Add calls to TlsHandshakeHash.stopTracking()

Add TODOs to reconsider how the server calculates the CertificateVerify
handshake hash for TLS 1.2

1 files changed, 8 insertions, 0 deletions

diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
index f4d51bbd..a761f524 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
@@ -235,6 +235,11 @@ public class DTLSServerProtocol
             }
         }
 
+        if (!expectCertificateVerifyMessage(state))
+        {
+            handshake.getHandshakeHash().stopTracking();
+        }
+
         if (clientMessage.getType() == HandshakeType.client_key_exchange)
         {
             processClientKeyExchange(state, clientMessage.getBody());
@@ -254,9 +259,12 @@ public class DTLSServerProtocol
          */
         if (expectCertificateVerifyMessage(state))
         {
+            // TODO For TLS 1.2, this can't be calculated until we see what hash algorithm the sender used
             byte[] certificateVerifyHash = handshake.getCurrentHash();
             byte[] certificateVerifyBody = handshake.receiveMessageBody(HandshakeType.certificate_verify);
             processCertificateVerify(state, certificateVerifyBody, certificateVerifyHash);
+
+            handshake.getHandshakeHash().stopTracking();
         }
 
         // NOTE: Calculated exclusive of the actual Finished message from the client