diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h index 5a9d536b9..1008b2d21 100644 --- a/library/ssl_tls13_invasive.h +++ b/library/ssl_tls13_invasive.h @@ -46,7 +46,7 @@ * pseudorandom key in \p prk. * * \return 0 on success. - * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid. + * \return #PSA_ERROR_INVALID_ARGUMENT when the parameters are invalid. * \return An PSA_ERROR_* error for errors returned from the underlying * PSA layer. */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 429d1241c..aee2a8565 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -148,7 +148,7 @@ psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg, unsigned char null_salt[PSA_MAC_MAX_SIZE] = { '\0' }; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + psa_status_t ret = PSA_ERROR_CORRUPTION_DETECTED; if( salt == NULL || salt_len == 0 ) { @@ -156,14 +156,14 @@ psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg, if( salt_len != 0 ) { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + return( PSA_ERROR_INVALID_ARGUMENT ); } hash_len = PSA_HASH_LENGTH( alg ); if( hash_len == 0 ) { - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + return( PSA_ERROR_INVALID_ARGUMENT ); } salt = null_salt; diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 9e189a335..0c6e3133e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -4421,7 +4421,7 @@ depends_on:PSA_WANT_ALG_SHA_1 psa_hkdf_extract:PSA_ALG_HMAC(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd" SSL TLS 1.3 Key schedule: HKDF extract fails with wrong hash alg -psa_hkdf_extract_ret:0:MBEDTLS_ERR_SSL_BAD_INPUT_DATA +psa_hkdf_extract_ret:0:PSA_ERROR_INVALID_ARGUMENT SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #1 Expand depends_on:PSA_WANT_ALG_SHA_256