Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2013-06-20 17:56:23 +0400
committerPeter Dettman <peter.dettman@bouncycastle.org>2013-06-20 17:56:23 +0400
commit8f79f999f84dee49eb8a8244dd47d71f94b641cc (patch)
treefbc6d0e94de5b51690382481b31ec540d05ec0c9 /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
parentb56d8809108ba95756880d95f971a624fd9da84d (diff)
Add support for max_fragment_length extension to D/TLS protocols
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java')
-rw-r--r--core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java11
1 files changed, 10 insertions, 1 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
index 018ec6d5..b378c887 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
@@ -78,7 +78,7 @@ public class DTLSServerProtocol
}
}
- public DTLSTransport serverHandshake(ServerHandshakeState state, DTLSRecordLayer recordLayer)
+ protected DTLSTransport serverHandshake(ServerHandshakeState state, DTLSRecordLayer recordLayer)
throws IOException
{
SecurityParameters securityParameters = state.serverContext.getSecurityParameters();
@@ -103,6 +103,11 @@ public class DTLSServerProtocol
}
byte[] serverHelloBody = generateServerHello(state);
+ if (state.maxFragmentLength >= 0)
+ {
+ int plainTextLimit = 1 << (8 + state.maxFragmentLength);
+ recordLayer.setPlaintextLimit(plainTextLimit);
+ }
handshake.sendMessage(HandshakeType.server_hello, serverHelloBody);
// TODO This block could really be done before actually sending the hello
@@ -394,6 +399,9 @@ public class DTLSServerProtocol
if (state.serverExtensions != null)
{
+ state.maxFragmentLength = evaluateMaxFragmentLengthExtension(state.clientExtensions, state.serverExtensions,
+ AlertDescription.internal_error);
+
securityParameters.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(state.serverExtensions);
// TODO[RFC 3546] Should this code check that the 'extension_data' is empty?
@@ -637,6 +645,7 @@ public class DTLSServerProtocol
int selectedCipherSuite = -1;
short selectedCompressionMethod = -1;
boolean secure_renegotiation = false;
+ short maxFragmentLength = -1;
boolean allowCertificateStatus = false;
boolean expectSessionTicket = false;
Hashtable serverExtensions = null;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-07 14:52:00 +0300