From 7032cb795cbd30b2a0cabf8152b52ff1ac6a54db Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Fri, 6 Mar 2015 19:23:30 +0700
Subject: Tighten ChangeCipherSpec ordering checks

---
 crypto/src/crypto/tls/TlsProtocol.cs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs
index 8fd83aca2..1a6e7a3bc 100644
--- a/crypto/src/crypto/tls/TlsProtocol.cs
+++ b/crypto/src/crypto/tls/TlsProtocol.cs
@@ -99,6 +99,12 @@ namespace Org.BouncyCastle.Crypto.Tls
         {
         }
 
+        protected virtual void CheckReceivedChangeCipherSpec(bool expected)
+        {
+            if (expected != mReceivedChangeCipherSpec)
+                throw new TlsFatalAlert(AlertDescription.unexpected_message);
+        }
+
         protected virtual void CleanupHandshake()
         {
             if (this.mExpectedVerifyData != null)
@@ -259,6 +265,8 @@ namespace Org.BouncyCastle.Crypto.Tls
                          */
                         byte[] buf = mHandshakeQueue.RemoveData(len, 4);
 
+                        CheckReceivedChangeCipherSpec(mConnectionState == CS_END || type == HandshakeType.finished);
+
                         /*
                          * RFC 2246 7.4.9. The value handshake_messages includes all handshake messages
                          * starting at client hello up to, but not including, this finished message.
-- 
cgit 1.4.1