e9c6dfa3c01a7913d1d278f751bc32f342f61aa1
[BearSSL] / errors.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <errno.h>
30
31 #include "brssl.h"
32 #include "bearssl.h"
33
34 static struct {
35 int err;
36 const char *name;
37 const char *comment;
38 } errors[] = {
39 {
40 BR_ERR_BAD_PARAM,
41 "BR_ERR_BAD_PARAM",
42 "Caller-provided parameter is incorrect."
43 }, {
44 BR_ERR_BAD_STATE,
45 "BR_ERR_BAD_STATE",
46 "Operation requested by the caller cannot be applied with"
47 " the current context state (e.g. reading data while"
48 " outgoing data is waiting to be sent)."
49 }, {
50 BR_ERR_UNSUPPORTED_VERSION,
51 "BR_ERR_UNSUPPORTED_VERSION",
52 "Incoming protocol or record version is unsupported."
53 }, {
54 BR_ERR_BAD_VERSION,
55 "BR_ERR_BAD_VERSION",
56 "Incoming record version does not match the expected version."
57 }, {
58 BR_ERR_BAD_LENGTH,
59 "BR_ERR_BAD_LENGTH",
60 "Incoming record length is invalid."
61 }, {
62 BR_ERR_TOO_LARGE,
63 "BR_ERR_TOO_LARGE",
64 "Incoming record is too large to be processed, or buffer"
65 " is too small for the handshake message to send."
66 }, {
67 BR_ERR_BAD_MAC,
68 "BR_ERR_BAD_MAC",
69 "Decryption found an invalid padding, or the record MAC is"
70 " not correct."
71 }, {
72 BR_ERR_NO_RANDOM,
73 "BR_ERR_NO_RANDOM",
74 "No initial entropy was provided, and none can be obtained"
75 " from the OS."
76 }, {
77 BR_ERR_UNKNOWN_TYPE,
78 "BR_ERR_UNKNOWN_TYPE",
79 "Incoming record type is unknown."
80 }, {
81 BR_ERR_UNEXPECTED,
82 "BR_ERR_UNEXPECTED",
83 "Incoming record or message has wrong type with regards to"
84 " the current engine state."
85 }, {
86 BR_ERR_BAD_CCS,
87 "BR_ERR_BAD_CCS",
88 "ChangeCipherSpec message from the peer has invalid contents."
89 }, {
90 BR_ERR_BAD_ALERT,
91 "BR_ERR_BAD_ALERT",
92 "Alert message from the peer has invalid contents"
93 " (odd length)."
94 }, {
95 BR_ERR_BAD_HANDSHAKE,
96 "BR_ERR_BAD_HANDSHAKE",
97 "Incoming handshake message decoding failed."
98 }, {
99 BR_ERR_OVERSIZED_ID,
100 "BR_ERR_OVERSIZED_ID",
101 "ServerHello contains a session ID which is larger than"
102 " 32 bytes."
103 }, {
104 BR_ERR_BAD_CIPHER_SUITE,
105 "BR_ERR_BAD_CIPHER_SUITE",
106 "Server wants to use a cipher suite that we did not claim"
107 " to support. This is also reported if we tried to advertise"
108 " a cipher suite that we do not support."
109 }, {
110 BR_ERR_BAD_COMPRESSION,
111 "BR_ERR_BAD_COMPRESSION",
112 "Server wants to use a compression that we did not claim"
113 " to support."
114 }, {
115 BR_ERR_BAD_FRAGLEN,
116 "BR_ERR_BAD_FRAGLEN",
117 "Server's max fragment length does not match client's."
118 }, {
119 BR_ERR_BAD_SECRENEG,
120 "BR_ERR_BAD_SECRENEG",
121 "Secure renegotiation failed."
122 }, {
123 BR_ERR_EXTRA_EXTENSION,
124 "BR_ERR_EXTRA_EXTENSION",
125 "Server sent an extension type that we did not announce,"
126 " or used the same extension type several times in a"
127 " single ServerHello."
128 }, {
129 BR_ERR_BAD_SNI,
130 "BR_ERR_BAD_SNI",
131 "Invalid Server Name Indication contents (when used by"
132 " the server, this extension shall be empty)."
133 }, {
134 BR_ERR_BAD_HELLO_DONE,
135 "BR_ERR_BAD_HELLO_DONE",
136 "Invalid ServerHelloDone from the server (length is not 0)."
137 }, {
138 BR_ERR_LIMIT_EXCEEDED,
139 "BR_ERR_LIMIT_EXCEEDED",
140 "Internal limit exceeded (e.g. server's public key is too"
141 " large)."
142 }, {
143 BR_ERR_BAD_FINISHED,
144 "BR_ERR_BAD_FINISHED",
145 "Finished message from peer does not match the expected"
146 " value."
147 }, {
148 BR_ERR_RESUME_MISMATCH,
149 "BR_ERR_RESUME_MISMATCH",
150 "Session resumption attempt with distinct version or cipher"
151 " suite."
152 }, {
153 BR_ERR_INVALID_ALGORITHM,
154 "BR_ERR_INVALID_ALGORITHM",
155 "Unsupported or invalid algorithm (ECDHE curve, signature"
156 " algorithm, hash function)."
157 }, {
158 BR_ERR_BAD_SIGNATURE,
159 "BR_ERR_BAD_SIGNATURE",
160 "Invalid signature on ServerKeyExchange message."
161 }, {
162 BR_ERR_IO,
163 "BR_ERR_IO",
164 "I/O error or premature close on transport stream."
165 }, {
166 BR_ERR_X509_INVALID_VALUE,
167 "BR_ERR_X509_INVALID_VALUE",
168 "Invalid value in an ASN.1 structure."
169 },
170 {
171 BR_ERR_X509_TRUNCATED,
172 "BR_ERR_X509_TRUNCATED",
173 "Truncated certificate or other ASN.1 object."
174 },
175 {
176 BR_ERR_X509_EMPTY_CHAIN,
177 "BR_ERR_X509_EMPTY_CHAIN",
178 "Empty certificate chain (no certificate at all)."
179 },
180 {
181 BR_ERR_X509_INNER_TRUNC,
182 "BR_ERR_X509_INNER_TRUNC",
183 "Decoding error: inner element extends beyond outer element"
184 " size."
185 },
186 {
187 BR_ERR_X509_BAD_TAG_CLASS,
188 "BR_ERR_X509_BAD_TAG_CLASS",
189 "Decoding error: unsupported tag class (application or"
190 " private)."
191 },
192 {
193 BR_ERR_X509_BAD_TAG_VALUE,
194 "BR_ERR_X509_BAD_TAG_VALUE",
195 "Decoding error: unsupported tag value."
196 },
197 {
198 BR_ERR_X509_INDEFINITE_LENGTH,
199 "BR_ERR_X509_INDEFINITE_LENGTH",
200 "Decoding error: indefinite length."
201 },
202 {
203 BR_ERR_X509_EXTRA_ELEMENT,
204 "BR_ERR_X509_EXTRA_ELEMENT",
205 "Decoding error: extraneous element."
206 },
207 {
208 BR_ERR_X509_UNEXPECTED,
209 "BR_ERR_X509_UNEXPECTED",
210 "Decoding error: unexpected element."
211 },
212 {
213 BR_ERR_X509_NOT_CONSTRUCTED,
214 "BR_ERR_X509_NOT_CONSTRUCTED",
215 "Decoding error: expected constructed element, but is"
216 " primitive."
217 },
218 {
219 BR_ERR_X509_NOT_PRIMITIVE,
220 "BR_ERR_X509_NOT_PRIMITIVE",
221 "Decoding error: expected primitive element, but is"
222 " constructed."
223 },
224 {
225 BR_ERR_X509_PARTIAL_BYTE,
226 "BR_ERR_X509_PARTIAL_BYTE",
227 "Decoding error: BIT STRING length is not multiple of 8."
228 },
229 {
230 BR_ERR_X509_BAD_BOOLEAN,
231 "BR_ERR_X509_BAD_BOOLEAN",
232 "Decoding error: BOOLEAN value has invalid length."
233 },
234 {
235 BR_ERR_X509_OVERFLOW,
236 "BR_ERR_X509_OVERFLOW",
237 "Decoding error: value is off-limits."
238 },
239 {
240 BR_ERR_X509_BAD_DN,
241 "BR_ERR_X509_BAD_DN",
242 "Invalid distinguished name."
243 },
244 {
245 BR_ERR_X509_BAD_TIME,
246 "BR_ERR_X509_BAD_TIME",
247 "Invalid date/time representation."
248 },
249 {
250 BR_ERR_X509_UNSUPPORTED,
251 "BR_ERR_X509_UNSUPPORTED",
252 "Certificate contains unsupported features that cannot be"
253 " ignored."
254 },
255 {
256 BR_ERR_X509_LIMIT_EXCEEDED,
257 "BR_ERR_X509_LIMIT_EXCEEDED",
258 "Key or signature size exceeds internal limits."
259 },
260 {
261 BR_ERR_X509_WRONG_KEY_TYPE,
262 "BR_ERR_X509_WRONG_KEY_TYPE",
263 "Key type does not match that which was expected."
264 },
265 {
266 BR_ERR_X509_BAD_SIGNATURE,
267 "BR_ERR_X509_BAD_SIGNATURE",
268 "Signature is invalid."
269 },
270 {
271 BR_ERR_X509_TIME_UNKNOWN,
272 "BR_ERR_X509_TIME_UNKNOWN",
273 "Validation time is unknown."
274 },
275 {
276 BR_ERR_X509_EXPIRED,
277 "BR_ERR_X509_EXPIRED",
278 "Certificate is expired or not yet valid."
279 },
280 {
281 BR_ERR_X509_DN_MISMATCH,
282 "BR_ERR_X509_DN_MISMATCH",
283 "Issuer/Subject DN mismatch in the chain."
284 },
285 {
286 BR_ERR_X509_BAD_SERVER_NAME,
287 "BR_ERR_X509_BAD_SERVER_NAME",
288 "Expected server name was not found in the chain."
289 },
290 {
291 BR_ERR_X509_CRITICAL_EXTENSION,
292 "BR_ERR_X509_CRITICAL_EXTENSION",
293 "Unknown critical extension in certificate."
294 },
295 {
296 BR_ERR_X509_NOT_CA,
297 "BR_ERR_X509_NOT_CA",
298 "Not a CA, or path length constraint violation."
299 },
300 {
301 BR_ERR_X509_FORBIDDEN_KEY_USAGE,
302 "BR_ERR_X509_FORBIDDEN_KEY_USAGE",
303 "Key Usage extension prohibits intended usage."
304 },
305 {
306 BR_ERR_X509_WEAK_PUBLIC_KEY,
307 "BR_ERR_X509_WEAK_PUBLIC_KEY",
308 "Public key found in certificate is too small."
309 },
310 {
311 BR_ERR_X509_NOT_TRUSTED,
312 "BR_ERR_X509_NOT_TRUSTED",
313 "Chain could not be linked to a trust anchor."
314 },
315 { 0, 0, 0 }
316 };
317
318 /* see brssl.h */
319 const char *
320 find_error_name(int err, const char **comment)
321 {
322 size_t u;
323
324 for (u = 0; errors[u].name; u ++) {
325 if (errors[u].err == err) {
326 if (comment != NULL) {
327 *comment = errors[u].comment;
328 }
329 return errors[u].name;
330 }
331 }
332 return NULL;
333 }