forked from wolfSSL/wolfssl
In TLS 1.3, don't allow multiple ChangeCipherSpecs in a row
This commit is contained in:
Sean Parkinson
@ -15157,6 +15157,7 @@ int ProcessReply(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
|
ssl->msgsReceived.got_change_cipher = 0;
|
||||||
ret = DoTls13HandShakeMsg(ssl,
|
ret = DoTls13HandShakeMsg(ssl,
|
||||||
ssl->buffers.inputBuffer.buffer,
|
ssl->buffers.inputBuffer.buffer,
|
||||||
&ssl->buffers.inputBuffer.idx,
|
&ssl->buffers.inputBuffer.idx,
|
||||||
@ -15219,6 +15220,13 @@ int ProcessReply(WOLFSSL* ssl)
|
|||||||
return UNKNOWN_RECORD_TYPE;
|
return UNKNOWN_RECORD_TYPE;
|
||||||
}
|
}
|
||||||
ssl->buffers.inputBuffer.idx++;
|
ssl->buffers.inputBuffer.idx++;
|
||||||
|
if (!ssl->msgsReceived.got_change_cipher) {
|
||||||
|
ssl->msgsReceived.got_change_cipher = 1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||||
|
return UNKNOWN_RECORD_TYPE;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user