You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Context: The error code MBEDTLS_ERR_SSL_INTERNAL_ERROR is (to my understanding) meant to be used solely for internal assertion failures only which double-check what should unconditionally hold regardless of API (mis-)use or malformed data received from the peer. In particular, to the best of our knowledge, we should be able to remove all of these checks without compromising the security of the library.
Issue:
Sometimes we do use MBEDTLS_ERR_SSL_INTERNAL_ERROR for things that can be triggered by malformed input. One example is here which would be triggered if a peer sent a datagram containing a valid record, followed by a single overhead byte. We should go through all uses of MBEDTLS_ERR_SSL_INTERNAL_ERROR and verify that they are indeed assertion failures, and if not, replace them by appropriate and expressive error codes.
Most of the time we just print should never happen for internal assertion failures - we should have more expressive error messages.
The text was updated successfully, but these errors were encountered:
Most of the time we just print should never happen for internal assertion failures - we should have more expressive error messages.
I'm not sure I agree with that point. Once the first point has been fixed, these messages should never ever be seen by anybody, except sometimes ourselves during development/debugging, so I don't think it's worth spending time to enhance them. The file and line number already give us all the information we need to know what instance of "should never happen" it is.
Context: The error code
MBEDTLS_ERR_SSL_INTERNAL_ERROR
is (to my understanding) meant to be used solely for internal assertion failures only which double-check what should unconditionally hold regardless of API (mis-)use or malformed data received from the peer. In particular, to the best of our knowledge, we should be able to remove all of these checks without compromising the security of the library.Issue:
MBEDTLS_ERR_SSL_INTERNAL_ERROR
for things that can be triggered by malformed input. One example is here which would be triggered if a peer sent a datagram containing a valid record, followed by a single overhead byte. We should go through all uses ofMBEDTLS_ERR_SSL_INTERNAL_ERROR
and verify that they are indeed assertion failures, and if not, replace them by appropriate and expressive error codes.should never happen
for internal assertion failures - we should have more expressive error messages.The text was updated successfully, but these errors were encountered: