yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add hash check of ciphersuite for ticket psk

Browse source 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
This commit is contained in:
Xiaokang Qian 2023-02-06 10:15:00 +00:00
parent 6be8290aba
commit ac4c625dea
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
library/ssl_tls13_client.c
View file

@ -1107,6 +1107,16 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (selected_identity == 0 && ssl_tls13_has_configured_ticket(ssl)) {
ret = ssl_tls13_ticket_get_psk(ssl, &hash_alg, &psk, &psk_len);
if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
!= hash_alg) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("Invalid ciphersuite for ticket psk."));
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
} else
#endif
if (mbedtls_ssl_conf_has_static_psk(ssl->conf)) {