From 20e5c98b2cf99a370b72b961428cc2a466c0a306 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 5 Jul 2022 09:42:39 +0200 Subject: [PATCH] Error out when server indicates resumption but does full handshake --- src/internal.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/src/internal.c b/src/internal.c index 5c69e531a..785c6db27 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14758,14 +14758,6 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, } } -#ifdef OPENSSL_EXTRA - if (ssl->CBIS != NULL){ - ssl->cbmode = SSL_CB_MODE_READ; - ssl->cbtype = type; - ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS); - } -#endif - if (ssl->options.side == WOLFSSL_CLIENT_END) { switch (type) { case certificate: @@ -14773,6 +14765,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case certificate_request: case server_hello_done: if (ssl->options.resuming) { +#ifdef WOLFSSL_WPAS /* This can occur when ssl->sessionSecretCb is set. EAP-FAST * (RFC 4851) allows for detecting server session resumption * based on the msg received after the ServerHello. */ @@ -14780,10 +14773,25 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.resuming = 0; /* No longer resuming, reset peer authentication state. */ ssl->options.peerAuthGood = 0; +#else + /* Fatal error. Only try to send an alert. RFC 5246 does not + * allow for reverting back to a full handshake after the + * server has indicated the intention to do a resumption. */ + (void)SendAlert(ssl, alert_fatal, unexpected_message); + return OUT_OF_ORDER_E; +#endif } } } +#ifdef OPENSSL_EXTRA + if (ssl->CBIS != NULL){ + ssl->cbmode = SSL_CB_MODE_READ; + ssl->cbtype = type; + ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS); + } +#endif + switch (type) { case hello_request: