diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-04-15 15:05:28 +0400 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-04-15 15:05:28 +0400 |
| commit | 3efee8b0f1e67c727b0c204c45ef399a5c9c4652 (patch) | |
| tree | c58655f68db40242d8b8d1e4a65882bcbad69c7c /core/src/main/java/org | |
| parent | 56e63e21b83fe0c854db7c6c6ff8e90c68a4accb (diff) | |
Explicitly fail on CertificateVerify in TLS 1.2 server
Add test coverage for known issue
Diffstat (limited to 'core/src/main/java/org')
| -rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 5 | ||||
| -rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 9e054897..ac11b8ea 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -475,6 +475,11 @@ public class DTLSServerProtocol TlsProtocol.assertEmpty(buf); + if (TlsUtils.isTLSv12(state.serverContext)) + { + throw new TlsFatalAlert(AlertDescription.decrypt_error); + } + // Verify the CertificateVerify message contains a correct signature. boolean verified = false; try diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index f33ed554..257ea122 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -430,6 +430,11 @@ public class TlsServerProtocol assertEmpty(buf); + if (TlsUtils.isTLSv12(getContext())) + { + throw new TlsFatalAlert(AlertDescription.decrypt_error); + } + // Verify the CertificateVerify message contains a correct signature. boolean verified = false; try |