3 files changed, 6 insertions, 5 deletions
diff --git a/crypto/src/tls/DeferredHash.cs b/crypto/src/tls/DeferredHash.cs
index 0532d523c..bba3019a1 100644
--- a/crypto/src/tls/DeferredHash.cs
+++ b/crypto/src/tls/DeferredHash.cs
@@ -74,10 +74,6 @@ namespace Org.BouncyCastle.Tls
default:
{
CheckTrackingHash(securityParameters.PrfCryptoHashAlgorithm);
- if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
- {
- SealHashAlgorithms();
- }
break;
}
}
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 5356880ff..daa5664b0 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -462,6 +462,7 @@ namespace Org.BouncyCastle.Tls
this.m_connectionState = CS_SERVER_HELLO_RETRY_REQUEST;
Send13ClientHelloRetry();
+ m_handshakeHash.SealHashAlgorithms();
this.m_connectionState = CS_CLIENT_HELLO_RETRY;
}
else
@@ -473,6 +474,7 @@ namespace Org.BouncyCastle.Tls
if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
{
+ m_handshakeHash.SealHashAlgorithms();
Process13ServerHelloCoda(serverHello, false);
}
}
@@ -1509,7 +1511,8 @@ namespace Org.BouncyCastle.Tls
clientHelloExtensions.Remove(ExtensionType.cookie);
clientHelloExtensions.Remove(ExtensionType.early_data);
clientHelloExtensions.Remove(ExtensionType.key_share);
- clientHelloExtensions.Remove(ExtensionType.pre_shared_key);
+ // TODO[tls13-psk]
+ //clientHelloExtensions.Remove(ExtensionType.pre_shared_key);
/*
* RFC 4.2.2. When sending the new ClientHello, the client MUST copy the contents of the
diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index 89365afad..1320cf5fa 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -874,6 +874,8 @@ namespace Org.BouncyCastle.Tls
if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
{
+ m_handshakeHash.SealHashAlgorithms();
+
if (serverHello.IsHelloRetryRequest())
{
TlsUtilities.AdjustTranscriptForRetry(m_handshakeHash);
|
