Merge pull request #9387 from SparkiDev/tls12_cr_order

TLS 1.2: client message order check
2026-01-26 15:42:26 +01:00 · 2025-11-07 10:00:39 -07:00
parent 222f6084f8 958fa1af60
commit 4c5bc5f8fe
1 changed files with 14 additions and 0 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -17666,6 +17666,20 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
                WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);
                return OUT_OF_ORDER_E;
            }
+            if (!ssl->options.resuming && ssl->specs.kea != rsa_kea &&
+                    (ssl->specs.kea != ecc_diffie_hellman_kea ||
+                     !ssl->specs.static_ecdh) &&
+                    ssl->specs.kea != ecc_static_diffie_hellman_kea &&
+                    !ssl->msgsReceived.got_server_key_exchange) {
+                WOLFSSL_MSG("No ServerKeyExchange before CertificateRequest");
+                WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);
+                return OUT_OF_ORDER_E;
+            }
+            if (!ssl->msgsReceived.got_certificate) {
+                WOLFSSL_MSG("No Certificate before CertificateRequest");
+                WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);
+                return OUT_OF_ORDER_E;
+            }
            if (ssl->msgsReceived.got_server_hello_done) {
                WOLFSSL_MSG("CertificateRequest received in wrong order");
                WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E);