From 700364c5056bb3f7c39096733d9dc0b7f200e5f8 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Thu, 23 Mar 2017 00:26:41 +1030 Subject: SSLv3 must calculate the master secret earlier (from bc-java) - include SSLv3 in test suite --- crypto/src/crypto/tls/TlsClientProtocol.cs | 11 ++++++++++- crypto/src/crypto/tls/TlsServerProtocol.cs | 11 ++++++++++- crypto/test/src/crypto/tls/test/TlsTestSuite.cs | 5 +++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs index 4c2a0a545..6352a893f 100644 --- a/crypto/src/crypto/tls/TlsClientProtocol.cs +++ b/crypto/src/crypto/tls/TlsClientProtocol.cs @@ -384,10 +384,19 @@ namespace Org.BouncyCastle.Crypto.Tls SendClientKeyExchangeMessage(); this.mConnectionState = CS_CLIENT_KEY_EXCHANGE; + if (TlsUtilities.IsSsl(Context)) + { + EstablishMasterSecret(Context, mKeyExchange); + } + TlsHandshakeHash prepareFinishHash = mRecordStream.PrepareToFinish(); this.mSecurityParameters.sessionHash = GetCurrentPrfHash(Context, prepareFinishHash, null); - EstablishMasterSecret(Context, mKeyExchange); + if (!TlsUtilities.IsSsl(Context)) + { + EstablishMasterSecret(Context, mKeyExchange); + } + mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher()); if (clientCreds != null && clientCreds is TlsSignerCredentials) diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs index 38f2befea..fca685295 100644 --- a/crypto/src/crypto/tls/TlsServerProtocol.cs +++ b/crypto/src/crypto/tls/TlsServerProtocol.cs @@ -625,10 +625,19 @@ namespace Org.BouncyCastle.Crypto.Tls AssertEmpty(buf); + if (TlsUtilities.IsSsl(Context)) + { + EstablishMasterSecret(Context, mKeyExchange); + } + this.mPrepareFinishHash = mRecordStream.PrepareToFinish(); this.mSecurityParameters.sessionHash = GetCurrentPrfHash(Context, mPrepareFinishHash, null); - EstablishMasterSecret(Context, mKeyExchange); + if (!TlsUtilities.IsSsl(Context)) + { + EstablishMasterSecret(Context, mKeyExchange); + } + mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher()); if (!mExpectSessionTicket) diff --git a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs index 77cebe0a6..5dd9cf0f5 100644 --- a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs +++ b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs @@ -19,6 +19,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests IList testSuite = new ArrayList(); AddFallbackTests(testSuite); + AddVersionTests(testSuite, ProtocolVersion.SSLv3); AddVersionTests(testSuite, ProtocolVersion.TLSv10); AddVersionTests(testSuite, ProtocolVersion.TLSv11); AddVersionTests(testSuite, ProtocolVersion.TLSv12); @@ -194,10 +195,10 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests private static TlsTestConfig CreateTlsTestConfig(ProtocolVersion version) { TlsTestConfig c = new TlsTestConfig(); - c.clientMinimumVersion = ProtocolVersion.TLSv10; + c.clientMinimumVersion = ProtocolVersion.SSLv3; c.clientOfferVersion = ProtocolVersion.TLSv12; c.serverMaximumVersion = version; - c.serverMinimumVersion = ProtocolVersion.TLSv10; + c.serverMinimumVersion = ProtocolVersion.SSLv3; return c; } } -- cgit 1.4.1