Add usage checks in context_load()

This commit is contained in:
Manuel Pégourié-Gonnard 2019-07-11 09:56:30 +02:00 committed by Jarno Lamsa
parent 00400c2bf6
commit 0ff76407d2

View file

@ -11370,8 +11370,36 @@ int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
const unsigned char *buf, const unsigned char *buf,
size_t len ) size_t len )
{ {
/*
* The context should have been freshly setup or reset.
* Give the user an error in case of obvious misuse.
* (Checking session is useful because if won't be NULL if we're
* renegotiating, or if the user mistakenly loaded a session first.)
*/
if( ssl->state != MBEDTLS_SSL_HELLO_REQUEST ||
ssl->session != NULL )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/*
* We can't check that the config matches the initial one, but we can at
* least check it matches the requirements for serializing.
*/
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->conf->max_major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
ssl->conf->min_major_ver > MBEDTLS_SSL_MAJOR_VERSION_3 ||
ssl->conf->max_minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 ||
ssl->conf->min_minor_ver > MBEDTLS_SSL_MINOR_VERSION_3 ||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED
#endif
)
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
/* Unimplemented */ /* Unimplemented */
(void) ssl;
(void) buf; (void) buf;
(void) len; (void) len;