move gotChangeCipher from options into msgsReceived

cyassl/internal.h

@@ -1790,7 +1790,6 @@ typedef struct Options {
     byte            quietShutdown;      /* don't send close notify */
     byte            certOnly;           /* stop once we get cert */
     byte            groupMessages;      /* group handshake messages */
-    byte            gotChangeCipher;    /* received change cipher from peer */
     byte            usingNonblock;      /* set when using nonblocking socket */
     byte            saveArrays;         /* save array Memory for user get keys
                                            or psk */
@@ -2222,7 +2221,10 @@ enum HandShakeType {
     server_hello_done   = 14,
     certificate_verify  = 15, 
     client_key_exchange = 16,
-    finished            = 20
+    finished            = 20,
+    change_cipher_hs    = 55      /* simulate unique handshake type for sanity
+                                     checks.  record layer change_cipher
+                                     conflicts with handshake finished */
 };
 
 

src/internal.c

@@ -1665,7 +1665,6 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
     ssl->options.quietShutdown = ctx->quietShutdown;
     ssl->options.certOnly = 0;
     ssl->options.groupMessages = ctx->groupMessages;
-    ssl->options.gotChangeCipher = 0;
     ssl->options.usingNonblock = 0;
     ssl->options.saveArrays = 0;
 #ifdef HAVE_POLY1305
@@ -4618,11 +4617,6 @@ int DoFinished(CYASSL* ssl, const byte* input, word32* inOutIdx, word32 size,
     if (finishedSz != size)
         return BUFFER_ERROR;
 
-    if (ssl->options.gotChangeCipher == 0) {
-        CYASSL_MSG("Finished received from peer before change cipher");
-        return NO_CHANGE_CIPHER_E;
-    }
-
     /* check against totalSz */
     if (*inOutIdx + size + ssl->keys.padSz > totalSz)
         return BUFFER_E;
@@ -4801,6 +4795,20 @@ static int SanityCheckMsgReceived(CYASSL* ssl, byte type)
             }
             ssl->msgsReceived.got_finished = 1;
 
+            if (ssl->msgsReceived.got_change_cipher == 0) {
+                CYASSL_MSG("Finished received before ChangeCipher");
+                return NO_CHANGE_CIPHER_E;
+            }
+
+            break;
+
+        case change_cipher_hs:
+            if (ssl->msgsReceived.got_change_cipher) {
+                CYASSL_MSG("Duplicate ChangeCipher received");
+                return -1;
+            }
+            ssl->msgsReceived.got_change_cipher = 1;
+
             break;
 
         default:
@@ -6622,7 +6630,6 @@ int ProcessReply(CYASSL* ssl)
                     break;
 
                 case change_cipher_spec:
-                    ssl->options.gotChangeCipher = 1;
                     CYASSL_MSG("got CHANGE CIPHER SPEC");
                     #ifdef CYASSL_CALLBACKS
                         if (ssl->hsInfoOn)
@@ -6637,6 +6644,10 @@ int ProcessReply(CYASSL* ssl)
                         }
                     #endif
 
+                    ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
+                    if (ret != 0)
+                        return ret;
+
 #ifdef HAVE_SESSION_TICKET
                     if (ssl->options.side == CYASSL_CLIENT_END &&
                                                   ssl->expect_session_ticket) {

src/sniffer.c

@@ -2712,7 +2712,6 @@ doMessage:
             Trace(GOT_CHANGE_CIPHER_STR);
             ssl->options.handShakeState = HANDSHAKE_DONE;
             ssl->options.handShakeDone  = 1;
-            ssl->options.gotChangeCipher = 1;
             break;
         case application_data:
             Trace(GOT_APP_DATA_STR);

src/ssl.c

@@ -777,7 +777,6 @@ int CyaSSL_Rehandshake(CYASSL* ssl)
     ssl->options.acceptState   = ACCEPT_BEGIN;
     ssl->options.handShakeState = NULL_STATE;
     ssl->options.processReply  = 0;  /* TODO, move states in internal.h */
-    ssl->options.gotChangeCipher = 0;
 
     XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));