summary refs log tree commit diff
path: root/crypto
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2015-03-06 19:23:30 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2015-03-06 19:23:30 +0700
commit7032cb795cbd30b2a0cabf8152b52ff1ac6a54db (patch)
treef1be171aed8ba03e8777ba141e9dd4fca53877ae /crypto
parentRefuse client-initiated renegotiation gracefully (diff)
downloadBouncyCastle.NET-ed25519-7032cb795cbd30b2a0cabf8152b52ff1ac6a54db.tar.xz
Tighten ChangeCipherSpec ordering checks
Diffstat (limited to 'crypto')
-rw-r--r--crypto/src/crypto/tls/TlsProtocol.cs8
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs
index 8fd83aca2..1a6e7a3bc 100644
--- a/crypto/src/crypto/tls/TlsProtocol.cs
+++ b/crypto/src/crypto/tls/TlsProtocol.cs
@@ -99,6 +99,12 @@ namespace Org.BouncyCastle.Crypto.Tls
         {
         }
 
+        protected virtual void CheckReceivedChangeCipherSpec(bool expected)
+        {
+            if (expected != mReceivedChangeCipherSpec)
+                throw new TlsFatalAlert(AlertDescription.unexpected_message);
+        }
+
         protected virtual void CleanupHandshake()
         {
             if (this.mExpectedVerifyData != null)
@@ -259,6 +265,8 @@ namespace Org.BouncyCastle.Crypto.Tls
                          */
                         byte[] buf = mHandshakeQueue.RemoveData(len, 4);
 
+                        CheckReceivedChangeCipherSpec(mConnectionState == CS_END || type == HandshakeType.finished);
+
                         /*
                          * RFC 2246 7.4.9. The value handshake_messages includes all handshake messages
                          * starting at client hello up to, but not including, this finished message.