From 070029fd086cc3e86acac8da390f25fff85bd4e8 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Fri, 13 Aug 2021 17:15:51 -0600
Subject: [PATCH] add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode

---
 src/internal.c                           |  1 +
 src/ssl.c                                | 22 ++++++++++++++++++++++
 src/tls13.c                              |  6 +++++-
 tests/api.c                              |  5 +++++
 wolfssl/internal.h                       |  4 ++++
 wolfssl/ssl.h                            |  4 +++-
 wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs |  3 ++-
 7 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index b34a89b40..277cc2506 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6218,6 +6218,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->options.noPskDheKe = ctx->noPskDheKe;
     #if defined(WOLFSSL_POST_HANDSHAKE_AUTH)
         ssl->options.postHandshakeAuth = ctx->postHandshakeAuth;
+        ssl->options.verifyPostHandshake = ctx->verifyPostHandshake;
     #endif
 
     if (ctx->numGroups > 0) {
diff --git a/src/ssl.c b/src/ssl.c
index f2593f455..5d7ad2541 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -11260,6 +11260,9 @@ void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
     ctx->verifyNone     = 0;
     ctx->failNoCert     = 0;
     ctx->failNoCertxPSK = 0;
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+    ctx->verifyPostHandshake = 0;
+#endif
 
     if (mode != WOLFSSL_VERIFY_DEFAULT) {
         if (mode == WOLFSSL_VERIFY_NONE) {
@@ -11275,6 +11278,11 @@ void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
             if (mode & WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
                 ctx->failNoCert = 1;
             }
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+            if (mode & WOLFSSL_VERIFY_POST_HANDSHAKE) {
+                ctx->verifyPostHandshake = 1;
+            }
+#endif
         }
     }
 
@@ -11309,6 +11317,10 @@ void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
                                         == WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT;
     ssl->options.failNoCertxPSK = (mode & WOLFSSL_VERIFY_FAIL_EXCEPT_PSK)
                                         == WOLFSSL_VERIFY_FAIL_EXCEPT_PSK;
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+    ssl->options.verifyPostHandshake = (mode & WOLFSSL_VERIFY_POST_HANDSHAKE)
+                                        == WOLFSSL_VERIFY_POST_HANDSHAKE;
+#endif
 
     ssl->verifyCallback = vc;
 }
@@ -46568,6 +46580,11 @@ int wolfSSL_get_verify_mode(const WOLFSSL* ssl) {
         if (ssl->options.failNoCertxPSK) {
             mode |= WOLFSSL_VERIFY_FAIL_EXCEPT_PSK;
         }
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+        if (ssl->options.verifyPostHandshake) {
+            mode |= WOLFSSL_VERIFY_POST_HANDSHAKE;
+        }
+#endif
     }
 
     WOLFSSL_LEAVE("wolfSSL_get_verify_mode", mode);
@@ -46596,6 +46613,11 @@ int wolfSSL_CTX_get_verify_mode(const WOLFSSL_CTX* ctx)
         if (ctx->failNoCertxPSK) {
             mode |= WOLFSSL_VERIFY_FAIL_EXCEPT_PSK;
         }
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+        if (ctx->verifyPostHandshake) {
+            mode |= WOLFSSL_VERIFY_POST_HANDSHAKE;
+        }
+#endif
     }
 
     WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode);
diff --git a/src/tls13.c b/src/tls13.c
index 39fdb351e..3aa83e0fc 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -9401,7 +9401,11 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
         case TLS13_SERVER_EXTENSIONS_SENT :
 #ifndef NO_CERTS
             if (!ssl->options.resuming) {
-                if (ssl->options.verifyPeer) {
+                if (ssl->options.verifyPeer
+    #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
+                    && !ssl->options.verifyPostHandshake
+    #endif
+                   ) {
                     ssl->error = SendTls13CertificateRequest(ssl, NULL, 0);
                     if (ssl->error != 0) {
                         WOLFSSL_ERROR(ssl->error);
diff --git a/tests/api.c b/tests/api.c
index c740410e9..0ac46a6ed 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -36961,6 +36961,11 @@ static void test_wolfSSL_verify_mode(void)
     wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0);
     AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK);
 
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+    wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0);
+    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE);
+#endif
+
     AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
                 WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 2091d90ef..4df1a4319 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2854,6 +2854,8 @@ struct WOLFSSL_CTX {
     byte        mutualAuth:1;     /* Mutual authentication required */
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
     byte        postHandshakeAuth:1;  /* Post-handshake auth supported. */
+    byte        verifyPostHandshake:1; /* Only send client cert req post
+                                        * handshake, not also during */
 #endif
 #ifndef NO_DH
     #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
@@ -3662,6 +3664,8 @@ typedef struct Options {
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
     word16            postHandshakeAuth:1;/* Client send post_handshake_auth
                                            * extension */
+    word16            verifyPostHandshake:1; /* Only send client cert req post
+                                              * handshake, not also during */
 #endif
 #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
     word16            sendCookie:1;       /* Server creates a Cookie in HRR */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 3e1fa2064..1df79dade 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -2186,6 +2186,7 @@ WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
     #define SSL_VERIFY_PEER WOLFSSL_VERIFY_PEER
     #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT
     #define SSL_VERIFY_CLIENT_ONCE WOLFSSL_VERIFY_CLIENT_ONCE
+    #define SSL_VERIFY_POST_HANDSHAKE WOLFSSL_VERIFY_POST_HANDSHAKE
     #define SSL_VERIFY_FAIL_EXCEPT_PSK WOLFSSL_VERIFY_FAIL_EXCEPT_PSK
 
     #define SSL_SESS_CACHE_OFF WOLFSSL_SESS_CACHE_OFF
@@ -2256,7 +2257,8 @@ enum { /* ssl Constants */
     WOLFSSL_VERIFY_PEER                 = 1 << 0,
     WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT = 1 << 1,
     WOLFSSL_VERIFY_CLIENT_ONCE          = 1 << 2,
-    WOLFSSL_VERIFY_FAIL_EXCEPT_PSK      = 1 << 3,
+    WOLFSSL_VERIFY_POST_HANDSHAKE       = 1 << 3,
+    WOLFSSL_VERIFY_FAIL_EXCEPT_PSK      = 1 << 4,
     WOLFSSL_VERIFY_DEFAULT              = 1 << 9,
 
     WOLFSSL_SESS_CACHE_OFF                = 0x0000,
diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
index a2019cadb..a6b159577 100644
--- a/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
+++ b/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs
@@ -397,7 +397,8 @@ namespace wolfSSL.CSharp {
         public static readonly int SSL_VERIFY_PEER = 1;
         public static readonly int SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2;
         public static readonly int SSL_VERIFY_CLIENT_ONCE = 4;
-        public static readonly int SSL_VERIFY_FAIL_EXCEPT_PSK = 8;
+        public static readonly int SSL_VERIFY_POST_HANDSHAKE = 8;
+        public static readonly int SSL_VERIFY_FAIL_EXCEPT_PSK = 16;
 
         public static readonly int CBIO_ERR_GENERAL = -1;
         public static readonly int CBIO_ERR_WANT_READ = -2;