From 666b5b45f7ea6efef3a20010edb580ec55d8049a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 24 Jun 2021 10:13:31 +0100 Subject: [PATCH] Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE Signed-off-by: Hanno Becker --- include/mbedtls/error.h | 4 ++-- include/mbedtls/ssl.h | 2 +- library/ssl_srv.c | 24 ++++++++++++------------ 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 46021204d6..989d31e229 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -102,8 +102,8 @@ * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) - * SSL 7 28 (Started from 0x7080, gaps at - * 0x7500, 0x7580, 0x7B80, 0x7C80) + * SSL 7 27 (Started from 0x7080, gaps at + * 0x7500, 0x7580, 0x7B80, 0x7C00, 0x7C80) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7a70185b05..e067cded2b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -86,7 +86,7 @@ #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */ /* Error space gap */ -#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */ +/* Error space gap */ /* Error space gap */ #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */ #define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 36281c98b5..8facacfc44 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3389,7 +3389,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * if( *p + 2 > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } n = ( (*p)[0] << 8 ) | (*p)[1]; @@ -3398,7 +3398,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * if( *p + n > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 ) @@ -3466,20 +3466,20 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if ( p + 2 > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( *p++ != ( ( len >> 8 ) & 0xFF ) || *p++ != ( ( len ) & 0xFF ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } #endif if( p + len != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -3640,7 +3640,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha if( end - *p < 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } n = ( (*p)[0] << 8 ) | (*p)[1]; @@ -3649,7 +3649,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha if( n == 0 || n > end - *p ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ssl->conf->f_psk != NULL ) @@ -3718,13 +3718,13 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) @@ -3739,7 +3739,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, @@ -3805,7 +3805,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -3890,7 +3890,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,