diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-08 09:18:38 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-08 09:18:38 +0400 |
commit | cb5c2b1e900729d4fd367ec3087accc92ca591bb (patch) | |
tree | c3bb638c4a421b6a892123d6099ad4a92349143c /core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | |
parent | 33cdae127fd0b6262dd840783e23fb47acf6af9e (diff) |
Add calls to TlsHandshakeHash.stopTracking()
Add TODOs to reconsider how the server calculates the CertificateVerify
handshake hash for TLS 1.2
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index f4d51bbd..a761f524 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -235,6 +235,11 @@ public class DTLSServerProtocol } } + if (!expectCertificateVerifyMessage(state)) + { + handshake.getHandshakeHash().stopTracking(); + } + if (clientMessage.getType() == HandshakeType.client_key_exchange) { processClientKeyExchange(state, clientMessage.getBody()); @@ -254,9 +259,12 @@ public class DTLSServerProtocol */ if (expectCertificateVerifyMessage(state)) { + // TODO For TLS 1.2, this can't be calculated until we see what hash algorithm the sender used byte[] certificateVerifyHash = handshake.getCurrentHash(); byte[] certificateVerifyBody = handshake.receiveMessageBody(HandshakeType.certificate_verify); processCertificateVerify(state, certificateVerifyBody, certificateVerifyHash); + + handshake.getHandshakeHash().stopTracking(); } // NOTE: Calculated exclusive of the actual Finished message from the client |