From 2fc9a652bca2ba715e90d68b7bb0cbbd998db085 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 24 Jun 2021 15:40:11 +0100 Subject: [PATCH] Address review feedback Signed-off-by: Hanno Becker --- docs/3.0-migration-guide.d/ssl-error-code-cleanup.md | 2 -- library/ssl_cli.c | 8 ++++---- library/ssl_srv.c | 2 +- library/ssl_tls.c | 4 ++-- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md b/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md index cad5a61b52..ce795e5d90 100644 --- a/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md +++ b/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md @@ -37,5 +37,3 @@ Migration paths: * `MBEDTLS_ERR_SSL_BAD_CERTIFICATE` * `MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME` instead. - - Users should check for the generic error codes instead. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index adcac44404..1acb3d0195 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2558,7 +2558,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, /* First byte is curve_type; only named_curve is handled */ if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); /* Next two bytes are the namedcurve value */ tls_id = *(*p)++; @@ -2569,7 +2569,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, if( ( handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 ) { - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } if( ecdh_bits > 0xffff ) return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); @@ -2631,7 +2631,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } return( ret ); @@ -2801,7 +2801,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } /* diff --git a/library/ssl_srv.c b/library/ssl_srv.c index a7de9f451b..2c801ef766 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1785,7 +1785,7 @@ read_record_header: "during renegotiation" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #endif ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8ca5e11f6..eb3dcc2ca8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1907,8 +1907,8 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } /* Read length of the next CRT in the chain. */