in tls/s2n_alerts.c [39:182]
static S2N_RESULT s2n_translate_protocol_error_to_alert(int error_code, uint8_t *alert)
{
RESULT_ENSURE_REF(alert);
switch (error_code) {
S2N_ALERT_CASE(S2N_ERR_MISSING_EXTENSION, S2N_TLS_ALERT_MISSING_EXTENSION);
S2N_ALERT_CASE(S2N_ERR_NO_VALID_SIGNATURE_SCHEME, S2N_TLS_ALERT_HANDSHAKE_FAILURE);
S2N_ALERT_CASE(S2N_ERR_MISSING_CLIENT_CERT, S2N_TLS_ALERT_CERTIFICATE_REQUIRED);
/* TODO: The ERR_BAD_MESSAGE -> ALERT_UNEXPECTED_MESSAGE mapping
* isn't always correct. Sometimes s2n-tls uses ERR_BAD_MESSAGE
* to indicate S2N_TLS_ALERT_ILLEGAL_PARAMETER instead.
* We'll want to add a new error to distinguish between the two usages:
* our errors should be equally or more specific than alerts, not less.
*/
S2N_ALERT_CASE(S2N_ERR_BAD_MESSAGE, S2N_TLS_ALERT_UNEXPECTED_MESSAGE);
S2N_ALERT_CASE(S2N_ERR_UNEXPECTED_CERT_REQUEST, S2N_TLS_ALERT_UNEXPECTED_MESSAGE);
S2N_ALERT_CASE(S2N_ERR_MISSING_CERT_REQUEST, S2N_TLS_ALERT_UNEXPECTED_MESSAGE);
/* For errors involving secure renegotiation:
*= https://www.rfc-editor.org/rfc/rfc5746#3.4
*# Note: later in Section 3, "abort the handshake" is used as
*# shorthand for "send a fatal handshake_failure alert and
*# terminate the connection".
*/
S2N_ALERT_CASE(S2N_ERR_NO_RENEGOTIATION, S2N_TLS_ALERT_HANDSHAKE_FAILURE);
S2N_ALERT_CASE(S2N_ERR_KTLS_KEYUPDATE, S2N_TLS_ALERT_UNEXPECTED_MESSAGE);
/* For errors involving certificates */
/* This error is used in several ways so make it a general certificate issue
*= https://www.rfc-editor.org/rfc/rfc8446#section-6.2
*# certificate_unknown: Some other (unspecified) issue arose in
*# processing the certificate, rendering it unacceptable.
*/
S2N_ALERT_CASE(S2N_ERR_CERT_UNTRUSTED, S2N_TLS_ALERT_CERTIFICATE_UNKNOWN);
/*
*= https://www.rfc-editor.org/rfc/rfc8446#section-6.2
*# certificate_revoked: A certificate was revoked by its signer.
*/
S2N_ALERT_CASE(S2N_ERR_CERT_REVOKED, S2N_TLS_ALERT_CERTIFICATE_REVOKED);
/*
*= https://www.rfc-editor.org/rfc/rfc8446#section-6.2
*# certificate_expired: A certificate has expired or is not currently
*# valid.
*/
S2N_ALERT_CASE(S2N_ERR_CERT_NOT_YET_VALID, S2N_TLS_ALERT_CERTIFICATE_EXPIRED);
S2N_ALERT_CASE(S2N_ERR_CERT_EXPIRED, S2N_TLS_ALERT_CERTIFICATE_EXPIRED);
/*
*= https://www.rfc-editor.org/rfc/rfc8446#section-6.2
*# unsupported_certificate: A certificate was of an unsupported type.
*/
S2N_ALERT_CASE(S2N_ERR_CERT_TYPE_UNSUPPORTED, S2N_TLS_ALERT_UNSUPPORTED_CERTIFICATE);
/*
*= https://www.rfc-editor.org/rfc/rfc8446#section-6.2
*# access_denied: A valid certificate or PSK was received, but when
*# access control was applied, the sender decided not to proceed with
*# negotiation.
*/
S2N_ALERT_CASE(S2N_ERR_CERT_REJECTED, S2N_TLS_ALERT_ACCESS_DENIED);
/*
*= https://www.rfc-editor.org/rfc/rfc8446#section-6.2
*# bad_certificate: A certificate was corrupt, contained signatures
*# that did not verify correctly, etc.
*/
S2N_ALERT_CASE(S2N_ERR_CERT_MAX_CHAIN_DEPTH_EXCEEDED, S2N_TLS_ALERT_BAD_CERTIFICATE);
S2N_ALERT_CASE(S2N_ERR_CERT_INVALID, S2N_TLS_ALERT_BAD_CERTIFICATE);
S2N_ALERT_CASE(S2N_ERR_DECODE_CERTIFICATE, S2N_TLS_ALERT_BAD_CERTIFICATE);
/* TODO: Add mappings for other protocol errors.
*/
S2N_NO_ALERT(S2N_ERR_ENCRYPT);
S2N_NO_ALERT(S2N_ERR_DECRYPT);
S2N_NO_ALERT(S2N_ERR_KEY_INIT);
S2N_NO_ALERT(S2N_ERR_KEY_DESTROY);
S2N_NO_ALERT(S2N_ERR_DH_SERIALIZING);
S2N_NO_ALERT(S2N_ERR_DH_SHARED_SECRET);
S2N_NO_ALERT(S2N_ERR_DH_WRITING_PUBLIC_KEY);
S2N_NO_ALERT(S2N_ERR_DH_FAILED_SIGNING);
S2N_NO_ALERT(S2N_ERR_DH_COPYING_PARAMETERS);
S2N_NO_ALERT(S2N_ERR_DH_GENERATING_PARAMETERS);
S2N_NO_ALERT(S2N_ERR_CIPHER_NOT_SUPPORTED);
S2N_NO_ALERT(S2N_ERR_NO_APPLICATION_PROTOCOL);
S2N_NO_ALERT(S2N_ERR_FALLBACK_DETECTED);
S2N_NO_ALERT(S2N_ERR_HASH_DIGEST_FAILED);
S2N_NO_ALERT(S2N_ERR_HASH_INIT_FAILED);
S2N_NO_ALERT(S2N_ERR_HASH_UPDATE_FAILED);
S2N_NO_ALERT(S2N_ERR_HASH_COPY_FAILED);
S2N_NO_ALERT(S2N_ERR_HASH_WIPE_FAILED);
S2N_NO_ALERT(S2N_ERR_HASH_NOT_READY);
S2N_NO_ALERT(S2N_ERR_ALLOW_MD5_FOR_FIPS_FAILED);
S2N_NO_ALERT(S2N_ERR_DECODE_PRIVATE_KEY);
S2N_NO_ALERT(S2N_ERR_INVALID_HELLO_RETRY);
S2N_NO_ALERT(S2N_ERR_INVALID_SIGNATURE_ALGORITHM);
S2N_NO_ALERT(S2N_ERR_INVALID_SIGNATURE_SCHEME);
S2N_NO_ALERT(S2N_ERR_CBC_VERIFY);
S2N_NO_ALERT(S2N_ERR_DH_COPYING_PUBLIC_KEY);
S2N_NO_ALERT(S2N_ERR_SIGN);
S2N_NO_ALERT(S2N_ERR_VERIFY_SIGNATURE);
S2N_NO_ALERT(S2N_ERR_ECDHE_GEN_KEY);
S2N_NO_ALERT(S2N_ERR_ECDHE_SHARED_SECRET);
S2N_NO_ALERT(S2N_ERR_ECDHE_UNSUPPORTED_CURVE);
S2N_NO_ALERT(S2N_ERR_ECDHE_INVALID_PUBLIC_KEY);
S2N_NO_ALERT(S2N_ERR_ECDHE_INVALID_PUBLIC_KEY_FIPS);
S2N_NO_ALERT(S2N_ERR_ECDSA_UNSUPPORTED_CURVE);
S2N_NO_ALERT(S2N_ERR_ECDHE_SERIALIZING);
S2N_NO_ALERT(S2N_ERR_KEM_UNSUPPORTED_PARAMS);
S2N_NO_ALERT(S2N_ERR_SHUTDOWN_RECORD_TYPE);
S2N_NO_ALERT(S2N_ERR_SHUTDOWN_CLOSED);
S2N_NO_ALERT(S2N_ERR_NON_EMPTY_RENEGOTIATION_INFO);
S2N_NO_ALERT(S2N_ERR_RECORD_LIMIT);
S2N_NO_ALERT(S2N_ERR_CRL_LOOKUP_FAILED);
S2N_NO_ALERT(S2N_ERR_CRL_SIGNATURE);
S2N_NO_ALERT(S2N_ERR_CRL_ISSUER);
S2N_NO_ALERT(S2N_ERR_CRL_UNHANDLED_CRITICAL_EXTENSION);
S2N_NO_ALERT(S2N_ERR_CRL_INVALID_THIS_UPDATE);
S2N_NO_ALERT(S2N_ERR_CRL_INVALID_NEXT_UPDATE);
S2N_NO_ALERT(S2N_ERR_CRL_NOT_YET_VALID);
S2N_NO_ALERT(S2N_ERR_CRL_EXPIRED);
S2N_NO_ALERT(S2N_ERR_INVALID_MAX_FRAG_LEN);
S2N_NO_ALERT(S2N_ERR_MAX_FRAG_LEN_MISMATCH);
S2N_NO_ALERT(S2N_ERR_PROTOCOL_VERSION_UNSUPPORTED);
S2N_NO_ALERT(S2N_ERR_BAD_KEY_SHARE);
S2N_NO_ALERT(S2N_ERR_CANCELLED);
S2N_NO_ALERT(S2N_ERR_PROTOCOL_DOWNGRADE_DETECTED);
S2N_NO_ALERT(S2N_ERR_MAX_INNER_PLAINTEXT_SIZE);
S2N_NO_ALERT(S2N_ERR_RECORD_STUFFER_SIZE);
S2N_NO_ALERT(S2N_ERR_FRAGMENT_LENGTH_TOO_LARGE);
S2N_NO_ALERT(S2N_ERR_FRAGMENT_LENGTH_TOO_SMALL);
S2N_NO_ALERT(S2N_ERR_RECORD_STUFFER_NEEDS_DRAINING);
S2N_NO_ALERT(S2N_ERR_UNSUPPORTED_EXTENSION);
S2N_NO_ALERT(S2N_ERR_DUPLICATE_EXTENSION);
S2N_NO_ALERT(S2N_ERR_MAX_EARLY_DATA_SIZE);
S2N_NO_ALERT(S2N_ERR_EARLY_DATA_TRIAL_DECRYPT);
}
RESULT_BAIL(S2N_ERR_UNIMPLEMENTED);
}