Check that HVR and HRR don't appear in the same connection

2023-08-18 15:14:51 +02:00
parent 9427bea275
commit 3cc473b1ec
2 changed files with 13 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -15682,6 +15682,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
                WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E);
                return DUPLICATE_MSG_E;
            }
+            if (ssl->msgsReceived.got_hello_retry_request) {
+                WOLFSSL_MSG("Received HelloVerifyRequest after a "
+                            "HelloRetryRequest");
+                WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
+                return VERSION_ERROR;
+            }
            ssl->msgsReceived.got_hello_verify_request = 1;

            break;
--- a/src/tls13.c
+++ b/src/tls13.c
@ -5024,6 +5024,13 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
        WOLFSSL_MSG("HelloRetryRequest format");
        *extMsgType = hello_retry_request;

+        if (ssl->msgsReceived.got_hello_verify_request) {
+            WOLFSSL_MSG("Received HelloRetryRequest after a "
+                        "HelloVerifyRequest");
+            WOLFSSL_ERROR_VERBOSE(VERSION_ERROR);
+            return VERSION_ERROR;
+        }
+
        /* A HelloRetryRequest comes in as an ServerHello for MiddleBox compat.
         * Found message to be a HelloRetryRequest.
         * Don't allow more than one HelloRetryRequest or ServerHello.