mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-01-28 19:50:00 +01:00
c1640e8a3d
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
441 lines
11 KiB
C
441 lines
11 KiB
C
/* error.c
|
|
*
|
|
* Copyright (C) 2006-2016 wolfSSL Inc.
|
|
*
|
|
* This file is part of wolfSSL.
|
|
*
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
*/
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include <config.h>
|
|
#endif
|
|
|
|
#include <wolfssl/wolfcrypt/settings.h>
|
|
|
|
#include <wolfssl/wolfcrypt/error-crypt.h>
|
|
|
|
#ifdef _MSC_VER
|
|
/* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
|
|
#pragma warning(disable: 4996)
|
|
#endif
|
|
|
|
const char* wc_GetErrorString(int error)
|
|
{
|
|
#ifdef NO_ERROR_STRINGS
|
|
|
|
(void)error;
|
|
return "no support for error strings built in";
|
|
|
|
#else
|
|
|
|
switch (error) {
|
|
|
|
case OPEN_RAN_E :
|
|
return "opening random device error";
|
|
|
|
case READ_RAN_E :
|
|
return "reading random device error";
|
|
|
|
case WINCRYPT_E :
|
|
return "windows crypt init error";
|
|
|
|
case CRYPTGEN_E :
|
|
return "windows crypt generation error";
|
|
|
|
case RAN_BLOCK_E :
|
|
return "random device read would block error";
|
|
|
|
case BAD_MUTEX_E :
|
|
return "Bad mutex, operation failed";
|
|
|
|
case WC_TIMEOUT_E:
|
|
return "Timeout error";
|
|
|
|
case WC_PENDING_E:
|
|
return "wolfCrypt Operation Pending (would block / eagain) error";
|
|
|
|
case WC_NOT_PENDING_E:
|
|
return "wolfCrypt operation not pending error";
|
|
|
|
case MP_INIT_E :
|
|
return "mp_init error state";
|
|
|
|
case MP_READ_E :
|
|
return "mp_read error state";
|
|
|
|
case MP_EXPTMOD_E :
|
|
return "mp_exptmod error state";
|
|
|
|
case MP_TO_E :
|
|
return "mp_to_xxx error state, can't convert";
|
|
|
|
case MP_SUB_E :
|
|
return "mp_sub error state, can't subtract";
|
|
|
|
case MP_ADD_E :
|
|
return "mp_add error state, can't add";
|
|
|
|
case MP_MUL_E :
|
|
return "mp_mul error state, can't multiply";
|
|
|
|
case MP_MULMOD_E :
|
|
return "mp_mulmod error state, can't multiply mod";
|
|
|
|
case MP_MOD_E :
|
|
return "mp_mod error state, can't mod";
|
|
|
|
case MP_INVMOD_E :
|
|
return "mp_invmod error state, can't inv mod";
|
|
|
|
case MP_CMP_E :
|
|
return "mp_cmp error state";
|
|
|
|
case MP_ZERO_E :
|
|
return "mp zero result, not expected";
|
|
|
|
case MEMORY_E :
|
|
return "out of memory error";
|
|
|
|
case VAR_STATE_CHANGE_E :
|
|
return "Variable state modified by different thread";
|
|
|
|
case RSA_WRONG_TYPE_E :
|
|
return "RSA wrong block type for RSA function";
|
|
|
|
case RSA_BUFFER_E :
|
|
return "RSA buffer error, output too small or input too big";
|
|
|
|
case BUFFER_E :
|
|
return "Buffer error, output too small or input too big";
|
|
|
|
case ALGO_ID_E :
|
|
return "Setting Cert AlgoID error";
|
|
|
|
case PUBLIC_KEY_E :
|
|
return "Setting Cert Public Key error";
|
|
|
|
case DATE_E :
|
|
return "Setting Cert Date validity error";
|
|
|
|
case SUBJECT_E :
|
|
return "Setting Cert Subject name error";
|
|
|
|
case ISSUER_E :
|
|
return "Setting Cert Issuer name error";
|
|
|
|
case CA_TRUE_E :
|
|
return "Setting basic constraint CA true error";
|
|
|
|
case EXTENSIONS_E :
|
|
return "Setting extensions error";
|
|
|
|
case ASN_PARSE_E :
|
|
return "ASN parsing error, invalid input";
|
|
|
|
case ASN_VERSION_E :
|
|
return "ASN version error, invalid number";
|
|
|
|
case ASN_GETINT_E :
|
|
return "ASN get big int error, invalid data";
|
|
|
|
case ASN_RSA_KEY_E :
|
|
return "ASN key init error, invalid input";
|
|
|
|
case ASN_OBJECT_ID_E :
|
|
return "ASN object id error, invalid id";
|
|
|
|
case ASN_TAG_NULL_E :
|
|
return "ASN tag error, not null";
|
|
|
|
case ASN_EXPECT_0_E :
|
|
return "ASN expect error, not zero";
|
|
|
|
case ASN_BITSTR_E :
|
|
return "ASN bit string error, wrong id";
|
|
|
|
case ASN_UNKNOWN_OID_E :
|
|
return "ASN oid error, unknown sum id";
|
|
|
|
case ASN_DATE_SZ_E :
|
|
return "ASN date error, bad size";
|
|
|
|
case ASN_BEFORE_DATE_E :
|
|
return "ASN date error, current date before";
|
|
|
|
case ASN_AFTER_DATE_E :
|
|
return "ASN date error, current date after";
|
|
|
|
case ASN_SIG_OID_E :
|
|
return "ASN signature error, mismatched oid";
|
|
|
|
case ASN_TIME_E :
|
|
return "ASN time error, unknown time type";
|
|
|
|
case ASN_INPUT_E :
|
|
return "ASN input error, not enough data";
|
|
|
|
case ASN_SIG_CONFIRM_E :
|
|
return "ASN sig error, confirm failure";
|
|
|
|
case ASN_SIG_HASH_E :
|
|
return "ASN sig error, unsupported hash type";
|
|
|
|
case ASN_SIG_KEY_E :
|
|
return "ASN sig error, unsupported key type";
|
|
|
|
case ASN_DH_KEY_E :
|
|
return "ASN key init error, invalid input";
|
|
|
|
case ASN_NTRU_KEY_E :
|
|
return "ASN NTRU key decode error, invalid input";
|
|
|
|
case ASN_CRIT_EXT_E:
|
|
return "X.509 Critical extension ignored or invalid";
|
|
|
|
case ECC_BAD_ARG_E :
|
|
return "ECC input argument wrong type, invalid input";
|
|
|
|
case ASN_ECC_KEY_E :
|
|
return "ECC ASN1 bad key data, invalid input";
|
|
|
|
case ECC_CURVE_OID_E :
|
|
return "ECC curve sum OID unsupported, invalid input";
|
|
|
|
case BAD_FUNC_ARG :
|
|
return "Bad function argument";
|
|
|
|
case NOT_COMPILED_IN :
|
|
return "Feature not compiled in";
|
|
|
|
case UNICODE_SIZE_E :
|
|
return "Unicode password too big";
|
|
|
|
case NO_PASSWORD :
|
|
return "No password provided by user";
|
|
|
|
case ALT_NAME_E :
|
|
return "Alt Name problem, too big";
|
|
|
|
case AES_GCM_AUTH_E:
|
|
return "AES-GCM Authentication check fail";
|
|
|
|
case AES_CCM_AUTH_E:
|
|
return "AES-CCM Authentication check fail";
|
|
|
|
case ASYNC_INIT_E:
|
|
return "Async Init error";
|
|
|
|
case COMPRESS_INIT_E:
|
|
return "Compress Init error";
|
|
|
|
case COMPRESS_E:
|
|
return "Compress error";
|
|
|
|
case DECOMPRESS_INIT_E:
|
|
return "DeCompress Init error";
|
|
|
|
case DECOMPRESS_E:
|
|
return "DeCompress error";
|
|
|
|
case BAD_ALIGN_E:
|
|
return "Bad alignment error, no alloc help";
|
|
|
|
case ASN_NO_SIGNER_E :
|
|
return "ASN no signer error to confirm failure";
|
|
|
|
case ASN_CRL_CONFIRM_E :
|
|
return "ASN CRL sig error, confirm failure";
|
|
|
|
case ASN_CRL_NO_SIGNER_E :
|
|
return "ASN CRL no signer error to confirm failure";
|
|
|
|
case ASN_OCSP_CONFIRM_E :
|
|
return "ASN OCSP sig error, confirm failure";
|
|
|
|
case BAD_STATE_E:
|
|
return "Bad state operation";
|
|
|
|
case BAD_PADDING_E:
|
|
return "Bad padding, message wrong length";
|
|
|
|
case REQ_ATTRIBUTE_E:
|
|
return "Setting cert request attributes error";
|
|
|
|
case PKCS7_OID_E:
|
|
return "PKCS#7 error: mismatched OID value";
|
|
|
|
case PKCS7_RECIP_E:
|
|
return "PKCS#7 error: no matching recipient found";
|
|
|
|
case FIPS_NOT_ALLOWED_E:
|
|
return "FIPS mode not allowed error";
|
|
|
|
case ASN_NAME_INVALID_E:
|
|
return "Name Constraint error";
|
|
|
|
case RNG_FAILURE_E:
|
|
return "Random Number Generator failed";
|
|
|
|
case HMAC_MIN_KEYLEN_E:
|
|
return "FIPS Mode HMAC Minimum Key Length error";
|
|
|
|
case RSA_PAD_E:
|
|
return "Rsa Padding error";
|
|
|
|
case LENGTH_ONLY_E:
|
|
return "Output length only set, not for other use error";
|
|
|
|
case IN_CORE_FIPS_E:
|
|
return "In Core Integrity check FIPS error";
|
|
|
|
case AES_KAT_FIPS_E:
|
|
return "AES Known Answer Test check FIPS error";
|
|
|
|
case DES3_KAT_FIPS_E:
|
|
return "DES3 Known Answer Test check FIPS error";
|
|
|
|
case HMAC_KAT_FIPS_E:
|
|
return "HMAC Known Answer Test check FIPS error";
|
|
|
|
case RSA_KAT_FIPS_E:
|
|
return "RSA Known Answer Test check FIPS error";
|
|
|
|
case DRBG_KAT_FIPS_E:
|
|
return "DRBG Known Answer Test check FIPS error";
|
|
|
|
case DRBG_CONT_FIPS_E:
|
|
return "DRBG Continuous Test FIPS error";
|
|
|
|
case AESGCM_KAT_FIPS_E:
|
|
return "AESGCM Known Answer Test check FIPS error";
|
|
|
|
case THREAD_STORE_KEY_E:
|
|
return "Thread Storage Key Create error";
|
|
|
|
case THREAD_STORE_SET_E:
|
|
return "Thread Storage Set error";
|
|
|
|
case MAC_CMP_FAILED_E:
|
|
return "MAC comparison failed";
|
|
|
|
case IS_POINT_E:
|
|
return "ECC is point on curve failed";
|
|
|
|
case ECC_INF_E:
|
|
return " ECC point at infinity error";
|
|
|
|
case ECC_OUT_OF_RANGE_E:
|
|
return " ECC Qx or Qy out of range error";
|
|
|
|
case ECC_PRIV_KEY_E:
|
|
return " ECC private key is not valid error";
|
|
|
|
case SRP_CALL_ORDER_E:
|
|
return "SRP function called in the wrong order error";
|
|
|
|
case SRP_VERIFY_E:
|
|
return "SRP proof verification error";
|
|
|
|
case SRP_BAD_KEY_E:
|
|
return "SRP bad key values error";
|
|
|
|
case ASN_NO_SKID:
|
|
return "ASN no Subject Key Identifier found error";
|
|
|
|
case ASN_NO_AKID:
|
|
return "ASN no Authority Key Identifier found error";
|
|
|
|
case ASN_NO_KEYUSAGE:
|
|
return "ASN no Key Usage found error";
|
|
|
|
case SKID_E:
|
|
return "Setting Subject Key Identifier error";
|
|
|
|
case AKID_E:
|
|
return "Setting Authority Key Identifier error";
|
|
|
|
case KEYUSAGE_E:
|
|
return "Bad Key Usage value error";
|
|
|
|
case CERTPOLICIES_E:
|
|
return "Setting Certificate Policies error";
|
|
|
|
case WC_INIT_E:
|
|
return "wolfCrypt Initialize Failure error";
|
|
|
|
case SIG_VERIFY_E:
|
|
return "Signature verify error";
|
|
|
|
case BAD_COND_E:
|
|
return "Bad condition variable operation error";
|
|
|
|
case SIG_TYPE_E:
|
|
return "Signature type not enabled/available";
|
|
|
|
case HASH_TYPE_E:
|
|
return "Hash type not enabled/available";
|
|
|
|
case WC_KEY_SIZE_E:
|
|
return "Key size error, either too small or large";
|
|
|
|
case ASN_COUNTRY_SIZE_E:
|
|
return "Country code size error, either too small or large";
|
|
|
|
case MISSING_RNG_E:
|
|
return "RNG required but not provided";
|
|
|
|
case ASN_PATHLEN_SIZE_E:
|
|
return "ASN CA path length value too large error";
|
|
|
|
case ASN_PATHLEN_INV_E:
|
|
return "ASN CA path length larger than signer error";
|
|
|
|
case BAD_KEYWRAP_ALG_E:
|
|
return "Unsupported key wrap algorithm error";
|
|
|
|
case BAD_KEYWRAP_IV_E:
|
|
return "Decrypted AES key wrap IV does not match expected";
|
|
|
|
case WC_CLEANUP_E:
|
|
return "wolfcrypt cleanup failed";
|
|
|
|
case ECC_CDH_KAT_FIPS_E:
|
|
return "wolfcrypt FIPS ECC CDH Known Answer Test Failure";
|
|
|
|
case DH_CHECK_PUB_E:
|
|
return "DH Check Public Key failure";
|
|
|
|
case BAD_PATH_ERROR:
|
|
return "Bad path for opendir error";
|
|
|
|
case ASYNC_OP_E:
|
|
return "Async operation error";
|
|
|
|
default:
|
|
return "unknown error number";
|
|
|
|
}
|
|
|
|
#endif /* NO_ERROR_STRINGS */
|
|
|
|
}
|
|
|
|
void wc_ErrorString(int error, char* buffer)
|
|
{
|
|
XSTRNCPY(buffer, wc_GetErrorString(error), WOLFSSL_MAX_ERROR_SZ);
|
|
}
|