AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add ciphersuite check in set_session

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-10-08 10:42:13 +08:00
parent 21f9095fa8
commit 40afab61a8
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
library/ssl_tls.c
View File

@ -1361,6 +1361,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
if( ssl == NULL ||
session == NULL ||
@ -1373,6 +1374,16 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
if( ssl->handshake->resume == 1 )
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( session->ciphersuite );
if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
session->tls_version,
session->tls_version ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not a valid ciphersuite.",
session->ciphersuite ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
}
if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
session ) ) != 0 )
return( ret );