Make SSL error code more generic
It's undesirable to have users of the SSL layer check for an error code specific to a lower-level layer, both out of general layering principles, and also because if we later make another crypto module gain resume capabilities, we would need to change the contract again (checking for a new module-specific error code).
This commit is contained in:
parent
b5d668a7a7
commit
558da9c3fe
6 changed files with 34 additions and 11 deletions
|
@ -90,7 +90,7 @@
|
||||||
* ECP 4 10 (Started from top)
|
* ECP 4 10 (Started from top)
|
||||||
* MD 5 5
|
* MD 5 5
|
||||||
* CIPHER 6 8
|
* CIPHER 6 8
|
||||||
* SSL 6 17 (Started from top)
|
* SSL 6 22 (Started from top)
|
||||||
* SSL 7 31
|
* SSL 7 31
|
||||||
*
|
*
|
||||||
* Module dependent error code (5 bits 0x.00.-0x.F8.)
|
* Module dependent error code (5 bits 0x.00.-0x.F8.)
|
||||||
|
|
|
@ -120,6 +120,7 @@
|
||||||
#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */
|
#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */
|
||||||
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
|
#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */
|
||||||
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
|
#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */
|
||||||
|
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x6500 /**< A cryptographic operation is in progress. Try again later. */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Various constants
|
* Various constants
|
||||||
|
|
|
@ -499,6 +499,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
||||||
mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" );
|
mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" );
|
||||||
if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) )
|
if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) )
|
||||||
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
|
mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
|
||||||
|
if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) )
|
||||||
|
mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" );
|
||||||
#endif /* MBEDTLS_SSL_TLS_C */
|
#endif /* MBEDTLS_SSL_TLS_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||||
|
|
|
@ -2055,6 +2055,10 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
|
||||||
(const unsigned char **) p, end ) ) != 0 )
|
(const unsigned char **) p, end ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
|
||||||
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
|
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||||
|
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||||
|
#endif
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2619,6 +2623,10 @@ start_processing:
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
|
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
|
||||||
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
|
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||||
|
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||||
|
#endif
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2933,6 +2941,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
|
||||||
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
|
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||||
|
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||||
|
#endif
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2956,6 +2968,10 @@ ecdh_calc_secret:
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
|
||||||
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
|
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||||
|
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||||
|
#endif
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3313,6 +3329,10 @@ sign:
|
||||||
ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
|
ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
|
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
|
||||||
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
|
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||||
|
ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
|
||||||
|
#endif
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4683,7 +4683,7 @@ crt_verify:
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
|
||||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
||||||
return( ret );
|
return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -1516,7 +1516,7 @@ int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
||||||
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
|
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
|
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
|
||||||
-ret );
|
-ret );
|
||||||
|
@ -1533,7 +1533,7 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
continue;
|
continue;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1630,7 +1630,7 @@ int main( int argc, char *argv[] )
|
||||||
{
|
{
|
||||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
||||||
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
|
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
|
mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
|
||||||
ret );
|
ret );
|
||||||
|
@ -1695,7 +1695,7 @@ send_request:
|
||||||
{
|
{
|
||||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
||||||
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
|
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
|
mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
|
||||||
-ret );
|
-ret );
|
||||||
|
@ -1721,7 +1721,7 @@ send_request:
|
||||||
ret = mbedtls_ssl_write( &ssl, buf, len );
|
ret = mbedtls_ssl_write( &ssl, buf, len );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
continue;
|
continue;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1779,7 +1779,7 @@ send_request:
|
||||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
continue;
|
continue;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1844,7 +1844,7 @@ send_request:
|
||||||
ret = mbedtls_ssl_read( &ssl, buf, len );
|
ret = mbedtls_ssl_read( &ssl, buf, len );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
||||||
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
|
if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
continue;
|
continue;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -1911,7 +1911,7 @@ send_request:
|
||||||
{
|
{
|
||||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
||||||
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
|
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
|
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
|
||||||
-ret );
|
-ret );
|
||||||
|
@ -2010,7 +2010,7 @@ reconnect:
|
||||||
{
|
{
|
||||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
|
||||||
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
|
||||||
ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
|
ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
|
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
|
||||||
-ret );
|
-ret );
|
||||||
|
|
Loading…
Reference in a new issue