Error out when server indicates resumption but does full handshake

2022-07-05 09:42:39 +02:00
parent fd7bf8d04d
commit 20e5c98b2c
1 changed files with 16 additions and 8 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -14758,14 +14758,6 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        }
    }

-#ifdef OPENSSL_EXTRA
-    if (ssl->CBIS != NULL){
-        ssl->cbmode = SSL_CB_MODE_READ;
-        ssl->cbtype = type;
-        ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS);
-    }
-#endif
-
    if (ssl->options.side == WOLFSSL_CLIENT_END) {
        switch (type) {
        case certificate:
@ -14773,6 +14765,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        case certificate_request:
        case server_hello_done:
            if (ssl->options.resuming) {
+#ifdef WOLFSSL_WPAS
                /* This can occur when ssl->sessionSecretCb is set. EAP-FAST
                 * (RFC 4851) allows for detecting server session resumption
                 * based on the msg received after the ServerHello. */
@ -14780,10 +14773,25 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                ssl->options.resuming = 0;
                /* No longer resuming, reset peer authentication state. */
                ssl->options.peerAuthGood = 0;
+#else
+                /* Fatal error. Only try to send an alert. RFC 5246 does not
+                 * allow for reverting back to a full handshake after the
+                 * server has indicated the intention to do a resumption. */
+                (void)SendAlert(ssl, alert_fatal, unexpected_message);
+                return OUT_OF_ORDER_E;
+#endif
            }
        }
    }

+#ifdef OPENSSL_EXTRA
+    if (ssl->CBIS != NULL){
+        ssl->cbmode = SSL_CB_MODE_READ;
+        ssl->cbtype = type;
+        ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS);
+    }
+#endif
+
    switch (type) {

    case hello_request: