TLS1.2: Check for failures in Finished calculation If the calc_finished function returns an error code, don't ignore it but instead return the error code to stop the handshake as the Finished message may be incorrect. Signed-off-by: David Horstmann <david.horstmann@arm.com>

commit: b5ef7da7cbea488e51c3d902af30d6e607f53f0b [log] [tgz]
author: David Horstmann <david.horstmann@arm.com> Fri Mar 07 17:20:59 2025 +0000
committer: David Horstmann <david.horstmann@arm.com> Fri Mar 07 17:25:54 2025 +0000
tree: a0272b6114458aece803e888647fd9ad99fa2d37
parent: 9a9f0c77cfd314b761aaeef7a521565e00019b4a [diff]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a5e5b28..71c834b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -8357,6 +8357,7 @@
     ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
     if (ret != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+        return ret;
     }
 
     /*
@@ -8470,6 +8471,7 @@
     ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
     if (ret != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+        return ret;
     }
 
     if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
commit	b5ef7da7cbea488e51c3d902af30d6e607f53f0b	[log] [tgz]
author	David Horstmann <david.horstmann@arm.com>	Fri Mar 07 17:20:59 2025 +0000
committer	David Horstmann <david.horstmann@arm.com>	Fri Mar 07 17:25:54 2025 +0000
tree	a0272b6114458aece803e888647fd9ad99fa2d37
parent	9a9f0c77cfd314b761aaeef7a521565e00019b4a [diff]