Merge pull request #7047 from mpg/tls-hash-errors
Handle errors from hash functions in TLS code
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 963f8bb..ea64b21 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -945,16 +945,29 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
{
- mbedtls_ssl_add_hs_hdr_to_checksum(ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
- msg_len);
- ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len);
+ ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
+ MBEDTLS_SSL_HS_CLIENT_HELLO,
+ msg_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_add_hs_hdr_to_checksum", ret);
+ return ret;
+ }
+ ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
+ return ret;
+ }
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if (binders_len > 0) {
MBEDTLS_SSL_PROC_CHK(
mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
ssl, buf + msg_len - binders_len, buf + msg_len));
- ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len,
- binders_len);
+ ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len,
+ binders_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
+ return ret;
+ }
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 2668a05..7385c6e 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -705,9 +705,12 @@
mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
- void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
- void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
- void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
+ MBEDTLS_CHECK_RETURN_CRITICAL
+ int (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
+ MBEDTLS_CHECK_RETURN_CRITICAL
+ int (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
+ MBEDTLS_CHECK_RETURN_CRITICAL
+ int (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
mbedtls_ssl_tls_prf_cb *tls_prf;
/*
@@ -1317,7 +1320,8 @@
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl);
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -1328,7 +1332,8 @@
int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl);
-void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
/**
* \brief Update record layer
@@ -1461,14 +1466,16 @@
/*
* Update checksum of handshake messages.
*/
-void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len);
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len);
-void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
- unsigned hs_type,
- size_t total_hs_len);
+MBEDTLS_CHECK_RETURN_CRITICAL
+int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len);
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 9bedc25..d26d950 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -2639,7 +2639,12 @@
/* Update running hashes of handshake messages seen */
if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0) {
- ssl->handshake->update_checksum(ssl, ssl->out_msg, ssl->out_msglen);
+ ret = ssl->handshake->update_checksum(ssl, ssl->out_msg,
+ ssl->out_msglen);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
+ return ret;
+ }
}
}
@@ -3067,12 +3072,17 @@
return 0;
}
-void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
+int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
if (mbedtls_ssl_is_handshake_over(ssl) == 0 && hs != NULL) {
- ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen);
+ ret = ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
+ return ret;
+ }
}
/* Handshake message is complete, increment counter */
@@ -3103,6 +3113,7 @@
memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer));
}
#endif
+ return 0;
}
/*
@@ -3928,7 +3939,11 @@
if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
update_hs_digest == 1) {
- mbedtls_ssl_update_handshake_status(ssl);
+ ret = mbedtls_ssl_update_handshake_status(ssl);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret);
+ return ret;
+ }
}
} else {
MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message"));
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 86f5c0b..441089f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -418,8 +418,8 @@
const char *label,
const unsigned char *random, size_t rlen,
unsigned char *dstbuf, size_t dlen);
-static void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *);
-static void ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int);
+static int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *);
+static int ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int);
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
@@ -430,8 +430,8 @@
const unsigned char *random, size_t rlen,
unsigned char *dstbuf, size_t dlen);
-static void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *);
-static void ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
+static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *);
+static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session,
@@ -444,14 +444,14 @@
size_t len);
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-static void ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t);
+static int ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t);
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t);
+static int ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t);
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t);
+static int ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t);
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
@@ -788,9 +788,9 @@
}
}
-void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
- unsigned hs_type,
- size_t total_hs_len)
+int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ size_t total_hs_len)
{
unsigned char hs_hdr[4];
@@ -800,84 +800,137 @@
hs_hdr[2] = MBEDTLS_BYTE_1(total_hs_len);
hs_hdr[3] = MBEDTLS_BYTE_0(total_hs_len);
- ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr));
+ return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr));
}
-void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
- unsigned hs_type,
- unsigned char const *msg,
- size_t msg_len)
+int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
+ unsigned hs_type,
+ unsigned char const *msg,
+ size_t msg_len)
{
- mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len);
- ssl->handshake->update_checksum(ssl, msg, msg_len);
+ int ret;
+ ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len);
+ if (ret != 0) {
+ return ret;
+ }
+ return ssl->handshake->update_checksum(ssl, msg, msg_len);
}
-void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
+int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
{
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
+ defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status;
+#else
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#endif
+#else /* SHA-256 or SHA-384 */
((void) ssl);
+#endif /* SHA-256 or SHA-384 */
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort(&ssl->handshake->fin_sha256_psa);
- psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
+ status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
+ if (status != PSA_SUCCESS) {
+ return mbedtls_md_error_from_psa(status);
+ }
+ status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
+ if (status != PSA_SUCCESS) {
+ return mbedtls_md_error_from_psa(status);
+ }
#else
- mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
+ ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
+ if (ret != 0) {
+ return ret;
+ }
#endif
#endif
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort(&ssl->handshake->fin_sha384_psa);
- psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
+ status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
+ if (status != PSA_SUCCESS) {
+ return mbedtls_md_error_from_psa(status);
+ }
+ status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
+ if (status != PSA_SUCCESS) {
+ return mbedtls_md_error_from_psa(status);
+ }
#else
- mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
+ ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
+ if (ret != 0) {
+ return ret;
+ }
#endif
#endif
+ return 0;
}
-static void ssl_update_checksum_start(mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len)
+static int ssl_update_checksum_start(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
+ defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
+ psa_status_t status;
#else
- mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#endif
-#endif
-#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
-#else
- mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
-#endif
-#endif
-#if !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
- !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
- (void) ssl;
+#else /* SHA-256 or SHA-384 */
+ ((void) ssl);
(void) buf;
(void) len;
+#endif /* SHA-256 or SHA-384 */
+#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
+ if (status != PSA_SUCCESS) {
+ return mbedtls_md_error_from_psa(status);
+ }
+#else
+ ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
+ if (ret != 0) {
+ return ret;
+ }
#endif
+#endif
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
+ if (status != PSA_SUCCESS) {
+ return mbedtls_md_error_from_psa(status);
+ }
+#else
+ ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
+ if (ret != 0) {
+ return ret;
+ }
+#endif
+#endif
+ return 0;
}
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len)
+static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
+ return mbedtls_md_error_from_psa(psa_hash_update(
+ &ssl->handshake->fin_sha256_psa, buf, len));
#else
- mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
+ return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
#endif
}
#endif
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
- const unsigned char *buf, size_t len)
+static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
+ const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
+ return mbedtls_md_error_from_psa(psa_hash_update(
+ &ssl->handshake->fin_sha384_psa, buf, len));
#else
- mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
+ return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
#endif
}
#endif
@@ -889,19 +942,15 @@
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha256_psa = psa_hash_operation_init();
- psa_hash_setup(&handshake->fin_sha256_psa, PSA_ALG_SHA_256);
#else
mbedtls_sha256_init(&handshake->fin_sha256);
- mbedtls_sha256_starts(&handshake->fin_sha256, 0);
#endif
#endif
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha384_psa = psa_hash_operation_init();
- psa_hash_setup(&handshake->fin_sha384_psa, PSA_ALG_SHA_384);
#else
mbedtls_sha512_init(&handshake->fin_sha384);
- mbedtls_sha512_starts(&handshake->fin_sha384, 1);
#endif
#endif
@@ -971,6 +1020,8 @@
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_handshake_init(mbedtls_ssl_context *ssl)
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
/* Clear old handshake information if present */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (ssl->transform_negotiate) {
@@ -1038,6 +1089,13 @@
mbedtls_ssl_transform_init(ssl->transform_negotiate);
#endif
+ /* Setup handshake checksums */
+ ret = mbedtls_ssl_reset_checksum(ssl);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret);
+ return ret;
+ }
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SRV_C) && \
defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -6285,7 +6343,10 @@
if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) {
lbl = "extended master secret";
seed = session_hash;
- handshake->calc_verify(ssl, session_hash, &seed_len);
+ ret = handshake->calc_verify(ssl, session_hash, &seed_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "calc_verify", ret);
+ }
MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret",
session_hash, seed_len);
@@ -6513,9 +6574,9 @@
}
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen)
+int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hlen)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
@@ -6525,20 +6586,23 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha256"));
status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
if (status != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
- return;
+ goto exit;
}
status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size);
if (status != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
- return;
+ goto exit;
}
*hlen = 32;
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
+
+exit:
+ psa_hash_abort(&sha256_psa);
+ return mbedtls_md_error_from_psa(status);
#else
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha256_context sha256;
mbedtls_sha256_init(&sha256);
@@ -6546,23 +6610,28 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256"));
mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256);
- mbedtls_sha256_finish(&sha256, hash);
+
+ ret = mbedtls_sha256_finish(&sha256, hash);
+ if (ret != 0) {
+ goto exit;
+ }
*hlen = 32;
MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
+exit:
mbedtls_sha256_free(&sha256);
+ return ret;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return;
}
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
- unsigned char *hash,
- size_t *hlen)
+int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
+ unsigned char *hash,
+ size_t *hlen)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
@@ -6572,20 +6641,23 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha384"));
status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
if (status != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
- return;
+ goto exit;
}
status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size);
if (status != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
- return;
+ goto exit;
}
*hlen = 48;
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
+
+exit:
+ psa_hash_abort(&sha384_psa);
+ return mbedtls_md_error_from_psa(status);
#else
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha512_context sha512;
mbedtls_sha512_init(&sha512);
@@ -6593,16 +6665,21 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384"));
mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384);
- mbedtls_sha512_finish(&sha512, hash);
+
+ ret = mbedtls_sha512_finish(&sha512, hash);
+ if (ret != 0) {
+ goto exit;
+ }
*hlen = 48;
MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
+exit:
mbedtls_sha512_free(&sha512);
+ return ret;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- return;
}
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
@@ -7545,7 +7622,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_calc_finished_tls_sha256(
+static int ssl_calc_finished_tls_sha256(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
int len = 12;
@@ -7556,6 +7633,7 @@
psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT;
psa_status_t status;
#else
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha256_context sha256;
#endif
@@ -7575,14 +7653,12 @@
status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
if (status != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
- return;
+ goto exit;
}
status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size);
if (status != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
- return;
+ goto exit;
}
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32);
#else
@@ -7604,8 +7680,10 @@
sha256.state, sizeof(sha256.state));
#endif
- mbedtls_sha256_finish(&sha256, padbuf);
- mbedtls_sha256_free(&sha256);
+ ret = mbedtls_sha256_finish(&sha256, padbuf);
+ if (ret != 0) {
+ goto exit;
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
ssl->handshake->tls_prf(session->master, 48, sender,
@@ -7616,12 +7694,21 @@
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
+
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort(&sha256_psa);
+ return mbedtls_md_error_from_psa(status);
+#else
+ mbedtls_sha256_free(&sha256);
+ return ret;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
-static void ssl_calc_finished_tls_sha384(
+static int ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
int len = 12;
@@ -7632,6 +7719,7 @@
psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT;
psa_status_t status;
#else
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha512_context sha512;
#endif
@@ -7651,14 +7739,12 @@
status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
if (status != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed"));
- return;
+ goto exit;
}
status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size);
if (status != PSA_SUCCESS) {
- MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed"));
- return;
+ goto exit;
}
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48);
#else
@@ -7678,9 +7764,10 @@
MBEDTLS_SSL_DEBUG_BUF(4, "finished sha512 state", (unsigned char *)
sha512.state, sizeof(sha512.state));
#endif
- mbedtls_sha512_finish(&sha512, padbuf);
-
- mbedtls_sha512_free(&sha512);
+ ret = mbedtls_sha512_finish(&sha512, padbuf);
+ if (ret != 0) {
+ goto exit;
+ }
#endif
ssl->handshake->tls_prf(session->master, 48, sender,
@@ -7691,6 +7778,15 @@
mbedtls_platform_zeroize(padbuf, sizeof(padbuf));
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished"));
+
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_hash_abort(&sha384_psa);
+ return mbedtls_md_error_from_psa(status);
+#else
+ mbedtls_sha512_free(&sha512);
+ return ret;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/
@@ -7787,7 +7883,10 @@
mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate);
- ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
+ ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+ }
/*
* RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
@@ -7897,7 +7996,10 @@
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished"));
- ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
+ ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+ }
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index b427ae9..fc99fde 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1090,6 +1090,7 @@
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl)
{
+ int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
uint16_t dtls_legacy_version;
@@ -1160,7 +1161,11 @@
/* Start over at ClientHello */
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
- mbedtls_ssl_reset_checksum(ssl);
+ ret = mbedtls_ssl_reset_checksum(ssl);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret);
+ return ret;
+ }
mbedtls_ssl_recv_flight_completed(ssl);
@@ -3283,7 +3288,11 @@
sign:
#endif
- ssl->handshake->calc_verify(ssl, hash, &hashlen);
+ ret = ssl->handshake->calc_verify(ssl, hash, &hashlen);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret);
+ return ret;
+ }
/*
* digitally-signed struct {
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 9298292..d5c8b7c 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -1020,7 +1020,11 @@
MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len);
- ssl->handshake->update_checksum(ssl, buf, msg_len);
+ ret = ssl->handshake->update_checksum(ssl, buf, msg_len);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
+ return ret;
+ }
/*
* Handshake layer:
@@ -4129,7 +4133,11 @@
/* Calculate hash and verify signature */
{
size_t dummy_hlen;
- ssl->handshake->calc_verify(ssl, hash, &dummy_hlen);
+ ret = ssl->handshake->calc_verify(ssl, hash, &dummy_hlen);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret);
+ return ret;
+ }
}
if ((ret = mbedtls_pk_verify(peer_pk,
@@ -4139,7 +4147,11 @@
return ret;
}
- mbedtls_ssl_update_handshake_status(ssl);
+ ret = mbedtls_ssl_update_handshake_status(ssl);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret);
+ return ret;
+ }
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify"));
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 1e79afa..0dd762e 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1489,8 +1489,9 @@
ssl->keep_current_message = 1;
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
- buf, (size_t) (end - buf));
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_SERVER_HELLO,
+ buf, (size_t) (end - buf)));
if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
ret = ssl_tls13_reset_key_share(ssl);
@@ -2056,8 +2057,9 @@
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_reset_transcript_for_hrr(ssl));
}
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
- buf, buf_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_SERVER_HELLO, buf,
+ buf_len));
if (is_hrr) {
MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_hrr(ssl));
@@ -2214,8 +2216,9 @@
}
#endif
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
- buf, buf_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
+ buf, buf_len));
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
@@ -2259,8 +2262,8 @@
ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA,
&buf, &buf_len));
- mbedtls_ssl_add_hs_hdr_to_checksum(
- ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_hdr_to_checksum(
+ ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0));
MBEDTLS_SSL_PROC_CHK(
mbedtls_ssl_finish_handshake_msg(ssl, buf_len, 0));
@@ -2458,8 +2461,9 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_request(ssl,
buf, buf + buf_len));
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
- buf, buf_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
+ buf, buf_len));
} else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) {
ret = 0;
} else {
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 4fb73f9..f607e36 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -322,8 +322,9 @@
buf + buf_len, verify_buffer,
verify_buffer_len));
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
- buf, buf_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
+ buf, buf_len));
cleanup:
@@ -752,8 +753,9 @@
/* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl));
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE,
- buf, buf_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE, buf,
+ buf_len));
cleanup:
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@@ -868,8 +870,9 @@
buf + buf_len,
&msg_len));
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE,
- buf, msg_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE, buf,
+ msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -1070,8 +1073,9 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_verify_body(
ssl, buf, buf + buf_len, &msg_len));
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
- buf, msg_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf,
+ msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -1171,8 +1175,8 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(ssl, buf, buf + buf_len));
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_FINISHED,
- buf, buf_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_FINISHED, buf, buf_len));
cleanup:
@@ -1248,8 +1252,8 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_finished_message_body(
ssl, buf, buf + buf_len, &msg_len));
- mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_FINISHED,
- buf, msg_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
+ MBEDTLS_SSL_HS_FINISHED, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -1388,7 +1392,7 @@
PSA_HASH_MAX_SIZE,
&hash_len);
if (ret != 0) {
- MBEDTLS_SSL_DEBUG_RET(4, "mbedtls_ssl_get_handshake_transcript", ret);
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_handshake_transcript", ret);
return ret;
}
@@ -1399,37 +1403,20 @@
hash_len += 4;
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
- if (ciphersuite_info->mac == MBEDTLS_MD_SHA256) {
- MBEDTLS_SSL_DEBUG_BUF(4, "Truncated SHA-256 handshake transcript",
- hash_transcript, hash_len);
+ MBEDTLS_SSL_DEBUG_BUF(4, "Truncated handshake transcript",
+ hash_transcript, hash_len);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort(&ssl->handshake->fin_sha256_psa);
- psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
-#else
- mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
-#endif
+ /* Reset running hash and replace it with a hash of the transcript */
+ ret = mbedtls_ssl_reset_checksum(ssl);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret);
+ return ret;
}
-#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
-#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
- if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
- MBEDTLS_SSL_DEBUG_BUF(4, "Truncated SHA-384 handshake transcript",
- hash_transcript, hash_len);
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_hash_abort(&ssl->handshake->fin_sha384_psa);
- psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
-#else
- mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
-#endif
+ ret = ssl->handshake->update_checksum(ssl, hash_transcript, hash_len);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
+ return ret;
}
-#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
- defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
- ssl->handshake->update_checksum(ssl, hash_transcript, hash_len);
-#endif \
- /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA || MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
return ret;
}
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 81c289a..6b1c4c5 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -486,6 +486,7 @@
const unsigned char *ciphersuites,
const unsigned char *ciphersuites_end)
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *identities = pre_shared_key_ext;
const unsigned char *p_identity_len;
size_t identities_len;
@@ -521,8 +522,12 @@
MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len);
binders_end = p_binder_len + binders_len;
- ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
- identities_end - pre_shared_key_ext);
+ ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
+ identities_end - pre_shared_key_ext);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
+ return ret;
+ }
while (p_identity_len < identities_end && p_binder_len < binders_end) {
const unsigned char *identity;
@@ -530,7 +535,6 @@
uint32_t obfuscated_ticket_age;
const unsigned char *binder;
size_t binder_len;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int psk_type;
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -642,9 +646,13 @@
}
/* Update the handshake transcript with the binder list. */
- ssl->handshake->update_checksum(ssl,
- identities_end,
- (size_t) (binders_end - identities_end));
+ ret = ssl->handshake->update_checksum(ssl,
+ identities_end,
+ (size_t) (binders_end - identities_end));
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
+ return ret;
+ }
if (matched_identity == -1) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket."));
return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
@@ -1590,9 +1598,13 @@
MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO,
handshake->received_extensions);
- mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
- MBEDTLS_SSL_HS_CLIENT_HELLO,
- p - buf);
+ ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
+ MBEDTLS_SSL_HS_CLIENT_HELLO,
+ p - buf);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret);
+ return ret;
+ }
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* Update checksum with either
@@ -1603,8 +1615,12 @@
if (mbedtls_ssl_tls13_some_psk_enabled(ssl) &&
mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
(handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) {
- handshake->update_checksum(ssl, buf,
- pre_shared_key_ext - buf);
+ ret = handshake->update_checksum(ssl, buf,
+ pre_shared_key_ext - buf);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
+ return ret;
+ }
ret = ssl_tls13_parse_pre_shared_key_ext(ssl,
pre_shared_key_ext,
pre_shared_key_ext_end,
@@ -1620,7 +1636,11 @@
} else
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
{
- handshake->update_checksum(ssl, buf, p - buf);
+ ret = handshake->update_checksum(ssl, buf, p - buf);
+ if (0 != ret) {
+ MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
+ return ret;
+ }
}
ret = ssl_tls13_determine_key_exchange_mode(ssl);
@@ -2134,8 +2154,8 @@
&msg_len,
0));
- mbedtls_ssl_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -2207,8 +2227,8 @@
buf + buf_len,
&msg_len,
1));
- mbedtls_ssl_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len,
@@ -2306,8 +2326,8 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body(
ssl, buf, buf + buf_len, &msg_len));
- mbedtls_ssl_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@@ -2439,8 +2459,8 @@
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body(
ssl, buf, buf + buf_len, &msg_len));
- mbedtls_ssl_add_hs_msg_to_checksum(
- ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len);
+ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
+ ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));