commit a0ca87eb68cda0d9e20644a4c81ec38f70e51690
author Hanno Becker <hanno.becker@arm.com> Thu Jun 24 10:27:37 2021 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Mon Jun 28 12:35:07 2021 +0100
tree d6ee1b752036f34736efedd585683df0c5f81db6
parent d200296f17b65a5a0ba275cdcdaa90fb9022ad68

Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

include/mbedtls/error.h

diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 6ba280a..5446514 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -102,8 +102,8 @@
  * SSL       5   2 (Started from 0x5F00)
  * CIPHER    6   8 (Started from 0x6080)
  * SSL       6   24 (Started from top, plus 0x6000)
- * SSL       7   24 (Started from 0x7080, gaps at
- *                   0x7500-0x7580, 0x7B80-0x7E00)
+ * SSL       7   23 (Started from 0x7080, gaps at
+ *                   0x7500-0x7580, 0x7B80-0x7E80)
  *
  * Module dependent error code (5 bits 0x.00.-0x.F8.)
  */

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index d8d7f57..2751aa2 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -91,7 +91,7 @@
 /* Error space gap */
 /* Error space gap */
 /* Error space gap */
-#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED                   -0x7E80  /**< Processing of the Finished handshake message failed. */
+/* Error space gap */
 #define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  /**< Memory allocation failed */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  /**< Hardware acceleration function returned with error */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1396400..d116582 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2903,13 +2903,19 @@
 
     hash_len = 12;
 
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED ||
-        ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
+    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_FINISHED  )
+    {
+        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+                                        MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
+    if( ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) + hash_len )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
         mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                         MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
+        return( MBEDTLS_ERR_SSL_DECODE_ERROR );
     }
 
     if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
@@ -2917,8 +2923,8 @@
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
         mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
+                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+        return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
     }
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)