TLS 1.3: Client requires cert_vfy before finished when not PSK

2020-07-29 10:21:34 +10:00 · 2020-07-29 10:21:34 +10:00 · f59a1fa295
parent 70aa11f0a9
commit f59a1fa295
2 changed files with 19 additions and 2 deletions
--- a/src/tls13.c
+++ b/src/tls13.c
@ -5812,6 +5812,11 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,

            /* Advance state and proceed */
            ssl->options.asyncState = TLS_ASYNC_END;
+
+        #if !defined(NO_WOLFSSL_CLIENT)
+            if (ssl->options.side == WOLFSSL_CLIENT_END)
+                ssl->options.serverState = SERVER_CERT_VERIFY_COMPLETE;
+        #endif
        } /* case TLS_ASYNC_FINALIZE */

        case TLS_ASYNC_END:
@ -6922,8 +6927,19 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
                    WOLFSSL_MSG("Finished received out of order");
                    return OUT_OF_ORDER_E;
                }
-                if (ssl->options.serverState <
+                /* Must have seen certificate and verify from server except when
+                 * using PSK. */
+            #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+                if (ssl->arrays->psk_keySz != 0) {
+                    if (ssl->options.serverState !=
                                         SERVER_ENCRYPTED_EXTENSIONS_COMPLETE) {
+                        WOLFSSL_MSG("Finished received out of order");
+                        return OUT_OF_ORDER_E;
+                    }
+                }
+                else
+            #endif
+                if (ssl->options.serverState != SERVER_CERT_VERIFY_COMPLETE) {
                    WOLFSSL_MSG("Finished received out of order");
                    return OUT_OF_ORDER_E;
                }
@ -6931,7 +6947,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
        #endif
        #ifndef NO_WOLFSSL_SERVER
            if (ssl->options.side == WOLFSSL_SERVER_END) {
-                if (ssl->options.serverState < SERVER_FINISHED_COMPLETE) {
+                if (ssl->options.serverState != SERVER_FINISHED_COMPLETE) {
                    WOLFSSL_MSG("Finished received out of order");
                    return OUT_OF_ORDER_E;
                }
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -1590,6 +1590,7 @@ enum states {
    SERVER_HELLO_COMPLETE,
    SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
    SERVER_CERT_COMPLETE,
+    SERVER_CERT_VERIFY_COMPLETE,
    SERVER_KEYEXCHANGE_COMPLETE,
    SERVER_HELLODONE_COMPLETE,
 	SERVER_CHANGECIPHERSPEC_COMPLETE,