diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-16 08:17:22 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-09-16 08:17:22 +0400 |
commit | ce1a254cfae66193368190508689a09eb81b4fc6 (patch) | |
tree | a24e395e91783e1d2bad03b5ef3331adfb17d1c7 /core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java | |
parent | 546782fb2982fa76f315f6493d0896e5a6272033 (diff) |
Check whether SCSV is present already before adding
Refactor to use new append and length-array encoding methods
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index e661a37c..19d479af 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -807,30 +807,21 @@ public class TlsClientProtocol * or the TLS_EMPTY_RENEGOTIATION_INFO_SCSV signaling cipher suite value in the * ClientHello. Including both is NOT RECOMMENDED. */ - byte[] renegExtData = TlsUtils.getExtensionData(clientExtensions, EXT_RenegotiationInfo); + byte[] renegExtData = TlsUtils.getExtensionData(clientExtensions, TlsProtocol.EXT_RenegotiationInfo); boolean noRenegExt = (null == renegExtData); - int count = offeredCipherSuites.length; - if (noRenegExt) - { - // Note: 1 extra slot for TLS_EMPTY_RENEGOTIATION_INFO_SCSV - ++count; - } + boolean noSCSV = !TlsProtocol.arrayContains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); - int length = 2 * count; - TlsUtils.checkUint16(length); - TlsUtils.writeUint16(length, message); - TlsUtils.writeUint16Array(offeredCipherSuites, message); - - if (noRenegExt) + if (noRenegExt && noSCSV) { - TlsUtils.writeUint16(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV, message); + // TODO Consider whether to default to a client extension instead + offeredCipherSuites = Arrays.append(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); } + + TlsUtils.writeUint16ArrayWithUint16Length(offeredCipherSuites, message); } - TlsUtils.checkUint8(offeredCompressionMethods.length); - TlsUtils.writeUint8(offeredCompressionMethods.length, message); - TlsUtils.writeUint8Array(offeredCompressionMethods, message); + TlsUtils.writeUint8ArrayWithUint8Length(offeredCompressionMethods, message); if (clientExtensions != null) { |