tools/errors.c

   1 /*
   2  * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
   3  *
   4  * Permission is hereby granted, free of charge, to any person obtaining
   5  * a copy of this software and associated documentation files (the
   6  * "Software"), to deal in the Software without restriction, including
   7  * without limitation the rights to use, copy, modify, merge, publish,
   8  * distribute, sublicense, and/or sell copies of the Software, and to
   9  * permit persons to whom the Software is furnished to do so, subject to
  10  * the following conditions:
  11  *
  12  * The above copyright notice and this permission notice shall be
  13  * included in all copies or substantial portions of the Software.
  14  *
  15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
  19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
  20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  22  * SOFTWARE.
  23  */
  24
  25 #include <stdio.h>
  26 #include <stdlib.h>
  27 #include <string.h>
  28 #include <stdint.h>
  29 #include <errno.h>
  30
  31 #include "brssl.h"
  32 #include "bearssl.h"
  33
  34 static struct {
  35         int err;
  36         const char *name;
  37         const char *comment;
  38 } errors[] = {
  39         {
  40                 BR_ERR_BAD_PARAM,
  41                 "BR_ERR_BAD_PARAM",
  42                 "Caller-provided parameter is incorrect."
  43         }, {
  44                 BR_ERR_BAD_STATE,
  45                 "BR_ERR_BAD_STATE",
  46                 "Operation requested by the caller cannot be applied with"
  47                 " the current context state (e.g. reading data while"
  48                 " outgoing data is waiting to be sent)."
  49         }, {
  50                 BR_ERR_UNSUPPORTED_VERSION,
  51                 "BR_ERR_UNSUPPORTED_VERSION",
  52                 "Incoming protocol or record version is unsupported."
  53         }, {
  54                 BR_ERR_BAD_VERSION,
  55                 "BR_ERR_BAD_VERSION",
  56                 "Incoming record version does not match the expected version."
  57         }, {
  58                 BR_ERR_BAD_LENGTH,
  59                 "BR_ERR_BAD_LENGTH",
  60                 "Incoming record length is invalid."
  61         }, {
  62                 BR_ERR_TOO_LARGE,
  63                 "BR_ERR_TOO_LARGE",
  64                 "Incoming record is too large to be processed, or buffer"
  65                 " is too small for the handshake message to send."
  66         }, {
  67                 BR_ERR_BAD_MAC,
  68                 "BR_ERR_BAD_MAC",
  69                 "Decryption found an invalid padding, or the record MAC is"
  70                 " not correct."
  71         }, {
  72                 BR_ERR_NO_RANDOM,
  73                 "BR_ERR_NO_RANDOM",
  74                 "No initial entropy was provided, and none can be obtained"
  75                 " from the OS."
  76         }, {
  77                 BR_ERR_UNKNOWN_TYPE,
  78                 "BR_ERR_UNKNOWN_TYPE",
  79                 "Incoming record type is unknown."
  80         }, {
  81                 BR_ERR_UNEXPECTED,
  82                 "BR_ERR_UNEXPECTED",
  83                 "Incoming record or message has wrong type with regards to"
  84                 " the current engine state."
  85         }, {
  86                 BR_ERR_BAD_CCS,
  87                 "BR_ERR_BAD_CCS",
  88                 "ChangeCipherSpec message from the peer has invalid contents."
  89         }, {
  90                 BR_ERR_BAD_ALERT,
  91                 "BR_ERR_BAD_ALERT",
  92                 "Alert message from the peer has invalid contents"
  93                 " (odd length)."
  94         }, {
  95                 BR_ERR_BAD_HANDSHAKE,
  96                 "BR_ERR_BAD_HANDSHAKE",
  97                 "Incoming handshake message decoding failed."
  98         }, {
  99                 BR_ERR_OVERSIZED_ID,
 100                 "BR_ERR_OVERSIZED_ID",
 101                 "ServerHello contains a session ID which is larger than"
 102                 " 32 bytes."
 103         }, {
 104                 BR_ERR_BAD_CIPHER_SUITE,
 105                 "BR_ERR_BAD_CIPHER_SUITE",
 106                 "Server wants to use a cipher suite that we did not claim"
 107                 " to support. This is also reported if we tried to advertise"
 108                 " a cipher suite that we do not support."
 109         }, {
 110                 BR_ERR_BAD_COMPRESSION,
 111                 "BR_ERR_BAD_COMPRESSION",
 112                 "Server wants to use a compression that we did not claim"
 113                 " to support."
 114         }, {
 115                 BR_ERR_BAD_FRAGLEN,
 116                 "BR_ERR_BAD_FRAGLEN",
 117                 "Server's max fragment length does not match client's."
 118         }, {
 119                 BR_ERR_BAD_SECRENEG,
 120                 "BR_ERR_BAD_SECRENEG",
 121                 "Secure renegotiation failed."
 122         }, {
 123                 BR_ERR_EXTRA_EXTENSION,
 124                 "BR_ERR_EXTRA_EXTENSION",
 125                 "Server sent an extension type that we did not announce,"
 126                 " or used the same extension type several times in a"
 127                 " single ServerHello."
 128         }, {
 129                 BR_ERR_BAD_SNI,
 130                 "BR_ERR_BAD_SNI",
 131                 "Invalid Server Name Indication contents (when used by"
 132                 " the server, this extension shall be empty)."
 133         }, {
 134                 BR_ERR_BAD_HELLO_DONE,
 135                 "BR_ERR_BAD_HELLO_DONE",
 136                 "Invalid ServerHelloDone from the server (length is not 0)."
 137         }, {
 138                 BR_ERR_LIMIT_EXCEEDED,
 139                 "BR_ERR_LIMIT_EXCEEDED",
 140                 "Internal limit exceeded (e.g. server's public key is too"
 141                 " large)."
 142         }, {
 143                 BR_ERR_BAD_FINISHED,
 144                 "BR_ERR_BAD_FINISHED",
 145                 "Finished message from peer does not match the expected"
 146                 " value."
 147         }, {
 148                 BR_ERR_RESUME_MISMATCH,
 149                 "BR_ERR_RESUME_MISMATCH",
 150                 "Session resumption attempt with distinct version or cipher"
 151                 " suite."
 152         }, {
 153                 BR_ERR_INVALID_ALGORITHM,
 154                 "BR_ERR_INVALID_ALGORITHM",
 155                 "Unsupported or invalid algorithm (ECDHE curve, signature"
 156                 " algorithm, hash function)."
 157         }, {
 158                 BR_ERR_BAD_SIGNATURE,
 159                 "BR_ERR_BAD_SIGNATURE",
 160                 "Invalid signature in ServerKeyExchange or"
 161                 " CertificateVerify message."
 162         }, {
 163                 BR_ERR_WRONG_KEY_USAGE,
 164                 "BR_ERR_WRONG_KEY_USAGE",
 165                 "Peer's public key does not have the proper type or is"
 166                 " not allowed for the requested operation."
 167         }, {
 168                 BR_ERR_NO_CLIENT_AUTH,
 169                 "BR_ERR_NO_CLIENT_AUTH",
 170                 "Client did not send a certificate upon request, or the"
 171                 " client certificate could not be validated."
 172         }, {
 173                 BR_ERR_IO,
 174                 "BR_ERR_IO",
 175                 "I/O error or premature close on transport stream."
 176         }, {
 177                 BR_ERR_X509_INVALID_VALUE,
 178                 "BR_ERR_X509_INVALID_VALUE",
 179                 "Invalid value in an ASN.1 structure."
 180         },
 181         {
 182                 BR_ERR_X509_TRUNCATED,
 183                 "BR_ERR_X509_TRUNCATED",
 184                 "Truncated certificate or other ASN.1 object."
 185         },
 186         {
 187                 BR_ERR_X509_EMPTY_CHAIN,
 188                 "BR_ERR_X509_EMPTY_CHAIN",
 189                 "Empty certificate chain (no certificate at all)."
 190         },
 191         {
 192                 BR_ERR_X509_INNER_TRUNC,
 193                 "BR_ERR_X509_INNER_TRUNC",
 194                 "Decoding error: inner element extends beyond outer element"
 195                 " size."
 196         },
 197         {
 198                 BR_ERR_X509_BAD_TAG_CLASS,
 199                 "BR_ERR_X509_BAD_TAG_CLASS",
 200                 "Decoding error: unsupported tag class (application or"
 201                 " private)."
 202         },
 203         {
 204                 BR_ERR_X509_BAD_TAG_VALUE,
 205                 "BR_ERR_X509_BAD_TAG_VALUE",
 206                 "Decoding error: unsupported tag value."
 207         },
 208         {
 209                 BR_ERR_X509_INDEFINITE_LENGTH,
 210                 "BR_ERR_X509_INDEFINITE_LENGTH",
 211                 "Decoding error: indefinite length."
 212         },
 213         {
 214                 BR_ERR_X509_EXTRA_ELEMENT,
 215                 "BR_ERR_X509_EXTRA_ELEMENT",
 216                 "Decoding error: extraneous element."
 217         },
 218         {
 219                 BR_ERR_X509_UNEXPECTED,
 220                 "BR_ERR_X509_UNEXPECTED",
 221                 "Decoding error: unexpected element."
 222         },
 223         {
 224                 BR_ERR_X509_NOT_CONSTRUCTED,
 225                 "BR_ERR_X509_NOT_CONSTRUCTED",
 226                 "Decoding error: expected constructed element, but is"
 227                 " primitive."
 228         },
 229         {
 230                 BR_ERR_X509_NOT_PRIMITIVE,
 231                 "BR_ERR_X509_NOT_PRIMITIVE",
 232                 "Decoding error: expected primitive element, but is"
 233                 " constructed."
 234         },
 235         {
 236                 BR_ERR_X509_PARTIAL_BYTE,
 237                 "BR_ERR_X509_PARTIAL_BYTE",
 238                 "Decoding error: BIT STRING length is not multiple of 8."
 239         },
 240         {
 241                 BR_ERR_X509_BAD_BOOLEAN,
 242                 "BR_ERR_X509_BAD_BOOLEAN",
 243                 "Decoding error: BOOLEAN value has invalid length."
 244         },
 245         {
 246                 BR_ERR_X509_OVERFLOW,
 247                 "BR_ERR_X509_OVERFLOW",
 248                 "Decoding error: value is off-limits."
 249         },
 250         {
 251                 BR_ERR_X509_BAD_DN,
 252                 "BR_ERR_X509_BAD_DN",
 253                 "Invalid distinguished name."
 254         },
 255         {
 256                 BR_ERR_X509_BAD_TIME,
 257                 "BR_ERR_X509_BAD_TIME",
 258                 "Invalid date/time representation."
 259         },
 260         {
 261                 BR_ERR_X509_UNSUPPORTED,
 262                 "BR_ERR_X509_UNSUPPORTED",
 263                 "Certificate contains unsupported features that cannot be"
 264                 " ignored."
 265         },
 266         {
 267                 BR_ERR_X509_LIMIT_EXCEEDED,
 268                 "BR_ERR_X509_LIMIT_EXCEEDED",
 269                 "Key or signature size exceeds internal limits."
 270         },
 271         {
 272                 BR_ERR_X509_WRONG_KEY_TYPE,
 273                 "BR_ERR_X509_WRONG_KEY_TYPE",
 274                 "Key type does not match that which was expected."
 275         },
 276         {
 277                 BR_ERR_X509_BAD_SIGNATURE,
 278                 "BR_ERR_X509_BAD_SIGNATURE",
 279                 "Signature is invalid."
 280         },
 281         {
 282                 BR_ERR_X509_TIME_UNKNOWN,
 283                 "BR_ERR_X509_TIME_UNKNOWN",
 284                 "Validation time is unknown."
 285         },
 286         {
 287                 BR_ERR_X509_EXPIRED,
 288                 "BR_ERR_X509_EXPIRED",
 289                 "Certificate is expired or not yet valid."
 290         },
 291         {
 292                 BR_ERR_X509_DN_MISMATCH,
 293                 "BR_ERR_X509_DN_MISMATCH",
 294                 "Issuer/Subject DN mismatch in the chain."
 295         },
 296         {
 297                 BR_ERR_X509_BAD_SERVER_NAME,
 298                 "BR_ERR_X509_BAD_SERVER_NAME",
 299                 "Expected server name was not found in the chain."
 300         },
 301         {
 302                 BR_ERR_X509_CRITICAL_EXTENSION,
 303                 "BR_ERR_X509_CRITICAL_EXTENSION",
 304                 "Unknown critical extension in certificate."
 305         },
 306         {
 307                 BR_ERR_X509_NOT_CA,
 308                 "BR_ERR_X509_NOT_CA",
 309                 "Not a CA, or path length constraint violation."
 310         },
 311         {
 312                 BR_ERR_X509_FORBIDDEN_KEY_USAGE,
 313                 "BR_ERR_X509_FORBIDDEN_KEY_USAGE",
 314                 "Key Usage extension prohibits intended usage."
 315         },
 316         {
 317                 BR_ERR_X509_WEAK_PUBLIC_KEY,
 318                 "BR_ERR_X509_WEAK_PUBLIC_KEY",
 319                 "Public key found in certificate is too small."
 320         },
 321         {
 322                 BR_ERR_X509_NOT_TRUSTED,
 323                 "BR_ERR_X509_NOT_TRUSTED",
 324                 "Chain could not be linked to a trust anchor."
 325         },
 326         { 0, 0, 0 }
 327 };
 328
 329 /* see brssl.h */
 330 const char *
 331 find_error_name(int err, const char **comment)
 332 {
 333         size_t u;
 334
 335         for (u = 0; errors[u].name; u ++) {
 336                 if (errors[u].err == err) {
 337                         if (comment != NULL) {
 338                                 *comment = errors[u].comment;
 339                         }
 340                         return errors[u].name;
 341                 }
 342         }
 343         return NULL;
 344 }