From 2fdc7b3599f3eeb14391e925b6b859f9e3ab857c Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 21 Sep 2022 12:33:17 +0100 Subject: [PATCH 1/2] Return an error from mbedtls_ssl_handshake_step() if neither client nor server This prevents an infinite loop in mbedtls_ssl_handshake(). Fixes #6305. Signed-off-by: Tom Cosgrove --- library/ssl_tls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 12e1c1b03d..5ea8afadfc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3243,6 +3243,10 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) if( ret != 0 ) goto cleanup; + /* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or + * MBEDTLS_SSL_IS_SERVER, this is the return code we give */ + ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + #if defined(MBEDTLS_SSL_CLI_C) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) { From 87d9c6c4d879d4cf32a9fbc101cb3be3abf05f77 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 22 Sep 2022 09:27:56 +0100 Subject: [PATCH 2/2] Ensure client mbedtls_ssl_handshake_step() returns success for HELLO_REQUEST Signed-off-by: Tom Cosgrove --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5ea8afadfc..2d1ffbe040 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3257,6 +3257,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) { case MBEDTLS_SSL_HELLO_REQUEST: ssl->state = MBEDTLS_SSL_CLIENT_HELLO; + ret = 0; break; case MBEDTLS_SSL_CLIENT_HELLO: