fix(mbedtls): Check return values of md functions during ssl handshake

Added checks for mbedtls_md_setup and mbedtls_md_start functioms in esp_ssl_tls.c
2025-03-09 17:19:09 -04:00 · 2024-07-22 16:34:20 +05:30 · 2024-07-22 16:34:20 +05:30 · 83afbfd4d7
commit 83afbfd4d7
parent dcb34c5ffa
1 changed files with 24 additions and 7 deletions
--- a/components/mbedtls/port/dynamic/esp_ssl_tls.c
+++ b/components/mbedtls/port/dynamic/esp_ssl_tls.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2020-2024 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -56,23 +56,35 @@ static int ssl_update_checksum_start( mbedtls_ssl_context *ssl,
    return ret;
 }

-static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
+static int ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
 {
    memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) );

 #if defined(MBEDTLS_SHA256_C)
    mbedtls_md_init( &handshake->fin_sha256 );
-    mbedtls_md_setup( &handshake->fin_sha256,
+    int ret = mbedtls_md_setup( &handshake->fin_sha256,
                    mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
                    0 );
-    mbedtls_md_starts( &handshake->fin_sha256 );
+    if (ret != 0) {
+        return ret;
+    }
+    ret = mbedtls_md_starts( &handshake->fin_sha256 );
+    if (ret != 0) {
+        return ret;
+    }
 #endif
 #if defined(MBEDTLS_SHA512_C)
    mbedtls_md_init( &handshake->fin_sha384 );
-    mbedtls_md_setup( &handshake->fin_sha384,
+    ret = mbedtls_md_setup( &handshake->fin_sha384,
                    mbedtls_md_info_from_type(MBEDTLS_MD_SHA384),
                    0 );
-    mbedtls_md_starts( &handshake->fin_sha384 );
+    if (ret != 0) {
+        return ret;
+    }
+    ret = mbedtls_md_starts( &handshake->fin_sha384 );
+    if (ret != 0) {
+        return ret;
+    }
 #endif

    handshake->update_checksum = ssl_update_checksum_start;
@ -103,6 +115,8 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake )
    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
    mbedtls_pk_init( &handshake->peer_pubkey );
 #endif
+
+    return 0;
 }

 static int ssl_handshake_init( mbedtls_ssl_context *ssl )
@ -161,7 +175,10 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
    /* Initialize structures */
    mbedtls_ssl_session_init( ssl->session_negotiate );
    mbedtls_ssl_transform_init( ssl->transform_negotiate );
-    ssl_handshake_params_init( ssl->handshake );
+    int ret = ssl_handshake_params_init( ssl->handshake );
+    if (ret != 0) {
+        return ret;
+    }

 /*
 * curve_list is translated to IANA TLS group identifiers here because