summaryrefslogtreecommitdiff
path: root/lib/gnutls_alert.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gnutls_alert.c')
-rw-r--r--lib/gnutls_alert.c304
1 files changed, 156 insertions, 148 deletions
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index 462bb795b6..3e70b46027 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -27,40 +27,42 @@
#include <debug.h>
typedef struct {
- gnutls_alert_description alert;
- const char *desc;
+ gnutls_alert_description alert;
+ const char *desc;
} gnutls_alert_entry;
static const gnutls_alert_entry sup_alerts[] = {
- { GNUTLS_A_CLOSE_NOTIFY, "Close notify" },
- { GNUTLS_A_UNEXPECTED_MESSAGE, "Unexpected message" },
- { GNUTLS_A_BAD_RECORD_MAC, "Bad record MAC" },
- { GNUTLS_A_DECRYPTION_FAILED, "Decryption failed" },
- { GNUTLS_A_RECORD_OVERFLOW, "Record overflow" },
- { GNUTLS_A_DECOMPRESSION_FAILURE, "Decompression failed" },
- { GNUTLS_A_HANDSHAKE_FAILURE, "Handshake failed" },
- { GNUTLS_A_BAD_CERTIFICATE, "Certificate is bad" },
- { GNUTLS_A_UNSUPPORTED_CERTIFICATE, "Certificate is not supported" },
- { GNUTLS_A_CERTIFICATE_REVOKED, "Certificate was revoked" },
- { GNUTLS_A_CERTIFICATE_EXPIRED, "Certificate is expired" },
- { GNUTLS_A_CERTIFICATE_UNKNOWN, "Unknown certificate" },
- { GNUTLS_A_ILLEGAL_PARAMETER, "Illegal parameter" },
- { GNUTLS_A_UNKNOWN_CA, "CA is unknown" },
- { GNUTLS_A_ACCESS_DENIED, "Access was denied" },
- { GNUTLS_A_DECODE_ERROR, "Decode error" },
- { GNUTLS_A_DECRYPT_ERROR, "Decrypt error" },
- { GNUTLS_A_EXPORT_RESTRICTION, "Export restriction" },
- { GNUTLS_A_PROTOCOL_VERSION, "Error in protocol version" },
- { GNUTLS_A_INSUFFICIENT_SECURITY,"Insufficient security" },
- { GNUTLS_A_USER_CANCELED, "User canceled" },
- { GNUTLS_A_INTERNAL_ERROR, "Internal error" },
- { GNUTLS_A_NO_RENEGOTIATION, "No renegotiation is allowed" },
- { GNUTLS_A_CERTIFICATE_UNOBTAINABLE, "Could not retrieve the specified certificate" },
- { GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent" },
- { GNUTLS_A_UNRECOGNIZED_NAME, "The server name sent was not recognized" },
- { GNUTLS_A_UNKNOWN_SRP_USERNAME, "The SRP username is not known" },
- { GNUTLS_A_MISSING_SRP_USERNAME, "The SRP username was not sent" },
- {0, NULL}
+ {GNUTLS_A_CLOSE_NOTIFY, "Close notify"},
+ {GNUTLS_A_UNEXPECTED_MESSAGE, "Unexpected message"},
+ {GNUTLS_A_BAD_RECORD_MAC, "Bad record MAC"},
+ {GNUTLS_A_DECRYPTION_FAILED, "Decryption failed"},
+ {GNUTLS_A_RECORD_OVERFLOW, "Record overflow"},
+ {GNUTLS_A_DECOMPRESSION_FAILURE, "Decompression failed"},
+ {GNUTLS_A_HANDSHAKE_FAILURE, "Handshake failed"},
+ {GNUTLS_A_BAD_CERTIFICATE, "Certificate is bad"},
+ {GNUTLS_A_UNSUPPORTED_CERTIFICATE, "Certificate is not supported"},
+ {GNUTLS_A_CERTIFICATE_REVOKED, "Certificate was revoked"},
+ {GNUTLS_A_CERTIFICATE_EXPIRED, "Certificate is expired"},
+ {GNUTLS_A_CERTIFICATE_UNKNOWN, "Unknown certificate"},
+ {GNUTLS_A_ILLEGAL_PARAMETER, "Illegal parameter"},
+ {GNUTLS_A_UNKNOWN_CA, "CA is unknown"},
+ {GNUTLS_A_ACCESS_DENIED, "Access was denied"},
+ {GNUTLS_A_DECODE_ERROR, "Decode error"},
+ {GNUTLS_A_DECRYPT_ERROR, "Decrypt error"},
+ {GNUTLS_A_EXPORT_RESTRICTION, "Export restriction"},
+ {GNUTLS_A_PROTOCOL_VERSION, "Error in protocol version"},
+ {GNUTLS_A_INSUFFICIENT_SECURITY, "Insufficient security"},
+ {GNUTLS_A_USER_CANCELED, "User canceled"},
+ {GNUTLS_A_INTERNAL_ERROR, "Internal error"},
+ {GNUTLS_A_NO_RENEGOTIATION, "No renegotiation is allowed"},
+ {GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
+ "Could not retrieve the specified certificate"},
+ {GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent"},
+ {GNUTLS_A_UNRECOGNIZED_NAME,
+ "The server name sent was not recognized"},
+ {GNUTLS_A_UNKNOWN_SRP_USERNAME, "The SRP username is not known"},
+ {GNUTLS_A_MISSING_SRP_USERNAME, "The SRP username was not sent"},
+ {0, NULL}
};
#define GNUTLS_ALERT_LOOP(b) \
@@ -79,13 +81,13 @@ static const gnutls_alert_entry sup_alerts[] = {
* See gnutls_alert_get().
*
**/
-const char* gnutls_alert_get_name( gnutls_alert_level alert)
+const char *gnutls_alert_get_name(gnutls_alert_level alert)
{
-const char* ret = NULL;
+ const char *ret = NULL;
- GNUTLS_ALERT_ID_LOOP( ret = p->desc);
+ GNUTLS_ALERT_ID_LOOP(ret = p->desc);
- return ret;
+ return ret;
}
/**
@@ -105,23 +107,26 @@ const char* ret = NULL;
* Returns 0 on success.
*
**/
-int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc)
+int gnutls_alert_send(gnutls_session session, gnutls_alert_level level,
+ gnutls_alert_description desc)
{
- uint8 data[2];
- int ret;
- const char *name;
+ uint8 data[2];
+ int ret;
+ const char *name;
- data[0] = (uint8) level;
- data[1] = (uint8) desc;
+ data[0] = (uint8) level;
+ data[1] = (uint8) desc;
- name = gnutls_alert_get_name((int)data[1]);
- if (name == NULL) name = "(unknown)";
- _gnutls_record_log( "REC: Sending Alert[%d|%d] - %s\n", data[0], data[1], name);
+ name = gnutls_alert_get_name((int) data[1]);
+ if (name == NULL)
+ name = "(unknown)";
+ _gnutls_record_log("REC: Sending Alert[%d|%d] - %s\n", data[0],
+ data[1], name);
- if ( (ret = _gnutls_send_int( session, GNUTLS_ALERT, -1, data, 2)) >= 0)
- return 0;
- else
- return ret;
+ if ((ret = _gnutls_send_int(session, GNUTLS_ALERT, -1, data, 2)) >= 0)
+ return 0;
+ else
+ return ret;
}
/**
@@ -139,100 +144,101 @@ int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_
* mapping to an alert.
*
**/
-int gnutls_error_to_alert( int err, int* level)
+int gnutls_error_to_alert(int err, int *level)
{
-int ret = GNUTLS_E_INVALID_REQUEST;
-int _level = -1;
+ int ret = GNUTLS_E_INVALID_REQUEST;
+ int _level = -1;
- switch (err) { /* send appropriate alert */
- case GNUTLS_E_DECRYPTION_FAILED:
- /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
- * it is not defined in SSL3. Note that we must
- * not distinguish Decryption failures from mac
- * check failures, due to the possibility of some
- * attacks.
- */
- ret = GNUTLS_A_BAD_RECORD_MAC;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_DECOMPRESSION_FAILED:
- ret = GNUTLS_A_DECOMPRESSION_FAILURE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
- case GNUTLS_E_ILLEGAL_SRP_USERNAME:
- ret = GNUTLS_A_ILLEGAL_PARAMETER;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
- case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
- case GNUTLS_E_ASN1_DER_ERROR:
- case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
- case GNUTLS_E_ASN1_GENERIC_ERROR:
- case GNUTLS_E_ASN1_VALUE_NOT_VALID:
- case GNUTLS_E_ASN1_TAG_ERROR:
- case GNUTLS_E_ASN1_TAG_IMPLICIT:
- case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
- case GNUTLS_E_ASN1_SYNTAX_ERROR:
- case GNUTLS_E_ASN1_DER_OVERFLOW:
- case GNUTLS_E_NO_CERTIFICATE_FOUND:
- ret = GNUTLS_A_BAD_CERTIFICATE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
- case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
- case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
- case GNUTLS_E_NO_CIPHER_SUITES:
- case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
- ret = GNUTLS_A_HANDSHAKE_FAILURE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
- ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNEXPECTED_PACKET:
- ret = GNUTLS_A_UNEXPECTED_MESSAGE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_REHANDSHAKE:
- ret = GNUTLS_A_NO_RENEGOTIATION;
- _level = GNUTLS_AL_WARNING;
- break;
- case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
- ret = GNUTLS_A_PROTOCOL_VERSION;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
- ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
- ret = GNUTLS_A_RECORD_OVERFLOW;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_INTERNAL_ERROR:
- case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
- case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
- ret = GNUTLS_A_INTERNAL_ERROR;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_OPENPGP_GETKEY_FAILED:
- ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
- _level = GNUTLS_AL_FATAL;
- break;
- case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
- ret = GNUTLS_A_INSUFFICIENT_SECURITY;
- _level = GNUTLS_AL_FATAL;
- break;
- }
-
- if (level != NULL) *level = _level;
+ switch (err) { /* send appropriate alert */
+ case GNUTLS_E_DECRYPTION_FAILED:
+ /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
+ * it is not defined in SSL3. Note that we must
+ * not distinguish Decryption failures from mac
+ * check failures, due to the possibility of some
+ * attacks.
+ */
+ ret = GNUTLS_A_BAD_RECORD_MAC;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DECOMPRESSION_FAILED:
+ ret = GNUTLS_A_DECOMPRESSION_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
+ case GNUTLS_E_ILLEGAL_SRP_USERNAME:
+ ret = GNUTLS_A_ILLEGAL_PARAMETER;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
+ case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
+ case GNUTLS_E_ASN1_DER_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
+ case GNUTLS_E_ASN1_GENERIC_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_VALID:
+ case GNUTLS_E_ASN1_TAG_ERROR:
+ case GNUTLS_E_ASN1_TAG_IMPLICIT:
+ case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
+ case GNUTLS_E_ASN1_SYNTAX_ERROR:
+ case GNUTLS_E_ASN1_DER_OVERFLOW:
+ case GNUTLS_E_NO_CERTIFICATE_FOUND:
+ ret = GNUTLS_A_BAD_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
+ case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
+ case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
+ case GNUTLS_E_NO_CIPHER_SUITES:
+ case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
+ ret = GNUTLS_A_HANDSHAKE_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
+ ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET:
+ ret = GNUTLS_A_UNEXPECTED_MESSAGE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_REHANDSHAKE:
+ ret = GNUTLS_A_NO_RENEGOTIATION;
+ _level = GNUTLS_AL_WARNING;
+ break;
+ case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
+ ret = GNUTLS_A_PROTOCOL_VERSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
+ ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+ ret = GNUTLS_A_RECORD_OVERFLOW;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_INTERNAL_ERROR:
+ case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
+ case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
+ ret = GNUTLS_A_INTERNAL_ERROR;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_OPENPGP_GETKEY_FAILED:
+ ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
+ ret = GNUTLS_A_INSUFFICIENT_SECURITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ }
- return ret;
+ if (level != NULL)
+ *level = _level;
+
+ return ret;
}
-
+
/* Sends the appropriate alert, depending
* on the error message. Deprecated. May be removed.
*/
@@ -251,16 +257,17 @@ int _level = -1;
* been sent to the peer.
*
-*/
-int gnutls_alert_send_appropriate( gnutls_session session, int err) {
-int alert;
-int level;
+int gnutls_alert_send_appropriate(gnutls_session session, int err)
+{
+ int alert;
+ int level;
- alert = gnutls_error_to_alert( err, &level);
- if (alert < 0) {
- return alert;
- }
-
- return gnutls_alert_send( session, level, alert);
+ alert = gnutls_error_to_alert(err, &level);
+ if (alert < 0) {
+ return alert;
+ }
+
+ return gnutls_alert_send(session, level, alert);
}
/**
@@ -273,6 +280,7 @@ int level;
* The peer may send alerts if he thinks some things were not
* right. Check gnutls.h for the available alert descriptions.
**/
-gnutls_alert_description gnutls_alert_get( gnutls_session session) {
- return session->internals.last_alert;
+gnutls_alert_description gnutls_alert_get(gnutls_session session)
+{
+ return session->internals.last_alert;
}
View Lorry Controller Status