Remove MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE error code

This error is used when the output buffer isn't large enough to hold our own certificate. In the interest of cleaning up the error space for 3.0, this commit removes MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE and replaces its single use by MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL. Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2025-03-28 19:21:08 +00:00 · 2021-04-30 05:28:49 +01:00 · 2021-04-30 05:28:49 +01:00 · 91e1cc3bd7
commit 91e1cc3bd7
parent eca840f71d
4 changed files with 4 additions and 6 deletions
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@ -107,8 +107,8 @@
 * SSL       5   2 (Started from 0x5F00)
 * CIPHER    6   8 (Started from 0x6080)
 * SSL       6   24 (Started from top, plus 0x6000)
- * SSL       7   30 (Started from 0x7080, gaps at
- *                   0x7300, 0x7800)
+ * SSL       7   29 (Started from 0x7080, gaps at
+ *                   0x7300, 0x7500, 0x7800)
 *
 * Module dependent error code (5 bits 0x.00.-0x.F8.)
 */
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -71,7 +71,7 @@
 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */
 #define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */
 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */
-#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message. */
+/* NOTE: Error space gap */
 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */
 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600  /**< The own private key or pre-shared key is not set, but needed. */
 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680  /**< No CA Chain is set, but required to operate. */
--- a/library/error.c
+++ b/library/error.c
@ -380,8 +380,6 @@ const char * mbedtls_high_level_strerr( int error_code )
            return( "SSL - No RNG was provided to the SSL module" );
        case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE):
            return( "SSL - No client certification received from the client, but required by the authentication mode" );
-        case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE):
-            return( "SSL - Our own certificate(s) is/are too large to send in an SSL message" );
        case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED):
            return( "SSL - The own certificate is not set, but needed by the server" );
        case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED):
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1964,7 +1964,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
            MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
                                        " > %" MBEDTLS_PRINTF_SIZET,
                           i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-            return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
+            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
        }

        ssl->out_msg[i    ] = (unsigned char)( n >> 16 );