aboutsummaryrefslogtreecommitdiffstats
path: root/src/sbearssl/sbearssl_error_str.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/sbearssl/sbearssl_error_str.c')
-rw-r--r--src/sbearssl/sbearssl_error_str.c361
1 files changed, 361 insertions, 0 deletions
diff --git a/src/sbearssl/sbearssl_error_str.c b/src/sbearssl/sbearssl_error_str.c
new file mode 100644
index 0000000..7e1e22c
--- /dev/null
+++ b/src/sbearssl/sbearssl_error_str.c
@@ -0,0 +1,361 @@
+/*
+ * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/*
+ * Modified by Laurent Bercot <ska-skaware@skarnet.org>
+ * for inclusion in the sbearssl support library.
+ */
+
+
+#include <bearssl.h>
+#include <s6-networking/sbearssl.h>
+
+struct error_s
+{
+ int err ;
+ const char *comment ;
+} ;
+
+static struct error_s errors[] =
+{
+ {
+ BR_ERR_OK,
+ "No error."
+ " (BR_ERR_OK)"
+ },
+ {
+ BR_ERR_BAD_PARAM,
+ "Caller-provided parameter is incorrect."
+ " (BR_ERR_BAD_PARAM)"
+ },
+ {
+ BR_ERR_BAD_STATE,
+ "Operation requested by the caller cannot be applied with"
+ " the current context state (e.g. reading data while"
+ " outgoing data is waiting to be sent)."
+ " (BR_BAD_STATE)"
+ },
+ {
+ BR_ERR_UNSUPPORTED_VERSION,
+ "Incoming protocol or record version is unsupported."
+ " (BR_ERR_UNSUPPORTED_VERSION)"
+ },
+ {
+ BR_ERR_BAD_VERSION,
+ "Incoming record version does not match the expected version."
+ " (BR_ERR_BAD_VERSION)"
+ },
+ {
+ BR_ERR_BAD_LENGTH,
+ "Incoming record length is invalid."
+ " (BR_ERR_BAD_LENGTH)"
+ },
+ {
+ BR_ERR_TOO_LARGE,
+ "Incoming record is too large to be processed, or buffer"
+ " is too small for the handshake message to send."
+ " (BR_ERR_TOO_LARGE)"
+ },
+ {
+ BR_ERR_BAD_MAC,
+ "Decryption found an invalid padding, or the record MAC is"
+ " not correct."
+ " (BR_ERR_BAD_MAC)"
+ },
+ {
+ BR_ERR_NO_RANDOM,
+ "No initial entropy was provided, and none can be obtained"
+ " from the OS."
+ " (BR_ERR_NO_RANDOM)"
+ },
+ {
+ BR_ERR_UNKNOWN_TYPE,
+ "Incoming record type is unknown."
+ " (BR_ERR_UNKNOWN_TYPE)"
+ },
+ {
+ BR_ERR_UNEXPECTED,
+ "Incoming record or message has wrong type with regards to"
+ " the current engine state."
+ " (BR_ERR_UNEXPECTED)"
+ },
+ {
+ BR_ERR_BAD_CCS,
+ "ChangeCipherSpec message from the peer has invalid contents."
+ " (BR_ERR_BAD_CCS)"
+ },
+ {
+ BR_ERR_BAD_ALERT,
+ "Alert message from the peer has invalid contents"
+ " (odd length)."
+ " (BR_ERR_BAD_ALERT)"
+ },
+ {
+ BR_ERR_BAD_HANDSHAKE,
+ "Incoming handshake message decoding failed."
+ " (BR_ERR_BAD_HANDSHAKE)"
+ },
+ {
+ BR_ERR_OVERSIZED_ID,
+ "ServerHello contains a session ID which is larger than"
+ " 32 bytes."
+ " (BR_ERR_OVERSIZED_ID)"
+ },
+ {
+ BR_ERR_BAD_CIPHER_SUITE,
+ "Server wants to use a cipher suite that we did not claim"
+ " to support. This is also reported if we tried to advertise"
+ " a cipher suite that we do not support."
+ " (BR_ERR_BAD_CIPHER_SUITE)"
+ },
+ {
+ BR_ERR_BAD_COMPRESSION,
+ "Server wants to use a compression that we did not claim"
+ " to support."
+ " (BR_ERR_BAD_COMPRESSION)"
+ },
+ {
+ BR_ERR_BAD_FRAGLEN,
+ "Server's max fragment length does not match client's."
+ " (BR_ERR_BAD_FRAGLEN)"
+ },
+ {
+ BR_ERR_BAD_SECRENEG,
+ "Secure renegotiation failed."
+ " (BR_ERR_BAD_SECRENEG)"
+ },
+ {
+ BR_ERR_EXTRA_EXTENSION,
+ "Server sent an extension type that we did not announce,"
+ " or used the same extension type several times in a"
+ " single ServerHello."
+ " (BR_ERR_EXTRA_EXTENSION)"
+ },
+ {
+ BR_ERR_BAD_SNI,
+ "Invalid Server Name Indication contents (when used by"
+ " the server, this extension shall be empty)."
+ " (BR_ERR_BAD_SNI)"
+ },
+ {
+ BR_ERR_BAD_HELLO_DONE,
+ "Invalid ServerHelloDone from the server (length is not 0)."
+ " (BR_ERR_BAD_HELLO_DONE)"
+ },
+ {
+ BR_ERR_LIMIT_EXCEEDED,
+ "Internal limit exceeded (e.g. server's public key is too"
+ " large)."
+ " (BR_ERR_LIMIT_EXCEEDED)"
+ },
+ {
+ BR_ERR_BAD_FINISHED,
+ "Finished message from peer does not match the expected"
+ " value."
+ " (BR_ERR_BAD_FINISHED)"
+ },
+ {
+ BR_ERR_RESUME_MISMATCH,
+ "Session resumption attempt with distinct version or cipher"
+ " suite."
+ " (BR_ERR_RESUME_MISMATCH)"
+ },
+ {
+ BR_ERR_INVALID_ALGORITHM,
+ "Unsupported or invalid algorithm (ECDHE curve, signature"
+ " algorithm, hash function)."
+ " (BR_ERR_INVALID_ALGORITHM)"
+ },
+ {
+ BR_ERR_BAD_SIGNATURE,
+ "Invalid signature on ServerKeyExchange message."
+ " (BR_ERR_BAD_SIGNATURE)"
+ },
+ {
+ BR_ERR_IO,
+ "I/O error or premature close on transport stream."
+ " (BR_ERR_IO)"
+ },
+ {
+ BR_ERR_X509_INVALID_VALUE,
+ "Invalid value in an ASN.1 structure."
+ " (BR_ERR_X509_INVALID_VALUE)"
+ },
+ {
+ BR_ERR_X509_TRUNCATED,
+ "Truncated certificate or other ASN.1 object."
+ " (BR_ERR_X509_TRUNCATED)"
+ },
+ {
+ BR_ERR_X509_EMPTY_CHAIN,
+ "Empty certificate chain (no certificate at all)."
+ " (BR_ERR_X509_EMPTY_CHAIN)"
+ },
+ {
+ BR_ERR_X509_INNER_TRUNC,
+ "Decoding error: inner element extends beyond outer element"
+ " size."
+ " (BR_ERR_X509_INNER_TRUNC)"
+ },
+ {
+ BR_ERR_X509_BAD_TAG_CLASS,
+ "Decoding error: unsupported tag class (application or"
+ " private)."
+ " (BR_ERR_X509_BAD_TAG_CLASS)"
+ },
+ {
+ BR_ERR_X509_BAD_TAG_VALUE,
+ "Decoding error: unsupported tag value."
+ " (BR_ERR_X509_BAD_TAG_VALUE)"
+ },
+ {
+ BR_ERR_X509_INDEFINITE_LENGTH,
+ "Decoding error: indefinite length."
+ " (BR_ERR_X509_INDEFINITE_LENGTH)"
+ },
+ {
+ BR_ERR_X509_EXTRA_ELEMENT,
+ "Decoding error: extraneous element."
+ " (BR_ERR_X509_EXTRA_ELEMENT)"
+ },
+ {
+ BR_ERR_X509_UNEXPECTED,
+ "Decoding error: unexpected element."
+ " (BR_ERR_X509_UNEXPECTED)"
+ },
+ {
+ BR_ERR_X509_NOT_CONSTRUCTED,
+ "Decoding error: expected constructed element, but is"
+ " primitive."
+ " (BR_ERR_X509_NOT_CONSTRUCTED)"
+ },
+ {
+ BR_ERR_X509_NOT_PRIMITIVE,
+ "Decoding error: expected primitive element, but is"
+ " constructed."
+ " (BR_ERR_X509_NOT_PRIMITIVE)"
+ },
+ {
+ BR_ERR_X509_PARTIAL_BYTE,
+ "Decoding error: BIT STRING length is not multiple of 8."
+ " (BR_ERR_X509_PARTIAL_BYTE)"
+ },
+ {
+ BR_ERR_X509_BAD_BOOLEAN,
+ "Decoding error: BOOLEAN value has invalid length."
+ " (BR_ERR_X509_BAD_BOOLEAN)"
+ }
+ {
+ BR_ERR_X509_OVERFLOW,
+ "Decoding error: value is off-limits."
+ " (BR_ERR_X509_OVERFLOW)"
+ },
+ {
+ BR_ERR_X509_BAD_DN,
+ "Invalid distinguished name."
+ " (BR_ERR_X509_BAD_DN)"
+ },
+ {
+ BR_ERR_X509_BAD_TIME,
+ "Invalid date/time representation."
+ " (BR_ERR_X509_BAD_TIME)"
+ },
+ {
+ BR_ERR_X509_UNSUPPORTED,
+ "Certificate contains unsupported features that cannot be"
+ " ignored."
+ " (BR_ERR_X509_UNSUPPORTED)"
+ },
+ {
+ BR_ERR_X509_LIMIT_EXCEEDED,
+ "Key or signature size exceeds internal limits."
+ " (BR_ERR_X509_LIMIT_EXCEEDED)"
+ },
+ {
+ BR_ERR_X509_WRONG_KEY_TYPE,
+ "Key type does not match that which was expected."
+ " (BR_ERR_X509_WRONG_KEY_TYPE)"
+ },
+ {
+ BR_ERR_X509_BAD_SIGNATURE,
+ "Signature is invalid."
+ " (BR_ERR_X509_BAD_SIGNATURE)"
+ },
+ {
+ BR_ERR_X509_TIME_UNKNOWN,
+ "Validation time is unknown."
+ " (BR_ERR_X509_TIME_UNKNOWN)"
+ },
+ {
+ BR_ERR_X509_EXPIRED,
+ "Certificate is expired or not yet valid."
+ " (BR_ERR_X509_EXPIRED)"
+ },
+ {
+ BR_ERR_X509_DN_MISMATCH,
+ "Issuer/Subject DN mismatch in the chain."
+ " (BR_ERR_X509_DN_MISMATCH)"
+ },
+ {
+ BR_ERR_X509_BAD_SERVER_NAME,
+ "Expected server name was not found in the chain."
+ " (BR_ERR_X509_BAD_SERVER_NAME)"
+ },
+ {
+ BR_ERR_X509_CRITICAL_EXTENSION,
+ "Unknown critical extension in certificate."
+ " (BR_ERR_X509_CRITICAL_EXTENSION)"
+ },
+ {
+ BR_ERR_X509_NOT_CA,
+ "Not a CA, or path length constraint violation."
+ " (BR_ERR_X509_NOT_CA)"
+ },
+ {
+ BR_ERR_X509_FORBIDDEN_KEY_USAGE,
+ "Key Usage extension prohibits intended usage."
+ " (BR_ERR_X509_FORBIDDEN_KEY_USAGE)"
+ },
+ {
+ BR_ERR_X509_WEAK_PUBLIC_KEY,
+ "Public key found in certificate is too small."
+ " (BR_ERR_X509_WEAK_PUBLIC_KEY)"
+ },
+ {
+ BR_ERR_X509_NOT_TRUSTED,
+ "Chain could not be linked to a trust anchor."
+ " (BR_ERR_X509_NOT_TRUSTED)"
+ },
+ { -1,
+ "Unknown BearSSL error."
+ }
+} ;
+
+
+char const *sbearssl_error_str (int err)
+{
+ struct error_s *p = errors ;
+ while (p->err >= 0 && err != p->err) p++ ;
+ return p->comment ;
+}