diff --git a/library/ssl_cli.c b/library/ssl_cli.c index c3c28c703..0a1fce8ff 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2328,9 +2328,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, &peer_pk ); if( ret != 0 ) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret ); + return( ret ); } } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -2472,9 +2471,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) &peer_pk ); if( ret != 0 ) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret ); + return( ret ); } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ @@ -2822,9 +2820,8 @@ start_processing: &peer_pk ); if( ret != 0 ) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret ); + return( ret ); } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 1e3c6fa5c..9e15f756a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -815,7 +815,10 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, int ret; ret = mbedtls_x509_crt_pk_acquire( cur->cert, &pk ); if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret ); return( ret ); + } } #else /* Outside of ASYNC_PRIVATE, use private key context directly @@ -877,7 +880,10 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl, mbedtls_x509_crt_frame const *frame; ret = mbedtls_x509_crt_frame_acquire( cur->cert, &frame ); if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_frame_acquire", ret ); return( ret ); + } sig_md = frame->sig_md; mbedtls_x509_crt_frame_release( cur->cert ); } @@ -2999,7 +3005,10 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) mbedtls_x509_crt_frame const *frame; ret = mbedtls_x509_crt_frame_acquire( crt, &frame ); if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_frame_acquire", ret ); return( ret ); + } dn_size = frame->subject_raw.len; @@ -4247,9 +4256,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) &peer_pk ); if( ret != 0 ) { - /* Should never happen */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret ); + return( ret ); } } #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 560ef4c07..f1075cbf1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6507,7 +6507,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, mbedtls_pk_context *pk; ret = mbedtls_x509_crt_pk_acquire( chain, &pk ); if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret ); return( ret ); + } /* If certificate uses an EC key, make sure the curve is OK */ if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )