Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-24 10:27:37 +01:00 · 2021-06-24 10:27:37 +01:00 · a0ca87eb68
commit a0ca87eb68
parent d200296f17
3 changed files with 14 additions and 8 deletions
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@ -102,8 +102,8 @@
 * SSL       5   2 (Started from 0x5F00)
 * CIPHER    6   8 (Started from 0x6080)
 * SSL       6   24 (Started from top, plus 0x6000)
- * SSL       7   24 (Started from 0x7080, gaps at
- *                   0x7500-0x7580, 0x7B80-0x7E00)
+ * SSL       7   23 (Started from 0x7080, gaps at
+ *                   0x7500-0x7580, 0x7B80-0x7E80)
 *
 * Module dependent error code (5 bits 0x.00.-0x.F8.)
 */
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -91,7 +91,7 @@
 /* Error space gap */
 /* Error space gap */
 /* Error space gap */
-#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED                   -0x7E80  /**< Processing of the Finished handshake message failed. */
+/* Error space gap */
 #define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  /**< Memory allocation failed */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  /**< Hardware acceleration function returned with error */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2903,13 +2903,19 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )

    hash_len = 12;

-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
-        ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
+    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED  )
+    {
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    if( ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
    }

    if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
@ -2917,8 +2923,8 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl )
    {
        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
+                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
    }

 #if defined(MBEDTLS_SSL_RENEGOTIATION)