From 6e4b9784d9ae3d159a316b3d801fad5b6ff34a67 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Thu, 4 Oct 2018 11:48:54 +0700 Subject: TLS: Don't check CCS status for hello_request --- crypto/src/crypto/tls/TlsProtocol.cs | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'crypto/src') diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs index 72151d414..bbb76d53c 100644 --- a/crypto/src/crypto/tls/TlsProtocol.cs +++ b/crypto/src/crypto/tls/TlsProtocol.cs @@ -391,31 +391,30 @@ namespace Org.BouncyCastle.Crypto.Tls if (queue.Available < totalLength) break; - CheckReceivedChangeCipherSpec(mConnectionState == CS_END || type == HandshakeType.finished); - /* * RFC 2246 7.4.9. The value handshake_messages includes all handshake messages * starting at client hello up to, but not including, this finished message. * [..] Note: [Also,] Hello Request messages are omitted from handshake hashes. */ - switch (type) - { - case HandshakeType.hello_request: - break; - case HandshakeType.finished: - default: + if (HandshakeType.hello_request != type) { - TlsContext ctx = Context; - if (type == HandshakeType.finished - && this.mExpectedVerifyData == null - && ctx.SecurityParameters.MasterSecret != null) + if (HandshakeType.finished == type) { - this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer); + CheckReceivedChangeCipherSpec(true); + + TlsContext ctx = Context; + if (this.mExpectedVerifyData == null + && ctx.SecurityParameters.MasterSecret != null) + { + this.mExpectedVerifyData = CreateVerifyData(!ctx.IsServer); + } + } + else + { + CheckReceivedChangeCipherSpec(mConnectionState == CS_END); } queue.CopyTo(mRecordStream.HandshakeHashUpdater, totalLength); - break; - } } queue.RemoveData(4); -- cgit 1.4.1