From 6c780469609da63915ec9930efb2a8ee0985799c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:35:50 +0100 Subject: [PATCH] Remove uses of MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH The error code MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH is only returned from the internal function ``` mbedtls_ssl_set_calc_verify_md() ``` Moreover, at every call-site of this function, it is only checked whether the return value is 0 or not, while the exact return value is irrelevant. The behavior the library is therefore unchanged if we return 1 instead of MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH in `mbedtls_ssl_set_calc_verify_md()`. This commit makes this change. Signed-off-by: Hanno Becker --- library/ssl_tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 422df9944c..aceeb45dff 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6998,14 +6998,14 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + return( 1 ); switch( md ) { #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + return( 1 ); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: @@ -7024,7 +7024,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) break; #endif default: - return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + return( 1 ); } return 0; @@ -7032,7 +7032,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) (void) ssl; (void) md; - return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + return( 1 ); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ }