mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 09:10:50 +02:00
F-5631: reject zero-length/duplicate post-handshake CertReq context
DoTls13CertificateRequest rejected a non-empty context during the handshake but did the complementary check for post-handshake auth. Per RFC 8446 Section 4.3.2 a post-handshake certificate_request_context must be non-empty and unique; reject a zero-length context and one that duplicates a still-pending request context with a fatal illegal_parameter alert.
This commit is contained in:
+26
-1
@@ -6100,11 +6100,24 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
|
||||
return BUFFER_ERROR;
|
||||
/* INVALID_PARAMETER does not map to illegal_parameter in the central
|
||||
* alert path, so emit the alert explicitly before returning. */
|
||||
if (ssl->options.connectState < FINISHED_DONE && len > 0) {
|
||||
if (ssl->options.connectState < FINISHED_DONE) {
|
||||
/* RFC 8446 Section 4.3.2: in the handshake the context is zero
|
||||
* length. */
|
||||
if (len > 0) {
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER);
|
||||
return INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||
else if (len == 0) {
|
||||
/* RFC 8446 Section 4.3.2: a post-handshake CertificateRequest context
|
||||
* MUST be non-empty and unique for the connection. */
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER);
|
||||
return INVALID_PARAMETER;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_POST_HANDSHAKE_AUTH
|
||||
/* Remember the request context bytes; the CertReqCtx allocation and
|
||||
@@ -6113,6 +6126,18 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
|
||||
*/
|
||||
reqCtxLen = len;
|
||||
reqCtxData = input + *inOutIdx;
|
||||
/* Reject a context that duplicates one still pending on the connection. */
|
||||
if (ssl->options.connectState >= FINISHED_DONE) {
|
||||
CertReqCtx* dup;
|
||||
for (dup = ssl->certReqCtx; dup != NULL; dup = dup->next) {
|
||||
if (dup->len == reqCtxLen &&
|
||||
XMEMCMP(&dup->ctx, reqCtxData, reqCtxLen) == 0) {
|
||||
SendAlert(ssl, alert_fatal, illegal_parameter);
|
||||
WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER);
|
||||
return INVALID_PARAMETER;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
*inOutIdx += len;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user