diff --git a/src/internal.c b/src/internal.c index 8a96c40da..0c1312f6d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25165,13 +25165,14 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) return wc_GetErrorString(error); } - switch (error) { - #ifdef OPENSSL_EXTRA - case 0 : + if (error == 0) { return "ok"; + } #endif + switch ((enum wolfSSL_ErrorCodes)error) { + case UNSUPPORTED_SUITE : return "unsupported cipher suite"; @@ -25280,9 +25281,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case -WOLFSSL_ERROR_WANT_X509_LOOKUP: return "application client cert callback asked to be called again"; - case -WOLFSSL_ERROR_SSL: - return "fatal TLS protocol error"; - case BUFFER_ERROR : return "malformed buffer input error"; @@ -25627,37 +25625,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case HTTP_APPSTR_ERR: return "HTTP Application string error"; -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) - /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with - * -WOLFSSL_ERROR_WANT_CONNECT. */ - case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID: - return "certificate not yet valid"; - case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED: - return "certificate has expired"; - case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - return "certificate signature failure"; - case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - return "format error in certificate's notAfter field"; - case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - return "self-signed certificate in certificate chain"; - case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - return "unable to get local issuer certificate"; - case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - return "unable to verify the first certificate"; - case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG: - return "certificate chain too long"; - case -WOLFSSL_X509_V_ERR_CERT_REVOKED: - return "certificate revoked"; - case -WOLFSSL_X509_V_ERR_INVALID_CA: - return "invalid CA certificate"; - case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED: - return "path length constraint exceeded"; - case -WOLFSSL_X509_V_ERR_CERT_REJECTED: - return "certificate rejected"; - case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH: - return "subject issuer mismatch"; -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */ - case UNSUPPORTED_PROTO_VERSION: #ifdef OPENSSL_EXTRA return "WRONG_SSL_VERSION"; @@ -25693,6 +25660,8 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) return "Certificate type not supported"; case WOLFSSL_BAD_STAT: + return "bad status"; + case WOLFSSL_BAD_PATH: return "No certificates found at designated path"; @@ -25708,26 +25677,56 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case WOLFSSL_UNKNOWN: return "Unknown algorithm (EVP)"; - case WOLFSSL_CBIO_ERR_GENERAL: - return "I/O callback general unexpected error"; + case WOLFSSL_FATAL_ERROR: + return "fatal error"; - case WOLFSSL_CBIO_ERR_WANT_READ: - return "I/O callback want read, call again"; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) - case WOLFSSL_CBIO_ERR_WANT_WRITE: - return "I/O callback want write, call again"; + /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with + * -WOLFSSL_ERROR_WANT_CONNECT. + */ - case WOLFSSL_CBIO_ERR_CONN_RST: - return "I/O callback connection reset"; + case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID: + return "certificate not yet valid"; - case WOLFSSL_CBIO_ERR_ISR: - return "I/O callback interrupt"; + case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED: + return "certificate has expired"; - case WOLFSSL_CBIO_ERR_CONN_CLOSE: - return "I/O callback connection closed or epipe"; + case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + return "certificate signature failure"; - case WOLFSSL_CBIO_ERR_TIMEOUT: - return "I/O callback socket timeout"; + case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + return "format error in certificate's notAfter field"; + + case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + return "self-signed certificate in certificate chain"; + + case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + return "unable to get local issuer certificate"; + + case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: + return "unable to verify the first certificate"; + + case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG: + return "certificate chain too long"; + + case -WOLFSSL_X509_V_ERR_CERT_REVOKED: + return "certificate revoked"; + + case -WOLFSSL_X509_V_ERR_INVALID_CA: + return "invalid CA certificate"; + + case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED: + return "path length constraint exceeded"; + + case -WOLFSSL_X509_V_ERR_CERT_REJECTED: + return "certificate rejected"; + + case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH: + return "subject issuer mismatch"; + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */ default : return "unknown error number"; diff --git a/tests/api.c b/tests/api.c index 62a088e0c..5b4be95e7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -55059,8 +55059,10 @@ static int post_auth_version_client_cb(WOLFSSL* ssl) ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION)); /* check the string matches expected string */ + #ifndef NO_ERROR_STRINGS ExpectStrEQ(wolfSSL_ERR_error_string(-WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION), NULL), "WRONG_SSL_VERSION"); + #endif #endif return EXPECT_RESULT(); } @@ -83162,6 +83164,7 @@ static int test_wolfSSL_set_psk_use_session_callback(void) */ static int error_test(void) { + EXPECT_DECLS; const char* errStr; const char* unknownStr = wc_GetErrorString(0); @@ -83170,11 +83173,9 @@ static int error_test(void) * The string is that error strings are not available. */ errStr = wc_GetErrorString(OPEN_RAN_E); - wc_ErrorString(OPEN_RAN_E, out); - if (XSTRCMP(errStr, unknownStr) != 0) - return -1; - if (XSTRCMP(out, unknownStr) != 0) - return -2; + ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0); + if (EXPECT_FAIL()) + return OPEN_RAN_E; #else int i; int j = 0; @@ -83183,6 +83184,20 @@ static int error_test(void) int first; int last; } missing[] = { +#ifndef OPENSSL_EXTRA + { 0, 0 }, +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + { -11, -12 }, + { -15, -17 }, + { -19, -19 }, + { -26, -27 }, + { -30, WC_FIRST_E+1 }, +#else + { -9, WC_FIRST_E+1 }, +#endif { -124, -124 }, { -166, -169 }, { -300, -300 }, @@ -83192,14 +83207,15 @@ static int error_test(void) { -358, -358 }, { -372, -372 }, { -384, -384 }, - { -473, -499 } + { -466, -499 }, + { WOLFSSL_LAST_E-1, WOLFSSL_LAST_E-1 } }; /* Check that all errors have a string and it's the same through the two * APIs. Check that the values that are not errors map to the unknown * string. */ - for (i = WC_FIRST_E; i >= WOLFSSL_LAST_E; i--) { + for (i = 0; i >= WOLFSSL_LAST_E-1; i--) { int this_missing = 0; for (j = 0; j < (int)XELEM_CNT(missing); ++j) { if ((i <= missing[j].first) && (i >= missing[j].last)) { @@ -83210,31 +83226,26 @@ static int error_test(void) errStr = wolfSSL_ERR_reason_error_string(i); if (! this_missing) { - if (XSTRCMP(errStr, unknownStr) == 0) { - WOLFSSL_MSG("errStr unknown"); - return -3; + ExpectIntNE(XSTRCMP(errStr, unknownStr), 0); + if (EXPECT_FAIL()) { + return i; } - if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) { - WOLFSSL_MSG("errStr too long"); - return -4; + ExpectTrue(XSTRLEN(errStr) < WOLFSSL_MAX_ERROR_SZ); + if (EXPECT_FAIL()) { + return i; } } else { j++; - if (XSTRCMP(errStr, unknownStr) != 0) { - return -5; + ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0); + if (EXPECT_FAIL()) { + return i; } } } - - /* Check if the next possible value has been given a string. */ - errStr = wc_GetErrorString(i); - if (XSTRCMP(errStr, unknownStr) != 0) { - return -6; - } #endif - return 0; + return 1; } static int test_wolfSSL_ERR_strings(void) @@ -83272,7 +83283,7 @@ static int test_wolfSSL_ERR_strings(void) #endif #endif - ExpectIntEQ(error_test(), 0); + ExpectIntEQ(error_test(), 1); return EXPECT_RESULT(); } diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 7624fa801..11f56d31f 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -42,7 +42,7 @@ WOLFSSL_ABI const char* wc_GetErrorString(int error) { - switch (error) { + switch ((enum wolfCrypt_ErrorCodes)error) { case MP_MEM : return "MP integer dynamic memory allocation failed"; @@ -642,6 +642,8 @@ const char* wc_GetErrorString(int error) case PBKDF2_KAT_FIPS_E: return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure"; + case MAX_CODE_E: + case MIN_CODE_E: default: return "unknown error number"; diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 5c5d04553..c578c61a4 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -35,9 +35,40 @@ #endif enum wolfSSL_ErrorCodes { - WOLFSSL_FATAL_ERROR = -1, /* note, must be -1 for backward - * compat. */ - WOLFSSL_FIRST_E = -301, + WOLFSSL_FATAL_ERROR = -1, /* must be -1 for backward compat. */ + + /* negative counterparts to namesake positive constants in ssl.h */ + WOLFSSL_ERROR_WANT_READ_E = -2, + WOLFSSL_ERROR_WANT_WRITE_E = -3, + WOLFSSL_ERROR_WANT_X509_LOOKUP_E = -4, + WOLFSSL_ERROR_SYSCALL_E = -5, + WOLFSSL_ERROR_ZERO_RETURN_E = -6, + WOLFSSL_ERROR_WANT_CONNECT_E = -7, + WOLFSSL_ERROR_WANT_ACCEPT_E = -8, + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + + WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE_E = -7, /* note conflict with + * WOLFSSL_ERROR_WANT_CONNECT_E + */ + WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID_E = -9, + WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED_E = -10, + WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD_E = -13, + WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD_E = -14, + WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT_E = -18, + WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY_E = -20, + WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE_E = -21, + WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG_E = -22, + WOLFSSL_X509_V_ERR_CERT_REVOKED_E = -23, + WOLFSSL_X509_V_ERR_INVALID_CA_E = -24, + WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED_E = -25, + WOLFSSL_X509_V_ERR_CERT_REJECTED_E = -28, + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH_E = -29, + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */ + + WOLFSSL_FIRST_E = -301, /* start of native TLS codes */ INPUT_CASE_ERROR = -301, /* process input state error */ PREFIX_ERROR = -302, /* bad index to key rounds */ @@ -203,15 +234,6 @@ enum wolfSSL_ErrorCodes { WOLFSSL_NOT_IMPLEMENTED = -464, /* Function not implemented */ WOLFSSL_UNKNOWN = -465, /* Unknown algorithm (EVP) */ - /* I/O Callback errors */ - WOLFSSL_CBIO_ERR_GENERAL = -466, /* I/O callback general unexpected error */ - WOLFSSL_CBIO_ERR_WANT_READ = -467, /* I/O callback want read, call again */ - WOLFSSL_CBIO_ERR_WANT_WRITE = -468, /* I/O callback want write, call again */ - WOLFSSL_CBIO_ERR_CONN_RST = -469, /* I/O callback connection reset */ - WOLFSSL_CBIO_ERR_ISR = -470, /* I/O callback interrupt */ - WOLFSSL_CBIO_ERR_CONN_CLOSE = -471, /* I/O callback connection closed or epipe */ - WOLFSSL_CBIO_ERR_TIMEOUT = -472, /* I/O callback socket timeout */ - /* negotiation parameter errors */ UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */ MATCH_SUITE_ERROR = -501, /* can't match cipher suite */ @@ -224,6 +246,16 @@ enum wolfSSL_ErrorCodes { WOLFSSL_LAST_E = -506 }; +/* I/O Callback default errors */ +enum IOerrors { + WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ + WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ + WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ + WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ + WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */ + WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ + WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ +}; #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) enum { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 7644bd795..9adc0be00 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2647,14 +2647,15 @@ enum { /* ssl Constants */ (WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE | WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP), + /* These values match OpenSSL values for corresponding names. */ + WOLFSSL_ERROR_SSL = 1, WOLFSSL_ERROR_WANT_READ = 2, WOLFSSL_ERROR_WANT_WRITE = 3, + WOLFSSL_ERROR_WANT_X509_LOOKUP = 4, + WOLFSSL_ERROR_SYSCALL = 5, + WOLFSSL_ERROR_ZERO_RETURN = 6, WOLFSSL_ERROR_WANT_CONNECT = 7, WOLFSSL_ERROR_WANT_ACCEPT = 8, - WOLFSSL_ERROR_SYSCALL = 5, - WOLFSSL_ERROR_WANT_X509_LOOKUP = 83, - WOLFSSL_ERROR_ZERO_RETURN = 6, - WOLFSSL_ERROR_SSL = 85, WOLFSSL_SENT_SHUTDOWN = 1, WOLFSSL_RECEIVED_SHUTDOWN = 2, diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 382684d49..3f188f744 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -42,7 +42,7 @@ the error status. #endif /* error codes, add string for new errors !!! */ -enum { +enum wolfCrypt_ErrorCodes { /* note that WOLFSSL_FATAL_ERROR is defined as -1 in error-ssl.h, for * reasons of backward compatibility. */