TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 530c423ad257f187b35b9de841c2dd79529d2cee^! / . / library / ssl_tls13_generic.c
commit530c423ad257f187b35b9de841c2dd79529d2cee[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Oct 02 15:37:23 2023 +0200
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Oct 02 15:42:11 2023 +0200
treeb42729d8860b06ee5cdf132fd21ed04d14323c6d
parent6dd5b9a60c2d6f483c30f9b010f663dd63394451 [diff] [blame]
Improve some debug messages and error codes

On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.

On error paths, emit a level-1 debug message. Report the offending sizes.

Downgrade an informational message's level to 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index dc88c4f..7072677 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c

@@ -1518,6 +1518,9 @@
 
     /* Store peer's ECDH/FFDH public key. */
     if (peerkey_len > sizeof(handshake->xxdh_psa_peerkey)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Invalid public key length: %u > %" MBEDTLS_PRINTF_SIZET,
+                                  (unsigned) peerkey_len,
+                                  sizeof(handshake->xxdh_psa_peerkey)));
         return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
     }
     memcpy(handshake->xxdh_psa_peerkey, p, peerkey_len);