mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-20 03:39:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE

Browse Source 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Hanno Becker 2021-06-24 10:32:31 +01:00 committed by Dave Rodgman
parent a0ca87eb68
commit cbc8f6fd5d
4 changed files with 30 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/mbedtls/error.h
View File

@ -102,8 +102,8 @@
* SSL 5 2 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080)
* SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 23 (Started from 0x7080, gaps at
* 0x7500-0x7580, 0x7B80-0x7E80)
* SSL 7 22 (Started from 0x7080, gaps at
* 0x7500-0x7580, 0x7B00-0x7E80)
*
* Module dependent error code (5 bits 0x.00.-0x.F8.)
*/

2
include/mbedtls/ssl.h
View File

@ -84,7 +84,7 @@
#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */
#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */
#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */
/* Error space gap */
/* Error space gap */
/* Error space gap */
/* Error space gap */

52
library/ssl_cli.c
View File

@ -2482,7 +2482,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
dhm_actual_bitlen,
ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P );
@ -2554,11 +2554,11 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
*/
if( end - *p < 4 )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
/* First byte is curve_type; only named_curve is handled */
if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
/* Next two bytes are the namedcurve value */
tls_id = *(*p)++;
@ -2569,10 +2569,10 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
if( ( handshake->ecdh_psa_type =
mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
{
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
if( ecdh_bits > 0xffff )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
handshake->ecdh_bits = (uint16_t) ecdh_bits;
/*
@ -2581,7 +2581,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
ecpoint_len = *(*p)++;
if( (size_t)( end - *p ) < ecpoint_len )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
if( mbedtls_psa_tls_ecpoint_to_psa_ec(
*p, ecpoint_len,
@ -2631,7 +2631,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "bad server key exchange message (ECDHE curve)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
return( ret );
@ -2658,7 +2658,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "bad server key exchange message (psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
len = (*p)[0] << 8 | (*p)[1];
*p += 2;
@ -2667,7 +2667,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "bad server key exchange message (psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
/*
@ -2791,7 +2791,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
}
if( (*p) + 2 > end )
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
/*
* Get hash algorithm
@ -2801,7 +2801,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "Server used unsupported HashAlgorithm %d", *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
/*
@ -2812,7 +2812,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
/*
@ -2822,7 +2822,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
{
MBEDTLS_SSL_DEBUG_MSG( 1,
( "server used HashAlgorithm %d that was not offered", *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
}
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d",
@ -3007,7 +3007,7 @@ start_processing:
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
} /* FALLTROUGH */
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
@ -3031,8 +3031,8 @@ start_processing:
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
}
else
@ -3050,8 +3050,8 @@ start_processing:
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
}
else
@ -3071,8 +3071,8 @@ start_processing:
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
}
else
@ -3090,8 +3090,8 @@ start_processing:
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
else
@ -3129,7 +3129,7 @@ start_processing:
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
if( pk_alg !=
@ -3141,7 +3141,7 @@ start_processing:
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
}
}
else
@ -3162,7 +3162,7 @@ start_processing:
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
sig_len = ( p[0] << 8 ) | p[1];
p += 2;
@ -3174,7 +3174,7 @@ start_processing:
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len );

2
library/ssl_srv.c
View File

@ -3955,7 +3955,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl )
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,