Check for "change cipher spec" before server "finished" message added

2016-08-14 16:32:28 +02:00 · 2016-08-14 16:32:28 +02:00 · 735d669887
commit 735d669887
parent a8db309a76
1 changed files with 3 additions and 0 deletions
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
@ -1074,6 +1074,9 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms
                break;

            case tls_handshake_type_finished: {
+                if (!m_cipher_spec)
+                    throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Finished message should be encrypted.");
+
                // According to https://tools.ietf.org/html/rfc5246#section-7.4.9 all verify_data is 12B.
                if (rec_end - rec != 12)
                    throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Finished record size incorrect (expected 12B, received %uB).", rec_end - rec));