1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
|
/* error.c
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifdef _MSC_VER
/* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
#pragma warning(disable: 4996)
#endif
#ifndef NO_ERROR_STRINGS
const char* wc_GetErrorString(int error)
{
switch (error) {
case OPEN_RAN_E :
return "opening random device error";
case READ_RAN_E :
return "reading random device error";
case WINCRYPT_E :
return "windows crypt init error";
case CRYPTGEN_E :
return "windows crypt generation error";
case RAN_BLOCK_E :
return "random device read would block error";
case BAD_MUTEX_E :
return "Bad mutex, operation failed";
case WC_TIMEOUT_E:
return "Timeout error";
case WC_PENDING_E:
return "wolfCrypt Operation Pending (would block / eagain) error";
case WC_NOT_PENDING_E:
return "wolfCrypt operation not pending error";
case MP_INIT_E :
return "mp_init error state";
case MP_READ_E :
return "mp_read error state";
case MP_EXPTMOD_E :
return "mp_exptmod error state";
case MP_TO_E :
return "mp_to_xxx error state, can't convert";
case MP_SUB_E :
return "mp_sub error state, can't subtract";
case MP_ADD_E :
return "mp_add error state, can't add";
case MP_MUL_E :
return "mp_mul error state, can't multiply";
case MP_MULMOD_E :
return "mp_mulmod error state, can't multiply mod";
case MP_MOD_E :
return "mp_mod error state, can't mod";
case MP_INVMOD_E :
return "mp_invmod error state, can't inv mod";
case MP_CMP_E :
return "mp_cmp error state";
case MP_ZERO_E :
return "mp zero result, not expected";
case MEMORY_E :
return "out of memory error";
case VAR_STATE_CHANGE_E :
return "Variable state modified by different thread";
case RSA_WRONG_TYPE_E :
return "RSA wrong block type for RSA function";
case RSA_BUFFER_E :
return "RSA buffer error, output too small or input too big";
case BUFFER_E :
return "Buffer error, output too small or input too big";
case ALGO_ID_E :
return "Setting Cert AlgoID error";
case PUBLIC_KEY_E :
return "Setting Cert Public Key error";
case DATE_E :
return "Setting Cert Date validity error";
case SUBJECT_E :
return "Setting Cert Subject name error";
case ISSUER_E :
return "Setting Cert Issuer name error";
case CA_TRUE_E :
return "Setting basic constraint CA true error";
case EXTENSIONS_E :
return "Setting extensions error";
case ASN_PARSE_E :
return "ASN parsing error, invalid input";
case ASN_VERSION_E :
return "ASN version error, invalid number";
case ASN_GETINT_E :
return "ASN get big int error, invalid data";
case ASN_RSA_KEY_E :
return "ASN key init error, invalid input";
case ASN_OBJECT_ID_E :
return "ASN object id error, invalid id";
case ASN_TAG_NULL_E :
return "ASN tag error, not null";
case ASN_EXPECT_0_E :
return "ASN expect error, not zero";
case ASN_BITSTR_E :
return "ASN bit string error, wrong id";
case ASN_UNKNOWN_OID_E :
return "ASN oid error, unknown sum id";
case ASN_DATE_SZ_E :
return "ASN date error, bad size";
case ASN_BEFORE_DATE_E :
return "ASN date error, current date before";
case ASN_AFTER_DATE_E :
return "ASN date error, current date after";
case ASN_SIG_OID_E :
return "ASN signature error, mismatched oid";
case ASN_TIME_E :
return "ASN time error, unknown time type";
case ASN_INPUT_E :
return "ASN input error, not enough data";
case ASN_SIG_CONFIRM_E :
return "ASN sig error, confirm failure";
case ASN_SIG_HASH_E :
return "ASN sig error, unsupported hash type";
case ASN_SIG_KEY_E :
return "ASN sig error, unsupported key type";
case ASN_DH_KEY_E :
return "ASN key init error, invalid input";
case ASN_NTRU_KEY_E :
return "ASN NTRU key decode error, invalid input";
case ASN_CRIT_EXT_E:
return "X.509 Critical extension ignored or invalid";
case ASN_ALT_NAME_E:
return "ASN alternate name error";
case ECC_BAD_ARG_E :
return "ECC input argument wrong type, invalid input";
case ASN_ECC_KEY_E :
return "ECC ASN1 bad key data, invalid input";
case ECC_CURVE_OID_E :
return "ECC curve sum OID unsupported, invalid input";
case BAD_FUNC_ARG :
return "Bad function argument";
case NOT_COMPILED_IN :
return "Feature not compiled in";
case UNICODE_SIZE_E :
return "Unicode password too big";
case NO_PASSWORD :
return "No password provided by user";
case ALT_NAME_E :
return "Alt Name problem, too big";
case AES_GCM_AUTH_E:
return "AES-GCM Authentication check fail";
case AES_CCM_AUTH_E:
return "AES-CCM Authentication check fail";
case ASYNC_INIT_E:
return "Async Init error";
case COMPRESS_INIT_E:
return "Compress Init error";
case COMPRESS_E:
return "Compress error";
case DECOMPRESS_INIT_E:
return "DeCompress Init error";
case DECOMPRESS_E:
return "DeCompress error";
case BAD_ALIGN_E:
return "Bad alignment error, no alloc help";
case ASN_NO_SIGNER_E :
return "ASN no signer error to confirm failure";
case ASN_CRL_CONFIRM_E :
return "ASN CRL sig error, confirm failure";
case ASN_CRL_NO_SIGNER_E :
return "ASN CRL no signer error to confirm failure";
case ASN_OCSP_CONFIRM_E :
return "ASN OCSP sig error, confirm failure";
case ASN_NO_PEM_HEADER:
return "ASN no PEM Header Error";
case BAD_STATE_E:
return "Bad state operation";
case BAD_PADDING_E:
return "Bad padding, message wrong length";
case REQ_ATTRIBUTE_E:
return "Setting cert request attributes error";
case PKCS7_OID_E:
return "PKCS#7 error: mismatched OID value";
case PKCS7_RECIP_E:
return "PKCS#7 error: no matching recipient found";
case WC_PKCS7_WANT_READ_E:
return "PKCS#7 operations wants more input, call again";
case FIPS_NOT_ALLOWED_E:
return "FIPS mode not allowed error";
case ASN_NAME_INVALID_E:
return "Name Constraint error";
case RNG_FAILURE_E:
return "Random Number Generator failed";
case HMAC_MIN_KEYLEN_E:
return "FIPS Mode HMAC Minimum Key Length error";
case RSA_PAD_E:
return "Rsa Padding error";
case LENGTH_ONLY_E:
return "Output length only set, not for other use error";
case IN_CORE_FIPS_E:
return "In Core Integrity check FIPS error";
case AES_KAT_FIPS_E:
return "AES Known Answer Test check FIPS error";
case DES3_KAT_FIPS_E:
return "DES3 Known Answer Test check FIPS error";
case HMAC_KAT_FIPS_E:
return "HMAC Known Answer Test check FIPS error";
case RSA_KAT_FIPS_E:
return "RSA Known Answer Test check FIPS error";
case DRBG_KAT_FIPS_E:
return "DRBG Known Answer Test check FIPS error";
case DRBG_CONT_FIPS_E:
return "DRBG Continuous Test FIPS error";
case AESGCM_KAT_FIPS_E:
return "AESGCM Known Answer Test check FIPS error";
case THREAD_STORE_KEY_E:
return "Thread Storage Key Create error";
case THREAD_STORE_SET_E:
return "Thread Storage Set error";
case MAC_CMP_FAILED_E:
return "MAC comparison failed";
case IS_POINT_E:
return "ECC is point on curve failed";
case ECC_INF_E:
return " ECC point at infinity error";
case ECC_OUT_OF_RANGE_E:
return " ECC Qx or Qy out of range error";
case ECC_PRIV_KEY_E:
return " ECC private key is not valid error";
case SRP_CALL_ORDER_E:
return "SRP function called in the wrong order error";
case SRP_VERIFY_E:
return "SRP proof verification error";
case SRP_BAD_KEY_E:
return "SRP bad key values error";
case ASN_NO_SKID:
return "ASN no Subject Key Identifier found error";
case ASN_NO_AKID:
return "ASN no Authority Key Identifier found error";
case ASN_NO_KEYUSAGE:
return "ASN no Key Usage found error";
case SKID_E:
return "Setting Subject Key Identifier error";
case AKID_E:
return "Setting Authority Key Identifier error";
case KEYUSAGE_E:
return "Key Usage value error";
case EXTKEYUSAGE_E:
return "Extended Key Usage value error";
case CERTPOLICIES_E:
return "Setting Certificate Policies error";
case WC_INIT_E:
return "wolfCrypt Initialize Failure error";
case SIG_VERIFY_E:
return "Signature verify error";
case BAD_COND_E:
return "Bad condition variable operation error";
case SIG_TYPE_E:
return "Signature type not enabled/available";
case HASH_TYPE_E:
return "Hash type not enabled/available";
case WC_KEY_SIZE_E:
return "Key size error, either too small or large";
case ASN_COUNTRY_SIZE_E:
return "Country code size error, either too small or large";
case MISSING_RNG_E:
return "RNG required but not provided";
case ASN_PATHLEN_SIZE_E:
return "ASN CA path length value too large error";
case ASN_PATHLEN_INV_E:
return "ASN CA path length larger than signer error";
case BAD_KEYWRAP_ALG_E:
return "Unsupported key wrap algorithm error";
case BAD_KEYWRAP_IV_E:
return "Decrypted AES key wrap IV does not match expected";
case WC_CLEANUP_E:
return "wolfcrypt cleanup failed";
case ECC_CDH_KAT_FIPS_E:
return "wolfcrypt FIPS ECC CDH Known Answer Test Failure";
case DH_CHECK_PUB_E:
return "DH Check Public Key failure";
case BAD_PATH_ERROR:
return "Bad path for opendir error";
case ASYNC_OP_E:
return "Async operation error";
case BAD_OCSP_RESPONDER:
return "Invalid OCSP Responder, missing specific key usage extensions";
case ECC_PRIVATEONLY_E:
return "Invalid use of private only ECC key";
case WC_HW_E:
return "Error with hardware crypto use";
case WC_HW_WAIT_E:
return "Hardware waiting on resource";
case PSS_SALTLEN_E:
return "PSS - Length of salt is too big for hash algorithm";
case PRIME_GEN_E:
return "Unable to find a prime for RSA key";
case BER_INDEF_E:
return "Unable to decode an indefinite length encoded message";
case RSA_OUT_OF_RANGE_E:
return "Ciphertext to decrypt is out of range";
case RSAPSS_PAT_FIPS_E:
return "wolfcrypt FIPS RSA-PSS Pairwise Agreement Test Failure";
case ECDSA_PAT_FIPS_E:
return "wolfcrypt FIPS ECDSA Pairwise Agreement Test Failure";
case DH_KAT_FIPS_E:
return "wolfcrypt FIPS DH Known Answer Test Failure";
case AESCCM_KAT_FIPS_E:
return "AESCCM Known Answer Test check FIPS error";
case SHA3_KAT_FIPS_E:
return "SHA-3 Known Answer Test check FIPS error";
case ECDHE_KAT_FIPS_E:
return "wolfcrypt FIPS ECDHE Known Answer Test Failure";
case AES_GCM_OVERFLOW_E:
return "AES-GCM invocation counter overflow";
case AES_CCM_OVERFLOW_E:
return "AES-CCM invocation counter overflow";
case RSA_KEY_PAIR_E:
return "RSA Key Pair-Wise Consistency check fail";
case DH_CHECK_PRIV_E:
return "DH Check Private Key failure";
case WC_AFALG_SOCK_E:
return "AF_ALG socket error";
case WC_DEVCRYPTO_E:
return "Error with /dev/crypto";
case ZLIB_INIT_ERROR:
return "zlib init error";
case ZLIB_COMPRESS_ERROR:
return "zlib compress error";
case ZLIB_DECOMPRESS_ERROR:
return "zlib decompress error";
case PKCS7_NO_SIGNER_E:
return "No signer in PKCS#7 signed data";
case CRYPTOCB_UNAVAILABLE:
return "Crypto callback unavailable";
case PKCS7_SIGNEEDS_CHECK:
return "Signature found but no certificate to verify";
case PSS_SALTLEN_RECOVER_E:
return "PSS - Salt length unable to be recovered";
case ASN_SELF_SIGNED_E:
return "ASN self-signed certificate error";
default:
return "unknown error number";
}
}
void wc_ErrorString(int error, char* buffer)
{
XSTRNCPY(buffer, wc_GetErrorString(error), WOLFSSL_MAX_ERROR_SZ);
buffer[WOLFSSL_MAX_ERROR_SZ-1] = 0;
}
#endif /* !NO_ERROR_STRINGS */
|
