Error handling in c-utility/adapters/tlsio_mbedtls.c

[ASeidelt]

Hi,

when updating mbedTLS to v3.6.3 because of the mbedtls_ssl_set_hostname() bug we noticed that the function mbedtls_init() in c-utility/adapters/tlsio_mbedtls.c does not check the return values of any of the invoked mbedTLS functions.

The following functions can return errors during connection setup (e.g. because of memory allocation errors):

• mbedtls_ctr_drbg_seed()
• mbedtls_ssl_config_defaults()
• mbedtls_ssl_set_hostname()
• mbedtls_ssl_set_session()
• mbedtls_ssl_setup()

Because all errors are ignored, the state of the tls_io_instance is always set to TLS_STATE_INITIALIZED.

To me it seems the (potentially) uninitialized structures are then used for further IO operations?

Wouldn't it be more feasible to make mbedtls_init() return an error (NULL that is) which is then propagated via tlsio_mbedtls_create() to the caller of the tlsio_mbedtls.c instance?

At least tlsio_wolfssl.c seems to do it that way if initialization fails.

regards
Andre

[ASeidelt]

Additional ignored return values:

In tlsio_mbedtls_open() the functions mbedtls_ssl_session_reset() can return an error.

In tlsio_mbedtls_close() the functions mbedtls_ssl_session_reset() can return an error.
The function mbedtls_ssl_close_notify() can return MBEDTLS_ERR_SSL_WANT_WRITE which should be handled in a do-while-loop according to the mbedTLS examples.

In decode_ssl_received_bytes() the function mbedtls_ssl_read() might return an error that is not propagated by indicate_error() and therefore only handled by timeouts. Please note that is can also return MBEDTLS_ERR_SSL_WANT_READ which is not an error.