Add usage checks in context_load()
This commit is contained in:
parent
00400c2bf6
commit
0ff76407d2
1 changed files with 29 additions and 1 deletions
|
@ -11370,8 +11370,36 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
|
||||||
const unsigned char *buf,
|
const unsigned char *buf,
|
||||||
size_t len )
|
size_t len )
|
||||||
{
|
{
|
||||||
|
/*
|
||||||
|
* The context should have been freshly setup or reset.
|
||||||
|
* Give the user an error in case of obvious misuse.
|
||||||
|
* (Checking session is useful because if won't be NULL if we're
|
||||||
|
* renegotiating, or if the user mistakenly loaded a session first.)
|
||||||
|
*/
|
||||||
|
if( ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
|
||||||
|
ssl->session != NULL )
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We can't check that the config matches the initial one, but we can at
|
||||||
|
* least check it matches the requirements for serializing.
|
||||||
|
*/
|
||||||
|
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
|
||||||
|
ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
|
||||||
|
ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 ||
|
||||||
|
ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ||
|
||||||
|
ssl->conf->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 ||
|
||||||
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
|
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED
|
||||||
|
#endif
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
/* Unimplemented */
|
/* Unimplemented */
|
||||||
(void) ssl;
|
|
||||||
(void) buf;
|
(void) buf;
|
||||||
(void) len;
|
(void) len;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue