fix: add S2N_ERR_ILLEGAL_PARAMETER error and alert mapping #5564
+8
−6
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Introduce a new error code S2N_ERR_ILLEGAL_PARAMETER to distinguish between unexpected message types (S2N_ERR_BAD_MESSAGE) and invalid message content. This improves TLS alert compliance by mapping the new error to S2N_TLS_ALERT_ILLEGAL_PARAMETER.
Changes:
add S2N_ERR_ILLEGAL_PARAMETER to error enum in s2n_errno.h,add error description in s2n_errno.c,map S2N_ERR_ILLEGAL_PARAMETER to S2N_TLS_ALERT_ILLEGAL_PARAMETER
This resolves the TODO comment about incomplete alert mappings
Release Summary:
Introduces a new error code S2N_ERR_ILLEGAL_PARAMETER for TLS alert compliance by distinguishing b/w unexpected message types and invalid message content in accordance with RFC specifications
Resolved issues:
Partially addresses the TODO comments in tls/s2n_alerts.c regarding incomplete error-to-alert mappings.
Description of changes:
Describe s2n’s current behavior and how your code changes that behavior. If there are no issues this PR is resolving, explain why this change is necessary.
Call-outs:
Address any potentially confusing code. Is there code added that needs to be cleaned up later? Is there code that is missing because it’s still in development? If a callout is specific to a section of code, it might make more sense to leave a comment on your own PR file diff.
Testing:
Code compiles without syntax errors, verified error enum ordering is correct (added after S2N_ERR_BAD_MESSAGE in S2N_ERR_T_PROTO category)
Remember:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.