Google Git
Sign in
pigweed / third_party / github / ARMmbed / mbedtls / 22098d41c6620ce07cf8a0134d37302355e1e5ef / . / library / error.c
blob: 297eccd033087006919a86bcfe5dfca02b6b5ee5 [file] [log] [blame]
Minos Galanakis22098d42025-03-20 09:33:09 +0000[diff] [blame^]1/*
2 * Error message information
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7
8#include "common.h"
9
10#include "mbedtls/error.h"
11
12#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
13
14#if defined(MBEDTLS_ERROR_C)
15
16#include "mbedtls/platform.h"
17
18#include <stdio.h>
19#include <string.h>
20
21#if defined(MBEDTLS_AES_C)
22#include "mbedtls/aes.h"
23#endif
24
25#if defined(MBEDTLS_ARIA_C)
26#include "mbedtls/aria.h"
27#endif
28
29#if defined(MBEDTLS_ASN1_PARSE_C)
30#include "mbedtls/asn1.h"
31#endif
32
33#if defined(MBEDTLS_BASE64_C)
34#include "mbedtls/base64.h"
35#endif
36
37#if defined(MBEDTLS_BIGNUM_C)
38#include "mbedtls/bignum.h"
39#endif
40
41#if defined(MBEDTLS_CAMELLIA_C)
42#include "mbedtls/camellia.h"
43#endif
44
45#if defined(MBEDTLS_CCM_C)
46#include "mbedtls/ccm.h"
47#endif
48
49#if defined(MBEDTLS_CHACHA20_C)
50#include "mbedtls/chacha20.h"
51#endif
52
53#if defined(MBEDTLS_CHACHAPOLY_C)
54#include "mbedtls/chachapoly.h"
55#endif
56
57#if defined(MBEDTLS_CIPHER_C)
58#include "mbedtls/cipher.h"
59#endif
60
61#if defined(MBEDTLS_CTR_DRBG_C)
62#include "mbedtls/ctr_drbg.h"
63#endif
64
65#if defined(MBEDTLS_DES_C)
66#include "mbedtls/des.h"
67#endif
68
69#if defined(MBEDTLS_DHM_C)
70#include "mbedtls/dhm.h"
71#endif
72
73#if defined(MBEDTLS_ECP_C)
74#include "mbedtls/ecp.h"
75#endif
76
77#if defined(MBEDTLS_ENTROPY_C)
78#include "mbedtls/entropy.h"
79#endif
80
81#if defined(MBEDTLS_ERROR_C)
82#include "mbedtls/error.h"
83#endif
84
85#if defined(MBEDTLS_PLATFORM_C)
86#include "mbedtls/platform.h"
87#endif
88
89#if defined(MBEDTLS_GCM_C)
90#include "mbedtls/gcm.h"
91#endif
92
93#if defined(MBEDTLS_HKDF_C)
94#include "mbedtls/hkdf.h"
95#endif
96
97#if defined(MBEDTLS_HMAC_DRBG_C)
98#include "mbedtls/hmac_drbg.h"
99#endif
100
101#if defined(MBEDTLS_LMS_C)
102#include "mbedtls/lms.h"
103#endif
104
105#if defined(MBEDTLS_MD_C)
106#include "mbedtls/md.h"
107#endif
108
109#if defined(MBEDTLS_NET_C)
110#include "mbedtls/net_sockets.h"
111#endif
112
113#if defined(MBEDTLS_OID_C)
114#include "mbedtls/oid.h"
115#endif
116
117#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
118#include "mbedtls/pem.h"
119#endif
120
121#if defined(MBEDTLS_PK_C)
122#include "mbedtls/pk.h"
123#endif
124
125#if defined(MBEDTLS_PKCS12_C)
126#include "mbedtls/pkcs12.h"
127#endif
128
129#if defined(MBEDTLS_PKCS5_C)
130#include "mbedtls/pkcs5.h"
131#endif
132
133#if defined(MBEDTLS_PKCS7_C)
134#include "mbedtls/pkcs7.h"
135#endif
136
137#if defined(MBEDTLS_POLY1305_C)
138#include "mbedtls/poly1305.h"
139#endif
140
141#if defined(MBEDTLS_RSA_C)
142#include "mbedtls/rsa.h"
143#endif
144
145#if defined(MBEDTLS_SHA1_C)
146#include "mbedtls/sha1.h"
147#endif
148
149#if defined(MBEDTLS_SHA256_C)
150#include "mbedtls/sha256.h"
151#endif
152
153#if defined(MBEDTLS_SHA3_C)
154#include "mbedtls/sha3.h"
155#endif
156
157#if defined(MBEDTLS_SHA512_C)
158#include "mbedtls/sha512.h"
159#endif
160
161#if defined(MBEDTLS_SSL_TLS_C)
162#include "mbedtls/ssl.h"
163#endif
164
165#if defined(MBEDTLS_THREADING_C)
166#include "mbedtls/threading.h"
167#endif
168
169#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
170#include "mbedtls/x509.h"
171#endif
172
173
174const char *mbedtls_high_level_strerr(int error_code)
175{
176 int high_level_error_code;
177
178 if (error_code < 0) {
179 error_code = -error_code;
180 }
181
182 /* Extract the high-level part from the error code. */
183 high_level_error_code = error_code & 0xFF80;
184
185 switch (high_level_error_code) {
186 /* Begin Auto-Generated Code. */
187 #if defined(MBEDTLS_CIPHER_C)
188 case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE):
189 return( "CIPHER - The selected feature is not available" );
190 case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA):
191 return( "CIPHER - Bad input parameters" );
192 case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED):
193 return( "CIPHER - Failed to allocate memory" );
194 case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING):
195 return( "CIPHER - Input data contains invalid padding and is rejected" );
196 case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED):
197 return( "CIPHER - Decryption of block requires a full block" );
198 case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED):
199 return( "CIPHER - Authentication failed (for AEAD modes)" );
200 case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT):
201 return( "CIPHER - The context is invalid. For example, because it was freed" );
202#endif /* MBEDTLS_CIPHER_C */
203
204#if defined(MBEDTLS_DHM_C)
205 case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA):
206 return( "DHM - Bad input parameters" );
207 case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED):
208 return( "DHM - Reading of the DHM parameters failed" );
209 case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED):
210 return( "DHM - Making of the DHM parameters failed" );
211 case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED):
212 return( "DHM - Reading of the public values failed" );
213 case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED):
214 return( "DHM - Making of the public value failed" );
215 case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED):
216 return( "DHM - Calculation of the DHM secret failed" );
217 case -(MBEDTLS_ERR_DHM_INVALID_FORMAT):
218 return( "DHM - The ASN.1 data is not formatted correctly" );
219 case -(MBEDTLS_ERR_DHM_ALLOC_FAILED):
220 return( "DHM - Allocation of memory failed" );
221 case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR):
222 return( "DHM - Read or write of file failed" );
223 case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED):
224 return( "DHM - Setting the modulus and generator failed" );
225#endif /* MBEDTLS_DHM_C */
226
227#if defined(MBEDTLS_ECP_C)
228 case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA):
229 return( "ECP - Bad input parameters to function" );
230 case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL):
231 return( "ECP - The buffer is too small to write to" );
232 case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE):
233 return( "ECP - The requested feature is not available, for example, the requested curve is not supported" );
234 case -(MBEDTLS_ERR_ECP_VERIFY_FAILED):
235 return( "ECP - The signature is not valid" );
236 case -(MBEDTLS_ERR_ECP_ALLOC_FAILED):
237 return( "ECP - Memory allocation failed" );
238 case -(MBEDTLS_ERR_ECP_RANDOM_FAILED):
239 return( "ECP - Generation of random value, such as ephemeral key, failed" );
240 case -(MBEDTLS_ERR_ECP_INVALID_KEY):
241 return( "ECP - Invalid private or public key" );
242 case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH):
243 return( "ECP - The buffer contains a valid signature followed by more data" );
244 case -(MBEDTLS_ERR_ECP_IN_PROGRESS):
245 return( "ECP - Operation in progress, call again with the same parameters to continue" );
246#endif /* MBEDTLS_ECP_C */
247
248#if defined(MBEDTLS_MD_C)
249 case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE):
250 return( "MD - The selected feature is not available" );
251 case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA):
252 return( "MD - Bad input parameters to function" );
253 case -(MBEDTLS_ERR_MD_ALLOC_FAILED):
254 return( "MD - Failed to allocate memory" );
255 case -(MBEDTLS_ERR_MD_FILE_IO_ERROR):
256 return( "MD - Opening or reading of file failed" );
257#endif /* MBEDTLS_MD_C */
258
259#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
260 case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT):
261 return( "PEM - No PEM header or footer found" );
262 case -(MBEDTLS_ERR_PEM_INVALID_DATA):
263 return( "PEM - PEM string is not as expected" );
264 case -(MBEDTLS_ERR_PEM_ALLOC_FAILED):
265 return( "PEM - Failed to allocate memory" );
266 case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV):
267 return( "PEM - RSA IV is not in hex-format" );
268 case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG):
269 return( "PEM - Unsupported key encryption algorithm" );
270 case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED):
271 return( "PEM - Private key password can't be empty" );
272 case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH):
273 return( "PEM - Given private key password does not allow for correct decryption" );
274 case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE):
275 return( "PEM - Unavailable feature, e.g. hashing/encryption combination" );
276 case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA):
277 return( "PEM - Bad input parameters to function" );
278#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
279
280#if defined(MBEDTLS_PK_C)
281 case -(MBEDTLS_ERR_PK_ALLOC_FAILED):
282 return( "PK - Memory allocation failed" );
283 case -(MBEDTLS_ERR_PK_TYPE_MISMATCH):
284 return( "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
285 case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA):
286 return( "PK - Bad input parameters to function" );
287 case -(MBEDTLS_ERR_PK_FILE_IO_ERROR):
288 return( "PK - Read/write of file failed" );
289 case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION):
290 return( "PK - Unsupported key version" );
291 case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT):
292 return( "PK - Invalid key tag or value" );
293 case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG):
294 return( "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
295 case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED):
296 return( "PK - Private key password can't be empty" );
297 case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH):
298 return( "PK - Given private key password does not allow for correct decryption" );
299 case -(MBEDTLS_ERR_PK_INVALID_PUBKEY):
300 return( "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
301 case -(MBEDTLS_ERR_PK_INVALID_ALG):
302 return( "PK - The algorithm tag or value is invalid" );
303 case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE):
304 return( "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
305 case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE):
306 return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
307 case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH):
308 return( "PK - The buffer contains a valid signature followed by more data" );
309 case -(MBEDTLS_ERR_PK_BUFFER_TOO_SMALL):
310 return( "PK - The output buffer is too small" );
311#endif /* MBEDTLS_PK_C */
312
313#if defined(MBEDTLS_PKCS12_C)
314 case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA):
315 return( "PKCS12 - Bad input parameters to function" );
316 case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE):
317 return( "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
318 case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT):
319 return( "PKCS12 - PBE ASN.1 data not as expected" );
320 case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH):
321 return( "PKCS12 - Given private key password does not allow for correct decryption" );
322#endif /* MBEDTLS_PKCS12_C */
323
324#if defined(MBEDTLS_PKCS5_C)
325 case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA):
326 return( "PKCS5 - Bad input parameters to function" );
327 case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT):
328 return( "PKCS5 - Unexpected ASN.1 data" );
329 case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE):
330 return( "PKCS5 - Requested encryption or digest alg not available" );
331 case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH):
332 return( "PKCS5 - Given private key password does not allow for correct decryption" );
333#endif /* MBEDTLS_PKCS5_C */
334
335#if defined(MBEDTLS_PKCS7_C)
336 case -(MBEDTLS_ERR_PKCS7_INVALID_FORMAT):
337 return( "PKCS7 - The format is invalid, e.g. different type expected" );
338 case -(MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE):
339 return( "PKCS7 - Unavailable feature, e.g. anything other than signed data" );
340 case -(MBEDTLS_ERR_PKCS7_INVALID_VERSION):
341 return( "PKCS7 - The PKCS #7 version element is invalid or cannot be parsed" );
342 case -(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO):
343 return( "PKCS7 - The PKCS #7 content info is invalid or cannot be parsed" );
344 case -(MBEDTLS_ERR_PKCS7_INVALID_ALG):
345 return( "PKCS7 - The algorithm tag or value is invalid or cannot be parsed" );
346 case -(MBEDTLS_ERR_PKCS7_INVALID_CERT):
347 return( "PKCS7 - The certificate tag or value is invalid or cannot be parsed" );
348 case -(MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE):
349 return( "PKCS7 - Error parsing the signature" );
350 case -(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO):
351 return( "PKCS7 - Error parsing the signer's info" );
352 case -(MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA):
353 return( "PKCS7 - Input invalid" );
354 case -(MBEDTLS_ERR_PKCS7_ALLOC_FAILED):
355 return( "PKCS7 - Allocation of memory failed" );
356 case -(MBEDTLS_ERR_PKCS7_VERIFY_FAIL):
357 return( "PKCS7 - Verification Failed" );
358 case -(MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID):
359 return( "PKCS7 - The PKCS #7 date issued/expired dates are invalid" );
360#endif /* MBEDTLS_PKCS7_C */
361
362#if defined(MBEDTLS_RSA_C)
363 case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA):
364 return( "RSA - Bad input parameters to function" );
365 case -(MBEDTLS_ERR_RSA_INVALID_PADDING):
366 return( "RSA - Input data contains invalid padding and is rejected" );
367 case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED):
368 return( "RSA - Something failed during generation of a key" );
369 case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED):
370 return( "RSA - Key failed to pass the validity check of the library" );
371 case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED):
372 return( "RSA - The public key operation failed" );
373 case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED):
374 return( "RSA - The private key operation failed" );
375 case -(MBEDTLS_ERR_RSA_VERIFY_FAILED):
376 return( "RSA - The PKCS#1 verification failed" );
377 case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE):
378 return( "RSA - The output buffer for decryption is not large enough" );
379 case -(MBEDTLS_ERR_RSA_RNG_FAILED):
380 return( "RSA - The random generator failed to generate non-zeros" );
381#endif /* MBEDTLS_RSA_C */
382
383#if defined(MBEDTLS_SSL_TLS_C)
384 case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS):
385 return( "SSL - A cryptographic operation is in progress. Try again later" );
386 case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE):
387 return( "SSL - The requested feature is not available" );
388 case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA):
389 return( "SSL - Bad input parameters to function" );
390 case -(MBEDTLS_ERR_SSL_INVALID_MAC):
391 return( "SSL - Verification of the message MAC failed" );
392 case -(MBEDTLS_ERR_SSL_INVALID_RECORD):
393 return( "SSL - An invalid SSL record was received" );
394 case -(MBEDTLS_ERR_SSL_CONN_EOF):
395 return( "SSL - The connection indicated an EOF" );
396 case -(MBEDTLS_ERR_SSL_DECODE_ERROR):
397 return( "SSL - A message could not be parsed due to a syntactic error" );
398 case -(MBEDTLS_ERR_SSL_NO_RNG):
399 return( "SSL - No RNG was provided to the SSL module" );
400 case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE):
401 return( "SSL - No client certification received from the client, but required by the authentication mode" );
402 case -(MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION):
403 return( "SSL - Client received an extended server hello containing an unsupported extension" );
404 case -(MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL):
405 return( "SSL - No ALPN protocols supported that the client advertises" );
406 case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED):
407 return( "SSL - The own private key or pre-shared key is not set, but needed" );
408 case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED):
409 return( "SSL - No CA Chain is set, but required to operate" );
410 case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE):
411 return( "SSL - An unexpected message was received from our peer" );
412 case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE):
413 return( "SSL - A fatal alert message was received from our peer" );
414 case -(MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME):
415 return( "SSL - No server could be identified matching the client's SNI" );
416 case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY):
417 return( "SSL - The peer notified us that the connection is going to be closed" );
418 case -(MBEDTLS_ERR_SSL_BAD_CERTIFICATE):
419 return( "SSL - Processing of the Certificate handshake message failed" );
420 case -(MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET):
421 return( "SSL - A TLS 1.3 NewSessionTicket message has been received" );
422 case -(MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA):
423 return( "SSL - Not possible to read early data" );
424 case -(MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA):
425 return( "SSL - * Early data has been received as part of an on-going handshake. This error code can be returned only on server side if and only if early data has been enabled by means of the mbedtls_ssl_conf_early_data() API. This error code can then be returned by mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if early data has been received as part of the handshake sequence they triggered. To read the early data, call mbedtls_ssl_read_early_data()" );
426 case -(MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA):
427 return( "SSL - Not possible to write early data" );
428 case -(MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND):
429 return( "SSL - Cache entry not found" );
430 case -(MBEDTLS_ERR_SSL_ALLOC_FAILED):
431 return( "SSL - Memory allocation failed" );
432 case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED):
433 return( "SSL - Hardware acceleration function returned with error" );
434 case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH):
435 return( "SSL - Hardware acceleration function skipped / left alone data" );
436 case -(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION):
437 return( "SSL - Handshake protocol not within min/max boundaries" );
438 case -(MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE):
439 return( "SSL - The handshake negotiation failed" );
440 case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED):
441 return( "SSL - Session ticket has expired" );
442 case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH):
443 return( "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
444 case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY):
445 return( "SSL - Unknown identity received (eg, PSK identity)" );
446 case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR):
447 return( "SSL - Internal error (eg, unexpected failure in lower-level module)" );
448 case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING):
449 return( "SSL - A counter would wrap (eg, too many messages exchanged)" );
450 case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO):
451 return( "SSL - Unexpected message at ServerHello in renegotiation" );
452 case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED):
453 return( "SSL - DTLS client must retry for hello verification" );
454 case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL):
455 return( "SSL - A buffer is too small to receive or write a message" );
456 case -(MBEDTLS_ERR_SSL_WANT_READ):
457 return( "SSL - No data of requested type currently available on underlying transport" );
458 case -(MBEDTLS_ERR_SSL_WANT_WRITE):
459 return( "SSL - Connection requires a write call" );
460 case -(MBEDTLS_ERR_SSL_TIMEOUT):
461 return( "SSL - The operation timed out" );
462 case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT):
463 return( "SSL - The client initiated a reconnect from the same port" );
464 case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD):
465 return( "SSL - Record header looks valid but is not expected" );
466 case -(MBEDTLS_ERR_SSL_NON_FATAL):
467 return( "SSL - The alert message received indicates a non-fatal error" );
468 case -(MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER):
469 return( "SSL - A field in a message was incorrect or inconsistent with other fields" );
470 case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING):
471 return( "SSL - Internal-only message signaling that further message-processing should be done" );
472 case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS):
473 return( "SSL - The asynchronous operation is not completed yet" );
474 case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE):
475 return( "SSL - Internal-only message signaling that a message arrived early" );
476 case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID):
477 return( "SSL - An encrypted DTLS-frame with an unexpected CID was received" );
478 case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH):
479 return( "SSL - An operation failed due to an unexpected version or configuration" );
480 case -(MBEDTLS_ERR_SSL_BAD_CONFIG):
481 return( "SSL - Invalid value in SSL config" );
482 case -(MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME):
483 return( "SSL - Attempt to verify a certificate without an expected hostname. This is usually insecure. In TLS clients, when a client authenticates a server through its certificate, the client normally checks three things: - the certificate chain must be valid; - the chain must start from a trusted CA; - the certificate must cover the server name that is expected by the client. Omitting any of these checks is generally insecure, and can allow a malicious server to impersonate a legitimate server. The third check may be safely skipped in some unusual scenarios, such as networks where eavesdropping is a risk but not active attacks, or a private PKI where the client equally trusts all servers that are accredited by the root CA. You should call mbedtls_ssl_set_hostname() with the expected server name before starting a TLS handshake on a client (unless the client is set up to only use PSK-based authentication, which does not rely on the host name). If you have determined that server name verification is not required for security in your scenario, call mbedtls_ssl_set_hostname() with \\p NULL as the server name. This error is raised if all of the following conditions are met: - A TLS client is configured with the authentication mode #MBEDTLS_SSL_VERIFY_REQUIRED (default). - Certificate authentication is enabled. - The client does not call mbedtls_ssl_set_hostname(). - The configuration option #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is not enabled" );
484#endif /* MBEDTLS_SSL_TLS_C */
485
486#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
487 case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE):
488 return( "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
489 case -(MBEDTLS_ERR_X509_UNKNOWN_OID):
490 return( "X509 - Requested OID is unknown" );
491 case -(MBEDTLS_ERR_X509_INVALID_FORMAT):
492 return( "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
493 case -(MBEDTLS_ERR_X509_INVALID_VERSION):
494 return( "X509 - The CRT/CRL/CSR version element is invalid" );
495 case -(MBEDTLS_ERR_X509_INVALID_SERIAL):
496 return( "X509 - The serial tag or value is invalid" );
497 case -(MBEDTLS_ERR_X509_INVALID_ALG):
498 return( "X509 - The algorithm tag or value is invalid" );
499 case -(MBEDTLS_ERR_X509_INVALID_NAME):
500 return( "X509 - The name tag or value is invalid" );
501 case -(MBEDTLS_ERR_X509_INVALID_DATE):
502 return( "X509 - The date tag or value is invalid" );
503 case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE):
504 return( "X509 - The signature tag or value invalid" );
505 case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS):
506 return( "X509 - The extension tag or value is invalid" );
507 case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION):
508 return( "X509 - CRT/CRL/CSR has an unsupported version number" );
509 case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG):
510 return( "X509 - Signature algorithm (oid) is unsupported" );
511 case -(MBEDTLS_ERR_X509_SIG_MISMATCH):
512 return( "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" );
513 case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED):
514 return( "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
515 case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT):
516 return( "X509 - Format not recognized as DER or PEM" );
517 case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA):
518 return( "X509 - Input invalid" );
519 case -(MBEDTLS_ERR_X509_ALLOC_FAILED):
520 return( "X509 - Allocation of memory failed" );
521 case -(MBEDTLS_ERR_X509_FILE_IO_ERROR):
522 return( "X509 - Read/write of file failed" );
523 case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL):
524 return( "X509 - Destination buffer is too small" );
525 case -(MBEDTLS_ERR_X509_FATAL_ERROR):
526 return( "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" );
527#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
528 /* End Auto-Generated Code. */
529
530 default:
531 break;
532 }
533
534 return NULL;
535}
536
537const char *mbedtls_low_level_strerr(int error_code)
538{
539 int low_level_error_code;
540
541 if (error_code < 0) {
542 error_code = -error_code;
543 }
544
545 /* Extract the low-level part from the error code. */
546 low_level_error_code = error_code & ~0xFF80;
547
548 switch (low_level_error_code) {
549 /* Begin Auto-Generated Code. */
550 #if defined(MBEDTLS_AES_C)
551 case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH):
552 return( "AES - Invalid key length" );
553 case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH):
554 return( "AES - Invalid data input length" );
555 case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA):
556 return( "AES - Invalid input data" );
557#endif /* MBEDTLS_AES_C */
558
559#if defined(MBEDTLS_ARIA_C)
560 case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA):
561 return( "ARIA - Bad input data" );
562 case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH):
563 return( "ARIA - Invalid data input length" );
564#endif /* MBEDTLS_ARIA_C */
565
566#if defined(MBEDTLS_ASN1_PARSE_C)
567 case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA):
568 return( "ASN1 - Out of data when parsing an ASN1 data structure" );
569 case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):
570 return( "ASN1 - ASN1 tag was of an unexpected value" );
571 case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH):
572 return( "ASN1 - Error when trying to determine the length or invalid length" );
573 case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH):
574 return( "ASN1 - Actual length differs from expected length" );
575 case -(MBEDTLS_ERR_ASN1_INVALID_DATA):
576 return( "ASN1 - Data is invalid" );
577 case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED):
578 return( "ASN1 - Memory allocation failed" );
579 case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL):
580 return( "ASN1 - Buffer too small when writing ASN.1 data structure" );
581#endif /* MBEDTLS_ASN1_PARSE_C */
582
583#if defined(MBEDTLS_BASE64_C)
584 case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL):
585 return( "BASE64 - Output buffer too small" );
586 case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER):
587 return( "BASE64 - Invalid character in input" );
588#endif /* MBEDTLS_BASE64_C */
589
590#if defined(MBEDTLS_BIGNUM_C)
591 case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR):
592 return( "BIGNUM - An error occurred while reading from or writing to a file" );
593 case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA):
594 return( "BIGNUM - Bad input parameters to function" );
595 case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER):
596 return( "BIGNUM - There is an invalid character in the digit string" );
597 case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL):
598 return( "BIGNUM - The buffer is too small to write to" );
599 case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE):
600 return( "BIGNUM - The input arguments are negative or result in illegal output" );
601 case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO):
602 return( "BIGNUM - The input argument for division is zero, which is not allowed" );
603 case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE):
604 return( "BIGNUM - The input arguments are not acceptable" );
605 case -(MBEDTLS_ERR_MPI_ALLOC_FAILED):
606 return( "BIGNUM - Memory allocation failed" );
607#endif /* MBEDTLS_BIGNUM_C */
608
609#if defined(MBEDTLS_CAMELLIA_C)
610 case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA):
611 return( "CAMELLIA - Bad input data" );
612 case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH):
613 return( "CAMELLIA - Invalid data input length" );
614#endif /* MBEDTLS_CAMELLIA_C */
615
616#if defined(MBEDTLS_CCM_C)
617 case -(MBEDTLS_ERR_CCM_BAD_INPUT):
618 return( "CCM - Bad input parameters to the function" );
619 case -(MBEDTLS_ERR_CCM_AUTH_FAILED):
620 return( "CCM - Authenticated decryption failed" );
621#endif /* MBEDTLS_CCM_C */
622
623#if defined(MBEDTLS_CHACHA20_C)
624 case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA):
625 return( "CHACHA20 - Invalid input parameter(s)" );
626#endif /* MBEDTLS_CHACHA20_C */
627
628#if defined(MBEDTLS_CHACHAPOLY_C)
629 case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE):
630 return( "CHACHAPOLY - The requested operation is not permitted in the current state" );
631 case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED):
632 return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" );
633#endif /* MBEDTLS_CHACHAPOLY_C */
634
635#if defined(MBEDTLS_CTR_DRBG_C)
636 case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED):
637 return( "CTR_DRBG - The entropy source failed" );
638 case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG):
639 return( "CTR_DRBG - The requested random buffer length is too big" );
640 case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG):
641 return( "CTR_DRBG - The input (entropy + additional data) is too large" );
642 case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR):
643 return( "CTR_DRBG - Read or write error in file" );
644#endif /* MBEDTLS_CTR_DRBG_C */
645
646#if defined(MBEDTLS_DES_C)
647 case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH):
648 return( "DES - The data input has an invalid length" );
649#endif /* MBEDTLS_DES_C */
650
651#if defined(MBEDTLS_ENTROPY_C)
652 case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED):
653 return( "ENTROPY - Critical entropy source failure" );
654 case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES):
655 return( "ENTROPY - No more sources can be added" );
656 case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED):
657 return( "ENTROPY - No sources have been added to poll" );
658 case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE):
659 return( "ENTROPY - No strong sources have been added to poll" );
660 case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR):
661 return( "ENTROPY - Read/write error in file" );
662#endif /* MBEDTLS_ENTROPY_C */
663
664#if defined(MBEDTLS_ERROR_C)
665 case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR):
666 return( "ERROR - Generic error" );
667 case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED):
668 return( "ERROR - This is a bug in the library" );
669#endif /* MBEDTLS_ERROR_C */
670
671#if defined(MBEDTLS_PLATFORM_C)
672 case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED):
673 return( "PLATFORM - Hardware accelerator failed" );
674 case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED):
675 return( "PLATFORM - The requested feature is not supported by the platform" );
676#endif /* MBEDTLS_PLATFORM_C */
677
678#if defined(MBEDTLS_GCM_C)
679 case -(MBEDTLS_ERR_GCM_AUTH_FAILED):
680 return( "GCM - Authenticated decryption failed" );
681 case -(MBEDTLS_ERR_GCM_BAD_INPUT):
682 return( "GCM - Bad input parameters to function" );
683 case -(MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL):
684 return( "GCM - An output buffer is too small" );
685#endif /* MBEDTLS_GCM_C */
686
687#if defined(MBEDTLS_HKDF_C)
688 case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA):
689 return( "HKDF - Bad input parameters to function" );
690#endif /* MBEDTLS_HKDF_C */
691
692#if defined(MBEDTLS_HMAC_DRBG_C)
693 case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG):
694 return( "HMAC_DRBG - Too many random requested in single call" );
695 case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG):
696 return( "HMAC_DRBG - Input too large (Entropy + additional)" );
697 case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR):
698 return( "HMAC_DRBG - Read/write error in file" );
699 case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED):
700 return( "HMAC_DRBG - The entropy source failed" );
701#endif /* MBEDTLS_HMAC_DRBG_C */
702
703#if defined(MBEDTLS_LMS_C)
704 case -(MBEDTLS_ERR_LMS_BAD_INPUT_DATA):
705 return( "LMS - Bad data has been input to an LMS function" );
706 case -(MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS):
707 return( "LMS - Specified LMS key has utilised all of its private keys" );
708 case -(MBEDTLS_ERR_LMS_VERIFY_FAILED):
709 return( "LMS - LMS signature verification failed" );
710 case -(MBEDTLS_ERR_LMS_ALLOC_FAILED):
711 return( "LMS - LMS failed to allocate space for a private key" );
712 case -(MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL):
713 return( "LMS - Input/output buffer is too small to contain requited data" );
714#endif /* MBEDTLS_LMS_C */
715
716#if defined(MBEDTLS_NET_C)
717 case -(MBEDTLS_ERR_NET_SOCKET_FAILED):
718 return( "NET - Failed to open a socket" );
719 case -(MBEDTLS_ERR_NET_CONNECT_FAILED):
720 return( "NET - The connection to the given server / port failed" );
721 case -(MBEDTLS_ERR_NET_BIND_FAILED):
722 return( "NET - Binding of the socket failed" );
723 case -(MBEDTLS_ERR_NET_LISTEN_FAILED):
724 return( "NET - Could not listen on the socket" );
725 case -(MBEDTLS_ERR_NET_ACCEPT_FAILED):
726 return( "NET - Could not accept the incoming connection" );
727 case -(MBEDTLS_ERR_NET_RECV_FAILED):
728 return( "NET - Reading information from the socket failed" );
729 case -(MBEDTLS_ERR_NET_SEND_FAILED):
730 return( "NET - Sending information through the socket failed" );
731 case -(MBEDTLS_ERR_NET_CONN_RESET):
732 return( "NET - Connection was reset by peer" );
733 case -(MBEDTLS_ERR_NET_UNKNOWN_HOST):
734 return( "NET - Failed to get an IP address for the given hostname" );
735 case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL):
736 return( "NET - Buffer is too small to hold the data" );
737 case -(MBEDTLS_ERR_NET_INVALID_CONTEXT):
738 return( "NET - The context is invalid, eg because it was free()ed" );
739 case -(MBEDTLS_ERR_NET_POLL_FAILED):
740 return( "NET - Polling the net context failed" );
741 case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA):
742 return( "NET - Input invalid" );
743#endif /* MBEDTLS_NET_C */
744
745#if defined(MBEDTLS_OID_C)
746 case -(MBEDTLS_ERR_OID_NOT_FOUND):
747 return( "OID - OID is not found" );
748 case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL):
749 return( "OID - output buffer is too small" );
750#endif /* MBEDTLS_OID_C */
751
752#if defined(MBEDTLS_POLY1305_C)
753 case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA):
754 return( "POLY1305 - Invalid input parameter(s)" );
755#endif /* MBEDTLS_POLY1305_C */
756
757#if defined(MBEDTLS_SHA1_C)
758 case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA):
759 return( "SHA1 - SHA-1 input data was malformed" );
760#endif /* MBEDTLS_SHA1_C */
761
762#if defined(MBEDTLS_SHA256_C)
763 case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA):
764 return( "SHA256 - SHA-256 input data was malformed" );
765#endif /* MBEDTLS_SHA256_C */
766
767#if defined(MBEDTLS_SHA3_C)
768 case -(MBEDTLS_ERR_SHA3_BAD_INPUT_DATA):
769 return( "SHA3 - SHA-3 input data was malformed" );
770#endif /* MBEDTLS_SHA3_C */
771
772#if defined(MBEDTLS_SHA512_C)
773 case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA):
774 return( "SHA512 - SHA-512 input data was malformed" );
775#endif /* MBEDTLS_SHA512_C */
776
777#if defined(MBEDTLS_THREADING_C)
778 case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA):
779 return( "THREADING - Bad input parameters to function" );
780 case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR):
781 return( "THREADING - Locking / unlocking / free failed with error code" );
782#endif /* MBEDTLS_THREADING_C */
783 /* End Auto-Generated Code. */
784
785 default:
786 break;
787 }
788
789 return NULL;
790}
791
792void mbedtls_strerror(int ret, char *buf, size_t buflen)
793{
794 size_t len;
795 int use_ret;
796 const char *high_level_error_description = NULL;
797 const char *low_level_error_description = NULL;
798
799 if (buflen == 0) {
800 return;
801 }
802
803 memset(buf, 0x00, buflen);
804
805 if (ret < 0) {
806 ret = -ret;
807 }
808
809 if (ret & 0xFF80) {
810 use_ret = ret & 0xFF80;
811
812 // Translate high level error code.
813 high_level_error_description = mbedtls_high_level_strerr(ret);
814
815 if (high_level_error_description == NULL) {
816 mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret);
817 } else {
818 mbedtls_snprintf(buf, buflen, "%s", high_level_error_description);
819 }
820
821#if defined(MBEDTLS_SSL_TLS_C)
822 // Early return in case of a fatal error - do not try to translate low
823 // level code.
824 if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) {
825 return;
826 }
827#endif /* MBEDTLS_SSL_TLS_C */
828 }
829
830 use_ret = ret & ~0xFF80;
831
832 if (use_ret == 0) {
833 return;
834 }
835
836 // If high level code is present, make a concatenation between both
837 // error strings.
838 //
839 len = strlen(buf);
840
841 if (len > 0) {
842 if (buflen - len < 5) {
843 return;
844 }
845
846 mbedtls_snprintf(buf + len, buflen - len, " : ");
847
848 buf += len + 3;
849 buflen -= len + 3;
850 }
851
852 // Translate low level error code.
853 low_level_error_description = mbedtls_low_level_strerr(ret);
854
855 if (low_level_error_description == NULL) {
856 mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret);
857 } else {
858 mbedtls_snprintf(buf, buflen, "%s", low_level_error_description);
859 }
860}
861
862#else /* MBEDTLS_ERROR_C */
863
864/*
865 * Provide a dummy implementation when MBEDTLS_ERROR_C is not defined
866 */
867void mbedtls_strerror(int ret, char *buf, size_t buflen)
868{
869 ((void) ret);
870
871 if (buflen > 0) {
872 buf[0] = '\0';
873 }
874}
875
876#endif /* MBEDTLS_ERROR_C */
877
878#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */