Cleanup obsolete TODO

peterdettman · peterdettman · commit 5c8caa723a56 · 2024-02-21T18:51:07.000+07:00
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcDefaultTlsCredentialedDecryptor.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcDefaultTlsCredentialedDecryptor.java
@@ -13,7 +13,6 @@
 import org.bouncycastle.tls.TlsCredentialedDecryptor;
 import org.bouncycastle.tls.crypto.TlsCryptoParameters;
 import org.bouncycastle.tls.crypto.TlsSecret;
-import org.bouncycastle.tls.crypto.impl.TlsImplUtils;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -76,11 +75,11 @@ public TlsSecret decrypt(TlsCryptoParameters cryptoParams, byte[] ciphertext) th
     }
 
     /*
-     * TODO[tls-ops] Probably need to make RSA encryption/decryption into TlsCrypto functions so
-     * that users can implement "generic" encryption credentials externally
+     * TODO[tls-ops] Probably need to make RSA encryption/decryption into TlsCrypto functions so that users
+     * can implement "generic" encryption credentials externally
      */
-    protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams, RSAKeyParameters rsaServerPrivateKey,
-                                                   byte[] encryptedPreMasterSecret)
+    protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams,
+        RSAKeyParameters rsaServerPrivateKey, byte[] encryptedPreMasterSecret)
     {
         SecureRandom secureRandom = crypto.getSecureRandom();
 
@@ -89,12 +88,8 @@ protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams,
          */
         ProtocolVersion expectedVersion = cryptoParams.getRSAPreMasterSecretVersion();
 
-        // TODO Provide as configuration option?
-        boolean versionNumberCheckDisabled = false;
-
         /*
-         * Generate 48 random bytes we can use as a Pre-Master-Secret, if the
-         * PKCS1 padding check should fail.
+         * Generate 48 random bytes we can use as a Pre-Master-Secret, if the PKCS1 padding check should fail.
          */
         byte[] fallback = new byte[48];
         secureRandom.nextBytes(fallback);
@@ -110,46 +105,31 @@ protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams,
         catch (Exception e)
         {
             /*
-             * This should never happen since the decryption should never throw an exception
-             * and return a random value instead.
+             * This should never happen since the decryption should never throw an exception and return a
+             * random value instead.
              *
-             * In any case, a TLS server MUST NOT generate an alert if processing an
-             * RSA-encrypted premaster secret message fails, or the version number is not as
-             * expected. Instead, it MUST continue the handshake with a randomly generated
-             * premaster secret.
+             * In any case, a TLS server MUST NOT generate an alert if processing an RSA-encrypted premaster
+             * secret message fails, or the version number is not as expected. Instead, it MUST continue the
+             * handshake with a randomly generated premaster secret.
              */
         }
 
         /*
-         * If ClientHello.legacy_version is TLS 1.1 or higher, server implementations MUST check the
-         * version number [..].
+         * Compare the version number in the decrypted Pre-Master-Secret with the legacy_version field from
+         * the ClientHello. If they don't match, continue the handshake with the randomly generated 'fallback'
+         * value.
+         *
+         * NOTE: The comparison and replacement must be constant-time.
          */
-        if (versionNumberCheckDisabled && !TlsImplUtils.isTLSv11(expectedVersion))
-        {
-            /*
-             * If the version number is TLS 1.0 or earlier, server implementations SHOULD check the
-             * version number, but MAY have a configuration option to disable the check.
-             */
-        }
-        else
-        {
-            /*
-             * Compare the version number in the decrypted Pre-Master-Secret with the legacy_version
-             * field from the ClientHello. If they don't match, continue the handshake with the
-             * randomly generated 'fallback' value.
-             *
-             * NOTE: The comparison and replacement must be constant-time.
-             */
-            int mask = (expectedVersion.getMajorVersion() ^ (M[0] & 0xFF))
-                     | (expectedVersion.getMinorVersion() ^ (M[1] & 0xFF));
+        int mask = (expectedVersion.getMajorVersion() ^ (M[0] & 0xFF))
+                 | (expectedVersion.getMinorVersion() ^ (M[1] & 0xFF));
 
-            // 'mask' will be all 1s if the versions matched, or else all 0s.
-            mask = (mask - 1) >> 31;
+        // 'mask' will be all 1s if the versions matched, or else all 0s.
+        mask = (mask - 1) >> 31;
 
-            for (int i = 0; i < 48; i++)
-            {
-                M[i] = (byte)((M[i] & mask) | (fallback[i] & ~mask));
-            }
+        for (int i = 0; i < 48; i++)
+        {
+            M[i] = (byte)((M[i] & mask) | (fallback[i] & ~mask));
         }
 
         return crypto.createSecret(M);
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceDefaultTlsCredentialedDecryptor.java
@@ -12,7 +12,6 @@
 import org.bouncycastle.tls.TlsCredentialedDecryptor;
 import org.bouncycastle.tls.crypto.TlsCryptoParameters;
 import org.bouncycastle.tls.crypto.TlsSecret;
-import org.bouncycastle.tls.crypto.impl.TlsImplUtils;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -70,11 +69,11 @@ public TlsSecret decrypt(TlsCryptoParameters cryptoParams, byte[] ciphertext) th
     }
 
     /*
-     * TODO[tls-ops] Probably need to make RSA encryption/decryption into TlsCrypto functions so
-     * that users can implement "generic" encryption credentials externally
+     * TODO[tls-ops] Probably need to make RSA encryption/decryption into TlsCrypto functions so that users
+     * can implement "generic" encryption credentials externally
      */
     protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams, PrivateKey rsaServerPrivateKey,
-                                                   byte[] encryptedPreMasterSecret)
+        byte[] encryptedPreMasterSecret)
     {
         SecureRandom secureRandom = crypto.getSecureRandom();
 
@@ -83,12 +82,8 @@ protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams,
          */
         ProtocolVersion expectedVersion = cryptoParams.getRSAPreMasterSecretVersion();
 
-        // TODO Provide as configuration option?
-        boolean versionNumberCheckDisabled = false;
-
         /*
-         * Generate 48 random bytes we can use as a Pre-Master-Secret, if the
-         * PKCS1 padding check should fail.
+         * Generate 48 random bytes we can use as a Pre-Master-Secret, if the PKCS1 padding check should fail.
          */
         byte[] fallback = new byte[48];
         secureRandom.nextBytes(fallback);
@@ -107,43 +102,28 @@ protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams,
         catch (Exception e)
         {
             /*
-             * A TLS server MUST NOT generate an alert if processing an
-             * RSA-encrypted premaster secret message fails, or the version number is not as
-             * expected. Instead, it MUST continue the handshake with a randomly generated
-             * premaster secret.
+             * A TLS server MUST NOT generate an alert if processing an RSA-encrypted premaster secret message
+             * fails, or the version number is not as expected. Instead, it MUST continue the handshake with a
+             * randomly generated premaster secret.
              */
         }
 
         /*
-         * If ClientHello.legacy_version is TLS 1.1 or higher, server implementations MUST check the
-         * version number [..].
+         * Compare the version number in the decrypted Pre-Master-Secret with the legacy_version field from
+         * the ClientHello. If they don't match, continue the handshake with the randomly generated 'fallback'
+         * value.
+         *
+         * NOTE: The comparison and replacement must be constant-time.
          */
-        if (versionNumberCheckDisabled && !TlsImplUtils.isTLSv11(expectedVersion))
-        {
-            /*
-             * If the version number is TLS 1.0 or earlier, server implementations SHOULD check the
-             * version number, but MAY have a configuration option to disable the check.
-             */
-        }
-        else
-        {
-            /*
-             * Compare the version number in the decrypted Pre-Master-Secret with the legacy_version
-             * field from the ClientHello. If they don't match, continue the handshake with the
-             * randomly generated 'fallback' value.
-             *
-             * NOTE: The comparison and replacement must be constant-time.
-             */
-            int mask = (expectedVersion.getMajorVersion() ^ (M[0] & 0xFF))
-                     | (expectedVersion.getMinorVersion() ^ (M[1] & 0xFF));
+        int mask = (expectedVersion.getMajorVersion() ^ (M[0] & 0xFF))
+                 | (expectedVersion.getMinorVersion() ^ (M[1] & 0xFF));
 
-            // 'mask' will be all 1s if the versions matched, or else all 0s.
-            mask = (mask - 1) >> 31;
+        // 'mask' will be all 1s if the versions matched, or else all 0s.
+        mask = (mask - 1) >> 31;
 
-            for (int i = 0; i < 48; i++)
-            {
-                M[i] = (byte)((M[i] & mask) | (fallback[i] & ~mask));
-            }
+        for (int i = 0; i < 48; i++)
+        {
+            M[i] = (byte)((M[i] & mask) | (fallback[i] & ~mask));
         }
 
         return crypto.createSecret(M);
