diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index 0ab8a7a98..c90ef4109 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -907,6 +907,7 @@ namespace Org.BouncyCastle.Tls
if (serverHello.IsHelloRetryRequest())
{
TlsUtilities.AdjustTranscriptForRetry(m_handshakeHash);
+
SendServerHelloMessage(serverHello);
this.m_connectionState = CS_SERVER_HELLO_RETRY_REQUEST;
@@ -952,7 +953,12 @@ namespace Org.BouncyCastle.Tls
this.m_keyExchange = TlsUtilities.InitKeyExchangeServer(m_tlsServerContext, m_tlsServer);
- TlsCredentials serverCredentials = TlsUtilities.EstablishServerCredentials(m_tlsServer);
+ TlsCredentials serverCredentials = null;
+
+ if (!KeyExchangeAlgorithm.IsAnonymous(securityParameters.KeyExchangeAlgorithm))
+ {
+ serverCredentials = TlsUtilities.EstablishServerCredentials(m_tlsServer);
+ }
// Server certificate
{
@@ -1026,19 +1032,36 @@ namespace Org.BouncyCastle.Tls
TlsUtilities.EstablishServerSigAlgs(securityParameters, m_certificateRequest);
- TlsUtilities.TrackHashAlgorithms(m_handshakeHash, securityParameters.ServerSigAlgs);
+ if (ProtocolVersion.TLSv12.Equals(securityParameters.NegotiatedVersion))
+ {
+ TlsUtilities.TrackHashAlgorithms(m_handshakeHash, securityParameters.ServerSigAlgs);
- SendCertificateRequestMessage(m_certificateRequest);
- this.m_connectionState = CS_SERVER_CERTIFICATE_REQUEST;
+ if (m_tlsServerContext.Crypto.HasAnyStreamVerifiers(securityParameters.ServerSigAlgs))
+ {
+ m_handshakeHash.ForceBuffering();
+ }
+ }
+ else
+ {
+ if (m_tlsServerContext.Crypto.HasAnyStreamVerifiersLegacy(m_certificateRequest.CertificateTypes))
+ {
+ m_handshakeHash.ForceBuffering();
+ }
+ }
}
}
+ m_handshakeHash.SealHashAlgorithms();
+
+ if (null != m_certificateRequest)
+ {
+ SendCertificateRequestMessage(m_certificateRequest);
+ this.m_connectionState = CS_SERVER_CERTIFICATE_REQUEST;
+ }
+
SendServerHelloDoneMessage();
this.m_connectionState = CS_SERVER_HELLO_DONE;
- bool forceBuffering = false;
- TlsUtilities.SealHandshakeHash(m_tlsServerContext, m_handshakeHash, forceBuffering);
-
break;
}
default:
@@ -1281,13 +1304,11 @@ namespace Org.BouncyCastle.Tls
if (null == clientCertificate || clientCertificate.IsEmpty)
throw new TlsFatalAlert(AlertDescription.internal_error);
- // TODO[tls13] Actual structure is 'CertificateVerify' in RFC 8446, consider adding for clarity
- DigitallySigned certificateVerify = DigitallySigned.Parse(m_tlsServerContext, buf);
+ CertificateVerify certificateVerify = CertificateVerify.Parse(m_tlsServerContext, buf);
AssertEmpty(buf);
- TlsUtilities.Verify13CertificateVerifyClient(m_tlsServerContext, m_certificateRequest, certificateVerify,
- m_handshakeHash);
+ TlsUtilities.Verify13CertificateVerifyClient(m_tlsServerContext, m_handshakeHash, certificateVerify);
}
/// <exception cref="IOException"/>
|
