diff --git a/ctaocrypt/include/error.h b/ctaocrypt/include/error.h index e6515c811..d782e7f98 100644 --- a/ctaocrypt/include/error.h +++ b/ctaocrypt/include/error.h @@ -93,6 +93,7 @@ enum { BAD_FUNC_ARG = -173, /* Bad function argument provided */ NOT_COMPILED_IN = -174, /* Feature not compiled in */ UNICODE_SIZE_E = -175, /* Unicdoe password too big */ + NO_PASSWORD = -176, /* no password provided by user */ MIN_CODE_E = -200 /* errors -101 - -199 */ }; diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 1d2420d9a..69da0dc4d 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -2200,6 +2200,10 @@ void CTaoCryptErrorString(int error, char* buffer) XSTRNCPY(buffer, "Unicode password too big", max); break; + case NO_PASSWORD : + XSTRNCPY(buffer, "No password provided by user", max); + break; + default: XSTRNCPY(buffer, "unknown error number", max); diff --git a/include/cyassl_error.h b/include/cyassl_error.h index 02039bc1f..3e54f18ea 100644 --- a/include/cyassl_error.h +++ b/include/cyassl_error.h @@ -88,6 +88,7 @@ enum CyaSSL_ErrorCodes { ECC_MAKEKEY_ERROR = -253, /* Bad Make ECC Key */ ECC_EXPORT_ERROR = -254, /* Bad ECC Export Key */ ECC_SHARED_ERROR = -255, /* Bad ECC Shared Secret */ + BAD_MUTEX_ERROR = -256, /* Bad mutex */ /* add strings to SetErrorString !!!!! */ /* begin negotiation parameter errors */ diff --git a/src/cyassl_int.c b/src/cyassl_int.c index 752be8640..df4fc4655 100644 --- a/src/cyassl_int.c +++ b/src/cyassl_int.c @@ -1027,6 +1027,7 @@ static void AddHeaders(byte* output, word32 length, byte type, SSL* ssl) } +/* return bytes received, -1 on error, 0 on timeout */ static int Receive(SSL* ssl, byte* buf, word32 sz, int flags) { int recvd; @@ -1167,7 +1168,7 @@ static INLINE int GrowOutputBuffer(SSL* ssl, int size) ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); CYASSL_MSG("growing output buffer\n"); - if (!tmp) return -1; + if (!tmp) return MEMORY_E; if (ssl->buffers.outputBuffer.length) XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer, @@ -1191,7 +1192,7 @@ static INLINE int GrowInputBuffer(SSL* ssl, int size, int usedLength) DYNAMIC_TYPE_IN_BUFFER); CYASSL_MSG("growing input buffer\n"); - if (!tmp) return -1; + if (!tmp) return MEMORY_E; if (usedLength) XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer + @@ -2519,7 +2520,7 @@ int SendFinished(SSL* ssl) server); if ( (sendSz = BuildMessage(ssl, output, input, headerSz + - finishedSz, handshake)) == -1) + finishedSz, handshake)) < 0) return BUILD_MSG_ERROR; if (!ssl->options.resuming) { @@ -3114,15 +3115,19 @@ void SetErrorString(int error, char* buffer) break; case ECC_MAKEKEY_ERROR: - XSTRNCPY(buffer, "ECC Make Key failutre", max); + XSTRNCPY(buffer, "ECC Make Key failure", max); break; case ECC_EXPORT_ERROR: - XSTRNCPY(buffer, "ECC Export Key failutre", max); + XSTRNCPY(buffer, "ECC Export Key failure", max); break; case ECC_SHARED_ERROR: - XSTRNCPY(buffer, "ECC DHE shared failutre", max); + XSTRNCPY(buffer, "ECC DHE shared failure", max); + break; + + case BAD_MUTEX_ERROR: + XSTRNCPY(buffer, "Bad mutex, operation failed", max); break; default : @@ -3980,7 +3985,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list) } #endif /* HAVE_ECC */ else - return -1; + return ALGO_ID_E; ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE; @@ -3988,7 +3993,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list) } #endif /* HAVE_OPENSSL or HAVE_ECC */ - return -1; /* not supported by build */ + return NOT_COMPILED_IN; /* not supported by build */ } @@ -4131,7 +4136,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list) ecc_free(&myKey); #endif /* HAVE_ECC */ } else - return -1; /* unsupported kea */ + return ALGO_ID_E; /* unsupported kea */ if (ret == 0) { byte *output; @@ -4520,7 +4525,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list) else { FreeRsaKey(&rsaKey); ecc_free(&dsaKey); - return -1; /* unsupported type */ + return ALGO_ID_E; /* unsupported type */ } length += sigSz; @@ -5479,7 +5484,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (pthread_mutex_init(m, 0) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; } @@ -5488,7 +5493,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (pthread_mutex_destroy(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; } @@ -5497,7 +5502,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (pthread_mutex_lock(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; } @@ -5506,7 +5511,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (pthread_mutex_unlock(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; } #elif defined(THREADX) @@ -5516,7 +5521,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; } @@ -5525,7 +5530,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (tx_mutex_delete(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; } @@ -5534,7 +5539,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; } @@ -5543,7 +5548,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (tx_mutex_put(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; } #elif defined(MICRIUM) @@ -5554,7 +5559,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (NetSecure_OS_MutexCreate(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; #else return 0; #endif @@ -5567,7 +5572,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (NetSecure_OS_FreeMutex(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; #else return 0; #endif @@ -5580,7 +5585,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (NetSecure_OS_LockMutex(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; #else return 0; #endif @@ -5593,7 +5598,7 @@ int UnLockMutex(CyaSSL_Mutex* m) if (NetSecure_OS_UnLockMutex(m) == 0) return 0; else - return -1; + return BAD_MUTEX_ERROR; #else return 0; #endif diff --git a/src/ssl.c b/src/ssl.c index 4a25986a6..447736485 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -127,7 +127,7 @@ int SSL_get_fd(const SSL* ssl) int CyaSSL_negotiate(SSL* ssl) { - int err = -1; + int err = SSL_FATAL_ERROR; CYASSL_ENTER("CyaSSL_negotiate()"); #ifndef NO_CYASSL_SERVER @@ -154,7 +154,7 @@ int CyaSSL_SetTmpDH(SSL* ssl, unsigned char* p,int pSz,unsigned char* g,int gSz) { byte havePSK = 0; - if (ssl == NULL || p == NULL || g == NULL) return -1; + if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; if (ssl->options.side != SERVER_END) return SIDE_ERROR; @@ -742,27 +742,28 @@ int AddCA(SSL_CTX* ctx, buffer der) /* decrypt */ char password[80]; int passwordSz; + int ret; byte key[AES_256_KEY_SIZE]; byte iv[AES_IV_SIZE]; if (!ctx->passwd_cb) { XFREE(der.buffer, ctx->heap, dynamicType); - return -1; + return NO_PASSWORD; } /* use file's salt for key derivation, hex decode first */ if (Base16Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) { XFREE(der.buffer, ctx->heap, dynamicType); - return -1; + return ASN_INPUT_E; } passwordSz = ctx->passwd_cb(password, sizeof(password), 0, ctx->userdata); - if (EVP_BytesToKey(info.name, "MD5", info.iv, (byte*)password, - passwordSz, 1, key, iv) <= 0) { + if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv, + (byte*)password, passwordSz, 1, key, iv)) <= 0) { XFREE(der.buffer, ctx->heap, dynamicType); - return -1; + return ret; } if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { @@ -1155,7 +1156,7 @@ int SSL_library_init(void) if (InitCyaSSL() == 0) return SSL_SUCCESS; else - return -1; + return SSL_FATAL_ERROR; } @@ -1634,10 +1635,10 @@ int InitCyaSSL(void) int ret = 0; #ifndef NO_SESSION_CACHE if (InitMutex(&session_mutex) != 0) - ret = -1; + ret = BAD_MUTEX_ERROR; #endif if (InitMutex(&ca_mutex) != 0) - ret = -1; + ret = BAD_MUTEX_ERROR; return ret; } @@ -1648,10 +1649,10 @@ int FreeCyaSSL(void) int ret = 0; #ifndef NO_SESSION_CACHE if (FreeMutex(&session_mutex) != 0) - ret = -1; + ret = BAD_MUTEX_ERROR; #endif if (FreeMutex(&ca_mutex) != 0) - ret = -1; + ret = BAD_MUTEX_ERROR; return ret; } @@ -1748,7 +1749,7 @@ int AddSession(SSL* ssl) row = HashSession(ssl->arrays.sessionID) % SESSION_ROWS; if (LockMutex(&session_mutex) != 0) - return -1; + return BAD_MUTEX_ERROR; idx = SessionCache[row].nextIdx++; @@ -1775,7 +1776,7 @@ int AddSession(SSL* ssl) SessionCache[row].nextIdx = 0; if (UnLockMutex(&session_mutex) != 0) - return -1; + return BAD_MUTEX_ERROR; return 0; } @@ -1865,7 +1866,7 @@ int CyaSSL_set_compression(SSL* ssl) ssl->options.usingCompression = 1; return 0; #else - return -1; + return NOT_COMPILED_IN; #endif } @@ -1956,7 +1957,7 @@ int CyaSSL_set_compression(SSL* ssl) static int CyaSSL_ex_wrapper(SSL* ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb, Timeval timeout) { - int ret = -1; + int ret = SSL_FATAL_ERROR; int oldTimerOn = 0; /* was timer already on */ Timeval startTime; Timeval endTime; @@ -2527,12 +2528,12 @@ int CyaSSL_set_compression(SSL* ssl) /* already got eof, again is error */ if (front->eof) - return -1; + return SSL_FATAL_ERROR; while(bio && ((ssl = bio->ssl) == 0) ) bio = bio->next; - if (ssl == 0) return -1; + if (ssl == 0) return BAD_FUNC_ARG; ret = SSL_read(ssl, buf, len); if (ret == 0) @@ -2554,12 +2555,12 @@ int CyaSSL_set_compression(SSL* ssl) /* already got eof, again is error */ if (front->eof) - return -1; + return SSL_FATAL_ERROR; while(bio && ((ssl = bio->ssl) == 0) ) bio = bio->next; - if (ssl == 0) return -1; + if (ssl == 0) return BAD_FUNC_ARG; ret = SSL_write(ssl, data, len); if (ret == 0) @@ -2828,7 +2829,7 @@ int CyaSSL_set_compression(SSL* ssl) SHA_Init((SHA_CTX*)&ctx->hash); } else - return -1; + return BAD_FUNC_ARG; return 0; } @@ -2841,7 +2842,7 @@ int CyaSSL_set_compression(SSL* ssl) else if (ctx->macType == SHA) SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz); else - return -1; + return BAD_FUNC_ARG; return 0; } @@ -2858,7 +2859,7 @@ int CyaSSL_set_compression(SSL* ssl) if (s) *s = SHA_DIGEST_SIZE; } else - return -1; + return BAD_FUNC_ARG; return 0; } @@ -3769,7 +3770,7 @@ int CyaSSL_set_compression(SSL* ssl) int CyaSSL_X509_get_serial_number(X509* x509, byte* buffer, int* inOutSz) { if (x509 == NULL || buffer == NULL || *inOutSz < x509->serialSz) - return -1; + return BAD_FUNC_ARG; XMEMCPY(buffer, x509->serial, x509->serialSz); *inOutSz = x509->serialSz; @@ -3834,13 +3835,14 @@ int CyaSSL_get_chain_cert_pem(X509_CHAIN* chain, int idx, int headerLen = sizeof(header) - 1; int footerLen = sizeof(footer) - 1; int i; + int err; if (!chain || !outLen || !buffer) - return -1; + return BAD_FUNC_ARG; /* don't even try if inLen too short */ if (inLen < headerLen + footerLen + chain->certs[idx].length) - return -1; + return BAD_FUNC_ARG; /* header */ XMEMCPY(buffer, header, headerLen); @@ -3848,14 +3850,14 @@ int CyaSSL_get_chain_cert_pem(X509_CHAIN* chain, int idx, /* body */ *outLen = inLen; /* input to Base64Encode */ - if (Base64Encode(chain->certs[idx].buffer, chain->certs[idx].length, - buffer + i, (word32*)outLen) < 0) - return -1; + if ( (err = Base64Encode(chain->certs[idx].buffer, chain->certs[idx].length, + buffer + i, (word32*)outLen)) < 0) + return err; i += *outLen; /* footer */ if ( (i + footerLen) > inLen) - return -1; + return BAD_FUNC_ARG; XMEMCPY(buffer + i, footer, footerLen); *outLen += headerLen + footerLen; diff --git a/src/tls.c b/src/tls.c index 1ea48e882..ed477afde 100644 --- a/src/tls.c +++ b/src/tls.c @@ -446,13 +446,13 @@ void BuildTlsFinished(SSL* ssl, Hashes* hashes, const byte* sender) int DeriveTlsKeys(SSL* ssl) { - return -1; + return NOT_COMPILED_IN; } int MakeTlsMasterSecret(SSL* ssl) { - return -1; + return NOT_COMPILED_IN; } #endif /* NO_TLS */