Merge pull request #1319 from davidhorstmann-arm/calc-finished-check-return-3.6
[Backport 3.6] TLS1.2: Check for failures in Finished calculation
diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt
new file mode 100644
index 0000000..cd52d32
--- /dev/null
+++ b/ChangeLog.d/tls12-check-finished-calc.txt
@@ -0,0 +1,6 @@
+Security
+ * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
+ or there was a cryptographic hardware failure when calculating the
+ Finished message, it could be calculated incorrectly. This would break
+ the security guarantees of the TLS handshake.
+ CVE-2025-27810
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a5e5b28..71c834b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8357,6 +8357,7 @@
ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+ return ret;
}
/*
@@ -8470,6 +8471,7 @@
ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+ return ret;
}
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {