diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 63a529f1c8..d64f0d097e 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -102,8 +102,8 @@ * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) - * SSL 7 26 (Started from 0x7080, gaps at - * 0x7500-0x7580, 0x7B80-0x7D00) + * SSL 7 25 (Started from 0x7080, gaps at + * 0x7500-0x7580, 0x7B80-0x7D80) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6ee4cd8be2..85c3649f1b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -89,7 +89,7 @@ /* Error space gap */ /* Error space gap */ /* Error space gap */ -#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */ +/* Error space gap */ #define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */ #define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00 /**< Memory allocation failed */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index b667d016c8..c6749af3b0 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4061,7 +4061,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) ssl->in_msg[0] != MBEDTLS_SSL_HS_CERTIFICATE_VERIFY ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } i = mbedtls_ssl_hs_hdr_len( ssl ); @@ -4089,7 +4089,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( i + 2 > ssl->in_hslen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* @@ -4101,7 +4101,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" " for verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } #if !defined(MBEDTLS_MD_SHA1) @@ -4122,7 +4122,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg" " for verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } /* @@ -4131,7 +4131,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } i++; @@ -4146,7 +4146,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( i + 2 > ssl->in_hslen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } sig_len = ( ssl->in_msg[i] << 8 ) | ssl->in_msg[i+1]; @@ -4155,7 +4155,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) if( i + sig_len != ssl->in_hslen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) ); - return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } /* Calculate hash and verify signature */