Add ciphersuite_info check
return null if no valid ciphersuite info
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 43b633e..f1fc1e5 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -188,6 +188,24 @@
return( SSL_TLS1_3_OFFERED_PSK_NOT_MATCH );
}
+static const mbedtls_ssl_ciphersuite_t *ssl_tls13_get_ciphersuite_info_by_id(
+ mbedtls_ssl_context *ssl,
+ uint16_t cipher_suite )
+{
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ return( NULL );
+
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
+ if( ( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
+ ssl->tls_version,
+ ssl->tls_version ) != 0 ) )
+ {
+ return( NULL );
+ }
+ return( ciphersuite_info );
+}
+
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_psk_external_check_ciphersuites( mbedtls_ssl_context *ssl,
const unsigned char *buf,
@@ -1136,17 +1154,11 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR( p, cipher_suites_end, 2 );
cipher_suite = MBEDTLS_GET_UINT16_BE( p, 0 );
- if( ! mbedtls_ssl_tls13_cipher_suite_is_offered( ssl, cipher_suite ) )
+ ciphersuite_info = ssl_tls13_get_ciphersuite_info_by_id(
+ ssl,cipher_suite );
+ if( ciphersuite_info == NULL )
continue;
- ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( cipher_suite );
- if( ( mbedtls_ssl_validate_ciphersuite(
- ssl, ciphersuite_info, ssl->tls_version,
- ssl->tls_version ) != 0 ) )
- {
- continue;
- }
-
ssl->session_negotiate->ciphersuite = cipher_suite;
ssl->handshake->ciphersuite_info = ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "selected ciphersuite: %04x - %s",