feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'bugfix/check_return_values_in_ssl_handshake' into 'master'

Browse Source 
fix(mbedtls): Check return values of md functions during ssl handshake

Closes IDF-10478

See merge request espressif/esp-idf!32298
This commit is contained in:
Mahavir Jain
2024-07-25 17:18:01 +08:00
parent d2cb23c28a 83afbfd4d7
commit e40386bf4a
1 changed files with 24 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
components/mbedtls/port/dynamic/esp_ssl_tls.c
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -56,23 +56,35 @@ static int ssl_update_checksum_start( mbedtls_ssl_context *ssl,
return ret; return ret;
} }
static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) static int ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
{ {
memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );
#if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_SHA256_C)
mbedtls_md_init( &handshake->fin_sha256 ); mbedtls_md_init( &handshake->fin_sha256 );
mbedtls_md_setup( &handshake->fin_sha256, int ret = mbedtls_md_setup( &handshake->fin_sha256,
mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
0 ); 0 );
mbedtls_md_starts( &handshake->fin_sha256 ); if (ret != 0) {
return ret;
}
ret = mbedtls_md_starts( &handshake->fin_sha256 );
if (ret != 0) {
return ret;
}
#endif #endif
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
mbedtls_md_init( &handshake->fin_sha384 ); mbedtls_md_init( &handshake->fin_sha384 );
mbedtls_md_setup( &handshake->fin_sha384, ret = mbedtls_md_setup( &handshake->fin_sha384,
mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), mbedtls_md_info_from_type(MBEDTLS_MD_SHA384),
0 ); 0 );
mbedtls_md_starts( &handshake->fin_sha384 ); if (ret != 0) {
return ret;
}
ret = mbedtls_md_starts( &handshake->fin_sha384 );
if (ret != 0) {
return ret;
}
#endif #endif
handshake->update_checksum = ssl_update_checksum_start; handshake->update_checksum = ssl_update_checksum_start;
@@ -103,6 +115,8 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
mbedtls_pk_init( &handshake->peer_pubkey ); mbedtls_pk_init( &handshake->peer_pubkey );
#endif #endif
return 0;
} }
static int ssl_handshake_init( mbedtls_ssl_context *ssl ) static int ssl_handshake_init( mbedtls_ssl_context *ssl )
@@ -161,7 +175,10 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
/* Initialize structures */ /* Initialize structures */
mbedtls_ssl_session_init( ssl->session_negotiate ); mbedtls_ssl_session_init( ssl->session_negotiate );
mbedtls_ssl_transform_init( ssl->transform_negotiate ); mbedtls_ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake ); int ret = ssl_handshake_params_init( ssl->handshake );
if (ret != 0) {
return ret;
}
/* /*
* curve_list is translated to IANA TLS group identifiers here because * curve_list is translated to IANA TLS group identifiers here because