Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Check for "change cipher spec" before server "finished" message added

Browse Source
This commit is contained in:
Simon Rozman 2016-08-14 16:32:28 +02:00
parent a8db309a76
commit 735d669887
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/TLS/src/Method.cpp
View File

@ -1074,6 +1074,9 @@ void eap::method_tls::process_handshake(_In_bytecount_(msg_size) const void *_ms
break; break;
case tls_handshake_type_finished: { case tls_handshake_type_finished: {
if (!m_cipher_spec)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Finished message should be encrypted.");
// According to https://tools.ietf.org/html/rfc5246#section-7.4.9 all verify_data is 12B. // According to https://tools.ietf.org/html/rfc5246#section-7.4.9 all verify_data is 12B.
if (rec_end - rec != 12) if (rec_end - rec != 12)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Finished record size incorrect (expected 12B, received %uB).", rec_end - rec)); throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Finished record size incorrect (expected 12B, received %uB).", rec_end - rec));