Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2013-12-02 17:54:20 +0400
committerPeter Dettman <peter.dettman@bouncycastle.org>2013-12-02 17:54:20 +0400
commit09895e552fb92fc02aad0073b50e9b222dd63eea (patch)
treefb70063c127f0c6eaf330a9d312e75f6be219574 /core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
parentc35ead533dc3aee032d2d8e798a2eca6aa1eb18b (diff)
Fix server key exchange signatures for TLS 1.2
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java')
-rw-r--r--core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java28
1 files changed, 23 insertions, 5 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
index 32e13915..0abaee69 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsDHEKeyExchange.java
@@ -45,7 +45,28 @@ public class TlsDHEKeyExchange
this.dhAgreeServerPrivateKey = TlsDHUtils.generateEphemeralServerKeyExchange(context.getSecureRandom(),
this.dhParameters, buf);
- Digest d = new CombinedHash();
+ /*
+ * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
+ */
+ SignatureAndHashAlgorithm signatureAndHashAlgorithm;
+ Digest d;
+
+ if (TlsUtils.isTLSv12(context))
+ {
+ signatureAndHashAlgorithm = serverCredentials.getSignatureAndHashAlgorithm();
+ if (signatureAndHashAlgorithm == null)
+ {
+ throw new TlsFatalAlert(AlertDescription.internal_error);
+ }
+
+ d = TlsUtils.createHash(signatureAndHashAlgorithm.getHash());
+ }
+ else
+ {
+ signatureAndHashAlgorithm = null;
+ d = new CombinedHash();
+ }
+
SecurityParameters securityParameters = context.getSecurityParameters();
d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length);
d.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length);
@@ -56,10 +77,7 @@ public class TlsDHEKeyExchange
byte[] signature = serverCredentials.generateCertificateSignature(hash);
- /*
- * TODO RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
- */
- DigitallySigned signed_params = new DigitallySigned(null, signature);
+ DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);
signed_params.encode(buf);
return buf.toByteArray();
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-07 10:33:48 +0300