ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-25 06:39:04 +08:00
Code Issues Releases Wiki Activity

TLS1.2: Check for failures in Finished calculation

Browse Source 
If the calc_finished function returns an error code, don't ignore it but
instead return the error code to stop the handshake as the Finished
message may be incorrect.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann 2025-03-07 17:20:59 +00:00
parent 9a9f0c77cf
commit b5ef7da7cb
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/ssl_tls.c
View File

@ -8357,6 +8357,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
return ret;
}
/*
@ -8470,6 +8471,7 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
return ret;
}
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {