diff --git a/configure.ac b/configure.ac index 494001378..1efe28fbf 100644 --- a/configure.ac +++ b/configure.ac @@ -833,6 +833,9 @@ then # Handle as many subject/issuer name OIDs as possible AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL" + + # More thorough error queue usage. + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERBOSE_ERRORS" fi diff --git a/src/internal.c b/src/internal.c index 14bf881a8..52380753b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2149,6 +2149,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) if (wc_InitMutex(&ctx->countMutex) < 0) { WOLFSSL_MSG("Mutex error on CTX init"); ctx->err = CTX_INIT_MUTEX_E; + WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } @@ -2265,6 +2266,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->cm = wolfSSL_CertManagerNew_ex(heap); if (ctx->cm == NULL) { WOLFSSL_MSG("Bad Cert Manager New"); + WOLFSSL_ERROR_VERBOSE(BAD_CERT_MANAGER_ERROR); return BAD_CERT_MANAGER_ERROR; } #ifdef OPENSSL_EXTRA @@ -2297,6 +2299,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->param = NULL; XFREE(ctx->x509_store.lookup.dirs, heap, DYNAMIC_TYPE_OPENSSL); ctx->x509_store.lookup.dirs = NULL; + WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } #endif @@ -4048,12 +4051,12 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap) InitX509Name(&x509->issuer, 0, heap); InitX509Name(&x509->subject, 0, heap); x509->dynamicMemory = (byte)dynamicFlag; - #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) - x509->refCount = 1; - #ifndef SINGLE_THREADED - (void)wc_InitMutex(&x509->refMutex); - #endif - #endif +#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) + x509->refCount = 1; +#ifndef SINGLE_THREADED + (void)wc_InitMutex(&x509->refMutex); +#endif +#endif } @@ -4554,8 +4557,10 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, if (ret > 0) { ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret, hashType); - if (ret != 0) + if (ret != 0) { ret = VERIFY_CERT_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } } } else @@ -4572,8 +4577,10 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, hashType, -1, mp_count_bits(&key->n)); #endif - if (ret != 0) + if (ret != 0) { ret = VERIFY_CERT_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } } } @@ -4603,7 +4610,9 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, XMEMCMP(plain, out, plainSz) != 0) { WOLFSSL_MSG("RSA Signature verification failed"); ret = RSA_SIGN_FAULT; - } else { + WOLFSSL_ERROR_VERBOSE(ret); + } + else { ret = 0; /* RSA reset */ } } @@ -4861,7 +4870,13 @@ int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, else #endif /* WOLFSSL_ASYNC_CRYPT */ { - ret = (ret != 0 || ssl->eccVerifyRes == 0) ? VERIFY_SIGN_ERROR : 0; + if (ret != 0 || ssl->eccVerifyRes == 0) { + ret = VERIFY_SIGN_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } + else { + ret = 0; + } } WOLFSSL_LEAVE("EccVerify", ret); @@ -5733,6 +5748,7 @@ int DhAgree(WOLFSSL* ssl, DhKey* dhKey, if (ret != 0) { /* translate to valid error (wc_DhCheckPubValue returns MP_VAL -1) */ ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); #ifdef OPENSSL_EXTRA SendAlert(ssl, alert_fatal, illegal_parameter); @@ -5903,6 +5919,7 @@ int InitSSL_Suites(WOLFSSL* ssl) /* server certificate must be loaded */ if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) { WOLFSSL_MSG("Server missing certificate"); + WOLFSSL_ERROR_VERBOSE(NO_PRIVATE_KEY); return NO_PRIVATE_KEY; } @@ -5920,6 +5937,7 @@ int InitSSL_Suites(WOLFSSL* ssl) #endif { WOLFSSL_MSG("Server missing private key"); + WOLFSSL_ERROR_VERBOSE(NO_PRIVATE_KEY); return NO_PRIVATE_KEY; } } @@ -5940,6 +5958,7 @@ int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr) if (wc_LockMutex(&ctx->countMutex) != 0) { WOLFSSL_MSG("Couldn't lock CTX count mutex"); + WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } @@ -6017,6 +6036,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (!ctx->method->downgrade) { WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.3 set but not " "allowed and downgrading disabled."); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } WOLFSSL_MSG("\tOption set to not allow TLSv1.3, Downgrading"); @@ -6028,6 +6048,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (!ctx->method->downgrade) { WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.2 set but not " "allowed and downgrading disabled."); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } WOLFSSL_MSG("\tOption set to not allow TLSv1.2, Downgrading"); @@ -6038,6 +6059,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (!ctx->method->downgrade) { WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.1 set but not " "allowed and downgrading disabled."); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } WOLFSSL_MSG("\tOption set to not allow TLSv1.1, Downgrading"); @@ -6049,6 +6071,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (!ctx->method->downgrade) { WOLFSSL_MSG("\tInconsistent protocol options. TLS 1 set but not " "allowed and downgrading disabled."); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } WOLFSSL_MSG("\tOption set to not allow TLSv1, Downgrading"); @@ -6059,11 +6082,13 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ssl->version.minor == SSLv3_MINOR && (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { WOLFSSL_MSG("\tError, option set to not allow SSLv3"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } if (ssl->version.minor < ssl->options.minDowngrade) { WOLFSSL_MSG("\tversion below minimum allowed, fatal error"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } #endif @@ -6401,6 +6426,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) WOLFSSL_MSG("Bad memory_mutex lock"); XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL); ssl->heap = NULL; /* free and set to NULL for IO counter */ + WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } if (ctx_hint->memory->maxHa > 0 && @@ -6440,6 +6466,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) { if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); + WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) { @@ -9958,6 +9985,7 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, SendAlert(ssl, alert_fatal, protocol_version); #endif } + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; /* only use requested version */ } } @@ -9966,15 +9994,19 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef HAVE_MAX_FRAGMENT if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) { SendAlert(ssl, alert_fatal, record_overflow); + WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } #else - if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) + if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) { + WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; + } #endif if (*size == 0 && rh->type != application_data) { WOLFSSL_MSG("0 length, non-app data record."); + WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } @@ -10007,6 +10039,7 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif WOLFSSL_MSG("Unknown Record Type"); + WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE); return UNKNOWN_RECORD_TYPE; } @@ -11105,6 +11138,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) (const byte*)dCert->cPwd, dCert->cPwdLen) != WOLFSSL_SUCCESS) { ret = REQ_ATTRIBUTE_E; + WOLFSSL_ERROR_VERBOSE(ret); } #endif } @@ -11127,6 +11161,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) dCert->contentTypeLen) != WOLFSSL_SUCCESS) { ret = REQ_ATTRIBUTE_E; + WOLFSSL_ERROR_VERBOSE(ret); } #endif } @@ -11139,6 +11174,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) (const byte*)dCert->sNum, dCert->sNumLen) != WOLFSSL_SUCCESS) { ret = REQ_ATTRIBUTE_E; + WOLFSSL_ERROR_VERBOSE(ret); } } if (dCert->unstructuredName) { @@ -11149,6 +11185,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) dCert->unstructuredNameLen) != WOLFSSL_SUCCESS) { ret = REQ_ATTRIBUTE_E; + WOLFSSL_ERROR_VERBOSE(ret); } } if (dCert->surname) { @@ -11158,6 +11195,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) (const byte*)dCert->surname, dCert->surnameLen) != WOLFSSL_SUCCESS) { ret = REQ_ATTRIBUTE_E; + WOLFSSL_ERROR_VERBOSE(ret); } } if (dCert->givenName) { @@ -11167,6 +11205,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) (const byte*)dCert->givenName, dCert->givenNameLen) != WOLFSSL_SUCCESS) { ret = REQ_ATTRIBUTE_E; + WOLFSSL_ERROR_VERBOSE(ret); } } if (dCert->dnQualifier) { @@ -11176,6 +11215,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) (const byte*)dCert->dnQualifier, dCert->dnQualifierLen) != WOLFSSL_SUCCESS) { ret = REQ_ATTRIBUTE_E; + WOLFSSL_ERROR_VERBOSE(ret); } } if (dCert->initials) { @@ -11185,9 +11225,11 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) (const byte*)dCert->initials, dCert->initialsLen) != WOLFSSL_SUCCESS) { ret = REQ_ATTRIBUTE_E; + WOLFSSL_ERROR_VERBOSE(ret); } } #endif /* OPENSSL_ALL */ + return ret; } #endif /* WOLFSSL_CERT_REQ */ @@ -11205,6 +11247,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) if (x509->issuer.name == NULL || x509->subject.name == NULL) { WOLFSSL_MSG("Either init was not called on X509 or programming error"); + WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG); return BAD_FUNC_ARG; } @@ -11315,6 +11358,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) if (!(x509->key.algor->algorithm = wolfSSL_OBJ_nid2obj(oid2nid(dCert->keyOID, oidKeyType)))) { ret = PUBLIC_KEY_E; + WOLFSSL_ERROR_VERBOSE(ret); } } @@ -11323,6 +11367,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) &dCert->publicKey, dCert->pubKeySize))) { ret = PUBLIC_KEY_E; + WOLFSSL_ERROR_VERBOSE(ret); } } #endif @@ -11345,6 +11390,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) if (!(x509->algor.algorithm = wolfSSL_OBJ_nid2obj(oid2nid(dCert->signatureOID, oidSigType)))) { ret = PUBLIC_KEY_E; + WOLFSSL_ERROR_VERBOSE(ret); } #endif } @@ -11807,6 +11853,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, if (CheckForAltNames(args->dCert, ssl->param->hostName, NULL) != 1) { if (ret == 0) { ret = DOMAIN_NAME_MISMATCH; + WOLFSSL_ERROR_VERBOSE(ret); } } } @@ -11818,6 +11865,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, ssl->param->hostName) == 0) { if (ret == 0) { ret = DOMAIN_NAME_MISMATCH; + WOLFSSL_ERROR_VERBOSE(ret); } } } @@ -11826,6 +11874,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, else { if (ret == 0) { ret = DOMAIN_NAME_MISMATCH; + WOLFSSL_ERROR_VERBOSE(ret); } } #endif /* !WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY */ @@ -11837,6 +11886,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, if (CheckIPAddr(args->dCert, ssl->param->ipasc) != 0) { if (ret == 0) { ret = IPADDR_MISMATCH; + WOLFSSL_ERROR_VERBOSE(ret); } } } @@ -12044,6 +12094,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, /* induce error if one not present */ if (ret == 0) { ret = VERIFY_CERT_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } /* mark as verify error */ @@ -12272,6 +12323,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) if (wc_LockMutex(&lookup->dirs->lock) != 0) { WOLFSSL_MSG("wc_LockMutex cdir Lock error"); XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); + WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } if (ph == NULL) { @@ -12461,6 +12513,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) WOLFSSL_MSG( "RSA key size in cert chain error"); ret = RSA_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; #endif /* !NO_RSA */ @@ -12472,6 +12525,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) WOLFSSL_MSG( "ECC key size in cert chain error"); ret = ECC_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; #endif /* HAVE_ECC */ @@ -12482,6 +12536,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) WOLFSSL_MSG( "ECC key size in cert chain error"); ret = ECC_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; #endif /* HAVE_ED25519 */ @@ -12492,6 +12547,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) WOLFSSL_MSG( "ECC key size in cert chain error"); ret = ECC_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; #endif /* HAVE_ED448 */ @@ -12502,6 +12558,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) WOLFSSL_MSG( "Falcon key size in cert chain error"); ret = FALCON_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; case FALCON_LEVEL5k: @@ -12510,6 +12567,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) WOLFSSL_MSG( "Falcon key size in cert chain error"); ret = FALCON_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; #endif /* HAVE_PQC && HAVE_FALCON */ @@ -12611,6 +12669,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Must be empty when received from server. */ if (ssl->options.side == WOLFSSL_CLIENT_END) { if (ctxSz != 0) { + WOLFSSL_ERROR_VERBOSE(INVALID_CERT_CTX_E); ERROR_OUT(INVALID_CERT_CTX_E, exit_ppc); } } @@ -12620,6 +12679,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.side == WOLFSSL_SERVER_END) { if (ssl->options.handShakeState != HANDSHAKE_DONE && ctxSz != 0) { + WOLFSSL_ERROR_VERBOSE(INVALID_CERT_CTX_E); ERROR_OUT(INVALID_CERT_CTX_E, exit_ppc); } else if (ssl->options.handShakeState == HANDSHAKE_DONE) { @@ -12643,7 +12703,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } if (curr == NULL) #endif + { + WOLFSSL_ERROR_VERBOSE(INVALID_CERT_CTX_E); ERROR_OUT(INVALID_CERT_CTX_E, exit_ppc); + } } } #endif @@ -12691,6 +12754,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->peerVerifyRet == 0) /* Return first cert error here */ ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; ret = MAX_CHAIN_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Too many certs for MAX_CHAIN_DEPTH"); break; /* break out to avoid reading more certs then buffer * can hold */ @@ -12698,6 +12762,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #else if (args->totalCerts >= ssl->verifyDepth || args->totalCerts >= MAX_CHAIN_DEPTH) { + WOLFSSL_ERROR_VERBOSE(MAX_CHAIN_ERROR); ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); } #endif @@ -12751,6 +12816,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (word16)args->exts[args->totalCerts].length, certificate, NULL); if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); ERROR_OUT(ret, exit_ppc); } } @@ -12770,12 +12836,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, IsAtLeastTLSv1_3(ssl->version)))) { WOLFSSL_MSG("No peer cert from Client"); ret = NO_PEER_CERT; + WOLFSSL_ERROR_VERBOSE(ret); DoCertFatalAlert(ssl, ret); } else if ((ssl->options.side == WOLFSSL_CLIENT_END) && IsAtLeastTLSv1_3(ssl->version)) { WOLFSSL_MSG("No peer cert from Server"); ret = NO_PEER_CERT; + WOLFSSL_ERROR_VERBOSE(ret); SendAlert(ssl, alert_fatal, decode_error); } } @@ -12874,8 +12942,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); - } else + } + else { ret = ASN_NO_SIGNER_E; + WOLFSSL_ERROR_VERBOSE(ret); + } } #endif #ifdef WOLFSSL_ASYNC_CRYPT @@ -12937,6 +13008,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, doCrlLookup = (ret == OCSP_CERT_UNKNOWN); if (ret != 0) { doCrlLookup = 0; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("\tOCSP Lookup not ok"); } } @@ -12955,6 +13027,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("\tCRL check not ok"); } } @@ -12970,6 +13043,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->peerVerifyRet == 0) /* Return first cert error here */ ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; ret = MAX_CHAIN_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } #endif #ifdef WOLFSSL_ALT_CERT_CHAINS @@ -13041,6 +13115,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Handle error codes */ if (ret != 0) { if (!ssl->options.verifyNone) { + WOLFSSL_ERROR_VERBOSE(ret); DoCertFatalAlert(ssl, ret); } ssl->error = ret; /* Report SSL error */ @@ -13094,8 +13169,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = ProcessPeerCertParse(ssl, args, CERT_TYPE, !ssl->options.verifyNone ? VERIFY : NO_VERIFY, &subjectHash, &alreadySigner); - } else + } + else { ret = ASN_NO_SIGNER_E; + WOLFSSL_ERROR_VERBOSE(ret); + } } #endif #ifdef WOLFSSL_ASYNC_CRYPT @@ -13203,6 +13281,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, "Peer sent different cert during scr, fatal"); args->fatal = 1; ret = SCR_DIFFERENT_CERT_E; + WOLFSSL_ERROR_VERBOSE(ret); } } } @@ -13255,8 +13334,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (CertificateStatusRequest*)ext->data; ret = ProcessCSR(ssl, csr->response.buffer, &idx, csr->response.length); - if (ret < 0) + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); goto exit_ppc; + } } } #endif @@ -13380,6 +13461,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (ssl->options.side == WOLFSSL_CLIENT_END) && (args->dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) { ret = KEYUSE_ENCIPHER_E; + WOLFSSL_ERROR_VERBOSE(ret); } if ((ssl->specs.kea != rsa_kea) && (ssl->specs.sig_algo == rsa_sa_algo || @@ -13388,6 +13470,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (args->dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) { WOLFSSL_MSG("KeyUse Digital Sig not set"); ret = KEYUSE_SIGNATURE_E; + WOLFSSL_ERROR_VERBOSE(ret); } } @@ -13407,6 +13490,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) { WOLFSSL_MSG("ExtKeyUse Server Auth not set"); ret = EXTKEYUSE_AUTH_E; + WOLFSSL_ERROR_VERBOSE(ret); } } else { @@ -13414,6 +13498,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) { WOLFSSL_MSG("ExtKeyUse Client Auth not set"); ret = EXTKEYUSE_AUTH_E; + WOLFSSL_ERROR_VERBOSE(ret); } } } @@ -13459,6 +13544,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG("DomainName match on alt names failed"); /* try to get peer key still */ ret = DOMAIN_NAME_MISMATCH; + WOLFSSL_ERROR_VERBOSE(ret); } } else { @@ -13468,6 +13554,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (char*)ssl->buffers.domainName.buffer) == 0) { WOLFSSL_MSG("DomainName match on common name failed"); ret = DOMAIN_NAME_MISMATCH; + WOLFSSL_ERROR_VERBOSE(ret); } } #else /* WOLFSSL_ALL_NO_CN_IN_SAN */ @@ -13483,6 +13570,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, "DomainName match on alt names failed too"); /* try to get peer key still */ ret = DOMAIN_NAME_MISMATCH; + WOLFSSL_ERROR_VERBOSE(ret); } } #endif /* WOLFSSL_ALL_NO_CN_IN_SAN */ @@ -13509,6 +13597,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->dCert->publicKey, &keyIdx, ssl->peerRsaKey, args->dCert->pubKeySize) != 0) { ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } else { ssl->peerRsaKeyPresent = 1; @@ -13564,6 +13653,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, wc_RsaEncryptSize(ssl->peerRsaKey) < ssl->options.minRsaKeySz) { ret = RSA_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Peer RSA key is too small"); } break; @@ -13608,6 +13698,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->peerEccDsaKey, args->dCert->pubKeySize) != 0) { ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } else { ssl->peerEccDsaKeyPresent = 1; @@ -13638,6 +13729,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, wc_ecc_size(ssl->peerEccDsaKey) < ssl->options.minEccKeySz) { ret = ECC_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Peer ECC key is too small"); } @@ -13667,6 +13759,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->peerEd25519Key) != 0) { ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } else { ssl->peerEd25519KeyPresent = 1; @@ -13692,6 +13785,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, !ssl->options.verifyNone && ED25519_KEY_SIZE < ssl->options.minEccKeySz) { ret = ECC_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Peer ECC key is too small"); } @@ -13720,6 +13814,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->dCert->pubKeySize, ssl->peerEd448Key) != 0) { ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } else { ssl->peerEd448KeyPresent = 1; @@ -13745,6 +13840,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, !ssl->options.verifyNone && ED448_KEY_SIZE < ssl->options.minEccKeySz) { ret = ECC_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Peer ECC key is too small"); } @@ -13785,6 +13881,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->dCert->pubKeySize, ssl->peerFalconKey) != 0) { ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } else { ssl->peerFalconKeyPresent = 1; @@ -13796,6 +13893,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, FALCON_MAX_KEY_SIZE < ssl->options.minFalconKeySz) { ret = FALCON_KEY_SIZE_E; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Peer Falcon key is too small"); } } @@ -13834,6 +13932,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->peerVerifyRet == 0) /* Return first cert error here */ ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; ret = MAX_CHAIN_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } #endif @@ -14095,8 +14194,10 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, ret = BUFFER_ERROR; } - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); SendAlert(ssl, alert_fatal, bad_certificate_status_response); + } if (IsEncryptionOn(ssl, 0)) { #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) @@ -14165,6 +14266,7 @@ static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->options.side == WOLFSSL_SERVER_END) { SendAlert(ssl, alert_fatal, unexpected_message); /* try */ + WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); return FATAL_ERROR; } #ifdef HAVE_SECURE_RENEGOTIATION @@ -14220,6 +14322,7 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, #ifdef WOLFSSL_EXTRA_ALERTS SendAlert(ssl, alert_fatal, decrypt_error); #endif + WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR); return VERIFY_FINISHED_ERROR; } } @@ -14317,11 +14420,13 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("HelloRequest received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_hello_request) { WOLFSSL_MSG("Duplicate HelloRequest received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_hello_request = 1; @@ -14334,6 +14439,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) { WOLFSSL_MSG("ClientHello received by client"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif @@ -14342,6 +14448,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifdef WOLFSSL_EXTRA_ALERTS SendAlert(ssl, alert_fatal, unexpected_message); #endif + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_client_hello = 1; @@ -14354,11 +14461,13 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("ServerHello received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_server_hello) { WOLFSSL_MSG("Duplicate ServerHello received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_server_hello = 1; @@ -14371,11 +14480,13 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("HelloVerifyRequest received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_hello_verify_request) { WOLFSSL_MSG("Duplicate HelloVerifyRequest received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_hello_verify_request = 1; @@ -14388,11 +14499,13 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("SessionTicket received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_session_ticket) { WOLFSSL_MSG("Duplicate SessionTicket received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_session_ticket = 1; @@ -14403,6 +14516,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) case certificate: if (ssl->msgsReceived.got_certificate) { WOLFSSL_MSG("Duplicate Certificate received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_certificate = 1; @@ -14411,6 +14525,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) if (ssl->options.side == WOLFSSL_CLIENT_END) { if ( ssl->msgsReceived.got_server_hello == 0) { WOLFSSL_MSG("No ServerHello before Cert"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -14419,6 +14534,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) if (ssl->options.side == WOLFSSL_SERVER_END) { if ( ssl->msgsReceived.got_client_hello == 0) { WOLFSSL_MSG("No ClientHello before Cert"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -14430,21 +14546,25 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("CertificateStatus received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_certificate_status) { WOLFSSL_MSG("Duplicate CertificateStatus received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_certificate_status = 1; if (ssl->msgsReceived.got_certificate == 0) { WOLFSSL_MSG("No Certificate before CertificateStatus"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } if (ssl->msgsReceived.got_server_key_exchange != 0) { WOLFSSL_MSG("CertificateStatus after ServerKeyExchange"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -14456,17 +14576,20 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("ServerKeyExchange received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_server_key_exchange) { WOLFSSL_MSG("Duplicate ServerKeyExchange received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_server_key_exchange = 1; if (ssl->msgsReceived.got_server_hello == 0) { WOLFSSL_MSG("No ServerHello before ServerKeyExchange"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } if (ssl->msgsReceived.got_certificate_status == 0) { @@ -14501,6 +14624,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) !ssl->status_request_v2 && #endif SSL_CM(ssl)->ocspMustStaple) { + WOLFSSL_ERROR_VERBOSE(OCSP_CERT_UNKNOWN); return OCSP_CERT_UNKNOWN; } #endif @@ -14514,11 +14638,13 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("CertificateRequest received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_certificate_request) { WOLFSSL_MSG("Duplicate CertificateRequest received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_certificate_request = 1; @@ -14531,11 +14657,13 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("ServerHelloDone received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_server_hello_done) { WOLFSSL_MSG("Duplicate ServerHelloDone received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_server_hello_done = 1; @@ -14546,8 +14674,10 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) ssl->specs.kea == ecdhe_psk_kea || ssl->options.usingAnon_cipher) { WOLFSSL_MSG("No Cert required"); - } else { + } + else { WOLFSSL_MSG("No Certificate before ServerHelloDone"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -14564,8 +14694,10 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) ssl->specs.kea == rsa_kea || pskNoServerHint) { WOLFSSL_MSG("No KeyExchange required"); - } else { + } + else { WOLFSSL_MSG("No ServerKeyExchange before ServerDone"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -14577,17 +14709,20 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) { WOLFSSL_MSG("CertificateVerify received by client"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif if (ssl->msgsReceived.got_certificate_verify) { WOLFSSL_MSG("Duplicate CertificateVerify received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_certificate_verify = 1; if ( ssl->msgsReceived.got_certificate == 0) { WOLFSSL_MSG("No Cert before CertVerify"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } break; @@ -14598,6 +14733,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) { WOLFSSL_MSG("ClientKeyExchange received by client"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif @@ -14606,12 +14742,14 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifdef WOLFSSL_EXTRA_ALERTS SendAlert(ssl, alert_fatal, unexpected_message); #endif + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_client_key_exchange = 1; if (ssl->msgsReceived.got_client_hello == 0) { WOLFSSL_MSG("No ClientHello before ClientKeyExchange"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } break; @@ -14620,12 +14758,14 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) case finished: if (ssl->msgsReceived.got_finished) { WOLFSSL_MSG("Duplicate Finished received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { if (ssl->keys.curEpoch == 0) { WOLFSSL_MSG("Finished received with epoch 0"); + WOLFSSL_ERROR_VERBOSE(SEQUENCE_ERROR); return SEQUENCE_ERROR; } } @@ -14637,6 +14777,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifdef WOLFSSL_EXTRA_ALERTS SendAlert(ssl, alert_fatal, unexpected_message); #endif + WOLFSSL_ERROR_VERBOSE(NO_CHANGE_CIPHER_E); return NO_CHANGE_CIPHER_E; } break; @@ -14644,6 +14785,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) case change_cipher_hs: if (ssl->msgsReceived.got_change_cipher) { WOLFSSL_MSG("Duplicate ChangeCipher received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } /* DTLS is going to ignore the CCS message if the client key @@ -14656,12 +14798,15 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) if (!ssl->options.resuming) { if (ssl->msgsReceived.got_server_hello_done == 0) { WOLFSSL_MSG("No ServerHelloDone before ChangeCipher"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } else { if (ssl->msgsReceived.got_server_hello == 0) { - WOLFSSL_MSG("No ServerHello before ChangeCipher on Resume"); + WOLFSSL_MSG("No ServerHello before ChangeCipher on " + "Resume"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -14669,9 +14814,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) if (ssl->expect_session_ticket) { WOLFSSL_MSG("Expected session ticket missing"); #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) + if (ssl->options.dtls) { + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; + } #endif + WOLFSSL_ERROR_VERBOSE(SESSION_TICKET_EXPECT_E); return SESSION_TICKET_EXPECT_E; } #endif @@ -14685,6 +14833,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) #ifdef WOLFSSL_EXTRA_ALERTS SendAlert(ssl, alert_fatal, unexpected_message); #endif + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #ifndef NO_CERTS @@ -14695,9 +14844,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) !ssl->msgsReceived.got_certificate_verify) { WOLFSSL_MSG("client didn't send cert verify"); #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) + if (ssl->options.dtls) { + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; + } #endif + WOLFSSL_ERROR_VERBOSE(NO_PEER_VERIFY); return NO_PEER_VERIFY; } } @@ -14710,6 +14862,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) default: WOLFSSL_MSG("Unknown message type"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -14735,6 +14888,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* make sure can read the message */ if (*inOutIdx + size > totalSz) { WOLFSSL_MSG("Incomplete Data"); + WOLFSSL_ERROR_VERBOSE(INCOMPLETE_DATA); return INCOMPLETE_DATA; } @@ -14788,6 +14942,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){ WOLFSSL_MSG("HandShake message after handshake complete"); SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -14795,6 +14950,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.serverState == NULL_STATE && type != server_hello) { WOLFSSL_MSG("First server message not server hello"); SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -14803,6 +14959,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.serverState < SERVER_HELLO_COMPLETE) { WOLFSSL_MSG("Server hello done received before server hello in DTLS"); SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -14810,6 +14967,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.clientState == NULL_STATE && type != client_hello) { WOLFSSL_MSG("First client message not client hello"); SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -14852,6 +15010,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, * allow for reverting back to a full handshake after the * server has indicated the intention to do a resumption. */ (void)SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; #endif } @@ -15050,6 +15209,7 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (!ssl->options.dtls) SendAlert(ssl, alert_fatal, decode_error); ret = DECODE_E; + WOLFSSL_ERROR_VERBOSE(ret); } #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) @@ -15100,8 +15260,10 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, byte type; word32 size; - if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0) + if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0) { + WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; + } return DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); } @@ -15114,14 +15276,18 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, byte type; word32 size; - if (GetHandShakeHeader(ssl,input, inOutIdx, &type, &size, totalSz) != 0) + if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size, + totalSz) != 0) { + WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; + } /* Cap the maximum size of a handshake message to something reasonable. * By default is the maximum size of a certificate message assuming * nine 2048-bit RSA certificates in the chain. */ if (size > MAX_HANDSHAKE_SZ) { WOLFSSL_MSG("Handshake message too large"); + WOLFSSL_ERROR_VERBOSE(HANDSHAKE_SIZE_ERROR); return HANDSHAKE_SIZE_ERROR; } @@ -16355,6 +16521,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, WOLFSSL_MSG("MAC did not match"); if (!ssl->options.dtls) SendAlert(ssl, alert_fatal, bad_record_mac); + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } @@ -16563,6 +16730,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, default: WOLFSSL_MSG("wolfSSL Encrypt programming error"); ret = ENCRYPT_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } #ifdef WOLFSSL_ASYNC_CRYPT @@ -16591,6 +16759,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, { if (ssl->encrypt.setup == 0) { WOLFSSL_MSG("Encrypt ciphers not setup"); + WOLFSSL_ERROR_VERBOSE(ENCRYPT_ERROR); return ENCRYPT_ERROR; } @@ -16661,6 +16830,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, min(sz, sizeof(ssl->encrypt.sanityCheck))) == 0) { WOLFSSL_MSG("Encrypt sanity check failed! Glitch?"); + WOLFSSL_ERROR_VERBOSE(ENCRYPT_ERROR); return ENCRYPT_ERROR; } ForceZero(ssl->encrypt.sanityCheck, @@ -16842,6 +17012,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, default: WOLFSSL_MSG("wolfSSL Decrypt programming error"); + WOLFSSL_ERROR_VERBOSE(DECRYPT_ERROR); ret = DECRYPT_ERROR; } @@ -16883,6 +17054,7 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz) { if (ssl->decrypt.setup == 0) { WOLFSSL_MSG("Decrypt ciphers not setup"); + WOLFSSL_ERROR_VERBOSE(DECRYPT_ERROR); return DECRYPT_ERROR; } @@ -16965,8 +17137,10 @@ static int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz) if (ssl->decrypt.nonce) ForceZero(ssl->decrypt.nonce, AESGCM_NONCE_SZ); - if (ret < 0) + if (ret < 0) { ret = VERIFY_MAC_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } } #endif /* BUILD_AESGCM || HAVE_AESCCM */ break; @@ -17015,6 +17189,7 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) if (ssl->options.startedETMRead) { if ((encryptSz - MacSize(ssl)) % ssl->specs.block_size) { WOLFSSL_MSG("Block ciphertext not block size"); + WOLFSSL_ERROR_VERBOSE(SANITY_CIPHER_E); return SANITY_CIPHER_E; } } @@ -17022,6 +17197,7 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) #endif if (encryptSz % ssl->specs.block_size) { WOLFSSL_MSG("Block ciphertext not block size"); + WOLFSSL_ERROR_VERBOSE(SANITY_CIPHER_E); return SANITY_CIPHER_E; } @@ -17043,6 +17219,7 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) if (encryptSz < minLength) { WOLFSSL_MSG("Ciphertext not minimum size"); + WOLFSSL_ERROR_VERBOSE(SANITY_CIPHER_E); return SANITY_CIPHER_E; } @@ -17281,7 +17458,7 @@ static WC_INLINE int GetRounds(int pLen, int padLen, int t) /* still compare */ ssl->hmac(ssl, verify, input, pLen - t, -1, content, 1, PEER_ORDER); ConstantCompare(verify, input + pLen - t, t); - + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } @@ -17291,7 +17468,7 @@ static WC_INLINE int GetRounds(int pLen, int padLen, int t) /* still compare */ ssl->hmac(ssl, verify, input, pLen - t, -1, content, 1, PEER_ORDER); ConstantCompare(verify, input + pLen - t, t); - + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } @@ -17303,12 +17480,15 @@ static WC_INLINE int GetRounds(int pLen, int padLen, int t) if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) { WOLFSSL_MSG("Verify MAC compare failed"); + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } /* treat any failure as verify MAC error */ - if (ret != 0) + if (ret != 0) { ret = VERIFY_MAC_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } return ret; } @@ -17447,8 +17627,10 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, ret -= 1 - good; /* Treat any failure as verify MAC error. */ - if (ret != 0) + if (ret != 0) { ret = VERIFY_MAC_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } return ret; } @@ -17490,6 +17672,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) if (sniff == NO_SNIFF) { SendAlert(ssl, alert_fatal, unexpected_message); } + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -17500,6 +17683,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) if (sniff == NO_SNIFF) { SendAlert(ssl, alert_fatal, unexpected_message); } + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -17525,6 +17709,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) if (sniff == NO_SNIFF) { SendAlert(ssl, alert_fatal, unexpected_message); } + WOLFSSL_ERROR_VERBOSE(BUFFER_ERROR); return BUFFER_ERROR; } #ifdef WOLFSSL_EARLY_DATA @@ -17853,6 +18038,7 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) if (level != alert_warning || code != close_notify) SendAlert(ssl, alert_fatal, unexpected_message); #endif + WOLFSSL_ERROR_VERBOSE(ALERT_COUNT_E); return ALERT_COUNT_E; } @@ -17930,11 +18116,15 @@ static int GetInputData(WOLFSSL *ssl, word32 size) if (in == WANT_READ) return WANT_READ; - if (in < 0) + if (in < 0) { + WOLFSSL_ERROR_VERBOSE(SOCKET_ERROR_E); return SOCKET_ERROR_E; + } - if (in > inSz) + if (in > inSz) { + WOLFSSL_ERROR_VERBOSE(RECV_OVERFLOW_E); return RECV_OVERFLOW_E; + } ssl->buffers.inputBuffer.length += in; inSz -= in; @@ -17968,12 +18158,14 @@ static WC_INLINE int VerifyMacEnc(WOLFSSL* ssl, const byte* input, word32 msgSz, WOLFSSL_MSG("Verify MAC of Encrypted Data"); if (msgSz < digestSz) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1, PEER_ORDER); ret |= ConstantCompare(verify, input + msgSz - digestSz, digestSz); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } @@ -18039,20 +18231,27 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad, content, 1, PEER_ORDER); if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, - digestSz) != 0) + digestSz) != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; - if (ret != 0 || badPadLen) + } + if (ret != 0 || badPadLen) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } } } else if (ssl->specs.cipher_type == stream) { ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1, PEER_ORDER); - if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){ + if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } } #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ @@ -18192,6 +18391,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) if (ssl->buffers.inputBuffer.buffer[ ssl->buffers.inputBuffer.idx + OPAQUE16_LEN] != OLD_HELLO_ID) { WOLFSSL_MSG("Not a valid old client hello"); + WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; } @@ -18200,6 +18400,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->buffers.inputBuffer.buffer[ ssl->buffers.inputBuffer.idx + OPAQUE24_LEN] != DTLS_MAJOR) { WOLFSSL_MSG("Not a valid version in old client hello"); + WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; } @@ -18291,6 +18492,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->curRL.type != application_data && ssl->curRL.type != change_cipher_spec) { SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; } #endif @@ -18383,6 +18585,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) if (!ssl->options.dtls) SendAlert(ssl, alert_fatal, bad_record_mac); #endif + WOLFSSL_ERROR_VERBOSE(DECRYPT_ERROR); return DECRYPT_ERROR; } ssl->keys.encryptSz = ssl->curSize; @@ -18620,6 +18823,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) if (!ssl->options.dtls) SendAlert(ssl, alert_fatal, bad_record_mac); #endif + WOLFSSL_ERROR_VERBOSE(DECRYPT_ERROR); return DECRYPT_ERROR; } } @@ -18711,6 +18915,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #if defined(WOLFSSL_EXTRA_ALERTS) SendAlert(ssl, alert_fatal, record_overflow); #endif + WOLFSSL_ERROR_VERBOSE(BUFFER_ERROR); return BUFFER_ERROR; } } @@ -18732,6 +18937,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS) SendAlert(ssl, alert_fatal, record_overflow); #endif + WOLFSSL_ERROR_VERBOSE(BUFFER_ERROR); return BUFFER_ERROR; } @@ -18864,11 +19070,13 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) word32 i = ssl->buffers.inputBuffer.idx; if (ssl->options.handShakeState == HANDSHAKE_DONE) { SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE); return UNKNOWN_RECORD_TYPE; } if (ssl->curSize != 1 || ssl->buffers.inputBuffer.buffer[i] != 1) { SendAlert(ssl, alert_fatal, illegal_parameter); + WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE); return UNKNOWN_RECORD_TYPE; } ssl->buffers.inputBuffer.idx++; @@ -18877,6 +19085,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } else { SendAlert(ssl, alert_fatal, illegal_parameter); + WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE); return UNKNOWN_RECORD_TYPE; } break; @@ -18888,11 +19097,13 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->buffers.inputBuffer.length || ssl->curSize < 1) { WOLFSSL_MSG("ChangeCipher msg too short"); + WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } if (ssl->buffers.inputBuffer.buffer[ ssl->buffers.inputBuffer.idx] != 1) { WOLFSSL_MSG("ChangeCipher msg wrong value"); + WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } @@ -18923,6 +19134,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) if (ssl->curSize != 1) { WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg"); + WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } @@ -19020,6 +19232,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #ifdef WOLFSSL_TLS13 if (ssl->keys.keyUpdateRespond) { WOLFSSL_MSG("No KeyUpdate from peer seen"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } #endif @@ -19112,6 +19325,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } else { WOLFSSL_MSG("\tmiddle padding error"); + WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); return FATAL_ERROR; } } @@ -19123,6 +19337,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } else { WOLFSSL_MSG("\tmiddle padding error"); + WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); return FATAL_ERROR; } } @@ -19146,6 +19361,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) continue; default: WOLFSSL_MSG("Bad process input state, programming error"); + WOLFSSL_ERROR_VERBOSE(INPUT_CASE_ERROR); return INPUT_CASE_ERROR; } } @@ -19317,8 +19533,10 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret |= wc_Md5Update(&md5, conLen, sizeof(conLen)); /* in buffer */ ret |= wc_Md5Update(&md5, in, sz); - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } ret = wc_Md5Final(&md5, result); #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make non-blocking */ @@ -19326,15 +19544,19 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE); } #endif - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } /* outer */ ret = wc_Md5Update(&md5, macSecret, digestSz); ret |= wc_Md5Update(&md5, PAD2, padSz); ret |= wc_Md5Update(&md5, result, digestSz); - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } ret = wc_Md5Final(&md5, digest); #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make non-blocking */ @@ -19342,8 +19564,10 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE); } #endif - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } wc_Md5Free(&md5); } @@ -19359,8 +19583,10 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret |= wc_ShaUpdate(&sha, conLen, sizeof(conLen)); /* in buffer */ ret |= wc_ShaUpdate(&sha, in, sz); - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } ret = wc_ShaFinal(&sha, result); #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make non-blocking */ @@ -19368,15 +19594,19 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE); } #endif - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } /* outer */ ret = wc_ShaUpdate(&sha, macSecret, digestSz); ret |= wc_ShaUpdate(&sha, PAD2, padSz); ret |= wc_ShaUpdate(&sha, result, digestSz); - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } ret = wc_ShaFinal(&sha, digest); #ifdef WOLFSSL_ASYNC_CRYPT /* TODO: Make non-blocking */ @@ -19384,8 +19614,10 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE); } #endif - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; + } wc_ShaFree(&sha); } @@ -20021,8 +20253,12 @@ exit_buildmsg: #endif /* return sz on success */ - if (ret == 0) + if (ret == 0) { ret = args->sz; + } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } /* Final cleanup */ FreeBuildMsgArgs(ssl, args); @@ -24561,7 +24797,12 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) (void)idx; (void)keySz; (void)length; + exit_dpk: + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } @@ -25032,20 +25273,25 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif if (ssl->options.dtls) { - if (pv.major != DTLS_MAJOR || pv.minor == DTLS_BOGUS_MINOR) + if (pv.major != DTLS_MAJOR || pv.minor == DTLS_BOGUS_MINOR) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } lowerVersion = pv.minor > ssl->version.minor; higherVersion = pv.minor < ssl->version.minor; } else { - if (pv.major != SSLv3_MAJOR) + if (pv.major != SSLv3_MAJOR) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } lowerVersion = pv.minor < ssl->version.minor; higherVersion = pv.minor > ssl->version.minor; } if (higherVersion) { WOLFSSL_MSG("Server using higher version, fatal error"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } if (lowerVersion) { @@ -25054,11 +25300,13 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, /* Check for downgrade attack. */ if (!ssl->options.downgrade) { WOLFSSL_MSG("\tno downgrade allowed, fatal error"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } if ((!ssl->options.dtls && pv.minor < ssl->options.minDowngrade) || (ssl->options.dtls && pv.minor > ssl->options.minDowngrade)) { WOLFSSL_MSG("\tversion below minimum allowed, fatal error"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } @@ -25067,6 +25315,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->secure_renegotiation->enabled && ssl->options.handShakeDone) { WOLFSSL_MSG("Server changed version during scr"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } #endif @@ -25099,6 +25348,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, break; default: WOLFSSL_MSG("\tbad minor version"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } } @@ -25136,11 +25386,13 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, (ssl->options.mask & WOLFSSL_OP_NO_SSLv3) == WOLFSSL_OP_NO_SSLv3) { WOLFSSL_MSG("\tError, option set to not allow SSLv3"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } if (ssl->version.minor < ssl->options.minDowngrade) { WOLFSSL_MSG("\tversion below minimum allowed, fatal error"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } } @@ -25223,6 +25475,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (ssl->options.cipherSuite0 != cs0 || ssl->options.cipherSuite != cs1) { WOLFSSL_MSG("Server changed cipher suite during scr"); + WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR); return MATCH_SUITE_ERROR; } } @@ -25251,6 +25504,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } if (!found) { WOLFSSL_MSG("ServerHello did not use cipher suite from ClientHello"); + WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR); return MATCH_SUITE_ERROR; } } @@ -25258,6 +25512,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (compression != NO_COMPRESSION && !ssl->options.usingCompression) { WOLFSSL_MSG("Server forcing compression w/o support"); + WOLFSSL_ERROR_VERBOSE(COMPRESSION_ERROR); return COMPRESSION_ERROR; } @@ -25376,8 +25631,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, int secretSz = SECRET_LEN; ret = ssl->sessionSecretCb(ssl, ssl->session->masterSecret, &secretSz, ssl->sessionSecretCtx); - if (ret != 0 || secretSz != SECRET_LEN) + if (ret != 0 || secretSz != SECRET_LEN) { + WOLFSSL_ERROR_VERBOSE(SESSION_SECRET_CB_E); return SESSION_SECRET_CB_E; + } } #endif /* HAVE_SECRET_CALLBACK */ @@ -25406,6 +25663,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && (vers == 0 || vers == 1)) { SendAlert(ssl, alert_fatal, illegal_parameter); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } } @@ -25420,6 +25678,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && vers == 0) { SendAlert(ssl, alert_fatal, illegal_parameter); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } } @@ -25449,6 +25708,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } else { WOLFSSL_MSG("Unsupported cipher suite, DoServerHello"); + WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE); return UNSUPPORTED_SUITE; } } @@ -25544,10 +25804,12 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #ifdef HAVE_PK_CALLBACKS if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) { WOLFSSL_MSG("Using PK for client private key"); + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } #endif if (ssl->buffers.key && ssl->buffers.key->buffer) { + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } } @@ -25636,12 +25898,14 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (ret == 1) { if ((wolfSSL_use_certificate(ssl, x509) != WOLFSSL_SUCCESS) || (wolfSSL_use_PrivateKey(ssl, pkey) != WOLFSSL_SUCCESS)) { + WOLFSSL_ERROR_VERBOSE(CLIENT_CERT_CB_ERROR); return CLIENT_CERT_CB_ERROR; } wolfSSL_X509_free(x509); wolfSSL_EVP_PKEY_free(pkey); - } else if (ret < 0) { + } + else if (ret < 0) { return WOLFSSL_ERROR_WANT_X509_LOOKUP; } } @@ -26048,6 +26312,9 @@ static int GetDhPublicKey(WOLFSSL* ssl, const byte* input, word32 size, #endif /* HAVE_FFDHE */ exit_gdpk: + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } return ret; } #endif @@ -27048,6 +27315,9 @@ exit_dske: /* Final cleanup */ FreeKeyExchange(ssl); + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } return ret; } @@ -28278,6 +28548,9 @@ exit_scke: #endif FreeKeyExchange(ssl); + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } return ret; } @@ -28738,6 +29011,10 @@ exit_scv: #endif FreeKeyExchange(ssl); + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } #endif /* WOLFSSL_NO_CLIENT_AUTH */ @@ -28808,6 +29085,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->expect_session_ticket == 0) { WOLFSSL_MSG("Unexpected session ticket"); + WOLFSSL_ERROR_VERBOSE(SESSION_TICKET_EXPECT_E); return SESSION_TICKET_EXPECT_E; } @@ -30807,6 +31085,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif FreeKeyExchange(ssl); + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } @@ -31025,6 +31307,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } + WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR); return MATCH_SUITE_ERROR; } @@ -31297,6 +31580,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, SendAlert(ssl, alert_fatal, handshake_failure); #endif ret = EXT_MASTER_SECRET_NEEDED_E; + WOLFSSL_ERROR_VERBOSE(ret); } } else { @@ -31316,6 +31600,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, SendAlert(ssl, alert_fatal, illegal_parameter); #endif ret = UNSUPPORTED_SUITE; + WOLFSSL_ERROR_VERBOSE(ret); } #endif @@ -31333,6 +31618,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (MatchSuite(ssl, clSuites) < 0) { WOLFSSL_MSG("Unsupported cipher suite, ClientHello"); ret = UNSUPPORTED_SUITE; + WOLFSSL_ERROR_VERBOSE(ret); } } if (ret == 0) { @@ -32037,6 +32323,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_LEAVE("DoClientHello", ret); WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } @@ -32474,6 +32764,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Final cleanup */ FreeKeyExchange(ssl); + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } @@ -32756,6 +33050,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ) { ForceZero(&it, sizeof(it)); ret = WOLFSSL_TICKET_RET_FATAL; + WOLFSSL_ERROR_VERBOSE(ret); } else { /* build external */ @@ -32788,6 +33083,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(&it, sizeof(InternalTicket)); #endif + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_KEY_CB_SZ); return BAD_TICKET_KEY_CB_SZ; } @@ -32803,6 +33099,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(&it, sizeof(InternalTicket)); #endif + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_ENCRYPT); return BAD_TICKET_ENCRYPT; } @@ -32815,6 +33112,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(&it, sizeof(InternalTicket)); #endif + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_ENCRYPT); return BAD_TICKET_ENCRYPT; } @@ -32824,6 +33122,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(&it, sizeof(InternalTicket)); #endif + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_ENCRYPT); return BAD_TICKET_ENCRYPT; } @@ -32833,6 +33132,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(&it, sizeof(InternalTicket)); #endif + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_ENCRYPT); return BAD_TICKET_ENCRYPT; } @@ -32866,6 +33166,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (len > SESSION_TICKET_LEN || len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) { + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_MSG_SZ); return BAD_TICKET_MSG_SZ; } @@ -32874,6 +33175,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* decrypt */ ato32(et->enc_len, &inLen); if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) { + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_MSG_SZ); return BAD_TICKET_MSG_SZ; } outLen = (int)inLen; /* may be reduced by user padding */ @@ -32889,6 +33191,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif ) { ret = WOLFSSL_TICKET_RET_FATAL; + WOLFSSL_ERROR_VERBOSE(ret); } else { ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, @@ -32902,6 +33205,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; if (outLen > (int)inLen || outLen < (int)sizeof(InternalTicket)) { WOLFSSL_MSG("Bad user ticket decrypt len"); + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_KEY_CB_SZ); return BAD_TICKET_KEY_CB_SZ; } @@ -32916,6 +33220,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->version.minor < it->pv.minor) { ForceZero(it, sizeof(*it)); WOLFSSL_MSG("Ticket has greater version"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } else if (ssl->version.minor > it->pv.minor) { @@ -32923,12 +33228,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ForceZero(it, sizeof(*it)); WOLFSSL_MSG("Tickets cannot be shared between " "TLS 1.3 and TLS 1.2 and lower"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } if (!ssl->options.downgrade) { ForceZero(it, sizeof(*it)); WOLFSSL_MSG("Ticket has lesser version"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } @@ -32936,6 +33243,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (it->pv.minor < ssl->options.minDowngrade) { ForceZero(it, sizeof(*it)); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } ssl->version.minor = it->pv.minor; diff --git a/src/keys.c b/src/keys.c index 6ecb6ad04..40a04130a 100644 --- a/src/keys.c +++ b/src/keys.c @@ -49,6 +49,7 @@ int SetCipherSpecs(WOLFSSL* ssl) /* server side verified before SetCipherSpecs call */ if (VerifyClientSuite(ssl) != 1) { WOLFSSL_MSG("SetCipherSpecs() client has an unusable suite"); + WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE); return UNSUPPORTED_SUITE; } } @@ -2056,6 +2057,7 @@ int SetCipherSpecs(WOLFSSL* ssl) default: WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs"); + WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE); return UNSUPPORTED_SUITE; } /* switch */ } /* if ECC / Normal suites else */ diff --git a/src/pk.c b/src/pk.c index 965502002..4d8c162c6 100644 --- a/src/pk.c +++ b/src/pk.c @@ -1331,6 +1331,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, else { WOLFSSL_MSG("RsaPublicKeyDecode failed"); } + WOLFSSL_ERROR_VERBOSE(res); ret = -1; } } @@ -5597,10 +5598,12 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf, } if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) { + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("DsaPrivateKeyDecode failed"); return -1; } else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) { + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("DsaPublicKeyDecode failed"); return -1; } diff --git a/src/tls.c b/src/tls.c index 4d8b09ac4..310f2421c 100644 --- a/src/tls.c +++ b/src/tls.c @@ -165,8 +165,10 @@ int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) wc_MemZero_Add("TLS handshake hash", hash, hashSz); #endif - if (ret != 0) + if (ret != 0) { ret = BUILD_MSG_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } return ret; } @@ -224,6 +226,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #else /* Pseudo random function must be enabled in the configuration. */ ret = PRF_MISSING; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Pseudo-random function is not enabled"); (void)side; @@ -331,6 +334,7 @@ static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len, #else /* Pseudo random function must be enabled in the configuration. */ ret = PRF_MISSING; + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Pseudo-random function is not enabled"); (void)key_dig; @@ -1387,6 +1391,7 @@ int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl); int TLSX_HandleUnsupportedExtension(WOLFSSL* ssl) { SendAlert(ssl, alert_fatal, unsupported_extension); + WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_EXTENSION); return UNSUPPORTED_EXTENSION; } @@ -1670,6 +1675,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length, } SendAlert(ssl, alert_fatal, no_application_protocol); + WOLFSSL_ERROR_VERBOSE(UNKNOWN_ALPN_PROTOCOL_NAME_E); return UNKNOWN_ALPN_PROTOCOL_NAME_E; } @@ -1679,7 +1685,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length, (word16)XSTRLEN(alpn->protocol_name), ssl->heap); if (r != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("TLSX_UseALPN failed"); + WOLFSSL_MSG("TLSX_SetALPN failed"); return BUFFER_ERROR; } @@ -1743,6 +1749,7 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) extension = TLSX_Find(extensions, TLSX_APPLICATION_LAYER_PROTOCOL); if (extension == NULL) { WOLFSSL_MSG("TLS extension not found"); + WOLFSSL_ERROR_VERBOSE(WOLFSSL_ALPN_NOT_FOUND); return WOLFSSL_ALPN_NOT_FOUND; } @@ -1751,6 +1758,7 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) WOLFSSL_MSG("ALPN extension not found"); *data = NULL; *dataSz = 0; + WOLFSSL_ERROR_VERBOSE(WOLFSSL_FATAL_ERROR); return WOLFSSL_FATAL_ERROR; } @@ -1759,16 +1767,19 @@ int TLSX_ALPN_GetRequest(TLSX* extensions, void** data, word16 *dataSz) /* consider as an error */ if (alpn->options & WOLFSSL_ALPN_FAILED_ON_MISMATCH) { WOLFSSL_MSG("No protocol match with peer -> Failed"); + WOLFSSL_ERROR_VERBOSE(WOLFSSL_FATAL_ERROR); return WOLFSSL_FATAL_ERROR; } /* continue without negotiated protocol */ WOLFSSL_MSG("No protocol match with peer -> Continue"); + WOLFSSL_ERROR_VERBOSE(WOLFSSL_ALPN_NOT_FOUND); return WOLFSSL_ALPN_NOT_FOUND; } if (alpn->next != NULL) { WOLFSSL_MSG("Only one protocol name must be accepted"); + WOLFSSL_ERROR_VERBOSE(WOLFSSL_FATAL_ERROR); return WOLFSSL_FATAL_ERROR; } @@ -2076,7 +2087,7 @@ static int TLSX_SNI_Parse(WOLFSSL* ssl, const byte* input, word16 length, } else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { SendAlert(ssl, alert_fatal, unrecognized_name); - + WOLFSSL_ERROR_VERBOSE(UNKNOWN_SNI_HOST_NAME_E); return UNKNOWN_SNI_HOST_NAME_E; } #else @@ -2116,6 +2127,7 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) } SendAlert(ssl, alert_fatal, handshake_failure); + WOLFSSL_ERROR_VERBOSE(SNI_ABSENT_ERROR); return SNI_ABSENT_ERROR; } } @@ -2126,6 +2138,7 @@ static int TLSX_SNI_VerifyParse(WOLFSSL* ssl, byte isRequest) continue; SendAlert(ssl, alert_fatal, handshake_failure); + WOLFSSL_ERROR_VERBOSE(SNI_ABSENT_ERROR); return SNI_ABSENT_ERROR; } } @@ -2242,6 +2255,7 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, if (len16 != 0) /* session_id_length must be 0 */ return BUFFER_ERROR; + WOLFSSL_ERROR_VERBOSE(SNI_UNSUPPORTED); return SNI_UNSUPPORTED; } @@ -2251,8 +2265,10 @@ int TLSX_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, if (clientHello[offset++] != SSLv3_MAJOR) return BUFFER_ERROR; - if (clientHello[offset++] < TLSv1_MINOR) + if (clientHello[offset++] < TLSv1_MINOR) { + WOLFSSL_ERROR_VERBOSE(SNI_UNSUPPORTED); return SNI_UNSUPPORTED; + } ato16(clientHello + offset, &len16); offset += OPAQUE16_LEN; @@ -2635,6 +2651,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length, offset += idSz; break; default: + WOLFSSL_ERROR_VERBOSE(TCA_INVALID_ID_TYPE); return TCA_INVALID_ID_TYPE; } @@ -2664,6 +2681,7 @@ static int TLSX_TCA_VerifyParse(WOLFSSL* ssl, byte isRequest) if (extension && !extension->resp) { SendAlert(ssl, alert_fatal, handshake_failure); + WOLFSSL_ERROR_VERBOSE(TCA_ABSENT_ERROR); return TCA_ABSENT_ERROR; } #endif /* NO_WOLFSSL_CLIENT */ @@ -2755,7 +2773,7 @@ static int TLSX_MFL_Parse(WOLFSSL* ssl, const byte* input, word16 length, default: SendAlert(ssl, alert_fatal, illegal_parameter); - + WOLFSSL_ERROR_VERBOSE(UNKNOWN_MAX_FRAG_LEN_E); return UNKNOWN_MAX_FRAG_LEN_E; } @@ -3044,8 +3062,10 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, ret = 0; if (OPAQUE8_LEN + OPAQUE24_LEN > length) ret = BUFFER_ERROR; - if (ret == 0 && input[offset++] != WOLFSSL_CSR_OCSP) + if (ret == 0 && input[offset++] != WOLFSSL_CSR_OCSP) { ret = BAD_CERTIFICATE_STATUS_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } if (ret == 0) { c24to32(input + offset, &resp_length); offset += OPAQUE24_LEN; @@ -3222,8 +3242,10 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) return CheckOcspRequest(SSL_CM(ssl)->ocsp, &csr->request.ocsp, NULL); } - else + else { + WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL); return OCSP_LOOKUP_FAIL; + } } } @@ -3652,8 +3674,10 @@ int TLSX_CSR2_ForceRequest(WOLFSSL* ssl) return CheckOcspRequest(SSL_CM(ssl)->ocsp, &csr2->request.ocsp[0], NULL); } - else + else { + WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL); return OCSP_LOOKUP_FAIL; + } } } @@ -4984,7 +5008,8 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input, WOLFSSL_MSG("SCR client verify data match"); TLSX_SetResponse(ssl, TLSX_RENEGOTIATION_INFO); ret = 0; /* verified */ - } else { + } + else { /* already in error state */ WOLFSSL_MSG("SCR client verify data Failure"); } @@ -5013,7 +5038,8 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input, TLS_FINISHED_SZ) == 0) { WOLFSSL_MSG("SCR client and server verify data match"); ret = 0; /* verified */ - } else { + } + else { /* already in error state */ WOLFSSL_MSG("SCR client and server verify data Failure"); } @@ -5023,6 +5049,7 @@ static int TLSX_SecureRenegotiation_Parse(WOLFSSL* ssl, const byte* input, } if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); SendAlert(ssl, alert_fatal, handshake_failure); } @@ -5160,6 +5187,7 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input, if (length > SESSION_TICKET_LEN) { ret = BAD_TICKET_MSG_SZ; + WOLFSSL_ERROR_VERBOSE(ret); } else if (IsAtLeastTLSv1_3(ssl->version)) { WOLFSSL_MSG("Process client ticket rejected, TLS 1.3 no support"); ssl->options.rejectTicket = 1; @@ -5308,6 +5336,7 @@ static int TLSX_EncryptThenMac_GetSize(byte msgType, word16* pSz) (void)pSz; if (msgType != client_hello && msgType != server_hello) { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -5334,6 +5363,7 @@ static int TLSX_EncryptThenMac_Write(void* data, byte* output, byte msgType, (void)pSz; if (msgType != client_hello && msgType != server_hello) { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -5362,6 +5392,7 @@ static int TLSX_EncryptThenMac_Parse(WOLFSSL* ssl, const byte* input, (void)input; if (msgType != client_hello && msgType != server_hello) { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -5382,8 +5413,10 @@ static int TLSX_EncryptThenMac_Parse(WOLFSSL* ssl, const byte* input, } /* Server Hello */ - if (ssl->options.disallowEncThenMac) + if (ssl->options.disallowEncThenMac) { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } ssl->options.encThenMac = 1; return 0; @@ -5771,6 +5804,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz) *pSz += OPAQUE16_LEN; } else { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -5881,8 +5915,10 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, *pSz += OPAQUE16_LEN; } - else + else { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } return 0; } @@ -5998,6 +6034,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, #else SendAlert(ssl, alert_fatal, protocol_version); #endif + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } } @@ -6009,12 +6046,16 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, major = input[0]; minor = input[OPAQUE8_LEN]; - if (major != pv.major) + if (major != pv.major) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } /* Can't downgrade with this extension below TLS v1.3. */ - if (versionIsLesser(isDtls, minor, tls13minor)) + if (versionIsLesser(isDtls, minor, tls13minor)) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } /* Version is TLS v1.2 to handle downgrading from TLS v1.3+. */ if (ssl->options.downgrade && ssl->version.minor == tls12minor) { @@ -6023,24 +6064,32 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, const byte* input, } /* No upgrade allowed. */ - if (versionIsLesser(isDtls, ssl->version.minor, minor)) + if (versionIsLesser(isDtls, ssl->version.minor, minor)) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } /* Check downgrade. */ if (versionIsGreater(isDtls, ssl->version.minor, minor)) { - if (!ssl->options.downgrade) + if (!ssl->options.downgrade) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } if (versionIsLesser( - isDtls, minor, ssl->options.minDowngrade)) + isDtls, minor, ssl->options.minDowngrade)) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } /* Downgrade the version. */ ssl->version.minor = minor; } } - else + else { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } return 0; } @@ -6101,10 +6150,13 @@ static void TLSX_Cookie_FreeAll(Cookie* cookie, void* heap) */ static int TLSX_Cookie_GetSize(Cookie* cookie, byte msgType, word16* pSz) { - if (msgType == client_hello || msgType == hello_retry_request) + if (msgType == client_hello || msgType == hello_retry_request) { *pSz += OPAQUE16_LEN + cookie->len; - else + } + else { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } return 0; } @@ -6126,8 +6178,10 @@ static int TLSX_Cookie_Write(Cookie* cookie, byte* output, byte msgType, XMEMCPY(output, &cookie->data, cookie->len); *pSz += OPAQUE16_LEN + cookie->len; } - else + else { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } return 0; } @@ -6148,8 +6202,10 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length, TLSX* extension; Cookie* cookie; - if (msgType != client_hello && msgType != hello_retry_request) + if (msgType != client_hello && msgType != hello_retry_request) { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } /* Message contains length and Cookie which must be at least one byte * in length. @@ -6175,12 +6231,17 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length, return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 0); else #endif + { + WOLFSSL_ERROR_VERBOSE(HRR_COOKIE_ERROR); return HRR_COOKIE_ERROR; + } } cookie = (Cookie*)extension->data; - if (cookie->len != len || XMEMCMP(&cookie->data, input + idx, len) != 0) + if (cookie->len != len || XMEMCMP(&cookie->data, input + idx, len) != 0) { + WOLFSSL_ERROR_VERBOSE(HRR_COOKIE_ERROR); return HRR_COOKIE_ERROR; + } /* Request seen. */ extension->resp = 0; @@ -6662,6 +6723,7 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) (void)kse; ret = NOT_COMPILED_IN; + WOLFSSL_ERROR_VERBOSE(ret); #endif return ret; @@ -6722,6 +6784,7 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse) if (wc_curve25519_export_public_ex(key, kse->pubKey, &kse->pubKeyLen, EC25519_LITTLE_ENDIAN) != 0) { ret = ECC_EXPORT_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } kse->pubKeyLen = CURVE25519_KEYSIZE; /* always CURVE25519_KEYSIZE */ } @@ -6751,6 +6814,7 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse) (void)kse; ret = NOT_COMPILED_IN; + WOLFSSL_ERROR_VERBOSE(ret); #endif /* HAVE_CURVE25519 */ return ret; @@ -6838,6 +6902,7 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse) (void)kse; ret = NOT_COMPILED_IN; + WOLFSSL_ERROR_VERBOSE(ret); #endif /* HAVE_CURVE448 */ return ret; @@ -6886,6 +6951,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) #endif /* !NO_ECC_SECP */ #endif default: + WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG); return BAD_FUNC_ARG; } @@ -6951,6 +7017,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) PRIVATE_KEY_UNLOCK(); if (wc_ecc_export_x963(eccKey, kse->pubKey, &kse->pubKeyLen) != 0) { ret = ECC_EXPORT_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } PRIVATE_KEY_LOCK(); } @@ -6979,6 +7046,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) (void)kse; ret = NOT_COMPILED_IN; + WOLFSSL_ERROR_VERBOSE(ret); #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */ return ret; @@ -7167,12 +7235,13 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) else { WOLFSSL_MSG("liboqs keygen failure"); ret = BAD_FUNC_ARG; + WOLFSSL_ERROR_VERBOSE(ret); } } #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Public liboqs Key"); - WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen ); + WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen); #endif OQS_KEM_free(kem); @@ -7255,6 +7324,7 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) else { WOLFSSL_MSG("liboqs keygen failure"); ret = BAD_FUNC_ARG; + WOLFSSL_ERROR_VERBOSE(ret); } } @@ -7473,12 +7543,14 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) break; } if (params == NULL) { + WOLFSSL_ERROR_VERBOSE(PEER_KEY_ERROR); return PEER_KEY_ERROR; } pSz = params->p_len; #else ret = wc_DhGetNamedKeyParamSize(keyShareEntry->group, &pSz, NULL, NULL); if (ret != 0 || pSz == 0) { + WOLFSSL_ERROR_VERBOSE(PEER_KEY_ERROR); return PEER_KEY_ERROR; } #endif @@ -7562,6 +7634,7 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) (void)ssl; (void)keyShareEntry; ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); #endif return ret; } @@ -7608,6 +7681,7 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, if (wc_curve25519_check_public(keyShareEntry->ke, keyShareEntry->keLen, EC25519_LITTLE_ENDIAN) != 0) { ret = ECC_PEERKEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } if (ret == 0) { @@ -7615,6 +7689,7 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, keyShareEntry->keLen, peerX25519Key, EC25519_LITTLE_ENDIAN) != 0) { ret = ECC_PEERKEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } } @@ -7639,6 +7714,7 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, (void)keyShareEntry; ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); #endif /* HAVE_CURVE25519 */ return ret; @@ -7685,6 +7761,7 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) if (wc_curve448_check_public(keyShareEntry->ke, keyShareEntry->keLen, EC448_LITTLE_ENDIAN) != 0) { ret = ECC_PEERKEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } if (ret == 0) { @@ -7692,6 +7769,7 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) keyShareEntry->keLen, peerX448Key, EC448_LITTLE_ENDIAN) != 0) { ret = ECC_PEERKEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } } @@ -7716,6 +7794,7 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) (void)keyShareEntry; ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); #endif /* HAVE_CURVE448 */ return ret; @@ -7764,6 +7843,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) #endif default: /* unsupported curve */ + WOLFSSL_ERROR_VERBOSE(ECC_PEERKEY_ERROR); return ECC_PEERKEY_ERROR; } @@ -7805,6 +7885,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ssl->peerEccKey, curveId); if (ret != 0) { ret = ECC_PEERKEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } } @@ -7851,6 +7932,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) (void)keyShareEntry; ret = PEER_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); #endif /* HAVE_ECC */ return ret; @@ -7887,6 +7969,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) * pre-allocated buffer. */ if (keyShareEntry->keLen > ENCRYPT_LEN) { WOLFSSL_MSG("shared secret is too long."); + WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } @@ -7904,6 +7987,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) algName = OQS_ID2name(oqs_group); if (algName == NULL) { WOLFSSL_MSG("Invalid OQS algorithm specified."); + WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG); return BAD_FUNC_ARG; } @@ -7951,6 +8035,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) keyShareEntry->privKey) != OQS_SUCCESS) { WOLFSSL_MSG("Liboqs decapsulation failure."); ret = BAD_FUNC_ARG; + WOLFSSL_ERROR_VERBOSE(ret); } if (ecc_group != 0) { @@ -7961,6 +8046,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) (word32)kem->length_ciphertext, &eccpubkey); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("ECC Public key import error."); } } @@ -7983,6 +8069,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) if (outlen != sharedSecretLen - kem->length_shared_secret) { WOLFSSL_MSG("ECC shared secret derivation error."); ret = BAD_FUNC_ARG; + WOLFSSL_ERROR_VERBOSE(ret); } } } @@ -7990,6 +8077,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) if (sharedSecretLen > ENCRYPT_LEN) { WOLFSSL_MSG("shared secret is too long."); ret = LENGTH_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } if (ret == 0) { @@ -8029,6 +8117,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) * pre-allocated buffer. */ if (keyShareEntry->keLen > ENCRYPT_LEN) { WOLFSSL_MSG("shared secret is too long."); + WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } @@ -8370,12 +8459,16 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, ato16(input, &group); /* Check the selected group was supported by ClientHello extensions. */ - if (!TLSX_SupportedGroups_Find(ssl, group)) + if (!TLSX_SupportedGroups_Find(ssl, group)) { + WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; + } /* Check if the group was sent. */ - if (!TLSX_KeyShare_Find(ssl, group)) + if (!TLSX_KeyShare_Find(ssl, group)) { + WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; + } /* ServerHello contains one key share entry. */ len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry); @@ -8388,6 +8481,7 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, && keyShareEntry->privKey == NULL #endif )) { + WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; } @@ -8409,12 +8503,16 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, #endif { /* Check the selected group was supported by ClientHello extensions. */ - if (!TLSX_SupportedGroups_Find(ssl, group)) + if (!TLSX_SupportedGroups_Find(ssl, group)) { + WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; + } /* Check if the group was sent. */ - if (TLSX_KeyShare_Find(ssl, group)) + if (TLSX_KeyShare_Find(ssl, group)) { + WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; + } /* Clear out unusable key shares. */ ret = TLSX_KeyShare_Empty(ssl); @@ -8430,6 +8528,7 @@ static int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, } else { /* Not a message type that is allowed to have this extension. */ + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -8537,6 +8636,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, if (ret == 0 && len != kem->length_public_key + ecc_kse->pubKeyLen) { WOLFSSL_MSG("Invalid public key."); + WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG); ret = BAD_FUNC_ARG; } @@ -9160,8 +9260,10 @@ static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl) } curve = preferredCurve; - if (curve == NULL) + if (curve == NULL) { + WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; + } /* Delete the old key share data list. */ extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); @@ -9188,6 +9290,8 @@ static int TLSX_KeyShare_SetSupported(WOLFSSL* ssl) #else (void)ssl; + + WOLFSSL_ERROR_VERBOSE(NOT_COMPILED_IN); ret = NOT_COMPILED_IN; #endif @@ -9433,6 +9537,7 @@ static int TLSX_PreSharedKey_GetSize(PreSharedKey* list, byte msgType, return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -9448,8 +9553,10 @@ int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list, byte msgType, { word16 len; - if (msgType != client_hello) + if (msgType != client_hello) { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } /* Length of all binders. */ len = OPAQUE16_LEN; @@ -9478,8 +9585,10 @@ int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list, byte* output, word16 lenIdx; word16 len; - if (msgType != client_hello) + if (msgType != client_hello) { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } /* Skip length of all binders. */ lenIdx = idx; @@ -9556,8 +9665,10 @@ static int TLSX_PreSharedKey_Write(PreSharedKey* list, byte* output, /* Find the index of the chosen identity. */ for (i=0; list != NULL && !list->chosen; i++) list = list->next; - if (list == NULL) + if (list == NULL) { + WOLFSSL_ERROR_VERBOSE(BUILD_MSG_ERROR); return BUILD_MSG_ERROR; + } /* The index of the identity chosen by the server from the list supplied * by the client. @@ -9565,8 +9676,10 @@ static int TLSX_PreSharedKey_Write(PreSharedKey* list, byte* output, c16toa(i, output); *pSz += OPAQUE16_LEN; } - else + else { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; + } return 0; } @@ -9695,8 +9808,10 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, const byte* input, /* Mark the identity as chosen. */ for (; list != NULL && idx > 0; idx--) list = list->next; - if (list == NULL) + if (list == NULL) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; + } list->chosen = 1; #ifdef HAVE_SESSION_TICKET @@ -9706,6 +9821,7 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, const byte* input, ssl->options.cipherSuite != ssl->session->cipherSuite || ssl->session->version.major != ssl->ctx->method->version.major || ssl->session->version.minor != ssl->ctx->method->version.minor) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } } @@ -9714,6 +9830,7 @@ static int TLSX_PreSharedKey_Parse(WOLFSSL* ssl, const byte* input, return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -9887,6 +10004,7 @@ static int TLSX_PskKeModes_GetSize(byte modes, byte msgType, word16* pSz) return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -9918,6 +10036,7 @@ static int TLSX_PskKeModes_Write(byte modes, byte* output, byte msgType, return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -9967,6 +10086,7 @@ static int TLSX_PskKeModes_Parse(WOLFSSL* ssl, const byte* input, word16 length, return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -10031,6 +10151,7 @@ static int TLSX_PostHandAuth_GetSize(byte msgType, word16* pSz) return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -10051,6 +10172,7 @@ static int TLSX_PostHandAuth_Write(byte* output, byte msgType, word16* pSz) return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -10077,6 +10199,7 @@ static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, const byte* input, return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -10134,8 +10257,10 @@ static int TLSX_EarlyData_GetSize(byte msgType, word16* pSz) *pSz += 0; else if (msgType == session_ticket) *pSz += OPAQUE32_LEN; - else + else { ret = SANITY_MSG_E; + WOLFSSL_ERROR_VERBOSE(ret); + } return ret; } @@ -10160,6 +10285,7 @@ static int TLSX_EarlyData_Write(word32 maxSz, byte* output, byte msgType, return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -10199,8 +10325,10 @@ static int TLSX_EarlyData_Parse(WOLFSSL* ssl, const byte* input, word16 length, /* Ensure the index of PSK identity chosen by server is 0. * Index is plus one to handle 'not set' value of 0. */ - if (ssl->options.pskIdIndex != 1) + if (ssl->options.pskIdIndex != 1) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; + } if (ssl->options.side == WOLFSSL_CLIENT_END) { /* the extension from server comes in */ @@ -10220,6 +10348,7 @@ static int TLSX_EarlyData_Parse(WOLFSSL* ssl, const byte* input, word16 length, return 0; } + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -11984,8 +12113,10 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, word16 size; #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) - if (msgType == client_hello && pskDone) + if (msgType == client_hello && pskDone) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; + } #endif if (length - offset < HELLO_EXT_TYPE_SZ + OPAQUE16_LEN) @@ -12049,10 +12180,12 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (IsAtLeastTLSv1_3(ssl->version) && msgType != client_hello && msgType != encrypted_extensions) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } else if (!IsAtLeastTLSv1_3(ssl->version) && msgType == encrypted_extensions) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } #endif @@ -12082,10 +12215,12 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (IsAtLeastTLSv1_3(ssl->version) && msgType != client_hello && msgType != encrypted_extensions) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } else if (!IsAtLeastTLSv1_3(ssl->version) && msgType == encrypted_extensions) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } #endif @@ -12279,8 +12414,10 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (!IsAtLeastTLSv1_3(ssl->version)) break; - if (msgType != client_hello && msgType != server_hello) + if (msgType != client_hello && msgType != server_hello) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; + } ret = PSK_PARSE(ssl, input + offset, size, msgType); pskDone = 1; @@ -12295,8 +12432,10 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (!IsAtLeastTLSv1_3(ssl->version)) break; - if (msgType != client_hello) + if (msgType != client_hello) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; + } ret = PKM_PARSE(ssl, input + offset, size, msgType); break; @@ -12314,11 +12453,13 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (msgType != client_hello && msgType != session_ticket && msgType != encrypted_extensions) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } if (!IsAtLeastTLSv1_3(ssl->version) && (msgType == session_ticket || msgType == encrypted_extensions)) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } ret = EDI_PARSE(ssl, input + offset, size, msgType); @@ -12335,8 +12476,10 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (!IsAtLeastTLSv1_3(ssl->version)) break; - if (msgType != client_hello) + if (msgType != client_hello) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; + } ret = PHA_PARSE(ssl, input + offset, size, msgType); break; @@ -12354,10 +12497,12 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (msgType != client_hello && msgType != certificate_request) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } if (!IsAtLeastTLSv1_3(ssl->version) && msgType == certificate_request) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } @@ -12377,6 +12522,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, if (msgType != client_hello && msgType != server_hello && msgType != hello_retry_request) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } #endif diff --git a/src/tls13.c b/src/tls13.c index 6cc96e638..cf770b950 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -472,6 +472,7 @@ static int DeriveEarlyTrafficSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13SecretCb(ssl, CLIENT_EARLY_TRAFFIC_SECRET, key, ssl->specs.hash_size, ssl->tls13SecretCtx); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -480,6 +481,7 @@ static int DeriveEarlyTrafficSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13KeyLogCb(ssl, CLIENT_EARLY_TRAFFIC_SECRET, key, ssl->specs.hash_size, NULL); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -524,6 +526,7 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13SecretCb(ssl, CLIENT_HANDSHAKE_TRAFFIC_SECRET, key, ssl->specs.hash_size, ssl->tls13SecretCtx); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -532,6 +535,7 @@ static int DeriveClientHandshakeSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13KeyLogCb(ssl, CLIENT_HANDSHAKE_TRAFFIC_SECRET, key, ssl->specs.hash_size, NULL); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -567,6 +571,7 @@ static int DeriveServerHandshakeSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13SecretCb(ssl, SERVER_HANDSHAKE_TRAFFIC_SECRET, key, ssl->specs.hash_size, ssl->tls13SecretCtx); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -575,6 +580,7 @@ static int DeriveServerHandshakeSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13KeyLogCb(ssl, SERVER_HANDSHAKE_TRAFFIC_SECRET, key, ssl->specs.hash_size, NULL); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -610,6 +616,7 @@ static int DeriveClientTrafficSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13SecretCb(ssl, CLIENT_TRAFFIC_SECRET, key, ssl->specs.hash_size, ssl->tls13SecretCtx); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -618,6 +625,7 @@ static int DeriveClientTrafficSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13KeyLogCb(ssl, CLIENT_TRAFFIC_SECRET, key, ssl->specs.hash_size, NULL); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -653,6 +661,7 @@ static int DeriveServerTrafficSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13SecretCb(ssl, SERVER_TRAFFIC_SECRET, key, ssl->specs.hash_size, ssl->tls13SecretCtx); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -661,6 +670,7 @@ static int DeriveServerTrafficSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13KeyLogCb(ssl, SERVER_TRAFFIC_SECRET, key, ssl->specs.hash_size, NULL); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -697,6 +707,7 @@ static int DeriveExporterSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13SecretCb(ssl, EXPORTER_SECRET, key, ssl->specs.hash_size, ssl->tls13SecretCtx); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -705,6 +716,7 @@ static int DeriveExporterSecret(WOLFSSL* ssl, byte* key) ret = ssl->tls13KeyLogCb(ssl, EXPORTER_SECRET, key, ssl->specs.hash_size, NULL); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(TLS13_SECRET_CB_E); return TLS13_SECRET_CB_E; } } @@ -1340,6 +1352,10 @@ end: wc_MemZero_Check(key_dig, MAX_PRF_DIG); #endif + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } @@ -2300,6 +2316,7 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, SendAlert(ssl, alert_fatal, bad_record_mac); } ret = VERIFY_MAC_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } #else (void)doAlert; @@ -2476,6 +2493,10 @@ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, break; } + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } @@ -2685,8 +2706,12 @@ exit_buildmsg: ssl->options.buildMsgState = BUILD_MSG_BEGIN; /* return sz on success */ - if (ret == 0) + if (ret == 0) { ret = args->sz; + } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } /* Final cleanup */ #ifdef WOLFSSL_ASYNC_CRYPT @@ -3003,8 +3028,10 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) if (clientHello) { /* Ensure cipher suite is supported or changed suite to one with * the same MAC algorithm. */ - if (!FindSuiteSSL(ssl, suite)) + if (!FindSuiteSSL(ssl, suite)) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; + } /* Setting mac for binder and keys for deriving EarlyData. */ ret = SetCipherSpecs(ssl); @@ -3068,6 +3095,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) if (idlen > MAX_PSK_KEY_LEN) { wolfSSL_FreeSession(ssl->ctx, psksession); WOLFSSL_MSG("psk key length is too long"); + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } @@ -3104,6 +3132,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) byte pskCS[2] = { psk->cipherSuite0, psk->cipherSuite }; /* Ensure PSK and negotiated cipher suites have same hash. */ if (SuiteMac(pskCS) != SuiteMac(suite)) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } /* Negotiated cipher suite is to be used - update PSK. */ @@ -3122,6 +3151,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) &cipherName); if (GetCipherSuiteFromName(cipherName, &cipherSuite0, &cipherSuite, &cipherSuiteFlags) != 0) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } ssl->options.cipherSuite0 = cipherSuite0; @@ -3137,6 +3167,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) } if (ssl->arrays->psk_keySz == 0 || ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } @@ -3149,6 +3180,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) if (!clientHello && (psk->cipherSuite0 != suite[0] || psk->cipherSuite != suite[1])) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } @@ -3357,7 +3389,10 @@ int SendTls13ClientHello(WOLFSSL* ssl) } else #endif + { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } } #endif @@ -3810,6 +3845,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (args->pv.major != ssl->version.major || args->pv.minor != tls12minor) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } @@ -3827,6 +3863,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * Don't allow more than one HelloRetryRequest or ServerHello. */ if (ssl->msgsReceived.got_hello_retry_request) { + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } } @@ -3862,6 +3899,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, b = input[args->idx++]; if (b != 0) { WOLFSSL_MSG("Must be no compression types in list"); + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } @@ -3914,6 +3952,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (!ssl->options.downgrade) { WOLFSSL_MSG("Server trying to downgrade to version less than " "TLS v1.3"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ @@ -3922,16 +3961,22 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (args->pv.minor == TLSv1_2_MINOR && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { WOLFSSL_MSG("\tOption set to not allow TLSv1.2"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } #endif if (!ssl->options.dtls && - args->pv.minor < ssl->options.minDowngrade) + args->pv.minor < ssl->options.minDowngrade) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } - if (ssl->options.dtls && args->pv.minor > ssl->options.minDowngrade) + if (ssl->options.dtls && + args->pv.minor > ssl->options.minDowngrade) { + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; + } ssl->version.minor = args->pv.minor; @@ -4005,6 +4050,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = ssl->sessionSecretCb(ssl, ssl->session->masterSecret, &secretSz, ssl->sessionSecretCtx); if (ret != 0 || secretSz != SECRET_LEN) { + WOLFSSL_ERROR_VERBOSE(SESSION_SECRET_CB_E); return SESSION_SECRET_CB_E; } } @@ -4034,6 +4080,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = CompleteServerHello(ssl); #else WOLFSSL_MSG("Client using higher version, fatal error"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); ret = VERSION_ERROR; #endif @@ -4052,6 +4099,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT if (args->sessIdSz == 0) { WOLFSSL_MSG("args->sessIdSz == 0"); + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } if (ssl->session->sessionIDSz != 0) { @@ -4059,12 +4107,14 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCMP(ssl->session->sessionID, args->sessId, args->sessIdSz) != 0) { WOLFSSL_MSG("session id doesn't match"); + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } } else if (XMEMCMP(ssl->arrays->clientRandom, args->sessId, args->sessIdSz) != 0) { WOLFSSL_MSG("session id doesn't match client random"); + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } #else @@ -4072,6 +4122,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCMP(ssl->session->sessionID, args->sessId, args->sessIdSz) != 0)) { WOLFSSL_MSG("Server sent different session id"); + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } #endif /* WOLFSSL_TLS13_MIDDLEBOX_COMPAT */ @@ -4090,6 +4141,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Check that the negotiated ciphersuite matches protocol version. */ if (ssl->options.cipherSuite0 != TLS13_BYTE) { WOLFSSL_MSG("Server sent non-TLS13 cipher suite in TLS 1.3 packet"); + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } @@ -4097,7 +4149,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, suite[1] = ssl->options.cipherSuite; if (!FindSuiteSSL(ssl, suite)) { WOLFSSL_MSG("Cipher suite not supported on client"); - return PSK_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR); + return MATCH_SUITE_ERROR; } if (*extMsgType == server_hello) { @@ -4310,6 +4363,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, ) { if (PickHashSigAlgo(ssl, peerSuites.hashSigAlgo, peerSuites.hashSigAlgoSz) != 0) { + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } ssl->options.sendVerify = SEND_CERT; @@ -4320,6 +4374,7 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, #else WOLFSSL_MSG("Certificate required but none set on client"); SendAlert(ssl, alert_fatal, illegal_parameter); + WOLFSSL_ERROR_VERBOSE(NO_CERT_ERROR); return NO_CERT_ERROR; #endif } @@ -4417,6 +4472,7 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err) if (found) { if (sa->psk_keySz > MAX_PSK_KEY_LEN) { ret = PSK_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } if (ret == 0) { #ifndef WOLFSSL_PSK_ONE_ID @@ -4438,6 +4494,7 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, byte* suite, int* err) /* PSK age is always zero. */ if (psk->ticketAge != ssl->session->ticketAdd) { ret = PSK_KEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); } } if ((ret == 0) && found) { @@ -4612,6 +4669,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first) return ret; if (binderLen != current->binderLen || XMEMCMP(binder, current->binder, binderLen) != 0) { + WOLFSSL_ERROR_VERBOSE(BAD_BINDER); return BAD_BINDER; } @@ -4627,6 +4685,7 @@ static int DoPreSharedKeys(WOLFSSL* ssl, byte* suite, int* usingPSK, int* first) if (ssl->buffers.certChainCnt != 0) return 0; #endif + WOLFSSL_ERROR_VERBOSE(BAD_BINDER); return BAD_BINDER; #else return 0; @@ -4678,8 +4737,10 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, } /* Extensions pushed on stack/list and PSK must be last. */ - if (ssl->extensions != ext) + if (ssl->extensions != ext) { + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; + } /* Assume we are going to resume with a pre-shared key. */ ssl->options.resuming = 1; @@ -4774,8 +4835,10 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, /* Get the PSK key exchange modes the client wants to negotiate. */ ext = TLSX_Find(ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES); - if (ext == NULL) + if (ext == NULL) { + WOLFSSL_ERROR_VERBOSE(MISSING_HANDSHAKE_DATA); return MISSING_HANDSHAKE_DATA; + } modes = ext->val; #ifdef HAVE_SUPPORTED_CURVES @@ -4793,6 +4856,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, { if ((modes & (1 << PSK_KE)) == 0) { WOLFSSL_MSG("psk_ke mode does not allow key share"); + WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } ssl->options.noPskDheKe = 1; @@ -4807,6 +4871,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, if (ssl->buffers.certChainCnt != 0) return 0; #endif + WOLFSSL_ERROR_VERBOSE(BAD_BINDER); return BAD_BINDER; } #endif @@ -4870,8 +4935,10 @@ static int CheckCookie(WOLFSSL* ssl, byte* cookie, byte cookieSz) if (ret != 0) return ret; - if (ConstantCompare(cookie + cookieSz, mac, macSz) != 0) + if (ConstantCompare(cookie + cookieSz, mac, macSz) != 0) { + WOLFSSL_ERROR_VERBOSE(HRR_COOKIE_ERROR); return HRR_COOKIE_ERROR; + } return cookieSz; } @@ -5578,6 +5645,10 @@ exit_dch: #endif WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } @@ -7251,6 +7322,10 @@ exit_scv: FreeAsyncCtx(ssl, 0); #endif + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } #endif @@ -7753,8 +7828,13 @@ exit_dcv: } else #endif /* WOLFSSL_ASYNC_CRYPT */ - if (ret != 0 && ret != INVALID_PARAMETER) - SendAlert(ssl, alert_fatal, decrypt_error); + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + + if (ret != INVALID_PARAMETER) { + SendAlert(ssl, alert_fatal, decrypt_error); + } + } /* Final cleanup */ FreeDcv13Args(ssl, args); @@ -7888,6 +7968,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (XMEMCMP(input + *inOutIdx, mac, size) != 0){ WOLFSSL_MSG("Verify finished error on hashes"); SendAlert(ssl, alert_fatal, decrypt_error); + WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR); return VERIFY_FINISHED_ERROR; } } @@ -8049,8 +8130,10 @@ static int SendTls13Finished(WOLFSSL* ssl) /* This message is always encrypted. */ sendSz = BuildTls13Message(ssl, output, outputSz, input, headerSz + finishedSz, handshake, 1, 0, 0); - if (sendSz < 0) + if (sendSz < 0) { + WOLFSSL_ERROR_VERBOSE(BUILD_MSG_ERROR); return BUILD_MSG_ERROR; + } #ifdef WOLFSSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName(ssl, "Finished"); @@ -8329,6 +8412,7 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->keys.keyUpdateRespond = 1; break; default: + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } @@ -8466,6 +8550,7 @@ static int DoTls13EndOfEarlyData(WOLFSSL* ssl, const byte* input, if (ssl->earlyData == no_early_data) { WOLFSSL_MSG("EndOfEarlyData received unexpectedly"); SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -8516,8 +8601,10 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input, return BUFFER_ERROR; ato32(input + *inOutIdx, &lifetime); *inOutIdx += SESSION_HINT_SZ; - if (lifetime > MAX_LIFETIME) + if (lifetime > MAX_LIFETIME) { + WOLFSSL_ERROR_VERBOSE(SERVER_HINT_ERROR); return SERVER_HINT_ERROR; + } /* Age add. */ if ((*inOutIdx - begin) + SESSION_ADD_SZ > size) @@ -8531,6 +8618,7 @@ static int DoTls13NewSessionTicket(WOLFSSL* ssl, const byte* input, nonceLength = input[*inOutIdx]; if (nonceLength > MAX_TICKET_NONCE_SZ) { WOLFSSL_MSG("Nonce length not supported"); + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); return INVALID_PARAMETER; } *inOutIdx += 1; @@ -8861,18 +8949,21 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only valid when received on SERVER side. */ if (ssl->options.side == WOLFSSL_CLIENT_END) { WOLFSSL_MSG("ClientHello received by client"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif /* Check state. */ if (ssl->options.clientState >= CLIENT_HELLO_COMPLETE) { WOLFSSL_MSG("ClientHello received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Check previously seen. */ /* Initial and after HelloRetryRequest - no more than 2. */ if (ssl->msgsReceived.got_client_hello == 2) { WOLFSSL_MSG("Too many ClientHello received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } /* Second only after HelloRetryRequest seen. */ @@ -8880,6 +8971,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE) { WOLFSSL_MSG("Duplicate ClientHello received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_client_hello++; @@ -8893,12 +8985,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only valid when received on CLIENT side. */ if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("ServerHello received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif /* Check state. */ if (ssl->options.serverState >= SERVER_HELLO_COMPLETE) { WOLFSSL_MSG("ServerHello received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Check previously seen. */ @@ -8908,6 +9002,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) */ if (ssl->msgsReceived.got_server_hello) { WOLFSSL_MSG("Duplicate ServerHello received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_server_hello = 1; @@ -8921,6 +9016,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only valid when received on CLIENT side. */ if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("NewSessionTicket received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif @@ -8929,12 +9025,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only allowed after server's Finished message. */ if (ssl->options.serverState < SERVER_FINISHED_COMPLETE) { WOLFSSL_MSG("NewSessionTicket received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #else /* Only allowed after client's Finished message. */ if (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) { WOLFSSL_MSG("NewSessionTicket received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #endif @@ -8951,6 +9049,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only valid when received on SERVER side. */ if (ssl->options.side == WOLFSSL_CLIENT_END) { WOLFSSL_MSG("EndOfEarlyData received by client"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif @@ -8958,15 +9057,18 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only after server's Finished and before client's Finished. */ if (ssl->options.serverState < SERVER_FINISHED_COMPLETE) { WOLFSSL_MSG("EndOfEarlyData received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } if (ssl->options.clientState >= CLIENT_FINISHED_COMPLETE) { WOLFSSL_MSG("EndOfEarlyData received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Check previously seen. */ if (ssl->msgsReceived.got_end_of_early_data) { WOLFSSL_MSG("Too many EndOfEarlyData received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_end_of_early_data = 1; @@ -8981,6 +9083,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only valid when received on CLIENT side. */ if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("EncryptedExtensions received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif @@ -8991,11 +9094,13 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) */ if (ssl->options.serverState != SERVER_HELLO_COMPLETE) { WOLFSSL_MSG("EncryptedExtensions received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Check previously seen. */ if (ssl->msgsReceived.got_encrypted_extensions) { WOLFSSL_MSG("Duplicate EncryptedExtensions received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_encrypted_extensions = 1; @@ -9015,6 +9120,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->options.serverState != SERVER_ENCRYPTED_EXTENSIONS_COMPLETE) { WOLFSSL_MSG("Certificate received out of order - Client"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -9023,6 +9129,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->options.serverState == SERVER_CERT_COMPLETE && ssl->options.pskNegotiated) { WOLFSSL_MSG("Certificate received while using PSK"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } #endif @@ -9035,12 +9142,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->options.clientState != CLIENT_HELLO_COMPLETE && ssl->options.serverState < SERVER_FINISHED_COMPLETE) { WOLFSSL_MSG("Certificate received out of order - Server"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #endif /* Check previously seen. */ if (ssl->msgsReceived.got_certificate) { WOLFSSL_MSG("Duplicate Certificate received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_certificate = 1; @@ -9053,6 +9162,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only valid when received on CLIENT side. */ if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("CertificateRequest received by server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } #endif @@ -9063,6 +9173,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) if (ssl->options.serverState != SERVER_ENCRYPTED_EXTENSIONS_COMPLETE) { WOLFSSL_MSG("CertificateRequest received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #else @@ -9074,6 +9185,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) (ssl->options.serverState < SERVER_FINISHED_COMPLETE || ssl->options.clientState != CLIENT_FINISHED_COMPLETE)) { WOLFSSL_MSG("CertificateRequest received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #endif @@ -9081,6 +9193,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Server's authenticating with PSK must not send this. */ if (ssl->options.pskNegotiated) { WOLFSSL_MSG("CertificateRequest received while using PSK"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } #endif @@ -9089,6 +9202,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Only once during handshake. */ if (ssl->msgsReceived.got_certificate_request) { WOLFSSL_MSG("Duplicate CertificateRequest received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } #else @@ -9096,6 +9210,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) if (ssl->msgsReceived.got_certificate_request && ssl->options.clientState != CLIENT_FINISHED_COMPLETE) { WOLFSSL_MSG("Duplicate CertificateRequest received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } #endif @@ -9112,12 +9227,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) if (ssl->options.side == WOLFSSL_CLIENT_END) { if (ssl->options.serverState != SERVER_CERT_COMPLETE) { WOLFSSL_MSG("No Cert before CertVerify"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) /* Server's authenticating with PSK must not send this. */ if (ssl->options.pskNegotiated) { WOLFSSL_MSG("CertificateVerify received while using PSK"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } #endif @@ -9129,15 +9246,18 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Server must have sent Finished message. */ if (ssl->options.serverState < SERVER_FINISHED_COMPLETE) { WOLFSSL_MSG("CertificateVerify received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Valid only directly after a Certificate message. */ if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { WOLFSSL_MSG("CertificateVerify before ClientHello done"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } if (!ssl->msgsReceived.got_certificate) { WOLFSSL_MSG("No Cert before CertificateVerify"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -9145,6 +9265,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* Check previously seen. */ if (ssl->msgsReceived.got_certificate_verify) { WOLFSSL_MSG("Duplicate CertificateVerify received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_certificate_verify = 1; @@ -9159,6 +9280,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) /* After sending ClientHello */ if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { WOLFSSL_MSG("Finished received out of order - clientState"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Must have seen certificate and verify from server except when @@ -9168,6 +9290,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) if (ssl->options.serverState != SERVER_ENCRYPTED_EXTENSIONS_COMPLETE) { WOLFSSL_MSG("Finished received out of order - PSK"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -9175,6 +9298,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) #endif if (ssl->options.serverState != SERVER_CERT_VERIFY_COMPLETE) { WOLFSSL_MSG("Finished received out of order - serverState"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } @@ -9184,16 +9308,19 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) if (ssl->options.side == WOLFSSL_SERVER_END) { if (ssl->options.serverState < SERVER_FINISHED_COMPLETE) { WOLFSSL_MSG("Finished received out of order - serverState"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) { WOLFSSL_MSG("Finished received out of order - clientState"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #ifdef WOLFSSL_EARLY_DATA if (ssl->earlyData == process_early_data && /* early data may be lost when using DTLS */ !ssl->options.dtls) { + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } #endif @@ -9211,6 +9338,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) !ssl->msgsReceived.got_certificate) { WOLFSSL_MSG("Finished received out of order - " "missing Certificate message"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Mutual authentication on server requires a certificate from @@ -9222,6 +9350,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->options.verifyPeer)) && !ssl->options.havePeerCert) { WOLFSSL_MSG("Finished received out of order - " "no valid certificate"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Must have received a valid CertificateVerify if verifying @@ -9231,12 +9360,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->options.havePeerCert && !ssl->options.havePeerVerify) { WOLFSSL_MSG("Finished received out of order - " "Certificate message but no CertificateVerify"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } /* Check previously seen. */ if (ssl->msgsReceived.got_finished) { WOLFSSL_MSG("Duplicate Finished received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_finished = 1; @@ -9251,6 +9382,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) */ if (!ssl->msgsReceived.got_finished) { WOLFSSL_MSG("No KeyUpdate before Finished"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } /* Multiple KeyUpdates can be sent. */ @@ -9259,32 +9391,38 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) case hello_verify_request: if (!ssl->options.dtls) { WOLFSSL_MSG("HelloVerifyRequest when not in DTLS"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } if (ssl->msgsReceived.got_hello_verify_request) { WOLFSSL_MSG("Duplicate HelloVerifyRequest received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } ssl->msgsReceived.got_hello_verify_request = 1; if (ssl->msgsReceived.got_hello_retry_request) { WOLFSSL_MSG( "Both HelloVerifyRequest and HelloRetryRequest received"); + WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } if (ssl->options.serverState >= SERVER_HELLO_RETRY_REQUEST_COMPLETE || ssl->options.connectState != CLIENT_HELLO_SENT) { WOLFSSL_MSG("HelloVerifyRequest received out of order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } if (ssl->options.side == WOLFSSL_SERVER_END) { WOLFSSL_MSG("HelloVerifyRequest recevied on the server"); + WOLFSSL_ERROR_VERBOSE(SIDE_ERROR); return SIDE_ERROR; } if (!ssl->options.downgrade || ssl->options.minDowngrade < DTLSv1_2_MINOR) { WOLFSSL_MSG( "HelloVerifyRequest recevied but not DTLSv1.2 allowed"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } break; @@ -9292,6 +9430,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) default: WOLFSSL_MSG("Unknown message type"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); return SANITY_MSG_E; } @@ -9344,6 +9483,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, type != certificate && type != key_update && type != finished) { WOLFSSL_MSG("HandShake message after handshake complete"); SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -9356,6 +9496,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ) { WOLFSSL_MSG("First server message not server hello"); SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -9363,6 +9504,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.clientState == NULL_STATE && type != client_hello) { WOLFSSL_MSG("First client message not client hello"); SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } @@ -9620,6 +9762,7 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (GetHandshakeHeader(ssl, input, inOutIdx, &type, &size, totalSz) != 0) { SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; } @@ -9633,14 +9776,18 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, * pending message size will be non-zero. */ if (ssl->arrays->pendingMsgSz == 0) { - if (GetHandshakeHeader(ssl,input, inOutIdx, &type, &size, totalSz) != 0) + if (GetHandshakeHeader(ssl, input, inOutIdx, &type, &size, + totalSz) != 0) { + WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; + } /* Cap the maximum size of a handshake message to something reasonable. * By default is the maximum size of a certificate message assuming * nine 2048-bit RSA certificates in the chain. */ if (size > MAX_HANDSHAKE_SZ) { WOLFSSL_MSG("Handshake message too large"); + WOLFSSL_ERROR_VERBOSE(HANDSHAKE_SIZE_ERROR); return HANDSHAKE_SIZE_ERROR; } @@ -9884,6 +10031,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) return wolfSSL_connect(ssl); #endif WOLFSSL_MSG("Client using higher version, fatal error"); + WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } @@ -9973,6 +10121,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) /* CLIENT: check peer authentication. */ if (!ssl->options.peerAuthGood) { WOLFSSL_MSG("Server authentication did not happen"); + WOLFSSL_ERROR_VERBOSE(WOLFSSL_FATAL_ERROR); return WOLFSSL_FATAL_ERROR; } #ifndef NO_CERTS @@ -10055,6 +10204,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx); if (cbret < 0) { ssl->error = cbret; + WOLFSSL_ERROR_VERBOSE(ssl->error); WOLFSSL_MSG("HandShake Done Cb don't continue error"); return WOLFSSL_FATAL_ERROR; } diff --git a/src/x509.c b/src/x509.c index 779a84fea..cff4175e7 100644 --- a/src/x509.c +++ b/src/x509.c @@ -4883,6 +4883,10 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) { WOLFSSL_EVP_PKEY* key = NULL; + int ret; + + (void)ret; + WOLFSSL_ENTER("X509_get_pubkey"); if (x509 != NULL) { key = wolfSSL_EVP_PKEY_new_ex(x509->heap); @@ -4944,8 +4948,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) /* not using wolfSSL_EC_KEY_LoadDer because public key in x509 * is in the format of x963 (no sequence at start of buffer) */ - if (wc_EccPublicKeyDecode((const unsigned char*)key->pkey.ptr, - &idx, (ecc_key*)key->ecc->internal, key->pkey_sz) < 0) { + ret = wc_EccPublicKeyDecode((const unsigned char*)key->pkey.ptr, + &idx, (ecc_key*)key->ecc->internal, + key->pkey_sz); + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); wolfSSL_EVP_PKEY_free(key); return NULL; @@ -4991,11 +4998,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) #endif /* OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || SESSION_CERTS */ #if defined(OPENSSL_ALL) -/* Takes two WOLFSSL_X509* certificates and performs a Sha hash of each, if the - * hash values are the same, then it will do an XMEMCMP to confirm they are - * identical. Returns a 0 when certificates match, returns a negative number - * when certificates are not a match. -*/ +/* + * Converts a and b to DER and then does an XMEMCMP to check if they match. + * Returns 0 when certificates match and WOLFSSL_FATAL_ERROR when they don't. + */ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) { const byte* derA; @@ -5024,6 +5030,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } WOLFSSL_LEAVE("wolfSSL_X509_cmp", 0); + return 0; } #endif /* OPENSSL_ALL */ @@ -6641,10 +6648,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio, size = wolfSSL_BIO_get_len(bio); if (size <= 0) { WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data."); -#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - /* EOF ASN1 file */ WOLFSSL_ERROR(ASN1_R_HEADER_TOO_LONG); -#endif return NULL; } @@ -8389,7 +8393,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( cert->beforeDateSz = CertDateFromX509(cert->beforeDate, CTC_DATE_SIZE, &x509->notBefore); if (cert->beforeDateSz <= 0){ - WOLFSSL_MSG("Not before date error"); + WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date"); return WOLFSSL_FAILURE; } } @@ -8401,7 +8405,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( cert->afterDateSz = CertDateFromX509(cert->afterDate, CTC_DATE_SIZE, &x509->notAfter); if (cert->afterDateSz <= 0){ - WOLFSSL_MSG("Not after date error"); + WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date"); return WOLFSSL_FAILURE; } } @@ -8428,6 +8432,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } else { WOLFSSL_MSG("Subject Key ID too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return WOLFSSL_FAILURE; } @@ -8448,6 +8453,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } else { WOLFSSL_MSG("Auth Key ID too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return WOLFSSL_FAILURE; } @@ -8471,6 +8477,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( if (x509->rawCRLInfo != NULL) { if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) { WOLFSSL_MSG("CRL Info too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return WOLFSSL_FAILURE; } XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz); @@ -8513,6 +8520,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( if (serialSz > EXTERNAL_SERIAL_SIZE || serialSz > CTC_SERIAL_SIZE) { WOLFSSL_MSG("Serial size too large error"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return WOLFSSL_FAILURE; } XMEMCPY(cert->serial, serial, serialSz); @@ -8730,6 +8738,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( ret = wc_RsaPublicKeyDecode(x509->pubKey.buffer, &idx, rsa, x509->pubKey.length); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); wc_FreeRsaKey(rsa); XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); XFREE(cert, NULL, DYNAMIC_TYPE_CERT); @@ -8758,6 +8767,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( ret = wc_EccPublicKeyDecode(x509->pubKey.buffer, &idx, ecc, x509->pubKey.length); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); wc_ecc_free(ecc); XFREE(ecc, NULL, DYNAMIC_TYPE_ECC); XFREE(cert, NULL, DYNAMIC_TYPE_CERT); @@ -8786,6 +8796,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( ret = wc_DsaPublicKeyDecode(x509->pubKey.buffer, &idx, dsa, x509->pubKey.length); if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); wc_FreeDsaKey(dsa); XFREE(dsa, NULL, DYNAMIC_TYPE_DSA); XFREE(cert, NULL, DYNAMIC_TYPE_CERT); @@ -8818,6 +8829,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( wc_FreeRng(&rng); } if (ret <= 0) { + WOLFSSL_ERROR_VERBOSE(ret); ret = WOLFSSL_FAILURE; goto cleanup; } @@ -9494,10 +9506,8 @@ cleanup: } if ((l = wolfSSL_BIO_get_len(bp)) <= 0) { - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) /* No certificate in buffer */ WOLFSSL_ERROR(ASN_NO_PEM_HEADER); - #endif return NULL; } @@ -9533,12 +9543,8 @@ cleanup: break; } } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) if (l == 0) WOLFSSL_ERROR(ASN_NO_PEM_HEADER); - #else - (void)l; - #endif if (i > pemSz) { WOLFSSL_MSG("Error parsing PEM"); } @@ -12531,6 +12537,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, } else { WOLFSSL_MSG("Challenge password too long"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return WOLFSSL_FAILURE; } break; @@ -12539,6 +12546,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, len = (int)XSTRLEN((char*)bytes); if (len + 1 > EXTERNAL_SERIAL_SIZE) { WOLFSSL_MSG("SerialNumber too long"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return WOLFSSL_FAILURE; } XMEMCPY(req->serial, bytes, len); diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index e9ddd474b..cc1055d43 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -1791,6 +1791,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( const word32* rk = aes->key; if (r > 7 || r == 0) { + WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E); return KEYUSAGE_E; } @@ -1824,6 +1825,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( return 0; #else WOLFSSL_MSG("AES-ECB encrypt with bad alignment"); + WOLFSSL_ERROR_VERBOSE(BAD_ALIGN_E); return BAD_ALIGN_E; #endif } @@ -2146,6 +2148,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( const word32* rk = aes->key; if (r > 7 || r == 0) { + WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E); return KEYUSAGE_E; } @@ -4006,6 +4009,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) blocks = sz / AES_BLOCK_SIZE; #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS if (sz % AES_BLOCK_SIZE) { + WOLFSSL_ERROR_VERBOSE(BAD_LENGTH_E); return BAD_LENGTH_E; } #endif @@ -4081,6 +4085,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return 0; #else WOLFSSL_MSG("AES-CBC encrypt with bad alignment"); + WOLFSSL_ERROR_VERBOSE(BAD_ALIGN_E); return BAD_ALIGN_E; #endif } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c87589707..2c35cca5d 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3083,6 +3083,7 @@ static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version, /* check if version is expected value rfc 5280 4.1 {0, 1, 2} */ if (*version > MAX_X509_VERSION || *version < MIN_X509_VERSION) { WOLFSSL_MSG("Unexpected certificate version"); + WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E); ret = ASN_VERSION_E; } } @@ -5105,7 +5106,7 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) * * @param [in] oid OID id. * @return ECC set id on success. - * @return ALGO_ID_E when OID id is 0 or not supported. + * @return ECC_CURVE_OID_E when OID id is 0 or not supported. */ static int CheckCurve(word32 oid) { @@ -5117,7 +5118,8 @@ static int CheckCurve(word32 oid) /* Check for error or zero length OID size (can't get OID for encoding). */ if ((ret < 0) || (oidSz == 0)) { WOLFSSL_MSG("CheckCurve not found"); - ret = ALGO_ID_E; + WOLFSSL_ERROR_VERBOSE(ECC_CURVE_OID_E); + ret = ECC_CURVE_OID_E; } /* Return ECC set id or error code. */ @@ -5443,6 +5445,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, if ((ret == 0) && (checkOid != NULL) && ((checkOidSz != actualOidSz) || (XMEMCMP(actualOid, checkOid, checkOidSz) != 0))) { WOLFSSL_MSG("OID Check Failed"); + WOLFSSL_ERROR_VERBOSE(ASN_UNKNOWN_OID_E); ret = ASN_UNKNOWN_OID_E; } } @@ -5901,6 +5904,7 @@ enum { * @param [in] sz Size of data in buffer. * @param [out] algId Key's algorithm id from PKCS #8 header. * @return Length of key data on success. + * @return BAD_FUNC_ARG when input or inOutIdx is NULL. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -6351,11 +6355,15 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, if (mp_cmp(&(a->n), &(b->n)) != MP_EQ || mp_cmp(&(a->e), &(b->e)) != MP_EQ) { ret = MP_CMP_E; + WOLFSSL_ERROR_VERBOSE(ret); } else ret = 1; #endif } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } } wc_FreeRsaKey(b); wc_FreeRsaKey(a); @@ -6422,10 +6430,16 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, if ((ret = wc_ecc_check_key(key_pair)) == 0) { ret = 1; } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } } ForceZero(privDer, privSz); } } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } wc_ecc_free(key_pair); #ifdef WOLFSSL_SMALL_STACK XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -6468,10 +6482,17 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, /* public and private extracted successfully no check if is * a pair and also do sanity checks on key. wc_ecc_check_key * checks that private * base generator equals pubkey */ - if ((ret = wc_ed25519_check_key(key_pair)) == 0) + if ((ret = wc_ed25519_check_key(key_pair)) == 0) { ret = 1; + } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } } } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } wc_ed25519_free(key_pair); #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519); @@ -6511,10 +6532,17 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, /* public and private extracted successfully no check if is * a pair and also do sanity checks on key. wc_ecc_check_key * checks that private * base generator equals pubkey */ - if ((ret = wc_ed448_check_key(key_pair)) == 0) + if ((ret = wc_ed448_check_key(key_pair)) == 0) { ret = 1; + } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } } } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } wc_ed448_free(key_pair); #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448); @@ -6565,10 +6593,17 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, if ((ret = wc_falcon_import_public(pubKey, pubKeySz, key_pair)) == 0) { /* Public and private extracted successfully. Sanity check. */ - if ((ret = wc_falcon_check_key(key_pair)) == 0) + if ((ret = wc_falcon_check_key(key_pair)) == 0) { ret = 1; + } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } } } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } wc_falcon_free(key_pair); #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_FALCON); @@ -10600,6 +10635,7 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, #endif /* NO_DSA */ default: WOLFSSL_MSG("Unknown or not compiled in key OID"); + WOLFSSL_ERROR_VERBOSE(ASN_UNKNOWN_OID_E); ret = ASN_UNKNOWN_OID_E; } @@ -11317,8 +11353,7 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, * @param [in] str String for component. * @param [in] strLen Length of string. * @param [in] tag BER tag representing encoding of string. - * @return 0 on success. - * @return MEMORY_E when dynamic memory allocation fails. + * @return 0 on success, negative values on failure. */ static int SetSubject(DecodedCert* cert, int id, byte* str, word32 strLen, byte tag) @@ -11433,6 +11468,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, /* Other OIDs that start with the same values. */ else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz-1) == 0) { WOLFSSL_MSG("Unknown pilot attribute type"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } else if (oidSz == ASN_JOI_PREFIX_SZ + 1 && @@ -12927,8 +12963,10 @@ static int GetDateInfo(const byte* source, word32* idx, const byte** pDate, return BUFFER_E; format = source[*idx]; *idx += 1; - if (format != ASN_UTC_TIME && format != ASN_GENERALIZED_TIME) + if (format != ASN_UTC_TIME && format != ASN_GENERALIZED_TIME) { + WOLFSSL_ERROR_VERBOSE(ASN_TIME_E); return ASN_TIME_E; + } /* get length */ if (GetLength(source, idx, &length, maxIdx) < 0) @@ -13013,10 +13051,14 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) #ifndef NO_ASN_TIME if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && !XVALIDATE_DATE(date, format, dateType)) { - if (dateType == BEFORE) + if (dateType == BEFORE) { + WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E); return ASN_BEFORE_DATE_E; - else + } + else { + WOLFSSL_ERROR_VERBOSE(ASN_AFTER_DATE_E); return ASN_AFTER_DATE_E; + } } #else (void)verify; @@ -13115,6 +13157,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, * @param [in] verify Whether to verify dates. * @param [out] badDate Error code when verify dates. * @return 0 on success. + * @return BAD_FUNC_ARG when cert or badDate is NULL. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -14050,6 +14093,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, if ((ret = wc_RsaPublicKeyDecode(key, &idx, sigCtx->key.rsa, keySz)) != 0) { WOLFSSL_MSG("ASN Key decode error RSA"); + WOLFSSL_ERROR_VERBOSE(ret); goto exit_cs; } XMEMCPY(sigCtx->sigCpy, sig, sigSz); @@ -14084,6 +14128,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, if ((ret = wc_DsaPublicKeyDecode(key, &idx, sigCtx->key.dsa, keySz)) != 0) { WOLFSSL_MSG("ASN Key decode error DSA"); + WOLFSSL_ERROR_VERBOSE(ret); goto exit_cs; } if (sigSz != DSA_160_SIG_SIZE && @@ -14186,6 +14231,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, keySz); if (ret < 0) { WOLFSSL_MSG("ASN Key import error ECC"); + WOLFSSL_ERROR_VERBOSE(ret); goto exit_cs; } #ifdef WOLFSSL_ASYNC_CRYPT @@ -14211,6 +14257,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, if ((ret = wc_ed25519_import_public(key, keySz, sigCtx->key.ed25519)) < 0) { WOLFSSL_MSG("ASN Key import error ED25519"); + WOLFSSL_ERROR_VERBOSE(ret); goto exit_cs; } #ifdef WOLFSSL_ASYNC_CRYPT @@ -14235,6 +14282,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, if ((ret = wc_ed448_import_public(key, keySz, sigCtx->key.ed448)) < 0) { WOLFSSL_MSG("ASN Key import error ED448"); + WOLFSSL_ERROR_VERBOSE(ret); goto exit_cs; } #ifdef WOLFSSL_ASYNC_CRYPT @@ -14264,6 +14312,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, if ((ret = wc_falcon_import_public(key, keySz, sigCtx->key.falcon)) < 0) { WOLFSSL_MSG("ASN Key import error Falcon Level 1"); + WOLFSSL_ERROR_VERBOSE(ret); goto exit_cs; } break; @@ -14288,6 +14337,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, if ((ret = wc_falcon_import_public(key, keySz, sigCtx->key.falcon)) < 0) { WOLFSSL_MSG("ASN Key import error Falcon Level 5"); + WOLFSSL_ERROR_VERBOSE(ret); goto exit_cs; } break; @@ -14296,6 +14346,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, default: WOLFSSL_MSG("Verify Key type unknown"); ret = ASN_UNKNOWN_OID_E; + WOLFSSL_ERROR_VERBOSE(ret); break; } /* switch (keyOID) */ @@ -14415,8 +14466,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, #endif if (ret < 0) { - /* treat all RSA errors as ASN_SIG_CONFIRM_E */ + /* treat all errors as ASN_SIG_CONFIRM_E */ ret = ASN_SIG_CONFIRM_E; + WOLFSSL_ERROR_VERBOSE(ret); goto exit_cs; } @@ -14457,6 +14509,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, else { WOLFSSL_MSG("RSA SSL verify match encode error"); ret = ASN_SIG_CONFIRM_E; + WOLFSSL_ERROR_VERBOSE(ret); } #ifdef WOLFSSL_SMALL_STACK @@ -14474,6 +14527,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, else { WOLFSSL_MSG("DSA Verify didn't match"); ret = ASN_SIG_CONFIRM_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; } @@ -14487,6 +14541,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, else { WOLFSSL_MSG("ECC Verify didn't match"); ret = ASN_SIG_CONFIRM_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; } @@ -14500,6 +14555,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, else { WOLFSSL_MSG("ED25519 Verify didn't match"); ret = ASN_SIG_CONFIRM_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; } @@ -14513,6 +14569,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, else { WOLFSSL_MSG("ED448 Verify didn't match"); ret = ASN_SIG_CONFIRM_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; } @@ -14526,6 +14583,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, else { WOLFSSL_MSG("FALCON_LEVEL1 Verify didn't match"); ret = ASN_SIG_CONFIRM_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; } @@ -14537,6 +14595,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, else { WOLFSSL_MSG("FALCON_LEVEL5 Verify didn't match"); ret = ASN_SIG_CONFIRM_E; + WOLFSSL_ERROR_VERBOSE(ret); } break; } @@ -14931,7 +14990,9 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid) buf = (const char*)dataASN[OTHERNAMEASN_IDX_UPN].data.ref.data; break; default: + WOLFSSL_ERROR_VERBOSE(ASN_UNKNOWN_OID_E); ret = ASN_UNKNOWN_OID_E; + break; } if (ret == 0) { @@ -14994,6 +15055,7 @@ static int DecodeOtherName(DecodedCert* cert, const byte* input, #endif /* WOLFSSL_FPKI */ default: WOLFSSL_MSG("\tunsupported OID"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } } @@ -15084,6 +15146,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, if (i >= len - 2 || (input[idx + i + 1] != '/' || input[idx + i + 2] != '/')) { WOLFSSL_MSG("\tAlt Name must be absolute URI"); + WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); return ASN_ALT_NAME_E; } } @@ -15365,6 +15428,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) /* RFC 5280 4.2.1.6. Subject Alternative Name If the subjectAltName extension is present, the sequence MUST contain at least one entry. */ + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); return ASN_PARSE_E; } @@ -15522,6 +15586,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) } if (input[idx + i] == '/') { WOLFSSL_MSG("\tAlt Name must be absolute URI"); + WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); return ASN_ALT_NAME_E; } } @@ -15531,6 +15596,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) if (i >= strLen - 2 || (input[idx + i + 1] != '/' || input[idx + i + 2] != '/')) { WOLFSSL_MSG("\tAlt Name must be absolute URI"); + WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); return ASN_ALT_NAME_E; } } @@ -15701,6 +15767,7 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) /* RFC 5280 4.2.1.6. Subject Alternative Name If the subjectAltName extension is present, the sequence MUST contain at least one entry. */ + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } if (ret == 0) { @@ -15842,10 +15909,12 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert) /* Bad encoding when CA Boolean is false * (default when not present). */ if ((dataASN[BASICCONSASN_IDX_CA].length != 0) && (!isCA)) { + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } /* Path length must be a 7-bit value. */ if ((ret == 0) && (cert->pathLength >= (1 << 7))) { + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } /* Store CA boolean and whether a path length was seen. */ @@ -16108,6 +16177,7 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) &reason); /* First bit (LSB) unused and eight other bits defined. */ if ((ret == 0) && ((reason >> 9) || (reason & 0x01))) { + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } } @@ -17175,6 +17245,7 @@ exit: cert->extCertPoliciesNb], MAX_CERTPOL_SZ, input + idx, length) <= 0) { WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); return ASN_PARSE_E; } #ifndef WOLFSSL_DUP_CERTPOL @@ -17189,6 +17260,7 @@ exit: MAX_CERTPOL_SZ) == 0) { WOLFSSL_MSG("Duplicate policy OIDs not allowed"); WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); return CERTPOLICIES_E; } } @@ -17280,6 +17352,7 @@ exit: cert->extCertPolicies[cert->extCertPoliciesNb], MAX_CERTPOL_SZ, data, length) <= 0) { WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } } @@ -17295,6 +17368,7 @@ exit: MAX_CERTPOL_SZ) == 0) { WOLFSSL_MSG("Duplicate policy OIDs not allowed"); WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); ret = CERTPOLICIES_E; } } @@ -17372,6 +17446,7 @@ static int DecodeSubjDirAttr(const byte* input, int sz, DecodedCert* cert) /* RFC 5280 4.2.1.8. Subject Directory Attributes If the subjectDirectoryAttributes extension is present, the sequence MUST contain at least one entry. */ + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); return ASN_PARSE_E; } @@ -17477,6 +17552,7 @@ static int DecodeSubjInfoAcc(const byte* input, int sz, DecodedCert* cert) /* RFC 5280 4.2.2.2. Subject Information Access If the subjectInformationAccess extension is present, the sequence MUST contain at least one entry. */ + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); return ASN_PARSE_E; } @@ -17572,7 +17648,7 @@ static int DecodeSubjInfoAcc(const byte* input, int sz, DecodedCert* cert) * @return 0 on success. * @return ASN_PARSE_E when BER encoding is invalid. * @return MEMORY_E on dynamic memory allocation failure. - * @return Other -ve value on error. + * @return Other negative values on error. */ static int DecodeExtensionType(const byte* input, int length, word32 oid, byte critical, DecodedCert* cert, @@ -17706,6 +17782,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, which MUST be used only in a CA certificate" */ if (!cert->isCA) { WOLFSSL_MSG("Name constraints allowed only for CA certs"); + WOLFSSL_ERROR_VERBOSE(ASN_NAME_INVALID_E); ret = ASN_NAME_INVALID_E; } #endif @@ -17768,8 +17845,10 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid, * still parse the certificate ignoring the unsupported * extension to allow caller to accept it with the verify * callback. */ - if (critical) + if (critical) { + WOLFSSL_ERROR_VERBOSE(ASN_CRIT_EXT_E); ret = ASN_CRIT_EXT_E; + } #endif break; } @@ -18228,6 +18307,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* Check version is valid/supported - can't be negative. */ if ((ret == 0) && (version > MAX_X509_VERSION)) { WOLFSSL_MSG("Unexpected certificate version"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } if (ret == 0) { @@ -18320,6 +18400,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* Certificate extensions were only defined in version 2. */ if (cert->version < 2) { WOLFSSL_MSG("\tv1 and v2 certs not allowed extensions"); + WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E); ret = ASN_VERSION_E; } #endif @@ -18359,11 +18440,13 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* Make sure 'signature' and 'signatureAlgorithm' are the same. */ if (dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum != cert->signatureOID) { + WOLFSSL_ERROR_VERBOSE(ASN_SIG_OID_E); ret = ASN_SIG_OID_E; } /* NULL tagged item not allowed after ECDSA or EdDSA algorithm OID. */ if (IsSigAlgoECC(cert->signatureOID) && (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0)) { + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } } @@ -19238,6 +19321,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, cert + idx, len, signatureOID, NULL); } if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("Confirm signature failed"); } } @@ -19630,15 +19714,18 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->extensionsIdx = cert->srcIdx; /* for potential later use */ if ((ret = DecodeCertExtensions(cert)) < 0) { - if (ret == ASN_CRIT_EXT_E) + if (ret == ASN_CRIT_EXT_E) { cert->criticalExt = ret; - else + } + else { return ret; + } } cert->srcIdx += len; break; default: WOLFSSL_MSG("Unsupported attribute type"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); return ASN_PARSE_E; } } @@ -19650,6 +19737,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) #ifndef ALLOW_V1_EXTENSIONS if (cert->version < 2) { WOLFSSL_MSG("\tv1 and v2 certs not allowed extensions"); + WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E); return ASN_VERSION_E; } #endif @@ -19685,18 +19773,22 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) #else &confirmOID, #endif - oidSigType, cert->maxIdx)) < 0) + oidSigType, cert->maxIdx)) < 0) { return ret; + } - if ((ret = GetSignature(cert)) < 0) + if ((ret = GetSignature(cert)) < 0) { return ret; + } if (confirmOID != cert->signatureOID #ifdef WOLFSSL_CERT_REQ && !cert->isCSR #endif - ) + ) { + WOLFSSL_ERROR_VERBOSE(ASN_SIG_OID_E); return ASN_SIG_OID_E; + } #else #ifdef WOLFSSL_CERT_REQ if (cert->isCSR) { @@ -19709,10 +19801,13 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) #endif { ret = DecodeCert(cert, verify, &cert->criticalExt); - if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) + if (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E) { cert->badDate = ret; - else if (ret < 0) + } + else if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); return ret; + } } #endif @@ -19721,8 +19816,10 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->pubKeySize > 0) { ret = CalcHashId(cert->publicKey, cert->pubKeySize, cert->extSubjKeyId); - if (ret != 0) + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); return ret; + } } #endif /* !NO_SKID */ @@ -19802,13 +19899,15 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) if (cert->isCA) { WOLFSSL_MSG("\tCA boolean set"); if (cert->extKeyUsageSet) { - WOLFSSL_MSG("\tExtension Key Usage Set"); - if ((cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) != 0) { + WOLFSSL_MSG("\tExtension Key Usage Set"); + if ((cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) != 0) { checkPathLen = 1; - } else { + } + else { decrementMaxPathLen = 1; - } - } else { + } + } + else { checkPathLen = 1; } /* !cert->ca check */ } /* cert is not a CA (assuming entity cert) */ @@ -19817,7 +19916,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) if (cert->pathLength < cert->ca->maxPathLen) { WOLFSSL_MSG("\tmaxPathLen status: set to pathLength"); cert->maxPathLen = cert->pathLength; - } else { + } + else { decrementMaxPathLen = 1; } } @@ -19835,6 +19935,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) type != TRUSTED_PEER_TYPE) { WOLFSSL_MSG("\tNon-entity cert, maxPathLen is 0"); WOLFSSL_MSG("\tmaxPathLen status: ERROR"); + WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_INV_E); return ASN_PATHLEN_INV_E; } } @@ -19848,6 +19949,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) type != TRUSTED_PEER_TYPE) { WOLFSSL_MSG("\tNon-entity cert, maxPathLen is 0"); WOLFSSL_MSG("\tmaxPathLen status: ERROR"); + WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_INV_E); return ASN_PATHLEN_INV_E; } } @@ -19896,7 +19998,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->heap, DYNAMIC_TYPE_RSA); if (cert->sce_tsip_encRsaKeyIdx == NULL) return MEMORY_E; - } else { + } + else { if (cert->ca) { /* TSIP isn't usable */ if (Renesas_cmn_checkCA(cert->ca->cm_idx) == 0) @@ -19932,6 +20035,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) if (ret != WC_PENDING_E) { WOLFSSL_MSG("Confirm signature failed"); } + WOLFSSL_ERROR_VERBOSE(ret); return ret; } } @@ -19942,6 +20046,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) * name constraints */ if (!ConfirmNameConstraints(cert->ca, cert)) { WOLFSSL_MSG("Confirm name constraint failed"); + WOLFSSL_ERROR_VERBOSE(ASN_NAME_INVALID_E); return ASN_NAME_INVALID_E; } } @@ -19959,6 +20064,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) if (ret != WC_PENDING_E) { WOLFSSL_MSG("Confirm signature failed"); } + WOLFSSL_ERROR_VERBOSE(ret); return ret; } } @@ -19966,6 +20072,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) else { /* no signer */ WOLFSSL_MSG("No CA signer to verify with"); + WOLFSSL_ERROR_VERBOSE(ASN_NO_SIGNER_E); return ASN_NO_SIGNER_E; } } @@ -20142,8 +20249,10 @@ int SetSerialNumber(const byte* sn, word32 snSz, byte* output, } /* RFC 5280 - 4.1.2.2: * Serial numbers must be a positive value (and not zero) */ - if (snSzInt == 0) + if (snSzInt == 0) { + WOLFSSL_ERROR_VERBOSE(BAD_FUNC_ARG); return BAD_FUNC_ARG; + } if (sn[0] & 0x80) maxSnSz--; @@ -20198,6 +20307,7 @@ int wc_GetSerialNumber(const byte* input, word32* inOutIdx, if (*serialSz > EXTERNAL_SERIAL_SIZE || *serialSz <= 0) { WOLFSSL_MSG("Serial size bad"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); return ASN_PARSE_E; } @@ -20760,6 +20870,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, outLen = 0; if ((err = Base64_Encode(der, derSz, NULL, (word32*)&outLen)) != LENGTH_ONLY_E) { + WOLFSSL_ERROR_VERBOSE(err); return err; } return headerLen + footerLen + outLen; @@ -20796,6 +20907,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, #ifdef WOLFSSL_SMALL_STACK XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif + WOLFSSL_ERROR_VERBOSE(err); return err; } i += outLen; @@ -21112,13 +21224,15 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (!info || !info->passwd_cb) { WOLFSSL_MSG("No password callback set"); + WOLFSSL_ERROR_VERBOSE(NO_PASSWORD); return NO_PASSWORD; } #ifdef WOLFSSL_SMALL_STACK password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING); - if (password == NULL) + if (password == NULL) { return MEMORY_E; + } #endif /* get password */ @@ -21150,6 +21264,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, } } #else + WOLFSSL_ERROR_VERBOSE(NOT_COMPILED_IN); ret = NOT_COMPILED_IN; #endif } @@ -21158,6 +21273,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (passwordSz == 0) { /* The key is encrypted but does not have a password */ WOLFSSL_MSG("No password for encrypted key"); + WOLFSSL_ERROR_VERBOSE(NO_PASSWORD); ret = NO_PASSWORD; } else { @@ -23821,6 +23937,7 @@ static int EncodeName(EncodedName* name, const char* nameStr, /* Restrict country code size */ if (type == ASN_COUNTRY_NAME && strLen != CTC_COUNTRY_SIZE) { WOLFSSL_MSG("Country code size error"); + WOLFSSL_ERROR_VERBOSE(ASN_COUNTRY_SIZE_E); return ASN_COUNTRY_SIZE_E; } @@ -25537,7 +25654,7 @@ static int WriteCertBody(DerCert* der, byte* buf) #endif /* !WOLFSSL_ASN_TEMPLATE */ -/* Make RSA signature from buffer (sz), write to sig (sigSz) */ +/* Make signature from buffer (sz), write to sig (sigSz) */ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz, byte* sig, int sigSz, RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey, @@ -25670,6 +25787,10 @@ exit_ms: /* reset state */ certSignCtx->state = CERTSIGN_STATE_BEGIN; + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + return ret; } @@ -32852,6 +32973,7 @@ int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned, #ifndef IGNORE_KEY_EXTENSIONS if ((ca->keyUsage & KEYUSE_CRL_SIGN) == 0) { WOLFSSL_MSG("CA cannot sign CRLs"); + WOLFSSL_ERROR_VERBOSE(ASN_CRL_NO_SIGNER_E); return ASN_CRL_NO_SIGNER_E; } #endif /* IGNORE_KEY_EXTENSIONS */ @@ -32861,6 +32983,7 @@ int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned, ca->pubKeySize, ca->keyOID, signature, sigSz, signatureOID, NULL) != 0) { WOLFSSL_MSG("CRL Confirm signature failed"); + WOLFSSL_ERROR_VERBOSE(ASN_CRL_CONFIRM_E); return ASN_CRL_CONFIRM_E; } @@ -32913,6 +33036,7 @@ static int PaseCRL_CheckSignature(DecodedCRL* dcrl, const byte* buff, void* cm) if (ca == NULL) { WOLFSSL_MSG("Did NOT find CRL issuer CA"); ret = ASN_CRL_NO_SIGNER_E; + WOLFSSL_ERROR_VERBOSE(ret); } if (ret == 0) { @@ -32982,6 +33106,7 @@ static int ParseCRL_CertList(DecodedCRL* dcrl, const byte* buf, if (verify != NO_VERIFY && !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); + WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); return CRL_CERT_DATE_ERR; } #endif @@ -33363,6 +33488,7 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, int verify, if (ca == NULL) { WOLFSSL_MSG("Did NOT find CRL issuer CA"); ret = ASN_CRL_NO_SIGNER_E; + WOLFSSL_ERROR_VERBOSE(ret); goto end; } @@ -33448,6 +33574,7 @@ end: !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); ret = CRL_CERT_DATE_ERR; + WOLFSSL_ERROR_VERBOSE(ret); } } } diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 69dffb6a0..2fb143a06 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -26,6 +26,7 @@ #include #include +#include #ifndef NO_HMAC @@ -329,8 +330,10 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) return ret; #ifdef HAVE_FIPS - if (length < HMAC_FIPS_MIN_KEY) + if (length < HMAC_FIPS_MIN_KEY) { + WOLFSSL_ERROR_VERBOSE(HMAC_MIN_KEYLEN_E); return HMAC_MIN_KEYLEN_E; + } #endif #ifdef WOLF_CRYPTO_CB diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 98d306fad..c5ff915aa 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -668,6 +668,7 @@ int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12) if (version != WC_PKCS12_VERSION_DEFAULT) { WOLFSSL_MSG("PKCS12 unsupported version!"); + WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E); return ASN_VERSION_E; } diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index 03ff8519c..4065a04bd 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -261,10 +261,13 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, /* use file's salt for key derivation, hex decode first */ if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) { + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return BUFFER_E; } - if (info->ivSz < PKCS5_SALT_SZ) + if (info->ivSz < PKCS5_SALT_SZ) { + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return BUFFER_E; + } #ifdef WOLFSSL_SMALL_STACK key = (byte*)XMALLOC(WC_MAX_SYM_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMMETRIC_KEY); @@ -482,6 +485,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id"); (void)shaOid; ret = ALGO_ID_E; + WOLFSSL_ERROR_VERBOSE(ret); } #ifdef WOLFSSL_SMALL_STACK @@ -541,6 +545,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, default: WOLFSSL_MSG("Unknown/Unsupported PKCS version"); ret = ALGO_ID_E; + WOLFSSL_ERROR_VERBOSE(ret); } /* switch (version) */ } @@ -685,6 +690,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, default: WOLFSSL_MSG("Unknown/Unsupported encrypt/decryption algorithm"); ret = ALGO_ID_E; + WOLFSSL_ERROR_VERBOSE(ret); } } diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 492bf5b18..0b15db3b0 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -193,13 +193,20 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL) #else WOLFSSL_API void WOLFSSL_ERROR(int err); - #endif - WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg); + #endif /* WOLFSSL_HAVE_ERROR_QUEUE */ + WOLFSSL_API void WOLFSSL_ERROR_MSG(const char* msg); #else #define WOLFSSL_ERROR(e) #define WOLFSSL_ERROR_MSG(m) -#endif +#endif /* DEBUG_WOLFSSL | OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA */ + +#ifdef WOLFSSL_VERBOSE_ERRORS + #define WOLFSSL_ERROR_VERBOSE WOLFSSL_ERROR +#else + #define WOLFSSL_ERROR_VERBOSE(e) +#endif /* WOLFSSL_VERBOSE_ERRORS */ #ifdef HAVE_STACK_SIZE_VERBOSE extern WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack;