summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/crypto/tls/TlsProtocol.cs8
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/src/crypto/tls/TlsProtocol.cs b/crypto/src/crypto/tls/TlsProtocol.cs

index 8fd83aca2..1a6e7a3bc 100644
--- a/crypto/src/crypto/tls/TlsProtocol.cs
+++ b/crypto/src/crypto/tls/TlsProtocol.cs
@@ -99,6 +99,12 @@ namespace Org.BouncyCastle.Crypto.Tls
         {
         }
 
+        protected virtual void CheckReceivedChangeCipherSpec(bool expected)
+        {
+            if (expected != mReceivedChangeCipherSpec)
+                throw new TlsFatalAlert(AlertDescription.unexpected_message);
+        }
+
         protected virtual void CleanupHandshake()
         {
             if (this.mExpectedVerifyData != null)
@@ -259,6 +265,8 @@ namespace Org.BouncyCastle.Crypto.Tls
                          */
                         byte[] buf = mHandshakeQueue.RemoveData(len, 4);
 
+                        CheckReceivedChangeCipherSpec(mConnectionState == CS_END || type == HandshakeType.finished);
+
                         /*
                          * RFC 2246 7.4.9. The value handshake_messages includes all handshake messages
                          * starting at client hello up to, but not including, this finished message.
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-08 13:31:57 +0000