add better codes/messages for CyaSSL generic errors

2011-04-20 16:58:51 -07:00
parent 92bc4fc00d
commit 5a78a8999a
6 changed files with 67 additions and 54 deletions
--- a/ctaocrypt/include/error.h
+++ b/ctaocrypt/include/error.h
@@ -93,6 +93,7 @@ enum {
    BAD_FUNC_ARG       = -173,  /* Bad function argument provided */
    NOT_COMPILED_IN    = -174,  /* Feature not compiled in */
    UNICODE_SIZE_E     = -175,  /* Unicdoe password too big */
    NO_PASSWORD        = -176,  /* no password provided by user */
    MIN_CODE_E         = -200   /* errors -101 - -199 */
 };
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -2200,6 +2200,10 @@ void CTaoCryptErrorString(int error, char* buffer)
        XSTRNCPY(buffer, "Unicode password too big", max);
        break;
    case NO_PASSWORD :
        XSTRNCPY(buffer, "No password provided by user", max);
        break;
    default:
        XSTRNCPY(buffer, "unknown error number", max);
--- a/include/cyassl_error.h
+++ b/include/cyassl_error.h
@@ -88,6 +88,7 @@ enum CyaSSL_ErrorCodes {
    ECC_MAKEKEY_ERROR      = -253,            /* Bad Make ECC Key */
    ECC_EXPORT_ERROR       = -254,            /* Bad ECC Export Key */
    ECC_SHARED_ERROR       = -255,            /* Bad ECC Shared Secret */
    BAD_MUTEX_ERROR        = -256,            /* Bad mutex */
    /* add strings to SetErrorString !!!!! */
    /* begin negotiation parameter errors */
--- a/src/cyassl_int.c
+++ b/src/cyassl_int.c
@@ -1027,6 +1027,7 @@ static void AddHeaders(byte* output, word32 length, byte type, SSL* ssl)
 }
 /* return bytes received, -1 on error, 0 on timeout */
 static int Receive(SSL* ssl, byte* buf, word32 sz, int flags)
 {
    int recvd;
@@ -1167,7 +1168,7 @@ static INLINE int GrowOutputBuffer(SSL* ssl, int size)
                                ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
    CYASSL_MSG("growing output buffer\n");
-    if (!tmp) return -1;
+    if (!tmp) return MEMORY_E;
    if (ssl->buffers.outputBuffer.length)
        XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
@@ -1191,7 +1192,7 @@ static INLINE int GrowInputBuffer(SSL* ssl, int size, int usedLength)
                                DYNAMIC_TYPE_IN_BUFFER);
    CYASSL_MSG("growing input buffer\n");
-    if (!tmp) return -1;
+    if (!tmp) return MEMORY_E;
    if (usedLength)
        XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
@@ -2519,7 +2520,7 @@ int SendFinished(SSL* ssl)
                  server);
    if ( (sendSz = BuildMessage(ssl, output, input, headerSz +
-                                finishedSz, handshake)) == -1)
+                                finishedSz, handshake)) < 0)
        return BUILD_MSG_ERROR;
    if (!ssl->options.resuming) {
@@ -3114,15 +3115,19 @@ void SetErrorString(int error, char* buffer)
        break;
    case ECC_MAKEKEY_ERROR:
-        XSTRNCPY(buffer, "ECC Make Key failutre", max);
+        XSTRNCPY(buffer, "ECC Make Key failure", max);
        break;
    case ECC_EXPORT_ERROR:
-        XSTRNCPY(buffer, "ECC Export Key failutre", max);
+        XSTRNCPY(buffer, "ECC Export Key failure", max);
        break;
    case ECC_SHARED_ERROR:
-        XSTRNCPY(buffer, "ECC DHE shared failutre", max);
+        XSTRNCPY(buffer, "ECC DHE shared failure", max);
        break;
    case BAD_MUTEX_ERROR:
        XSTRNCPY(buffer, "Bad mutex, operation failed", max);
        break;
    default :
@@ -3980,7 +3985,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
        }
 #endif /* HAVE_ECC */
        else
-            return -1;
+            return ALGO_ID_E;
        ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
@@ -3988,7 +3993,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
    }
 #endif  /* HAVE_OPENSSL or HAVE_ECC */
-        return -1;  /* not supported by build */
+        return NOT_COMPILED_IN;  /* not supported by build */
    }
@@ -4131,7 +4136,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
            ecc_free(&myKey);
        #endif /* HAVE_ECC */
        } else
-            return -1; /* unsupported kea */
+            return ALGO_ID_E; /* unsupported kea */
        if (ret == 0) {
            byte              *output;
@@ -4520,7 +4525,7 @@ int SetCipherList(SSL_CTX* ctx, const char* list)
            else {
                FreeRsaKey(&rsaKey);
                ecc_free(&dsaKey);
-                return -1;  /* unsupported type */
+                return ALGO_ID_E;  /* unsupported type */
            }
            length += sigSz;
@@ -5479,7 +5484,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
            if (pthread_mutex_init(m, 0) == 0)
                return 0;
            else
-                return -1;
+                return BAD_MUTEX_ERROR;
        }
@@ -5488,7 +5493,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
            if (pthread_mutex_destroy(m) == 0)
                return 0;
            else
-                return -1;
+                return BAD_MUTEX_ERROR;
        }
@@ -5497,7 +5502,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
            if (pthread_mutex_lock(m) == 0)
                return 0;
            else
-                return -1;
+                return BAD_MUTEX_ERROR;
        }
@@ -5506,7 +5511,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
            if (pthread_mutex_unlock(m) == 0)
                return 0;
            else
-                return -1;
+                return BAD_MUTEX_ERROR;
        }
    #elif defined(THREADX)
@@ -5516,7 +5521,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
            if (tx_mutex_create(m, "CyaSSL Mutex", TX_NO_INHERIT) == 0)
                return 0;
            else
-                return -1;
+                return BAD_MUTEX_ERROR;
        }
@@ -5525,7 +5530,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
            if (tx_mutex_delete(m) == 0)
                return 0;
            else
-                return -1;
+                return BAD_MUTEX_ERROR;
        }
@@ -5534,7 +5539,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
            if (tx_mutex_get(m, TX_WAIT_FOREVER) == 0)
                return 0;
            else
-                return -1;
+                return BAD_MUTEX_ERROR;
        }
@@ -5543,7 +5548,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
            if (tx_mutex_put(m) == 0)
                return 0;
            else
-                return -1;
+                return BAD_MUTEX_ERROR;
        }
    #elif defined(MICRIUM)
@@ -5554,7 +5559,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
                if (NetSecure_OS_MutexCreate(m) == 0)
                    return 0;
                else
-                    return -1;
+                    return BAD_MUTEX_ERROR;
            #else
                return 0;
            #endif
@@ -5567,7 +5572,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
                if (NetSecure_OS_FreeMutex(m) == 0)
                    return 0;
                else
-                    return -1;
+                    return BAD_MUTEX_ERROR;
            #else
                return 0;
            #endif
@@ -5580,7 +5585,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
                if (NetSecure_OS_LockMutex(m) == 0)
                    return 0;
                else
-                    return -1;
+                    return BAD_MUTEX_ERROR;
            #else
                return 0;
            #endif
@@ -5593,7 +5598,7 @@ int UnLockMutex(CyaSSL_Mutex* m)
                if (NetSecure_OS_UnLockMutex(m) == 0)
                    return 0;
                else
-                    return -1;
+                    return BAD_MUTEX_ERROR;
            #else
                return 0;
            #endif
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -127,7 +127,7 @@ int SSL_get_fd(const SSL* ssl)
 int CyaSSL_negotiate(SSL* ssl)
 {
-    int err = -1;
+    int err = SSL_FATAL_ERROR;
    CYASSL_ENTER("CyaSSL_negotiate()");
 #ifndef NO_CYASSL_SERVER
@@ -154,7 +154,7 @@ int CyaSSL_SetTmpDH(SSL* ssl, unsigned char* p,int pSz,unsigned char* g,int gSz)
 {
    byte havePSK = 0;
-    if (ssl == NULL || p == NULL || g == NULL) return -1;
+    if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
    if (ssl->options.side != SERVER_END)
        return SIDE_ERROR;
@@ -742,27 +742,28 @@ int AddCA(SSL_CTX* ctx, buffer der)
            /* decrypt */
            char password[80];
            int  passwordSz;
            int  ret;
            byte key[AES_256_KEY_SIZE];
            byte  iv[AES_IV_SIZE];
            if (!ctx->passwd_cb) {
                XFREE(der.buffer, ctx->heap, dynamicType);
-                return -1;
+                return NO_PASSWORD;
            }
            /* use file's salt for key derivation, hex decode first */
            if (Base16Decode(info.iv, info.ivSz, info.iv, &info.ivSz) != 0) {
                XFREE(der.buffer, ctx->heap, dynamicType);
-                return -1;
+                return ASN_INPUT_E;
            }
            passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
                                    ctx->userdata);
-            if (EVP_BytesToKey(info.name, "MD5", info.iv, (byte*)password,
+            if ( (ret = EVP_BytesToKey(info.name, "MD5", info.iv,
-                               passwordSz, 1, key, iv) <= 0) {
+                            (byte*)password, passwordSz, 1, key, iv)) <= 0) {
                XFREE(der.buffer, ctx->heap, dynamicType);
-                return -1;
+                return ret;
            }
            if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) {
@@ -1155,7 +1156,7 @@ int SSL_library_init(void)
    if (InitCyaSSL() == 0)
        return SSL_SUCCESS;
    else
-        return -1;
+        return SSL_FATAL_ERROR;
 }
@@ -1634,10 +1635,10 @@ int InitCyaSSL(void)
    int ret = 0;
 #ifndef NO_SESSION_CACHE
    if (InitMutex(&session_mutex) != 0)
-        ret = -1;
+        ret = BAD_MUTEX_ERROR;
 #endif
    if (InitMutex(&ca_mutex) != 0)
-        ret = -1;
+        ret = BAD_MUTEX_ERROR;
    return ret;
 }
@@ -1648,10 +1649,10 @@ int FreeCyaSSL(void)
    int ret = 0;
 #ifndef NO_SESSION_CACHE
    if (FreeMutex(&session_mutex) != 0)
-        ret = -1;
+        ret = BAD_MUTEX_ERROR;
 #endif
    if (FreeMutex(&ca_mutex) != 0)
-        ret = -1;
+        ret = BAD_MUTEX_ERROR;
    return ret;
 }
@@ -1748,7 +1749,7 @@ int AddSession(SSL* ssl)
    row = HashSession(ssl->arrays.sessionID) % SESSION_ROWS;
    if (LockMutex(&session_mutex) != 0)
-        return -1;
+        return BAD_MUTEX_ERROR;
    idx = SessionCache[row].nextIdx++;
@@ -1775,7 +1776,7 @@ int AddSession(SSL* ssl)
        SessionCache[row].nextIdx = 0;
    if (UnLockMutex(&session_mutex) != 0)
-        return -1;
+        return BAD_MUTEX_ERROR;
    return 0;
 }
@@ -1865,7 +1866,7 @@ int CyaSSL_set_compression(SSL* ssl)
    ssl->options.usingCompression = 1;
    return 0;
 #else
-    return -1;
+    return NOT_COMPILED_IN;
 #endif
 }
@@ -1956,7 +1957,7 @@ int CyaSSL_set_compression(SSL* ssl)
    static int CyaSSL_ex_wrapper(SSL* ssl, HandShakeCallBack hsCb,
                                 TimeoutCallBack toCb, Timeval timeout)
    {
-        int       ret        = -1;
+        int       ret        = SSL_FATAL_ERROR;
        int       oldTimerOn = 0;   /* was timer already on */
        Timeval   startTime;
        Timeval   endTime;
@@ -2527,12 +2528,12 @@ int CyaSSL_set_compression(SSL* ssl)
        /* already got eof, again is error */
        if (front->eof)
-            return -1;
+            return SSL_FATAL_ERROR;
        while(bio && ((ssl = bio->ssl) == 0) )
            bio = bio->next;
-        if (ssl == 0) return -1;
+        if (ssl == 0) return BAD_FUNC_ARG;
        ret = SSL_read(ssl, buf, len);
        if (ret == 0)
@@ -2554,12 +2555,12 @@ int CyaSSL_set_compression(SSL* ssl)
        /* already got eof, again is error */
        if (front->eof)
-            return -1;
+            return SSL_FATAL_ERROR;
        while(bio && ((ssl = bio->ssl) == 0) )
            bio = bio->next;
-        if (ssl == 0) return -1;
+        if (ssl == 0) return BAD_FUNC_ARG;
        ret = SSL_write(ssl, data, len);
        if (ret == 0)
@@ -2828,7 +2829,7 @@ int CyaSSL_set_compression(SSL* ssl)
             SHA_Init((SHA_CTX*)&ctx->hash);
        }
        else
-             return -1;
+             return BAD_FUNC_ARG;
        return 0;
    }
@@ -2841,7 +2842,7 @@ int CyaSSL_set_compression(SSL* ssl)
        else if (ctx->macType == SHA) 
            SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz);
        else
-            return -1;
+            return BAD_FUNC_ARG;
        return 0;
    }
@@ -2858,7 +2859,7 @@ int CyaSSL_set_compression(SSL* ssl)
            if (s) *s = SHA_DIGEST_SIZE;
        }
        else
-            return -1;
+            return BAD_FUNC_ARG;
        return 0;
    }
@@ -3769,7 +3770,7 @@ int CyaSSL_set_compression(SSL* ssl)
    int CyaSSL_X509_get_serial_number(X509* x509, byte* buffer, int* inOutSz)
    {
        if (x509 == NULL || buffer == NULL || *inOutSz < x509->serialSz)
-            return -1;
+            return BAD_FUNC_ARG;
        XMEMCPY(buffer, x509->serial, x509->serialSz);
        *inOutSz = x509->serialSz;
@@ -3834,13 +3835,14 @@ int  CyaSSL_get_chain_cert_pem(X509_CHAIN* chain, int idx,
    int headerLen = sizeof(header) - 1;
    int footerLen = sizeof(footer) - 1;
    int i;
    int err;
    if (!chain || !outLen || !buffer)
-        return -1;
+        return BAD_FUNC_ARG;
    /* don't even try if inLen too short */
    if (inLen < headerLen + footerLen + chain->certs[idx].length)
-        return -1;
+        return BAD_FUNC_ARG;
    /* header */
    XMEMCPY(buffer, header, headerLen);
@@ -3848,14 +3850,14 @@ int  CyaSSL_get_chain_cert_pem(X509_CHAIN* chain, int idx,
    /* body */
    *outLen = inLen;  /* input to Base64Encode */
-    if (Base64Encode(chain->certs[idx].buffer, chain->certs[idx].length,
+    if ( (err = Base64Encode(chain->certs[idx].buffer, chain->certs[idx].length,
-                     buffer + i, (word32*)outLen) < 0)
+                     buffer + i, (word32*)outLen)) < 0)
-        return -1;
+        return err;
    i += *outLen;
    /* footer */
    if ( (i + footerLen) > inLen)
-        return -1;
+        return BAD_FUNC_ARG;
    XMEMCPY(buffer + i, footer, footerLen);
    *outLen += headerLen + footerLen; 
--- a/src/tls.c
+++ b/src/tls.c
@@ -446,13 +446,13 @@ void BuildTlsFinished(SSL* ssl, Hashes* hashes, const byte* sender)
 int DeriveTlsKeys(SSL* ssl)
 {
-    return -1;
+    return NOT_COMPILED_IN;
 }
 int MakeTlsMasterSecret(SSL* ssl)
 { 
-    return -1;
+    return NOT_COMPILED_IN;
 }
 #endif /* NO_TLS */