Check whether SCSV is present already before adding

Refactor to use new append and length-array encoding methods
author: Peter Dettman <peter.dettman@bouncycastle.org> 2013-09-16 08:17:22 +0400
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2013-09-16 08:17:22 +0400
commit: ce1a254cfae66193368190508689a09eb81b4fc6 (patch)
tree: a24e395e91783e1d2bad03b5ef3331adfb17d1c7 /core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java
parent: 546782fb2982fa76f315f6493d0896e5a6272033 (diff)
1 files changed, 8 insertions, 17 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java
index e661a37c..19d479af 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java
@@ -807,30 +807,21 @@ public class TlsClientProtocol
              * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the
              * ClientHello. Including both is NOT RECOMMENDED.
              */
-            byte[] renegExtData = TlsUtils.getExtensionData(clientExtensions, EXT_RenegotiationInfo);
+            byte[] renegExtData = TlsUtils.getExtensionData(clientExtensions, TlsProtocol.EXT_RenegotiationInfo);
             boolean noRenegExt = (null == renegExtData);
 
-            int count = offeredCipherSuites.length;
-            if (noRenegExt)
-            {
-                // Note: 1 extra slot for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-                ++count;
-            }
+            boolean noSCSV = !TlsProtocol.arrayContains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
 
-            int length = 2 * count;
-            TlsUtils.checkUint16(length);
-            TlsUtils.writeUint16(length, message);
-            TlsUtils.writeUint16Array(offeredCipherSuites, message);
-
-            if (noRenegExt)
+            if (noRenegExt && noSCSV)
             {
-                TlsUtils.writeUint16(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV, message);
+                // TODO Consider whether to default to a client extension instead
+                offeredCipherSuites = Arrays.append(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
             }
+
+            TlsUtils.writeUint16ArrayWithUint16Length(offeredCipherSuites, message);
         }
 
-        TlsUtils.checkUint8(offeredCompressionMethods.length);
-        TlsUtils.writeUint8(offeredCompressionMethods.length, message);
-        TlsUtils.writeUint8Array(offeredCompressionMethods, message);
+        TlsUtils.writeUint8ArrayWithUint8Length(offeredCompressionMethods, message);
 
         if (clientExtensions != null)
         {
author	Peter Dettman <peter.dettman@bouncycastle.org>	2013-09-16 08:17:22 +0400
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2013-09-16 08:17:22 +0400
commit	ce1a254cfae66193368190508689a09eb81b4fc6 (patch)
tree	a24e395e91783e1d2bad03b5ef3331adfb17d1c7 /core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java
parent	546782fb2982fa76f315f6493d0896e5a6272033 (diff)