diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 765fd42f8..31f294f70 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -100,6 +100,7 @@ * ECP 4 10 (Started from top) * MD 5 5 * HKDF 5 1 (Started from top) + * SSL 5 1 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) * SSL 7 32 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d435a694b..df620692f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -123,6 +123,7 @@ #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */ #define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */ +#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */ #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */ /* @@ -2179,6 +2180,9 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed. * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data + * was generated in a different version or configuration of + * Mbed TLS. * \return Another negative value for other kinds of errors (for * example, unsupported features in the embedded certificate). */ diff --git a/library/error.c b/library/error.c index 0a9baebb2..546fa49df 100644 --- a/library/error.c +++ b/library/error.c @@ -525,6 +525,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that a message arrived early" ); if( use_ret == -(MBEDTLS_ERR_SSL_UNEXPECTED_CID) ) mbedtls_snprintf( buf, buflen, "SSL - An encrypted DTLS-frame with an unexpected CID was received" ); + if( use_ret == -(MBEDTLS_ERR_SSL_VERSION_MISMATCH) ) + mbedtls_snprintf( buf, buflen, "SSL - An operation failed due to an unexpected version or configuration" ); if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) ) mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" ); #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cc4217171..39ee494eb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -9088,8 +9088,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( memcmp( p, ssl_serialized_session_header, sizeof( ssl_serialized_session_header ) ) != 0 ) { - /* A more specific error code might be used here. */ - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_SSL_VERSION_MISMATCH ); } p += sizeof( ssl_serialized_session_header ); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a848455a6..65f585274 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -905,7 +905,7 @@ void ssl_session_serialize_version_check( int corrupt_major, TEST_ASSERT( mbedtls_ssl_session_load( &session, serialized_session, serialized_session_len ) == - MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + MBEDTLS_ERR_SSL_VERSION_MISMATCH ); /* Undo the change */ *byte ^= corrupted_bit;