espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-05-10 03:39:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

Handle errors from functions that now return int

Browse Source 
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.

This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-02-06 00:34:21 +01:00
parent d7a7a23308
commit b8b07aa24a
9 changed files with 171 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
library/ssl_client.c
View File

@ -945,16 +945,29 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl)
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
{
mbedtls_ssl_add_hs_hdr_to_checksum(ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
msg_len);
ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len);
ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
MBEDTLS_SSL_HS_CLIENT_HELLO,
msg_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_add_hs_hdr_to_checksum", ret);
return ret;
}
ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
return ret;
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if (binders_len > 0) {
MBEDTLS_SSL_PROC_CHK(
mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext(
ssl, buf + msg_len - binders_len, buf + msg_len));
ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len,
ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len,
binders_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
return ret;
}
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */

13
library/ssl_misc.h
View File

@ -705,8 +705,11 @@ struct mbedtls_ssl_handshake_params {
mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
MBEDTLS_CHECK_RETURN_CRITICAL
int (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
MBEDTLS_CHECK_RETURN_CRITICAL
int (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
MBEDTLS_CHECK_RETURN_CRITICAL
int (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
mbedtls_ssl_tls_prf_cb *tls_prf;
@ -1317,6 +1320,7 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl,
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -1328,7 +1332,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl);
void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl);
/**
* \brief Update record layer
@ -1461,12 +1466,14 @@ void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
/*
* Update checksum of handshake messages.
*/
void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len);
void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
unsigned hs_type,
size_t total_hs_len);

23
library/ssl_msg.c
View File

@ -2639,7 +2639,12 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl,
/* Update running hashes of handshake messages seen */
if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0) {
ssl->handshake->update_checksum(ssl, ssl->out_msg, ssl->out_msglen);
ret = ssl->handshake->update_checksum(ssl, ssl->out_msg,
ssl->out_msglen);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
return ret;
}
}
}
@ -3067,12 +3072,17 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl)
return 0;
}
void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params * const hs = ssl->handshake;
if (mbedtls_ssl_is_handshake_over(ssl) == 0 && hs != NULL) {
ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen);
ret = ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
return ret;
}
}
/* Handshake message is complete, increment counter */
@ -3103,6 +3113,7 @@ void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl)
memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer));
}
#endif
return 0;
}
/*
@ -3928,7 +3939,11 @@ int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl,
if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE &&
update_hs_digest == 1) {
mbedtls_ssl_update_handshake_status(ssl);
ret = mbedtls_ssl_update_handshake_status(ssl);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret);
return ret;
}
}
} else {
MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message"));

36
library/ssl_tls.c
View File

@ -788,7 +788,7 @@ void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
}
}
void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
unsigned hs_type,
size_t total_hs_len)
{
@ -800,16 +800,19 @@ void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl,
hs_hdr[2] = MBEDTLS_BYTE_1(total_hs_len);
hs_hdr[3] = MBEDTLS_BYTE_0(total_hs_len);
ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr));
return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr));
}
void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl,
unsigned hs_type,
unsigned char const *msg,
size_t msg_len)
{
mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len);
ssl->handshake->update_checksum(ssl, msg, msg_len);
int ret;
ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len);
if (ret != 0)
return ret;
return ssl->handshake->update_checksum(ssl, msg, msg_len);
}
int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
@ -971,6 +974,8 @@ void mbedtls_ssl_session_init(mbedtls_ssl_session *session)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_handshake_init(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Clear old handshake information if present */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (ssl->transform_negotiate) {
@ -1039,7 +1044,11 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
#endif
/* Setup handshake checksums */
mbedtls_ssl_reset_checksum(ssl);
ret = mbedtls_ssl_reset_checksum(ssl);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret);
return ret;
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SRV_C) && \
@ -6288,7 +6297,10 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) {
lbl = "extended master secret";
seed = session_hash;
handshake->calc_verify(ssl, session_hash, &seed_len);
ret = handshake->calc_verify(ssl, session_hash, &seed_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_verify", ret);
}
MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret",
session_hash, seed_len);
@ -7792,7 +7804,10 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl)
mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate);
ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
}
/*
* RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites
@ -7902,7 +7917,10 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished"));
ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
}
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);

13
library/ssl_tls12_client.c
View File

@ -1090,6 +1090,7 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl,
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
uint16_t dtls_legacy_version;
@ -1160,7 +1161,11 @@ static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl)
/* Start over at ClientHello */
ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
mbedtls_ssl_reset_checksum(ssl);
ret = mbedtls_ssl_reset_checksum(ssl);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret);
return ret;
}
mbedtls_ssl_recv_flight_completed(ssl);
@ -3283,7 +3288,11 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl)
sign:
#endif
ssl->handshake->calc_verify(ssl, hash, &hashlen);
ret = ssl->handshake->calc_verify(ssl, hash, &hashlen);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret);
return ret;
}
/*
* digitally-signed struct {

18
library/ssl_tls12_server.c
View File

@ -1020,7 +1020,11 @@ read_record_header:
MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len);
ssl->handshake->update_checksum(ssl, buf, msg_len);
ret = ssl->handshake->update_checksum(ssl, buf, msg_len);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
/*
* Handshake layer:
@ -4129,7 +4133,11 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
/* Calculate hash and verify signature */
{
size_t dummy_hlen;
ssl->handshake->calc_verify(ssl, hash, &dummy_hlen);
ret = ssl->handshake->calc_verify(ssl, hash, &dummy_hlen);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret);
return ret;
}
}
if ((ret = mbedtls_pk_verify(peer_pk,
@ -4139,7 +4147,11 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
return ret;
}
mbedtls_ssl_update_handshake_status(ssl);
ret = mbedtls_ssl_update_handshake_status(ssl);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret);
return ret;
}
MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify"));

17
library/ssl_tls13_client.c
View File

@ -1489,8 +1489,9 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl,
ssl->keep_current_message = 1;
ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
buf, (size_t) (end - buf));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_SERVER_HELLO,
buf, (size_t) (end - buf)));
if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) {
ret = ssl_tls13_reset_key_share(ssl);
@ -2056,8 +2057,8 @@ static int ssl_tls13_process_server_hello(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_reset_transcript_for_hrr(ssl));
}
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_SERVER_HELLO,
buf, buf_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_SERVER_HELLO, buf, buf_len));
if (is_hrr) {
MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_hrr(ssl));
@ -2214,8 +2215,8 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
}
#endif
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS,
buf, buf_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len));
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
@ -2458,8 +2459,8 @@ static int ssl_tls13_process_certificate_request(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_request(ssl,
buf, buf + buf_len));
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST,
buf, buf_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, buf_len));
} else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) {
ret = 0;
} else {

37
library/ssl_tls13_generic.c
View File

@ -322,8 +322,9 @@ int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl)
buf + buf_len, verify_buffer,
verify_buffer_len));
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
buf, buf_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
buf, buf_len));
cleanup:
@ -752,8 +753,8 @@ int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl)
/* Validate the certificate chain and set the verification results. */
MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl));
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE,
buf, buf_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len));
cleanup:
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
@ -868,8 +869,8 @@ int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl)
buf + buf_len,
&msg_len));
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE,
buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@ -1070,8 +1071,8 @@ int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_verify_body(
ssl, buf, buf + buf_len, &msg_len));
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY,
buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@ -1171,8 +1172,8 @@ int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(ssl, buf, buf + buf_len));
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_FINISHED,
buf, buf_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_FINISHED, buf, buf_len));
cleanup:
@ -1248,8 +1249,8 @@ int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_finished_message_body(
ssl, buf, buf + buf_len, &msg_len));
mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_FINISHED,
buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl,
MBEDTLS_SSL_HS_FINISHED, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@ -1400,8 +1401,16 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
hash_len += 4;
/* Reset running hash and replace it with a hash of the transcript */
mbedtls_ssl_reset_checksum(ssl);
ssl->handshake->update_checksum(ssl, hash_transcript, hash_len);
ret = mbedtls_ssl_reset_checksum(ssl);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret);
return ret;
}
ret = ssl->handshake->update_checksum(ssl, hash_transcript, hash_len);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret);
return ret;
}
return ret;
}

60
library/ssl_tls13_server.c
View File

@ -486,6 +486,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
const unsigned char *ciphersuites,
const unsigned char *ciphersuites_end)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned char *identities = pre_shared_key_ext;
const unsigned char *p_identity_len;
size_t identities_len;
@ -521,8 +522,12 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len);
binders_end = p_binder_len + binders_len;
ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
identities_end - pre_shared_key_ext);
ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext,
identities_end - pre_shared_key_ext);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
while (p_identity_len < identities_end && p_binder_len < binders_end) {
const unsigned char *identity;
@ -530,7 +535,6 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
uint32_t obfuscated_ticket_age;
const unsigned char *binder;
size_t binder_len;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int psk_type;
uint16_t cipher_suite;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@ -642,9 +646,13 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl,
}
/* Update the handshake transcript with the binder list. */
ssl->handshake->update_checksum(ssl,
identities_end,
(size_t) (binders_end - identities_end));
ret = ssl->handshake->update_checksum(ssl,
identities_end,
(size_t) (binders_end - identities_end));
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
if (matched_identity == -1) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket."));
return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
@ -1590,9 +1598,13 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO,
handshake->received_extensions);
mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
MBEDTLS_SSL_HS_CLIENT_HELLO,
p - buf);
ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl,
MBEDTLS_SSL_HS_CLIENT_HELLO,
p - buf);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret);
return ret;
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
/* Update checksum with either
@ -1603,8 +1615,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
if (mbedtls_ssl_tls13_some_psk_enabled(ssl) &&
mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
(handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) {
handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
ret = handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
ret = ssl_tls13_parse_pre_shared_key_ext(ssl,
pre_shared_key_ext,
pre_shared_key_ext_end,
@ -1620,7 +1636,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
} else
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
{
handshake->update_checksum(ssl, buf, p - buf);
ret = handshake->update_checksum(ssl, buf, p - buf);
if (0 != ret) {
MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret);
return ret;
}
}
ret = ssl_tls13_determine_key_exchange_mode(ssl);
@ -2134,8 +2154,8 @@ static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl)
&msg_len,
0));
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@ -2207,8 +2227,8 @@ static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl)
buf + buf_len,
&msg_len,
1));
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len,
@ -2306,8 +2326,8 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body(
ssl, buf, buf + buf_len, &msg_len));
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));
@ -2439,8 +2459,8 @@ static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl)
MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body(
ssl, buf, buf + buf_len, &msg_len));
mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len);
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(
ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len));
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(
ssl, buf_len, msg_len));