summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--crypto/src/tls/DeferredHash.cs4
-rw-r--r--crypto/src/tls/TlsClientProtocol.cs5
-rw-r--r--crypto/src/tls/TlsServerProtocol.cs2
3 files changed, 6 insertions, 5 deletions
diff --git a/crypto/src/tls/DeferredHash.cs b/crypto/src/tls/DeferredHash.cs
index 0532d523c..bba3019a1 100644
--- a/crypto/src/tls/DeferredHash.cs
+++ b/crypto/src/tls/DeferredHash.cs
@@ -74,10 +74,6 @@ namespace Org.BouncyCastle.Tls
             default:
             {
                 CheckTrackingHash(securityParameters.PrfCryptoHashAlgorithm);
-                if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
-                {
-                    SealHashAlgorithms();
-                }
                 break;
             }
             }
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 5356880ff..daa5664b0 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -462,6 +462,7 @@ namespace Org.BouncyCastle.Tls
                         this.m_connectionState = CS_SERVER_HELLO_RETRY_REQUEST;
 
                         Send13ClientHelloRetry();
+                        m_handshakeHash.SealHashAlgorithms();
                         this.m_connectionState = CS_CLIENT_HELLO_RETRY;
                     }
                     else
@@ -473,6 +474,7 @@ namespace Org.BouncyCastle.Tls
 
                         if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
                         {
+                            m_handshakeHash.SealHashAlgorithms();
                             Process13ServerHelloCoda(serverHello, false);
                         }
                     }
@@ -1509,7 +1511,8 @@ namespace Org.BouncyCastle.Tls
             clientHelloExtensions.Remove(ExtensionType.cookie);
             clientHelloExtensions.Remove(ExtensionType.early_data);
             clientHelloExtensions.Remove(ExtensionType.key_share);
-            clientHelloExtensions.Remove(ExtensionType.pre_shared_key);
+            // TODO[tls13-psk]
+            //clientHelloExtensions.Remove(ExtensionType.pre_shared_key);
 
             /*
              * RFC 4.2.2. When sending the new ClientHello, the client MUST copy the contents of the
diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index 89365afad..1320cf5fa 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -874,6 +874,8 @@ namespace Org.BouncyCastle.Tls
 
                     if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
                     {
+                        m_handshakeHash.SealHashAlgorithms();
+
                         if (serverHello.IsHelloRetryRequest())
                         {
                             TlsUtilities.AdjustTranscriptForRetry(m_handshakeHash);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-09 16:33:50 +0000