summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2018-10-04 11:48:54 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2018-10-04 11:48:54 +0700
commit6e4b9784d9ae3d159a316b3d801fad5b6ff34a67 (patch)
treef8c91883f3d611a72e955d890ec3a63e2e7d2d59 /crypto/src
parentRFC 8032: Avoid unnecessary doublings in precomputation (diff)
downloadBouncyCastle.NET-ed25519-6e4b9784d9ae3d159a316b3d801fad5b6ff34a67.tar.xz
TLS: Don't check CCS status for hello_request
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/crypto/tls/TlsProtocol.cs29


1 files changed, 14 insertions, 15 deletions
diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs
index 72151d414..bbb76d53c 100644
--- a/crypto/src/crypto/tls/TlsProtocol.cs
+++ b/crypto/src/crypto/tls/TlsProtocol.cs
@@ -391,31 +391,30 @@ namespace Org.BouncyCastle.Crypto.Tls
                 if (queue.Available < totalLength)
                     break;
 
-                CheckReceivedChangeCipherSpec(mConnectionState == CS_END || type == HandshakeType.finished);
-
                 /*
                  * RFC 2246 7.4.9. The value handshake_messages includes all handshake messages
                  * starting at client hello up to, but not including, this finished message.
                  * [..] Note: [Also,] Hello Request messages are omitted from handshake hashes.
                  */
-                switch (type)
-                {
-                case HandshakeType.hello_request:
-                    break;
-                case HandshakeType.finished:
-                default:
+                if (HandshakeType.hello_request != type)
                 {
-                    TlsContext ctx = Context;
-                    if (type == HandshakeType.finished
-                        && this.mExpectedVerifyData == null
-                        && ctx.SecurityParameters.MasterSecret != null)
+                    if (HandshakeType.finished == type)
                     {
-                        this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer);
+                        CheckReceivedChangeCipherSpec(true);
+
+                        TlsContext ctx = Context;
+                        if (this.mExpectedVerifyData == null
+                            && ctx.SecurityParameters.MasterSecret != null)
+                        {
+                            this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer);
+                        }
+                    }
+                    else
+                    {
+                        CheckReceivedChangeCipherSpec(mConnectionState == CS_END);
                     }
 
                     queue.CopyTo(mRecordStream.HandshakeHashUpdater, totalLength);
-                    break;
-                }
                 }
 
                 queue.RemoveData(4);

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-10 13:48:02 +0000