Fix possible client crash on API misuse

ChangeLog

@@ -2,6 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS 1.3.13 reladsed 2015-??-??
 
+Security
+   * Fix possible client-side NULL pointer dereference (read) when the client
+     tries to continue the handshake after it failed (a misuse of the API).
+     (Found by GDS Labs using afl-fuzz, patch provided by GDS Labs.)
+
 Bugfix
    * Setting SSL_MIN_DHM_BYTES in config.h had no effect (overriden in ssl.h)
      (found by Fabio Solari) (#256)

library/ssl_cli.c

@@ -1602,6 +1602,12 @@ static int ssl_write_encrypted_pms( ssl_context *ssl,
 
     ssl->handshake->pmslen = 48;
 
+    if( ssl->session_negotiate->peer_cert == NULL )
+    {
+        SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+        return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
     /*
      * Now write it out, encrypted
      */
@@ -1699,6 +1705,12 @@ static int ssl_get_ecdh_params_from_cert( ssl_context *ssl )
     int ret;
     const ecp_keypair *peer_key;
 
+    if( ssl->session_negotiate->peer_cert == NULL )
+    {
+        SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+        return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
     if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
                      POLARSSL_PK_ECKEY ) )
     {
@@ -2012,6 +2024,12 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
         SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
                 (unsigned int) ( md_info_from_type( md_alg ) )->size );
 
+        if( ssl->session_negotiate->peer_cert == NULL )
+        {
+            SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+            return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
+        }
+
         /*
          * Verify signature
          */