From 0ac71c0d92bc8bb32360744a5b2f3d0b4ab14b45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 12:13:55 +0100 Subject: [PATCH 1/5] Make debug statement more portable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There's little reason for accessing the hash implementation's internal state, its output contains most of the same information. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 441089f16..778b00638 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7675,17 +7675,14 @@ static int ssl_calc_finished_tls_sha256( * Hash( handshake ) )[0.11] */ -#if !defined(MBEDTLS_SHA256_ALT) - MBEDTLS_SSL_DEBUG_BUF(4, "finished sha2 state", (unsigned char *) - sha256.state, sizeof(sha256.state)); -#endif - ret = mbedtls_sha256_finish(&sha256, padbuf); if (ret != 0) { goto exit; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha256 output", padbuf, 32); + ssl->handshake->tls_prf(session->master, 48, sender, padbuf, 32, buf, len); @@ -7760,16 +7757,14 @@ static int ssl_calc_finished_tls_sha384( * Hash( handshake ) )[0.11] */ -#if !defined(MBEDTLS_SHA512_ALT) - MBEDTLS_SSL_DEBUG_BUF(4, "finished sha512 state", (unsigned char *) - sha512.state, sizeof(sha512.state)); -#endif ret = mbedtls_sha512_finish(&sha512, padbuf); if (ret != 0) { goto exit; } #endif + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha384 output", padbuf, 48); + ssl->handshake->tls_prf(session->master, 48, sender, padbuf, 48, buf, len); From 2cd751465c1fb25a7438e6da777d9ce883d1bb73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 12:37:07 +0100 Subject: [PATCH 2/5] Use MD, not low-level SHA1, in X.509 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X.509 already depends on MD_C || USE_PSA_CRYPTO, and this is for the !USE_PSA_CRYPTO branch, so we're free to use MD. This change supports our ability to use MBEDTLS_MD_CAN_xxx macros everywhere in the future, once they have been introduced. Signed-off-by: Manuel Pégourié-Gonnard --- library/x509write_crt.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4f233953c..f481155e9 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -32,7 +32,7 @@ #include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" -#include "mbedtls/sha1.h" +#include "mbedtls/md.h" #include @@ -229,8 +229,9 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } #else - ret = mbedtls_sha1(buf + sizeof(buf) - len, len, - buf + sizeof(buf) - 20); + ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), + buf + sizeof(buf) - len, len, + buf + sizeof(buf) - 20); if (ret != 0) { return ret; } From f057ecfedfea1e0a43e16a9134c7941c12534fd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 13:19:17 +0100 Subject: [PATCH 3/5] Use MD not low-level sha256/512 in TLS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Same reasoning as in previous commit. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_misc.h | 4 +- library/ssl_tls.c | 137 +++++++++++++++++++++++++++++++-------------- 2 files changed, 97 insertions(+), 44 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7385c6ee3..7abbffb5b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -905,14 +905,14 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha256_psa; #else - mbedtls_sha256_context fin_sha256; + mbedtls_md_context_t fin_sha256; #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha384_psa; #else - mbedtls_sha512_context fin_sha384; + mbedtls_md_context_t fin_sha384; #endif #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 778b00638..7798d78cb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -839,7 +839,13 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0); + ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, + mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), + 0); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); if (ret != 0) { return ret; } @@ -856,7 +862,12 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1); + ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, + mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_starts(&ssl->handshake->fin_sha384); if (ret != 0) { return ret; } @@ -887,7 +898,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); if (ret != 0) { return ret; } @@ -900,7 +911,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); if (ret != 0) { return ret; } @@ -917,7 +928,7 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len)); #else - return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); #endif } #endif @@ -930,7 +941,7 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len)); #else - return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); #endif } #endif @@ -943,14 +954,14 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); #else - mbedtls_sha256_init(&handshake->fin_sha256); + mbedtls_md_init(&handshake->fin_sha256); #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha384_psa = psa_hash_operation_init(); #else - mbedtls_sha512_init(&handshake->fin_sha384); + mbedtls_md_init(&handshake->fin_sha384); #endif #endif @@ -4081,14 +4092,14 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha256_psa); #else - mbedtls_sha256_free(&handshake->fin_sha256); + mbedtls_md_free(&handshake->fin_sha256); #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha384_psa); #else - mbedtls_sha512_free(&handshake->fin_sha384); + mbedtls_md_free(&handshake->fin_sha384); #endif #endif @@ -5771,17 +5782,24 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, size_t *olen) { int ret; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; if (dst_len < 48) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - mbedtls_sha512_init(&sha512); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + mbedtls_md_init(&sha512); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } - if ((ret = mbedtls_sha512_finish(&sha512, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha512_finish", ret); + if ((ret = mbedtls_md_finish(&sha512, dst)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } @@ -5789,7 +5807,7 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, exit: - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -5802,17 +5820,24 @@ static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl, size_t *olen) { int ret; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; if (dst_len < 32) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - mbedtls_sha256_init(&sha256); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + mbedtls_md_init(&sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } - if ((ret = mbedtls_sha256_finish(&sha256, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha256_finish", ret); + if ((ret = mbedtls_md_finish(&sha256, dst)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } @@ -5820,7 +5845,7 @@ static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl, exit: - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; } #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -6603,15 +6628,22 @@ exit: return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; - mbedtls_sha256_init(&sha256); + mbedtls_md_init(&sha256); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256")); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } - ret = mbedtls_sha256_finish(&sha256, hash); + ret = mbedtls_md_finish(&sha256, hash); if (ret != 0) { goto exit; } @@ -6622,7 +6654,7 @@ exit: MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); exit: - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -6658,15 +6690,22 @@ exit: return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; - mbedtls_sha512_init(&sha512); + mbedtls_md_init(&sha512); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384")); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } - ret = mbedtls_sha512_finish(&sha512, hash); + ret = mbedtls_md_finish(&sha512, hash); if (ret != 0) { goto exit; } @@ -6677,7 +6716,7 @@ exit: MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); exit: - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -7634,7 +7673,7 @@ static int ssl_calc_finished_tls_sha256( psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; #endif mbedtls_ssl_session *session = ssl->session_negotiate; @@ -7663,11 +7702,18 @@ static int ssl_calc_finished_tls_sha256( MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32); #else - mbedtls_sha256_init(&sha256); + mbedtls_md_init(&sha256); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha256")); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } /* * TLSv1.2: @@ -7675,7 +7721,7 @@ static int ssl_calc_finished_tls_sha256( * Hash( handshake ) )[0.11] */ - ret = mbedtls_sha256_finish(&sha256, padbuf); + ret = mbedtls_md_finish(&sha256, padbuf); if (ret != 0) { goto exit; } @@ -7697,7 +7743,7 @@ exit: psa_hash_abort(&sha256_psa); return mbedtls_md_error_from_psa(status); #else - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -7717,7 +7763,7 @@ static int ssl_calc_finished_tls_sha384( psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; #endif mbedtls_ssl_session *session = ssl->session_negotiate; @@ -7745,11 +7791,18 @@ static int ssl_calc_finished_tls_sha384( } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else - mbedtls_sha512_init(&sha512); + mbedtls_md_init(&sha512); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384")); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } /* * TLSv1.2: @@ -7757,7 +7810,7 @@ static int ssl_calc_finished_tls_sha384( * Hash( handshake ) )[0.11] */ - ret = mbedtls_sha512_finish(&sha512, padbuf); + ret = mbedtls_md_finish(&sha512, padbuf); if (ret != 0) { goto exit; } @@ -7779,7 +7832,7 @@ exit: psa_hash_abort(&sha384_psa); return mbedtls_md_error_from_psa(status); #else - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } From 02d55d5825038a1ef93191f01f7b9cee2b6fc163 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 13:21:16 +0100 Subject: [PATCH 4/5] Rename some local variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The name sha512 might have made sense when it was an mbedtls_sha512_context, but now it's weird to see things like mbedtls_md_setup(&sha512, ...MBEDTLS_MD_SHA384...); Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7798d78cb..9070f208d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5782,23 +5782,23 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, size_t *olen) { int ret; - mbedtls_md_context_t sha512; + mbedtls_md_context_t sha384; if (dst_len < 48) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - mbedtls_md_init(&sha512); - ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + mbedtls_md_init(&sha384); + ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) { goto exit; } - ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); if (ret != 0) { goto exit; } - if ((ret = mbedtls_md_finish(&sha512, dst)) != 0) { + if ((ret = mbedtls_md_finish(&sha384, dst)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } @@ -5807,7 +5807,7 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, exit: - mbedtls_md_free(&sha512); + mbedtls_md_free(&sha384); return ret; } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -6690,22 +6690,22 @@ exit: return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_context_t sha512; + mbedtls_md_context_t sha384; - mbedtls_md_init(&sha512); + mbedtls_md_init(&sha384); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384")); - ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) { goto exit; } - ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); if (ret != 0) { goto exit; } - ret = mbedtls_md_finish(&sha512, hash); + ret = mbedtls_md_finish(&sha384, hash); if (ret != 0) { goto exit; } @@ -6716,7 +6716,7 @@ exit: MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); exit: - mbedtls_md_free(&sha512); + mbedtls_md_free(&sha384); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -7763,7 +7763,7 @@ static int ssl_calc_finished_tls_sha384( psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_context_t sha512; + mbedtls_md_context_t sha384; #endif mbedtls_ssl_session *session = ssl->session_negotiate; @@ -7791,15 +7791,15 @@ static int ssl_calc_finished_tls_sha384( } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else - mbedtls_md_init(&sha512); + mbedtls_md_init(&sha384); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384")); - ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) { goto exit; } - ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); if (ret != 0) { goto exit; } @@ -7810,7 +7810,7 @@ static int ssl_calc_finished_tls_sha384( * Hash( handshake ) )[0.11] */ - ret = mbedtls_md_finish(&sha512, padbuf); + ret = mbedtls_md_finish(&sha384, padbuf); if (ret != 0) { goto exit; } @@ -7832,7 +7832,7 @@ exit: psa_hash_abort(&sha384_psa); return mbedtls_md_error_from_psa(status); #else - mbedtls_md_free(&sha512); + mbedtls_md_free(&sha384); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } From 947cee18a16378c2cb5b9e84f81684a2a1f6ee58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 11:59:59 +0100 Subject: [PATCH 5/5] Fix memory leak. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The function reset_checksum() can be called more than once with the same handshake context (this happens with DTLS clients, and perhaps in other cases as well). When that happens, we need to free the old MD contexts before setting them up again. Note: the PSA path was already doing the right thing by calling abort, we just needed to do the same on the MD path. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9070f208d..8ee1ddc21 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -839,6 +839,8 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else + mbedtls_md_free(&ssl->handshake->fin_sha256); + mbedtls_md_init(&ssl->handshake->fin_sha256); ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); @@ -862,6 +864,8 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else + mbedtls_md_free(&ssl->handshake->fin_sha384); + mbedtls_md_init(&ssl->handshake->fin_sha384); ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) {