From c69316071f5d00ba3cbede3cdd7da773c6f579c1 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Wed, 17 Aug 2016 09:26:46 +0200
Subject: [PATCH] Support for encrypted change cipher spec messages added

---
 lib/TLS/src/Method.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/TLS/src/Method.cpp b/lib/TLS/src/Method.cpp
index 50340dc..42c4f0c 100644
--- a/lib/TLS/src/Method.cpp
+++ b/lib/TLS/src/Method.cpp
@@ -812,7 +812,12 @@ void eap::method_tls::process_packet(_In_bytecount_(size_pck) const void *_pck,
             // Process TLS message.
             switch (hdr->type) {
             case tls_message_type_change_cipher_spec:
-                process_change_cipher_spec(msg, msg_end - msg);
+                if (m_state_server.m_alg_encrypt) {
+                    sanitizing_blob msg_dec(msg, msg_end);
+                    decrypt_message(hdr->type, msg_dec);
+                    process_change_cipher_spec(msg_dec.data(), msg_dec.size());
+                } else
+                    process_change_cipher_spec(msg, msg_end - msg);
                 break;
 
             case tls_message_type_alert: