEquals(expected_verify_data, verify_data)) { /* * Wrong checksum in the finished message. @@ -1557,7 +1557,7 @@ namespace Org.BouncyCastle.Tls /* * Compare both checksums. */ - if (!Arrays.ConstantTimeAreEqual(expected_verify_data, verify_data)) + if (!Arrays.FixedTimeEquals(expected_verify_data, verify_data)) { /* * Wrong checksum in the finished message. diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs index bf4b9119a..72c1b2ea5 100644 --- a/crypto/src/tls/TlsServerProtocol.cs +++ b/crypto/src/tls/TlsServerProtocol.cs @@ -512,7 +512,7 @@ namespace Org.BouncyCastle.Tls */ securityParameters.m_secureRenegotiation = true; - if (!Arrays.ConstantTimeAreEqual(clientRenegExtData, + if (!Arrays.FixedTimeEquals(clientRenegExtData, CreateRenegotiationInfo(TlsUtilities.EmptyBytes))) { throw new TlsFatalAlert(AlertDescription.handshake_failure); diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index e1a8ead58..424fca133 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -5630,7 +5630,7 @@ namespace Org.BouncyCastle.Tls byte[] calculatedBinder = CalculatePskBinder(crypto, isExternalPsk, pskCryptoHashAlgorithm, earlySecret, transcriptHash); - if (Arrays.ConstantTimeAreEqual(calculatedBinder, binder)) + if (Arrays.FixedTimeEquals(calculatedBinder, binder)) return new OfferedPsks.SelectedConfig(index, psk, pskKeyExchangeModes, earlySecret); } } |