Don't allow calling CID API outside of DTLS

commit: 76a79ab4a2403e89753be402f5875a3a10e7b18f [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri May 03 14:38:32 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Jun 03 16:07:50 2019 +0100
tree: e85456248a0b5ce260d991fb3f3f1d8bc0faf37d
parent: e2c2314ab44ac80ee0b41e5bbaa78353a502eb3b [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d139489..d7291fe 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -128,6 +128,9 @@
                          unsigned char const *own_cid,
                          size_t own_cid_len )
 {
+    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+
     ssl->negotiate_cid = enable;
     if( enable == MBEDTLS_SSL_CID_DISABLED )
     {
@@ -162,8 +165,11 @@
 {
     *enabled = MBEDTLS_SSL_CID_DISABLED;
 
-    if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
+        ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
+    {
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
 
     /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions
      * were used, but client and server requested the empty CID.
commit	76a79ab4a2403e89753be402f5875a3a10e7b18f	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri May 03 14:38:32 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Jun 03 16:07:50 2019 +0100
tree	e85456248a0b5ce260d991fb3f3f1d8bc0faf37d
parent	e2c2314ab44ac80ee0b41e5bbaa78353a502eb3b [diff] [blame]