From 6ad4f3694b7f8c54b91270d6b81667825070a708 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Tue, 27 Jul 2021 19:17:06 +0700
Subject: Seal handshake hash externally

---
 crypto/src/tls/DeferredHash.cs      | 4 ----
 crypto/src/tls/TlsClientProtocol.cs | 5 ++++-
 crypto/src/tls/TlsServerProtocol.cs | 2 ++
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/crypto/src/tls/DeferredHash.cs b/crypto/src/tls/DeferredHash.cs
index 0532d523c..bba3019a1 100644
--- a/crypto/src/tls/DeferredHash.cs
+++ b/crypto/src/tls/DeferredHash.cs
@@ -74,10 +74,6 @@ namespace Org.BouncyCastle.Tls
             default:
             {
                 CheckTrackingHash(securityParameters.PrfCryptoHashAlgorithm);
-                if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
-                {
-                    SealHashAlgorithms();
-                }
                 break;
             }
             }
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 5356880ff..daa5664b0 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -462,6 +462,7 @@ namespace Org.BouncyCastle.Tls
                         this.m_connectionState = CS_SERVER_HELLO_RETRY_REQUEST;
 
                         Send13ClientHelloRetry();
+                        m_handshakeHash.SealHashAlgorithms();
                         this.m_connectionState = CS_CLIENT_HELLO_RETRY;
                     }
                     else
@@ -473,6 +474,7 @@ namespace Org.BouncyCastle.Tls
 
                         if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
                         {
+                            m_handshakeHash.SealHashAlgorithms();
                             Process13ServerHelloCoda(serverHello, false);
                         }
                     }
@@ -1509,7 +1511,8 @@ namespace Org.BouncyCastle.Tls
             clientHelloExtensions.Remove(ExtensionType.cookie);
             clientHelloExtensions.Remove(ExtensionType.early_data);
             clientHelloExtensions.Remove(ExtensionType.key_share);
-            clientHelloExtensions.Remove(ExtensionType.pre_shared_key);
+            // TODO[tls13-psk]
+            //clientHelloExtensions.Remove(ExtensionType.pre_shared_key);
 
             /*
              * RFC 4.2.2. When sending the new ClientHello, the client MUST copy the contents of the
diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index 89365afad..1320cf5fa 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -874,6 +874,8 @@ namespace Org.BouncyCastle.Tls
 
                     if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
                     {
+                        m_handshakeHash.SealHashAlgorithms();
+
                         if (serverHello.IsHelloRetryRequest())
                         {
                             TlsUtilities.AdjustTranscriptForRetry(m_handshakeHash);
-- 
cgit 1.4.1