From d8562b5e467fea689dbec8cda76b9bddd458b378 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH] Add error condition for bad user configurations This commit adds an error condition for bad user configurations and updates the number of SSL module errors in error.h. Signed-off-by: Ronald Cron --- include/mbedtls/error.h | 1 + include/mbedtls/ssl.h | 1 + library/error.c | 2 ++ 3 files changed, 4 insertions(+) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index ef22bc684..35f4531c1 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -94,6 +94,7 @@ * RSA 4 11 * ECP 4 9 (Started from top) * MD 5 5 + * SSL 5 1 (Started from 0x5E80) * CIPHER 6 8 * SSL 6 17 (Started from top) * SSL 7 31 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4d9227463..2c0c4dd9a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -110,6 +110,7 @@ #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ +#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */ /* * Various constants diff --git a/library/error.c b/library/error.c index 85bc6ac4d..9e46bf891 100644 --- a/library/error.c +++ b/library/error.c @@ -495,6 +495,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "SSL - The alert message received indicates a non-fatal error" ); if( use_ret == -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH) ) mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" ); + if( use_ret == -(MBEDTLS_ERR_SSL_BAD_CONFIG) ) + mbedtls_snprintf( buf, buflen, "SSL - Invalid value in SSL config" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)