commit 5bb6f3c3dba5dba2b6dd5b1f805ad5563f82e7b1
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jul 28 11:49:42 2020 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jul 28 11:49:42 2020 +0200
tree b3e2b7a8d984bee0b88ff6e504ee81456ae4924a
parent a6c1317685118a6448fe4398e52916402b7019fe

Check errors from the MD layer

Could be out-of-memory for some functions, accelerator issues for others.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 74fc552..3e53376 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1883,39 +1883,51 @@
     unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
     mbedtls_md_context_t aux;
     size_t offset;
+    int ret;
 
     mbedtls_md_init( &aux );
-    mbedtls_md_setup( &aux, ctx->md_info, 0 );
+
+#define MD_CHK( func_call ) \
+    do {                    \
+        ret = (func_call);  \
+        if( ret != 0 )      \
+            goto cleanup;   \
+    } while( 0 )
+
+    MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) );
 
     /* After hmac_start() of hmac_reset(), ikey has already been hashed,
      * so we can start directly with the message */
-    mbedtls_md_update( ctx, add_data, add_data_len );
-    mbedtls_md_update( ctx, data, min_data_len );
+    MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
+    MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
 
     /* For each possible length, compute the hash up to that point */
     for( offset = min_data_len; offset <= max_data_len; offset++ )
     {
-        mbedtls_md_clone( &aux, ctx );
-        mbedtls_md_finish( &aux, aux_out );
+        MD_CHK( mbedtls_md_clone( &aux, ctx ) );
+        MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
         /* Keep only the correct inner_hash in the output buffer */
         mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size,
                                      offset, data_len_secret );
 
         if( offset < max_data_len )
-            mbedtls_md_update( ctx, data + offset, 1 );
+            MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
     }
 
     /* Now compute HASH(okey + inner_hash) */
-    mbedtls_md_starts( ctx );
-    mbedtls_md_update( ctx, okey, block_size );
-    mbedtls_md_update( ctx, output, hash_size );
-    mbedtls_md_finish( ctx, output );
+    MD_CHK( mbedtls_md_starts( ctx ) );
+    MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
+    MD_CHK( mbedtls_md_update( ctx, output, hash_size ) );
+    MD_CHK( mbedtls_md_finish( ctx, output ) );
 
     /* Done, get ready for next time */
-    mbedtls_md_hmac_reset( ctx );
+    MD_CHK( mbedtls_md_hmac_reset( ctx ) );
 
+#undef MD_CHK
+
+cleanup:
     mbedtls_md_free( &aux );
-    return( 0 );
+    return( ret );
 }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */