From 3a65f55bd3f62ca95bef42b1aaa1e104813f57ce Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 18 Jan 2016 15:33:32 -0700
Subject: [PATCH] check not CHACHA_BYTE before considering normal suite

---
 src/internal.c     | 2 +-
 wolfssl/internal.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index b96725c15..ca7f55d55 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3943,7 +3943,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
             return 0;
         }   /* switch */
         }   /* if     */
-        if (first != ECC_BYTE) {   /* normal suites */
+        if (first != ECC_BYTE && first != CHACHA_BYTE) {   /* normal suites */
         switch (second) {
 
 #ifndef NO_RSA
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index e83d194cd..ad0d9088b 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -784,6 +784,7 @@ enum {
     TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
 
+    /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = 0x13,
     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x14,
     TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     = 0x15,