feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

disallow client to fast forward handshake messages

Browse Source
This commit is contained in:
toddouska
2014-11-18 16:27:39 -08:00
parent 25362268db
commit f1ab188949
1 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/internal.c
View File

@@ -4758,6 +4758,14 @@ static int SanityCheckMsgReceived(CYASSL* ssl, byte type)
return OUT_OF_ORDER_E;
}
}
#endif
#ifndef NO_CYASSL_SERVER
if (ssl->options.side == CYASSL_SERVER_END) {
if ( ssl->msgsReceived.got_client_hello == 0) {
CYASSL_MSG("No ClientHello before Cert");
return OUT_OF_ORDER_E;
}
}
#endif
break;
@@ -4825,6 +4833,10 @@ static int SanityCheckMsgReceived(CYASSL* ssl, byte type)
}
ssl->msgsReceived.got_certificate_verify = 1;
if ( ssl->msgsReceived.got_certificate == 0) {
CYASSL_MSG("No Cert before CertVerify");
return OUT_OF_ORDER_E;
}
break;
#endif
@@ -4836,6 +4848,10 @@ static int SanityCheckMsgReceived(CYASSL* ssl, byte type)
}
ssl->msgsReceived.got_client_key_exchange = 1;
if (ssl->msgsReceived.got_client_hello == 0) {
CYASSL_MSG("No ClientHello before ClientKeyExchange");
return OUT_OF_ORDER_E;
}
break;
#endif
@@ -4869,6 +4885,15 @@ static int SanityCheckMsgReceived(CYASSL* ssl, byte type)
}
}
#endif
#ifndef NO_CYASSL_SERVER
if (ssl->options.side == CYASSL_SERVER_END) {
if (!ssl->options.resuming &&
ssl->msgsReceived.got_client_key_exchange == 0) {
CYASSL_MSG("No ClientKeyExchange before ChangeCipher");
return OUT_OF_ORDER_E;
}
}
#endif
break;