Validate consistency of certificate hash type and length in session

commit: 2326d2036176d24d6098652c62fee9250fbc35da [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Thu Jun 06 14:54:55 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Wed Jun 19 14:59:42 2019 +0100
tree: 6925c551b4926ea9b58e239774f36b78c5f6b0ad
parent: fd5dc8ae07dbd0541e3d3494ba7c4ee1d74c3903 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9325804..f2034a4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -9498,6 +9498,13 @@
 
     if( session->peer_cert_digest_len != 0 )
     {
+        const mbedtls_md_info_t *md_info =
+            mbedtls_md_info_from_type( session->peer_cert_digest_type );
+        if( md_info == NULL )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+        if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) )
+            return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
         if( session->peer_cert_digest_len > (size_t)( end - p ) )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
commit	2326d2036176d24d6098652c62fee9250fbc35da	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Thu Jun 06 14:54:55 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Wed Jun 19 14:59:42 2019 +0100
tree	6925c551b4926ea9b58e239774f36b78c5f6b0ad
parent	fd5dc8ae07dbd0541e3d3494ba7c4ee1d74c3903 [diff] [blame]