From 7887a77c2507bfbddd2238a0a1a06f9b19d7f64e Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Tue, 20 Apr 2021 05:27:57 +0100
Subject: [PATCH] Match parameter check in TLS 1.3 populate transform to 1.2
 version

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/ssl_tls13_keys.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 28313130f7..0977cabb34 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -719,12 +719,19 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform,
 #endif
 
     ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuite );
+    if( ciphersuite_info == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %d not found",
+                                    ciphersuite ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+    }
 
     cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
     if( cipher_info == NULL )
     {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
+                                    ciphersuite_info->cipher ) );
+        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA )
     }
 
     /*