diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-25 18:43:45 +0400 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-06-25 18:43:45 +0400 |
| commit | 6d4a5877b9454a835922b563533430f5567f26c0 (patch) | |
| tree | 0b6dc8ccda87b3ad3fae2970e5bc2e8017f26ff4 /core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | |
| parent | cca2751c1c764e3faf07d4e9bb151474d43c58b7 (diff) | |
Refactor ServerHello code to bring security/session parameters into the
same place.
Validate that the server sends no extensions when resuming a session
(excepting renegotiation_info).
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java')
| -rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index 2305bca8..6856d486 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -113,17 +113,6 @@ public class TlsServerProtocol sendServerHelloMessage(); this.connection_state = CS_SERVER_HELLO; - securityParameters.prfAlgorithm = getPRFAlgorithm(getContext(), securityParameters.getCipherSuite()); - - /* - * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify - * verify_data_length has a verify_data_length equal to 12. This includes all - * existing cipher suites. - */ - securityParameters.verifyDataLength = 12; - - recordStream.notifyHelloComplete(); - Vector serverSupplementalData = tlsServer.getServerSupplementalData(); if (serverSupplementalData != null) { @@ -707,7 +696,8 @@ public class TlsServerProtocol if (this.serverExtensions != null) { - processMaxFragmentLengthExtension(clientExtensions, this.serverExtensions, AlertDescription.internal_error); + this.securityParameters.maxFragmentLength = processMaxFragmentLengthExtension(clientExtensions, + this.serverExtensions, AlertDescription.internal_error); this.securityParameters.truncatedHMac = TlsExtensionsUtils.hasTruncatedHMacExtension(this.serverExtensions); @@ -720,7 +710,23 @@ public class TlsServerProtocol writeExtensions(message, this.serverExtensions); } + if (this.securityParameters.maxFragmentLength >= 0) + { + int plainTextLimit = 1 << (8 + this.securityParameters.maxFragmentLength); + recordStream.setPlaintextLimit(plainTextLimit); + } + + securityParameters.prfAlgorithm = getPRFAlgorithm(getContext(), securityParameters.getCipherSuite()); + + /* + * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has + * a verify_data_length equal to 12. This includes all existing cipher suites. + */ + securityParameters.verifyDataLength = 12; + message.writeToRecordStream(); + + recordStream.notifyHelloComplete(); } protected void sendServerHelloDoneMessage() |