diff --git a/ChangeLog.d/fix_tls_alert_codes.txt b/ChangeLog.d/fix_tls_alert_codes.txt new file mode 100644 index 0000000000..10235d7bc3 --- /dev/null +++ b/ChangeLog.d/fix_tls_alert_codes.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix which alert is sent in some cases to conform to the + applicable RFC: on an invalid Finished message value, an + invalid max_fragment_length extension, or an + unsupported extension used by the server. diff --git a/ChangeLog.d/update_ssl_error_codes.txt b/ChangeLog.d/update_ssl_error_codes.txt new file mode 100644 index 0000000000..0630b54759 --- /dev/null +++ b/ChangeLog.d/update_ssl_error_codes.txt @@ -0,0 +1,3 @@ +Changes + * Various changes to which alert and/or error code may be returned + * during the TLS handshake. diff --git a/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md b/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md index 49d1a0f223..ce795e5d90 100644 --- a/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md +++ b/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md @@ -1,20 +1,39 @@ -Removal of some SSL error codes +Changes in the SSL error code space ----------------------------------------------------------------- +# Removals + This affects users manually checking for the following error codes: - `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` - `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` - `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` +- `MBEDTLS_ERR_SSL_BAD_HS_XXX` Migration paths: + - `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` should never be returned from Mbed TLS, and there is no need to check for it. + Users should simply remove manual checks for those codes, and let the Mbed TLS team know if -- contrary to the team's understanding -- there is in fact a situation where one of them was ever returned. + - `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` is returned instead if the user's own certificate - is too large to fit into the output buffers. Users should check for + is too large to fit into the output buffers. + + Users should check for `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead, and potentially compare the size of their own certificate against the configured size of the output buffer to understand if the error is due to an overly large certificate. + +- All `MBEDTLS_ERR_SSL_BAD_HS_XXX` error code have been removed. + + Users should check for the newly introduced generic error codes + * `MBEDTLS_ERR_SSL_DECODE_ERROR` + * `MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER`, + * `MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` + * `MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION` + * `MBEDTLS_ERR_SSL_BAD_CERTIFICATE` + * `MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME` + instead. diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 2eb2b05f78..9a8690dc1a 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -97,10 +97,9 @@ * HKDF 5 1 (Started from top) * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) - * SSL 6 23 (Started from top, plus 0x6000, gaps at - * 0x6600) - * SSL 7 28 (Started from 0x7080, gaps at - * 0x7300, 0x7500, 0x7580, 0x7800) + * SSL 6 22 (Started from top, plus 0x6000) + * SSL 7 20 (Started from 0x7000, gaps at + * 0x7380, 0x7900-0x7980, 0x7A80-0x7E80) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ed3936a831..3a14a58307 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -59,40 +59,41 @@ /* * SSL Error codes */ +#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */ #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080 /**< The requested feature is not available. */ #define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */ #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */ #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */ -/* NOTE: Error space gap */ -#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */ +#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300 /**< A message could not be parsed due to a syntactic error. */ +/* Error space gap */ #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ -/* NOTE: Error space gap */ -/* NOTE: Error space gap */ +#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500 /**< Client received an extended server hello containing an unsupported extension */ +#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580 /**< No ALPN protocols supported that the client advertises */ #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */ #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */ -/* NOTE: Error space gap */ +#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800 /**< No server could be identified matching the client's SNI. */ #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST -0x7A80 /**< Processing of the CertificateRequest handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE -0x7B00 /**< Processing of the ServerKeyExchange handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE -0x7B80 /**< Processing of the ServerHelloDone handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE -0x7C00 /**< Processing of the ClientKeyExchange handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP -0x7C80 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */ -#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS -0x7D00 /**< Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */ -#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */ -#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */ +/* Error space gap */ +/* Error space gap */ +#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 /**< Processing of the Certificate handshake message failed. */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 /**< Memory allocation failed */ #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80 /**< Hardware acceleration function returned with error */ #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80 /**< Hardware acceleration function skipped / left alone data */ -#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */ -#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */ +#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */ +#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00 /**< The handshake negotiation failed. */ #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */ #define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ #define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80 /**< Unknown identity received (eg, PSK identity) */ @@ -101,20 +102,27 @@ #define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00 /**< Unexpected message at ServerHello in renegotiation. */ #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80 /**< DTLS client must retry for hello verification */ #define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00 /**< A buffer is too small to receive or write a message */ -#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE -0x6980 /**< None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */ +/* Error space gap */ #define MBEDTLS_ERR_SSL_WANT_READ -0x6900 /**< No data of requested type currently available on underlying transport. */ #define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880 /**< Connection requires a write call. */ #define MBEDTLS_ERR_SSL_TIMEOUT -0x6800 /**< The operation timed out. */ #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ -/* NOTE: Error space gap */ +#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600 /**< A field in a message was incorrect or inconsistent with other fields. */ #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */ #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */ #define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ +/* Error space gap */ #define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */ #define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */ -#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */ #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */ /* diff --git a/library/ssl_cli.c b/library/ssl_cli.c index f641970866..ef391b306e 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1390,7 +1390,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } } else @@ -1404,7 +1404,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; @@ -1431,8 +1431,8 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } return( 0 ); @@ -1453,16 +1453,16 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); } if( len == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } peer_cid_len = *buf++; @@ -1472,16 +1472,16 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } if( len != peer_cid_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; @@ -1508,8 +1508,8 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); } ((void) buf); @@ -1533,8 +1533,8 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); } ((void) buf); @@ -1558,8 +1558,8 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); } ((void) buf); @@ -1584,7 +1584,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } list_size = buf[0]; @@ -1612,7 +1612,7 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -1665,8 +1665,8 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT ); + return( MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION ); } /* @@ -1684,7 +1684,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } list_len = ( buf[0] << 8 ) | buf[1]; @@ -1692,7 +1692,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } name_len = buf[2]; @@ -1700,7 +1700,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Check that the server chosen protocol was in our list and save it */ @@ -1717,7 +1717,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "ALPN extension: no matching protocol" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -1759,7 +1759,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * and optional srtp_mki */ if( ( len < 5 ) || ( len != ( buf[4] + 5u ) ) ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); /* * get the server protection profile @@ -1770,7 +1770,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, * one protection profile in server Hello */ if( ( buf[0] != 0 ) || ( buf[1] != 2 ) ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); server_protection_profile_value = ( buf[2] << 8 ) | buf[3]; server_protection = mbedtls_ssl_check_srtp_profile_value( @@ -1804,7 +1804,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } /* If server does not use mki in its reply, make sure the client won't keep @@ -1825,7 +1825,7 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #if defined (MBEDTLS_DEBUG_C) if( len > 5 ) @@ -1860,7 +1860,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) ( "incoming HelloVerifyRequest message is too short" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -1887,7 +1887,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION ); } cookie_len = *p++; @@ -1897,7 +1897,7 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl ) ( "cookie length does not match incoming message size" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len ); @@ -2005,7 +2005,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -2041,7 +2041,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", @@ -2061,7 +2061,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n ) @@ -2077,7 +2077,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } } else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n ) @@ -2089,7 +2089,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* ciphersuite (used later) */ @@ -2186,7 +2186,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } if( ssl->conf->ciphersuite_list[i++] == @@ -2205,8 +2205,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } MBEDTLS_SSL_DEBUG_MSG( 3, @@ -2228,7 +2228,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } ssl->session_negotiate->compression = comp; @@ -2250,7 +2250,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } switch( ext_id ) @@ -2395,7 +2395,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ext_len > 0 && ext_len < 4 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } } @@ -2443,7 +2443,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) ); @@ -2482,7 +2482,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", dhm_actual_bitlen, ssl->conf->dhm_min_bitlen ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P ); @@ -2554,11 +2554,11 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, */ if( end - *p < 4 ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); /* First byte is curve_type; only named_curve is handled */ if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); /* Next two bytes are the namedcurve value */ tls_id = *(*p)++; @@ -2569,10 +2569,10 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, if( ( handshake->ecdh_psa_type = mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 ) { - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } if( ecdh_bits > 0xffff ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); handshake->ecdh_bits = (uint16_t) ecdh_bits; /* @@ -2581,7 +2581,7 @@ static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl, ecpoint_len = *(*p)++; if( (size_t)( end - *p ) < ecpoint_len ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); if( mbedtls_psa_tls_ecpoint_to_psa_ec( *p, ecpoint_len, @@ -2631,7 +2631,7 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } return( ret ); @@ -2658,7 +2658,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (psk_identity_hint length)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } len = (*p)[0] << 8 | (*p)[1]; *p += 2; @@ -2667,7 +2667,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (psk_identity_hint length)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -2791,7 +2791,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, } if( (*p) + 2 > end ) - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); /* * Get hash algorithm @@ -2801,7 +2801,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } /* @@ -2812,7 +2812,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } /* @@ -2822,7 +2822,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", @@ -2876,7 +2876,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) if( ssl_check_server_ecdh_params( ssl ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); } #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) @@ -3006,8 +3006,8 @@ start_processing: mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } } /* FALLTROUGH */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ @@ -3032,7 +3032,7 @@ start_processing: ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } } else @@ -3051,7 +3051,7 @@ start_processing: ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } } else @@ -3072,7 +3072,7 @@ start_processing: ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } } else @@ -3090,8 +3090,8 @@ start_processing: mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } } else @@ -3129,7 +3129,7 @@ start_processing: ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } if( pk_alg != @@ -3141,7 +3141,7 @@ start_processing: ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } } else @@ -3162,7 +3162,7 @@ start_processing: ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } sig_len = ( p[0] << 8 ) | p[1]; p += 2; @@ -3174,7 +3174,7 @@ start_processing: ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len ); @@ -3363,7 +3363,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )]; n = cert_type_len; @@ -3383,7 +3383,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* supported_signature_algorithms */ @@ -3418,7 +3418,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } #if defined(MBEDTLS_DEBUG_C) @@ -3445,7 +3445,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } exit: @@ -3479,7 +3479,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ssl->state++; @@ -4128,7 +4128,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); @@ -4143,7 +4143,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) ); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0fa206b592..11896ca740 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -3112,16 +3112,16 @@ static int ssl_check_dtls_clihlo_cookie( in[3] != 0 || in[4] != 0 || in[19] != 0 || in[20] != 0 || in[21] != 0 ) { - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } sid_len = in[59]; if( sid_len > in_len - 61 ) - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); cookie_len = in[60 + sid_len]; if( cookie_len > in_len - 60 ) - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); if( f_cookie_check( p_cookie, in + sid_len + 61, cookie_len, cli_id, cli_id_len ) == 0 ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ab6d2d5c03..ad98850f06 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -91,7 +91,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } servername_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); if( servername_list_size + 2 != len ) @@ -99,7 +99,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } p = buf + 2; @@ -111,7 +111,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( p[0] == MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME ) @@ -123,7 +123,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "ssl_sni_wrapper", ret ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME ); } return( 0 ); } @@ -136,8 +136,8 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } return( 0 ); @@ -202,7 +202,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } } else @@ -213,7 +213,7 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; @@ -253,7 +253,7 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); if( sig_alg_list_size + 2 != len || @@ -262,7 +262,7 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Currently we only guarantee signing the ServerKeyExchange message according @@ -327,7 +327,7 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } list_size = ( ( buf[0] << 8 ) | ( buf[1] ) ); if( list_size + 2 != len || @@ -336,7 +336,7 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Should never happen unless client duplicates the extension */ @@ -344,8 +344,8 @@ static int ssl_parse_supported_elliptic_curves( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } /* Don't allow our peer to make us allocate too much memory, @@ -393,7 +393,7 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } list_size = buf[0]; @@ -462,7 +462,7 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } ssl->session_negotiate->mfl_code = buf[0]; @@ -484,7 +484,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } /* @@ -500,8 +500,8 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } peer_cid_len = *buf++; @@ -511,8 +511,8 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Ignore CID if the user has disabled its use. */ @@ -529,7 +529,7 @@ static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; @@ -553,7 +553,7 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ((void) buf); @@ -577,7 +577,7 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ((void) buf); @@ -690,7 +690,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } list_len = ( buf[0] << 8 ) | buf[1]; @@ -698,7 +698,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -715,7 +715,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Empty strings MUST NOT be included */ @@ -723,7 +723,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } } @@ -749,7 +749,7 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, /* If we get there, no match was found */ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -793,8 +793,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, if( len < size_of_lengths ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET; @@ -808,8 +808,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, profile_length % 2 != 0 ) /* profiles are 2 bytes long, so the length must be even */ { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* * parse the extension list values are defined in @@ -853,8 +853,8 @@ static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl, mki_length + profile_length + size_of_lengths != len ) { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Parse the mki only if present and mki is supported locally */ @@ -1183,7 +1183,7 @@ read_record_header: if( buf[0] != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, message len.: %d", @@ -1201,7 +1201,7 @@ read_record_header: if( major < MBEDTLS_SSL_MAJOR_VERSION_3 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION ); } /* For DTLS if this is the initial handshake, remember the client sequence @@ -1217,7 +1217,7 @@ read_record_header: if( ssl->in_ctr[0] != 0 || ssl->in_ctr[1] != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 ); @@ -1251,7 +1251,7 @@ read_record_header: if( msg_len > MBEDTLS_SSL_IN_CONTENT_LEN ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } if( ( ret = mbedtls_ssl_fetch_input( ssl, @@ -1287,7 +1287,7 @@ read_record_header: if( msg_len < mbedtls_ssl_hs_hdr_len( ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake type: %d", buf[0] ) ); @@ -1295,7 +1295,7 @@ read_record_header: if( buf[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, handshake len.: %d", @@ -1306,7 +1306,7 @@ read_record_header: msg_len != mbedtls_ssl_hs_hdr_len( ssl ) + ( ( buf[2] << 8 ) | buf[3] ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -1328,7 +1328,7 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: " "%u (expected %u)", cli_msg_seq, ssl->handshake->in_msg_seq ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ssl->handshake->in_msg_seq++; @@ -1382,7 +1382,7 @@ read_record_header: if( msg_len < 38 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -1405,7 +1405,7 @@ read_record_header: ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); + return( MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION ); } if( ssl->major_ver > ssl->conf->max_major_ver ) @@ -1434,7 +1434,7 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len ); @@ -1458,8 +1458,8 @@ read_record_header: { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie", @@ -1493,7 +1493,7 @@ read_record_header: { /* This may be an attacker's probe, so don't send an alert */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_MSG( 2, ( "cookie verification skipped" ) ); @@ -1518,7 +1518,7 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, ciphersuitelist", @@ -1538,7 +1538,7 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, compression", @@ -1561,7 +1561,7 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ext_len = ( buf[ext_offset + 0] << 8 ) @@ -1572,7 +1572,7 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } } else @@ -1589,7 +1589,7 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } ext_id = ( ( ext[0] << 8 ) | ( ext[1] ) ); ext_size = ( ( ext[2] << 8 ) | ( ext[3] ) ); @@ -1599,7 +1599,7 @@ read_record_header: MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } switch( ext_id ) { @@ -1785,7 +1785,7 @@ read_record_header: "during renegotiation" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } #endif ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION; @@ -1830,7 +1830,7 @@ read_record_header: { mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } /* @@ -1885,14 +1885,14 @@ read_record_header: "but none of them usable" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } else { MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ciphersuites in common" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } have_ciphersuite: @@ -3062,7 +3062,7 @@ curve_matching_done: if( curve == NULL || *curve == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) ); - return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDHE curve: %s", (*curve)->name ) ); @@ -3398,7 +3398,7 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * if( *p + 2 > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } n = ( (*p)[0] << 8 ) | (*p)[1]; @@ -3407,13 +3407,13 @@ static int ssl_parse_client_dh_public( mbedtls_ssl_context *ssl, unsigned char * if( *p + n > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ( ret = mbedtls_dhm_read_public( &ssl->handshake->dhm_ctx, *p, n ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } *p += n; @@ -3475,20 +3475,20 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if ( p + 2 > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( *p++ != ( ( len >> 8 ) & 0xFF ) || *p++ != ( ( len ) & 0xFF ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } #endif if( p + len != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -3649,7 +3649,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha if( end - *p < 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } n = ( (*p)[0] << 8 ) | (*p)[1]; @@ -3658,7 +3658,7 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha if( n == 0 || n > end - *p ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ssl->conf->f_psk != NULL ) @@ -3727,13 +3727,13 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) @@ -3748,7 +3748,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, @@ -3758,7 +3758,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K ); @@ -3778,7 +3778,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) p, end - p) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, @@ -3791,7 +3791,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, @@ -3814,7 +3814,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -3899,7 +3899,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( p != end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, @@ -3924,7 +3924,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) p, end - p ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -3964,7 +3964,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); - return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx, @@ -4070,7 +4070,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } i = mbedtls_ssl_hs_hdr_len( ssl ); @@ -4098,7 +4098,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( i + 2 > ssl->in_hslen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -4110,7 +4110,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" " for verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #if !defined(MBEDTLS_MD_SHA1) @@ -4131,7 +4131,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" " for verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } /* @@ -4140,7 +4140,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } i++; @@ -4155,7 +4155,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( i + 2 > ssl->in_hslen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; @@ -4164,7 +4164,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( i + sig_len != ssl->in_hslen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Calculate hash and verify signature */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1396400ceb..1cfda4a081 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1855,13 +1855,19 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE || - ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) + if( ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + if( ssl->in_hslen < mbedtls_ssl_hs_hdr_len( ssl ) + 3 + 3 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } i = mbedtls_ssl_hs_hdr_len( ssl ); @@ -1877,7 +1883,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Make &ssl->in_msg[i] point to the beginning of the CRT chain. */ @@ -1892,7 +1898,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* In theory, the CRT can be up to 2**24 Bytes, but we don't support * anything beyond 2**16 ~ 64K. */ @@ -1901,8 +1907,8 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT ); + return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); } /* Read length of the next CRT in the chain. */ @@ -1916,7 +1922,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Check if we're handling the first CRT in the chain. */ @@ -1938,7 +1944,7 @@ static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ); + return( MBEDTLS_ERR_SSL_BAD_CERTIFICATE ); } /* Now we can safely free the original chain. */ @@ -2148,7 +2154,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (EC key curve)" ) ); if( ret == 0 ) - ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; + ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; } } #endif /* MBEDTLS_ECP_C */ @@ -2160,7 +2166,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate (usage extensions)" ) ); if( ret == 0 ) - ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE; + ret = MBEDTLS_ERR_SSL_BAD_CERTIFICATE; } /* mbedtls_x509_crt_verify_with_profile is supposed to report a @@ -2171,7 +2177,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, * ssl_parse_certificate even if verification was optional. */ if( authmode == MBEDTLS_SSL_VERIFY_OPTIONAL && ( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED || - ret == MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE ) ) + ret == MBEDTLS_ERR_SSL_BAD_CERTIFICATE ) ) { ret = 0; } @@ -2903,13 +2909,19 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) hash_len = 12; - if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED || - ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) + if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ) + { + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); + } + + if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ), @@ -2917,8 +2929,8 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED ); + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } #if defined(MBEDTLS_SSL_RENEGOTIATION) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index da5854e8e2..0729755f0e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -257,8 +257,7 @@ requires_ciphersuite_enabled() { # maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...] # If CMD (call to a TLS client or server program) requires a specific # ciphersuite, arrange to only run the test case if this ciphersuite is -# enabled. As an exception, do run the test case if it expects a ciphersuite -# mismatch. +# enabled. maybe_requires_ciphersuite_enabled() { case "$1" in *\ force_ciphersuite=*) :;; @@ -268,15 +267,7 @@ maybe_requires_ciphersuite_enabled() { ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}" shift - case "$*" in - *"-s SSL - The server has no ciphersuites in common"*) - # This test case expects a ciphersuite mismatch, so it doesn't - # require the ciphersuite to be enabled. - ;; - *) - requires_ciphersuite_enabled "$ciphersuite" - ;; - esac + requires_ciphersuite_enabled "$ciphersuite" unset ciphersuite } @@ -5132,7 +5123,7 @@ run_test "PSK callback: psk, no callback" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123" \ 0 \ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5146,7 +5137,7 @@ run_test "PSK callback: opaque psk on client, no callback" \ -S "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5160,7 +5151,7 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ -S "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5174,7 +5165,7 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \ -S "skip PMS generation for opaque PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5188,7 +5179,7 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ -S "skip PMS generation for opaque PSK"\ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5202,7 +5193,7 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5216,7 +5207,7 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5231,7 +5222,7 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -s "session hash for extended master secret"\ -C "skip PMS generation for opaque PSK"\ -s "skip PMS generation for opaque PSK"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5246,7 +5237,7 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba -s "session hash for extended master secret"\ -C "skip PMS generation for opaque PSK"\ -s "skip PMS generation for opaque PSK"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5260,7 +5251,7 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5274,7 +5265,7 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5289,7 +5280,7 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -s "session hash for extended master secret"\ -C "skip PMS generation for opaque PSK"\ -s "skip PMS generation for opaque PSK"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5304,7 +5295,7 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS -s "session hash for extended master secret"\ -C "skip PMS generation for opaque PSK"\ -s "skip PMS generation for opaque PSK"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5318,7 +5309,7 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5332,7 +5323,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s -s "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5345,7 +5336,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s -C "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5358,7 +5349,7 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s -C "skip PMS generation for opaque PSK"\ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5375,7 +5366,7 @@ run_test "PSK callback: no psk, no callback" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123" \ 1 \ - -s "SSL - None of the common ciphersuites is usable" \ + -s "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5384,7 +5375,7 @@ run_test "PSK callback: callback overrides other settings" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=foo psk=abc123" \ 1 \ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -s "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5393,7 +5384,7 @@ run_test "PSK callback: first id matches" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=abc psk=dead" \ 0 \ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5402,7 +5393,7 @@ run_test "PSK callback: second id matches" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5411,7 +5402,7 @@ run_test "PSK callback: no match" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=ghi psk=beef" \ 1 \ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -s "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" @@ -5420,7 +5411,7 @@ run_test "PSK callback: wrong key" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=abc psk=beef" \ 1 \ - -S "SSL - None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -s "SSL - Verification of the message MAC failed" @@ -5438,7 +5429,7 @@ run_test "ECJPAKE: client not configured" \ -S "ciphersuite mismatch: ecjpake not configured" \ -S "server hello, ecjpake kkpp extension" \ -C "found ecjpake_kkpp extension" \ - -S "None of the common ciphersuites is usable" + -S "SSL - The handshake negotiation failed" requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: server not configured" \ @@ -5453,7 +5444,7 @@ run_test "ECJPAKE: server not configured" \ -s "ciphersuite mismatch: ecjpake not configured" \ -S "server hello, ecjpake kkpp extension" \ -C "found ecjpake_kkpp extension" \ - -s "None of the common ciphersuites is usable" + -s "SSL - The handshake negotiation failed" requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: working, TLS" \ @@ -5469,11 +5460,11 @@ run_test "ECJPAKE: working, TLS" \ -S "ciphersuite mismatch: ecjpake not configured" \ -s "server hello, ecjpake kkpp extension" \ -c "found ecjpake_kkpp extension" \ - -S "None of the common ciphersuites is usable" \ + -S "SSL - The handshake negotiation failed" \ -S "SSL - Verification of the message MAC failed" server_needs_more_time 1 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: password mismatch, TLS" \ "$P_SRV debug_level=3 ecjpake_pw=bla" \ "$P_CLI debug_level=3 ecjpake_pw=bad \ @@ -5482,7 +5473,7 @@ run_test "ECJPAKE: password mismatch, TLS" \ -C "re-using cached ecjpake parameters" \ -s "SSL - Verification of the message MAC failed" -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: working, DTLS" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ @@ -5491,7 +5482,7 @@ run_test "ECJPAKE: working, DTLS" \ -c "re-using cached ecjpake parameters" \ -S "SSL - Verification of the message MAC failed" -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: working, DTLS, no cookie" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ @@ -5501,7 +5492,7 @@ run_test "ECJPAKE: working, DTLS, no cookie" \ -S "SSL - Verification of the message MAC failed" server_needs_more_time 1 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: password mismatch, DTLS" \ "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ @@ -5511,7 +5502,7 @@ run_test "ECJPAKE: password mismatch, DTLS" \ -s "SSL - Verification of the message MAC failed" # for tests with configs/config-thread.h -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED run_test "ECJPAKE: working, DTLS, nolog" \ "$P_SRV dtls=1 ecjpake_pw=bla" \ "$P_CLI dtls=1 ecjpake_pw=bla \ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d5123fac19..98ed11fd44 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1842,7 +1842,7 @@ void perform_handshake( handshake_test_options* options ) if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE ) { - expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; + expected_handshake_result = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; } TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl),