From a2e46c8a158507d7bd2814c6b3b533a05aee7feb Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Sun, 25 Jul 2021 14:39:54 +0700
Subject: Only GetSessionToResume if pre-1.3 offered

---
 crypto/src/tls/TlsClientProtocol.cs | 34 +++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 15 deletions(-)

(limited to 'crypto')

diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 31ad9b956..118772f67 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -81,9 +81,6 @@ namespace Org.BouncyCastle.Tls
         {
             base.BeginHandshake();
 
-            EstablishSession(m_tlsClient.GetSessionToResume());
-            m_tlsClient.NotifySessionToResume(m_tlsSession);
-
             SendClientHello();
             this.m_connectionState = CS_CLIENT_HELLO;
         }
@@ -1540,13 +1537,14 @@ namespace Org.BouncyCastle.Tls
         {
             SecurityParameters securityParameters = m_tlsClientContext.SecurityParameters;
 
-            ProtocolVersion client_version;
+            ProtocolVersion[] supportedVersions;
+            ProtocolVersion earliestVersion, latestVersion;
 
             // NOT renegotiating
             {
-                m_tlsClientContext.SetClientSupportedVersions(m_tlsClient.GetProtocolVersions());
+                supportedVersions = m_tlsClient.GetProtocolVersions();
 
-                if (ProtocolVersion.Contains(m_tlsClientContext.ClientSupportedVersions, ProtocolVersion.SSLv3))
+                if (ProtocolVersion.Contains(supportedVersions, ProtocolVersion.SSLv3))
                 {
                     // TODO[tls13] Prevent offering SSLv3 AND TLSv13?
                     m_recordStream.SetWriteVersion(ProtocolVersion.SSLv3);
@@ -1556,15 +1554,22 @@ namespace Org.BouncyCastle.Tls
                     m_recordStream.SetWriteVersion(ProtocolVersion.TLSv10);
                 }
 
-                client_version = ProtocolVersion.GetLatestTls(m_tlsClientContext.ClientSupportedVersions);
+                earliestVersion = ProtocolVersion.GetEarliestTls(supportedVersions);
+                latestVersion = ProtocolVersion.GetLatestTls(supportedVersions);
 
-                if (!ProtocolVersion.IsSupportedTlsVersionClient(client_version))
+                if (!ProtocolVersion.IsSupportedTlsVersionClient(latestVersion))
                     throw new TlsFatalAlert(AlertDescription.internal_error);
 
-                m_tlsClientContext.SetClientVersion(client_version);
+                m_tlsClientContext.SetClientVersion(latestVersion);
             }
 
-            bool offeringTlsV13Plus = ProtocolVersion.TLSv13.IsEqualOrEarlierVersionOf(client_version);
+            m_tlsClientContext.SetClientSupportedVersions(supportedVersions);
+
+            bool offeringTlsV12Minus = ProtocolVersion.TLSv12.IsEqualOrLaterVersionOf(earliestVersion);
+            bool offeringTlsV13Plus = ProtocolVersion.TLSv13.IsEqualOrEarlierVersionOf(latestVersion);
+
+            EstablishSession(offeringTlsV12Minus ? m_tlsClient.GetSessionToResume() : null);
+            m_tlsClient.NotifySessionToResume(m_tlsSession);
 
             /*
              * TODO RFC 5077 3.4. When presenting a ticket, the client MAY generate and include a
@@ -1587,13 +1592,12 @@ namespace Org.BouncyCastle.Tls
             this.m_clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(
                 m_tlsClient.GetClientExtensions());
 
-            ProtocolVersion legacy_version = client_version;
+            ProtocolVersion legacy_version = latestVersion;
             if (offeringTlsV13Plus)
             {
                 legacy_version = ProtocolVersion.TLSv12;
 
-                TlsExtensionsUtilities.AddSupportedVersionsExtensionClient(m_clientExtensions,
-                    m_tlsClientContext.ClientSupportedVersions);
+                TlsExtensionsUtilities.AddSupportedVersionsExtensionClient(m_clientExtensions, supportedVersions);
 
                 /*
                  * RFC 8446 4.2.1. In compatibility mode [..], this field MUST be non-empty, so a client
@@ -1610,7 +1614,7 @@ namespace Org.BouncyCastle.Tls
             securityParameters.m_clientServerNames = TlsExtensionsUtilities.GetServerNameExtensionClient(
                 m_clientExtensions);
 
-            if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(client_version))
+            if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(latestVersion))
             {
                 TlsUtilities.EstablishClientSigAlgs(securityParameters, m_clientExtensions);
             }
@@ -1621,7 +1625,7 @@ namespace Org.BouncyCastle.Tls
             this.m_clientAgreements = TlsUtilities.AddEarlyKeySharesToClientHello(m_tlsClientContext, m_tlsClient,
                 m_clientExtensions);
 
-            if (TlsUtilities.IsExtendedMasterSecretOptionalTls(m_tlsClientContext.ClientSupportedVersions)
+            if (TlsUtilities.IsExtendedMasterSecretOptionalTls(supportedVersions)
                 && (m_tlsClient.ShouldUseExtendedMasterSecret() ||
                     (null != m_sessionParameters && m_sessionParameters.IsExtendedMasterSecret)))
             {
-- 
cgit 1.4.1