From 91e1cc3bd7dcfe89dd0c9c2d6ad7041f839c5c31 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:28:49 +0100 Subject: [PATCH] Remove MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE error code This error is used when the output buffer isn't large enough to hold our own certificate. In the interest of cleaning up the error space for 3.0, this commit removes MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE and replaces its single use by MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL. Signed-off-by: Hanno Becker --- include/mbedtls/error.h | 4 ++-- include/mbedtls/ssl.h | 2 +- library/error.c | 2 -- library/ssl_tls.c | 2 +- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 591692761e..c219d672e9 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -107,8 +107,8 @@ * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) - * SSL 7 30 (Started from 0x7080, gaps at - * 0x7300, 0x7800) + * SSL 7 29 (Started from 0x7080, gaps at + * 0x7300, 0x7500, 0x7800) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2dd6cc4551..107a40ea88 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -71,7 +71,7 @@ #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */ #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ -#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */ +/* NOTE: Error space gap */ #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */ #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */ #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ diff --git a/library/error.c b/library/error.c index 1b050df3de..039e7be5b9 100644 --- a/library/error.c +++ b/library/error.c @@ -380,8 +380,6 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - No RNG was provided to the SSL module" ); case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE): return( "SSL - No client certification received from the client, but required by the authentication mode" ); - case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE): - return( "SSL - Our own certificate(s) is/are too large to send in an SSL message" ); case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED): return( "SSL - The own certificate is not set, but needed by the server" ); case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED): diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 75faf22adf..422df9944c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1964,7 +1964,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET, i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } ssl->out_msg[i ] = (unsigned char)( n >> 16 );