diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2015-03-06 15:32:51 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2015-03-06 15:32:51 +0700 |
| commit | d547000f967e7c7df0447783d74aa511c108bfd2 (patch) | |
| tree | fb37c42c0021099f0b8f4569eca93983cb9b8f4c /crypto/src | |
| parent | Fix parsing of implicit tagged object (diff) | |
| download | BouncyCastle.NET-ed25519-d547000f967e7c7df0447783d74aa511c108bfd2.tar.xz | |
Improved handling for out-of-order Finished message
Diffstat (limited to 'crypto/src')
| -rw-r--r-- | crypto/src/crypto/tls/TlsProtocol.cs | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs index 09838a717..08b39f2a6 100644 --- a/crypto/src/crypto/tls/TlsProtocol.cs +++ b/crypto/src/crypto/tls/TlsProtocol.cs @@ -270,15 +270,20 @@ namespace Org.BouncyCastle.Crypto.Tls break; case HandshakeType.finished: default: - if (type == HandshakeType.finished && this.mExpectedVerifyData == null) + { + TlsContext ctx = Context; + if (type == HandshakeType.finished + && this.mExpectedVerifyData == null + && ctx.SecurityParameters.MasterSecret != null) { - this.mExpectedVerifyData = CreateVerifyData(!Context.IsServer); + this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer); } mRecordStream.UpdateHandshakeData(beginning, 0, 4); mRecordStream.UpdateHandshakeData(buf, 0, len); break; } + } /* * Now, parse the message. @@ -612,6 +617,9 @@ namespace Org.BouncyCastle.Crypto.Tls protected virtual void ProcessFinishedMessage(MemoryStream buf) { + if (mExpectedVerifyData == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + byte[] verify_data = TlsUtilities.ReadFully(mExpectedVerifyData.Length, buf); AssertEmpty(buf); |