Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

dghgit · dghgit · commit 0e74ba0ab6e1 · 2024-04-24T16:20:40.000+10:00
diff --git a/tls/src/main/java/org/bouncycastle/tls/DTLSClientProtocol.java b/tls/src/main/java/org/bouncycastle/tls/DTLSClientProtocol.java
@@ -620,13 +620,10 @@ protected boolean establishSession(ClientHandshakeState state, TlsSession sessio
             return false;
         }
 
-        boolean isEMS = sessionParameters.isExtendedMasterSecret();
-        if (!TlsUtils.isExtendedMasterSecretOptional(sessionVersion))
+        if (!sessionParameters.isExtendedMasterSecret() &&
+            !TlsUtils.isExtendedMasterSecretOptional(sessionVersion))
         {
-            if (!isEMS)
-            {
-                return false;
-            }
+            return false;
         }
 
         TlsCrypto crypto = state.clientContext.getCrypto();
diff --git a/tls/src/main/java/org/bouncycastle/tls/DTLSServerProtocol.java b/tls/src/main/java/org/bouncycastle/tls/DTLSServerProtocol.java
@@ -751,13 +751,10 @@ protected boolean establishSession(ServerHandshakeState state, TlsSession sessio
             return false;
         }
 
-        boolean isEMS = sessionParameters.isExtendedMasterSecret();
-        if (!TlsUtils.isExtendedMasterSecretOptional(sessionVersion))
+        if (!sessionParameters.isExtendedMasterSecret() &&
+            !TlsUtils.isExtendedMasterSecretOptional(sessionVersion))
         {
-            if (!isEMS)
-            {
-                return false;
-            }
+            return false;
         }
 
         TlsCrypto crypto = state.serverContext.getCrypto();
diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java b/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java
@@ -1582,17 +1582,9 @@ protected boolean establishSession(TlsSession sessionToResume)
             return false;
         }
 
-        boolean isEMS = sessionParameters.isExtendedMasterSecret();
-        if (sessionVersion.isSSL())
+        if (!TlsUtils.isExtendedMasterSecretOptional(sessionVersion))
         {
-            if (isEMS)
-            {
-                return false;
-            }
-        }
-        else if (!TlsUtils.isExtendedMasterSecretOptional(sessionVersion))
-        {
-            if (!isEMS)
+            if (sessionParameters.isExtendedMasterSecret() == sessionVersion.isSSL())
             {
                 return false;
             }

Original file line number	Diff line number	Diff line change
`@@ -620,13 +620,10 @@ protected boolean establishSession(ClientHandshakeState state, TlsSession sessio`
`620`	`620`	`return false;`
`621`	`621`	`}`
`622`	`622`
`623`		`- boolean isEMS = sessionParameters.isExtendedMasterSecret();`
`624`		`- if (!TlsUtils.isExtendedMasterSecretOptional(sessionVersion))`
	`623`	`+ if (!sessionParameters.isExtendedMasterSecret() &&`
	`624`	`+ !TlsUtils.isExtendedMasterSecretOptional(sessionVersion))`
`625`	`625`	`{`
`626`		`- if (!isEMS)`
`627`		`- {`
`628`		`- return false;`
`629`		`- }`
	`626`	`+ return false;`
`630`	`627`	`}`
`631`	`628`
`632`	`629`	`TlsCrypto crypto = state.clientContext.getCrypto();`
Original file line number	Diff line number	Diff line change
`@@ -751,13 +751,10 @@ protected boolean establishSession(ServerHandshakeState state, TlsSession sessio`
`751`	`751`	`return false;`
`752`	`752`	`}`
`753`	`753`
`754`		`- boolean isEMS = sessionParameters.isExtendedMasterSecret();`
`755`		`- if (!TlsUtils.isExtendedMasterSecretOptional(sessionVersion))`
	`754`	`+ if (!sessionParameters.isExtendedMasterSecret() &&`
	`755`	`+ !TlsUtils.isExtendedMasterSecretOptional(sessionVersion))`
`756`	`756`	`{`
`757`		`- if (!isEMS)`
`758`		`- {`
`759`		`- return false;`
`760`		`- }`
	`757`	`+ return false;`
`761`	`758`	`}`
`762`	`759`
`763`	`760`	`TlsCrypto crypto = state.serverContext.getCrypto();`
Original file line number	Diff line number	Diff line change
`@@ -1582,17 +1582,9 @@ protected boolean establishSession(TlsSession sessionToResume)`
`1582`	`1582`	`return false;`
`1583`	`1583`	`}`
`1584`	`1584`
`1585`		`- boolean isEMS = sessionParameters.isExtendedMasterSecret();`
`1586`		`- if (sessionVersion.isSSL())`
	`1585`	`+ if (!TlsUtils.isExtendedMasterSecretOptional(sessionVersion))`
`1587`	`1586`	`{`
`1588`		`- if (isEMS)`
`1589`		`- {`
`1590`		`- return false;`
`1591`		`- }`
`1592`		`- }`
`1593`		`- else if (!TlsUtils.isExtendedMasterSecretOptional(sessionVersion))`
`1594`		`- {`
`1595`		`- if (!isEMS)`
	`1587`	`+ if (sessionParameters.isExtendedMasterSecret() == sessionVersion.isSSL())`
`1596`	`1588`	`{`
`1597`	`1589`	`return false;`
`1598`	`1590`	`}`