1 /*
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  *  http://aws.amazon.com/apache2.0
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 
16 #pragma once
17 
18 #include <s2n.h>
19 #include <stdio.h>
20 #include <stdbool.h>
21 #include <utils/s2n_ensure.h>
22 
23 /*
24  * To easily retrieve error types, we split error values into two parts.
25  * The upper 6 bits describe the error type and the lower bits describe the value within the category.
26  * [ Error Type Bits(31-26) ][ Value Bits(25-0) ]
27  */
28 #define S2N_ERR_NUM_VALUE_BITS 26
29 
30 /* Start value for each error type. */
31 #define S2N_ERR_T_OK_START (S2N_ERR_T_OK << S2N_ERR_NUM_VALUE_BITS)
32 #define S2N_ERR_T_IO_START (S2N_ERR_T_IO << S2N_ERR_NUM_VALUE_BITS)
33 #define S2N_ERR_T_CLOSED_START (S2N_ERR_T_CLOSED << S2N_ERR_NUM_VALUE_BITS)
34 #define S2N_ERR_T_BLOCKED_START (S2N_ERR_T_BLOCKED << S2N_ERR_NUM_VALUE_BITS)
35 #define S2N_ERR_T_ALERT_START (S2N_ERR_T_ALERT << S2N_ERR_NUM_VALUE_BITS)
36 #define S2N_ERR_T_PROTO_START (S2N_ERR_T_PROTO << S2N_ERR_NUM_VALUE_BITS)
37 #define S2N_ERR_T_INTERNAL_START (S2N_ERR_T_INTERNAL << S2N_ERR_NUM_VALUE_BITS)
38 #define S2N_ERR_T_USAGE_START (S2N_ERR_T_USAGE << S2N_ERR_NUM_VALUE_BITS)
39 
40 /* clang-format off */
41 /* Order of values in this enum is important. New error values should be placed at the end of their respective category.
42  * For example, a new TLS protocol related error belongs in the S2N_ERR_T_PROTO category. It should be placed
43  * immediately before S2N_ERR_T_INTERNAL_START(the first value of he next category).
44  */
45 typedef enum {
46     /* S2N_ERR_T_OK */
47     S2N_ERR_OK = S2N_ERR_T_OK_START,
48     S2N_ERR_T_OK_END,
49 
50     /* S2N_ERR_T_IO */
51     S2N_ERR_IO = S2N_ERR_T_IO_START,
52     S2N_ERR_T_IO_END,
53 
54     /* S2N_ERR_T_CLOSED */
55     S2N_ERR_CLOSED = S2N_ERR_T_CLOSED_START,
56     S2N_ERR_T_CLOSED_END,
57 
58     /* S2N_ERR_T_BLOCKED */
59     S2N_ERR_IO_BLOCKED = S2N_ERR_T_BLOCKED_START,
60     S2N_ERR_ASYNC_BLOCKED,
61     S2N_ERR_EARLY_DATA_BLOCKED,
62     S2N_ERR_T_BLOCKED_END,
63 
64     /* S2N_ERR_T_ALERT */
65     S2N_ERR_ALERT = S2N_ERR_T_ALERT_START,
66     S2N_ERR_T_ALERT_END,
67 
68     /* S2N_ERR_T_PROTO */
69     S2N_ERR_ENCRYPT = S2N_ERR_T_PROTO_START,
70     S2N_ERR_DECRYPT,
71     S2N_ERR_BAD_MESSAGE,
72     S2N_ERR_KEY_INIT,
73     S2N_ERR_KEY_DESTROY,
74     S2N_ERR_DH_SERIALIZING,
75     S2N_ERR_DH_SHARED_SECRET,
76     S2N_ERR_DH_WRITING_PUBLIC_KEY,
77     S2N_ERR_DH_FAILED_SIGNING,
78     S2N_ERR_DH_COPYING_PARAMETERS,
79     S2N_ERR_DH_GENERATING_PARAMETERS,
80     S2N_ERR_CIPHER_NOT_SUPPORTED,
81     S2N_ERR_NO_APPLICATION_PROTOCOL,
82     S2N_ERR_FALLBACK_DETECTED,
83     S2N_ERR_HASH_DIGEST_FAILED,
84     S2N_ERR_HASH_INIT_FAILED,
85     S2N_ERR_HASH_UPDATE_FAILED,
86     S2N_ERR_HASH_COPY_FAILED,
87     S2N_ERR_HASH_WIPE_FAILED,
88     S2N_ERR_HASH_NOT_READY,
89     S2N_ERR_ALLOW_MD5_FOR_FIPS_FAILED,
90     S2N_ERR_DECODE_CERTIFICATE,
91     S2N_ERR_DECODE_PRIVATE_KEY,
92     S2N_ERR_INVALID_HELLO_RETRY,
93     S2N_ERR_INVALID_SIGNATURE_ALGORITHM,
94     S2N_ERR_INVALID_SIGNATURE_SCHEME,
95     S2N_ERR_CBC_VERIFY,
96     S2N_ERR_DH_COPYING_PUBLIC_KEY,
97     S2N_ERR_SIGN,
98     S2N_ERR_VERIFY_SIGNATURE,
99     S2N_ERR_ECDHE_GEN_KEY,
100     S2N_ERR_ECDHE_SHARED_SECRET,
101     S2N_ERR_ECDHE_UNSUPPORTED_CURVE,
102     S2N_ERR_ECDSA_UNSUPPORTED_CURVE,
103     S2N_ERR_ECDHE_SERIALIZING,
104     S2N_ERR_KEM_UNSUPPORTED_PARAMS,
105     S2N_ERR_SHUTDOWN_RECORD_TYPE,
106     S2N_ERR_SHUTDOWN_CLOSED,
107     S2N_ERR_NON_EMPTY_RENEGOTIATION_INFO,
108     S2N_ERR_RECORD_LIMIT,
109     S2N_ERR_CERT_UNTRUSTED,
110     S2N_ERR_CERT_TYPE_UNSUPPORTED,
111     S2N_ERR_INVALID_MAX_FRAG_LEN,
112     S2N_ERR_MAX_FRAG_LEN_MISMATCH,
113     S2N_ERR_PROTOCOL_VERSION_UNSUPPORTED,
114     S2N_ERR_BAD_KEY_SHARE,
115     S2N_ERR_CANCELLED,
116     S2N_ERR_PROTOCOL_DOWNGRADE_DETECTED,
117     S2N_ERR_MAX_INNER_PLAINTEXT_SIZE,
118     S2N_ERR_RECORD_STUFFER_SIZE,
119     S2N_ERR_FRAGMENT_LENGTH_TOO_LARGE,
120     S2N_ERR_FRAGMENT_LENGTH_TOO_SMALL,
121     S2N_ERR_RECORD_STUFFER_NEEDS_DRAINING,
122     S2N_ERR_MISSING_EXTENSION,
123     S2N_ERR_UNSUPPORTED_EXTENSION,
124     S2N_ERR_DUPLICATE_EXTENSION,
125     S2N_ERR_MAX_EARLY_DATA_SIZE,
126     S2N_ERR_EARLY_DATA_TRIAL_DECRYPT,
127     S2N_ERR_T_PROTO_END,
128 
129     /* S2N_ERR_T_INTERNAL */
130     S2N_ERR_MADVISE = S2N_ERR_T_INTERNAL_START,
131     S2N_ERR_ALLOC,
132     S2N_ERR_MLOCK,
133     S2N_ERR_MUNLOCK,
134     S2N_ERR_FSTAT,
135     S2N_ERR_OPEN,
136     S2N_ERR_MMAP,
137     S2N_ERR_ATEXIT,
138     S2N_ERR_NOMEM,
139     S2N_ERR_NULL,
140     S2N_ERR_SAFETY,
141     S2N_ERR_INITIALIZED,
142     S2N_ERR_NOT_INITIALIZED,
143     S2N_ERR_RANDOM_UNINITIALIZED,
144     S2N_ERR_OPEN_RANDOM,
145     S2N_ERR_RESIZE_STATIC_STUFFER,
146     S2N_ERR_RESIZE_TAINTED_STUFFER,
147     S2N_ERR_STUFFER_OUT_OF_DATA,
148     S2N_ERR_STUFFER_IS_FULL,
149     S2N_ERR_STUFFER_NOT_FOUND,
150     S2N_ERR_STUFFER_HAS_UNPROCESSED_DATA,
151     S2N_ERR_HASH_INVALID_ALGORITHM,
152     S2N_ERR_PRF_INVALID_ALGORITHM,
153     S2N_ERR_PRF_INVALID_SEED,
154     S2N_ERR_P_HASH_INVALID_ALGORITHM,
155     S2N_ERR_P_HASH_INIT_FAILED,
156     S2N_ERR_P_HASH_UPDATE_FAILED,
157     S2N_ERR_P_HASH_FINAL_FAILED,
158     S2N_ERR_P_HASH_WIPE_FAILED,
159     S2N_ERR_HMAC_INVALID_ALGORITHM,
160     S2N_ERR_HKDF_OUTPUT_SIZE,
161     S2N_ERR_ALERT_PRESENT,
162     S2N_ERR_HANDSHAKE_STATE,
163     S2N_ERR_SHUTDOWN_PAUSED,
164     S2N_ERR_SIZE_MISMATCH,
165     S2N_ERR_DRBG,
166     S2N_ERR_DRBG_REQUEST_SIZE,
167     S2N_ERR_KEY_CHECK,
168     S2N_ERR_CIPHER_TYPE,
169     S2N_ERR_MAP_DUPLICATE,
170     S2N_ERR_MAP_IMMUTABLE,
171     S2N_ERR_MAP_MUTABLE,
172     S2N_ERR_MAP_INVALID_MAP_SIZE,
173     S2N_ERR_INITIAL_HMAC,
174     S2N_ERR_INVALID_NONCE_TYPE,
175     S2N_ERR_UNIMPLEMENTED,
176     S2N_ERR_HANDSHAKE_UNREACHABLE,
177     S2N_ERR_READ,
178     S2N_ERR_WRITE,
179     S2N_ERR_BAD_FD,
180     S2N_ERR_RDRAND_FAILED,
181     S2N_ERR_FAILED_CACHE_RETRIEVAL,
182     S2N_ERR_X509_TRUST_STORE,
183     S2N_ERR_UNKNOWN_PROTOCOL_VERSION,
184     S2N_ERR_NULL_CN_NAME,
185     S2N_ERR_NULL_SANS,
186     S2N_ERR_CLIENT_HELLO_VERSION,
187     S2N_ERR_CLIENT_PROTOCOL_VERSION,
188     S2N_ERR_SERVER_PROTOCOL_VERSION,
189     S2N_ERR_ACTUAL_PROTOCOL_VERSION,
190     S2N_ERR_POLLING_FROM_SOCKET,
191     S2N_ERR_RECV_STUFFER_FROM_CONN,
192     S2N_ERR_SEND_STUFFER_TO_CONN,
193     S2N_ERR_PRECONDITION_VIOLATION,
194     S2N_ERR_POSTCONDITION_VIOLATION,
195     S2N_ERR_INTEGER_OVERFLOW,
196     S2N_ERR_ARRAY_INDEX_OOB,
197     S2N_ERR_FREE_STATIC_BLOB,
198     S2N_ERR_RESIZE_STATIC_BLOB,
199     S2N_ERR_NO_SUPPORTED_LIBCRYPTO_API,
200     S2N_ERR_RECORD_LENGTH_TOO_LARGE,
201     S2N_ERR_SET_DUPLICATE_VALUE,
202     S2N_ERR_INVALID_PARSED_EXTENSIONS,
203     S2N_ERR_ASYNC_CALLBACK_FAILED,
204     S2N_ERR_ASYNC_MORE_THAN_ONE,
205     S2N_ERR_PQ_CRYPTO,
206     S2N_ERR_PQ_DISABLED,
207     S2N_ERR_INVALID_CERT_STATE,
208     S2N_ERR_INVALID_EARLY_DATA_STATE,
209     S2N_ERR_T_INTERNAL_END,
210 
211     /* S2N_ERR_T_USAGE */
212     S2N_ERR_NO_ALERT = S2N_ERR_T_USAGE_START,
213     S2N_ERR_SERVER_MODE,
214     S2N_ERR_CLIENT_MODE,
215     S2N_ERR_CLIENT_MODE_DISABLED,
216     S2N_ERR_TOO_MANY_CERTIFICATES,
217     S2N_ERR_TOO_MANY_SIGNATURE_SCHEMES,
218     S2N_ERR_CLIENT_AUTH_NOT_SUPPORTED_IN_FIPS_MODE,
219     S2N_ERR_INVALID_BASE64,
220     S2N_ERR_INVALID_HEX,
221     S2N_ERR_INVALID_PEM,
222     S2N_ERR_DH_PARAMS_CREATE,
223     S2N_ERR_DH_TOO_SMALL,
224     S2N_ERR_DH_PARAMETER_CHECK,
225     S2N_ERR_INVALID_PKCS3,
226     S2N_ERR_NO_CERTIFICATE_IN_PEM,
227     S2N_ERR_SERVER_NAME_TOO_LONG,
228     S2N_ERR_NUM_DEFAULT_CERTIFICATES,
229     S2N_ERR_MULTIPLE_DEFAULT_CERTIFICATES_PER_AUTH_TYPE,
230     S2N_ERR_INVALID_CIPHER_PREFERENCES,
231     S2N_ERR_INVALID_APPLICATION_PROTOCOL,
232     S2N_ERR_KEY_MISMATCH,
233     S2N_ERR_SEND_SIZE,
234     S2N_ERR_CORK_SET_ON_UNMANAGED,
235     S2N_ERR_UNRECOGNIZED_EXTENSION,
236     S2N_ERR_INVALID_SCT_LIST,
237     S2N_ERR_INVALID_OCSP_RESPONSE,
238     S2N_ERR_UPDATING_EXTENSION,
239     S2N_ERR_INVALID_SERIALIZED_SESSION_STATE,
240     S2N_ERR_SERIALIZED_SESSION_STATE_TOO_LONG,
241     S2N_ERR_SESSION_ID_TOO_LONG,
242     S2N_ERR_CLIENT_AUTH_NOT_SUPPORTED_IN_SESSION_RESUMPTION_MODE,
243     S2N_ERR_INVALID_TICKET_KEY_LENGTH,
244     S2N_ERR_INVALID_TICKET_KEY_NAME_OR_NAME_LENGTH,
245     S2N_ERR_TICKET_KEY_NOT_UNIQUE,
246     S2N_ERR_TICKET_KEY_LIMIT,
247     S2N_ERR_NO_TICKET_ENCRYPT_DECRYPT_KEY,
248     S2N_ERR_ENCRYPT_DECRYPT_KEY_SELECTION_FAILED,
249     S2N_ERR_KEY_USED_IN_SESSION_TICKET_NOT_FOUND,
250     S2N_ERR_SENDING_NST,
251     S2N_ERR_INVALID_DYNAMIC_THRESHOLD,
252     S2N_ERR_INVALID_ARGUMENT,
253     S2N_ERR_NOT_IN_UNIT_TEST,
254     S2N_ERR_NOT_IN_TEST,
255     S2N_ERR_UNSUPPORTED_CPU,
256     S2N_ERR_SESSION_ID_TOO_SHORT,
257     S2N_ERR_CONNECTION_CACHING_DISALLOWED,
258     S2N_ERR_SESSION_TICKET_NOT_SUPPORTED,
259     S2N_ERR_OCSP_NOT_SUPPORTED,
260     S2N_ERR_INVALID_SIGNATURE_ALGORITHMS_PREFERENCES,
261     S2N_RSA_PSS_NOT_SUPPORTED,
262     S2N_ERR_INVALID_ECC_PREFERENCES,
263     S2N_ERR_INVALID_SECURITY_POLICY,
264     S2N_ERR_INVALID_KEM_PREFERENCES,
265     S2N_ERR_ASYNC_ALREADY_PERFORMED,
266     S2N_ERR_ASYNC_NOT_PERFORMED,
267     S2N_ERR_ASYNC_WRONG_CONNECTION,
268     S2N_ERR_ASYNC_APPLY_WHILE_INVOKING,
269     S2N_ERR_ASYNC_ALREADY_APPLIED,
270     S2N_ERR_UNSUPPORTED_WITH_QUIC,
271     S2N_ERR_DUPLICATE_PSK_IDENTITIES,
272     S2N_ERR_OFFERED_PSKS_TOO_LONG,
273     S2N_ERR_INVALID_SESSION_TICKET,
274     S2N_ERR_REENTRANCY,
275     S2N_ERR_INVALID_STATE,
276     S2N_ERR_EARLY_DATA_NOT_ALLOWED,
277     S2N_ERR_NO_CERT_FOUND,
278     S2N_ERR_CERT_NOT_VALIDATED,
279     S2N_ERR_NO_PRIVATE_KEY,
280     S2N_ERR_PSK_MODE,
281     S2N_ERR_X509_EXTENSION_VALUE_NOT_FOUND,
282     S2N_ERR_INVALID_X509_EXTENSION_TYPE,
283     S2N_ERR_INSUFFICIENT_MEM_SIZE,
284     S2N_ERR_KEYING_MATERIAL_EXPIRED,
285     S2N_ERR_T_USAGE_END,
286 } s2n_error;
287 
288 #define S2N_DEBUG_STR_LEN 128
289 extern __thread const char *s2n_debug_str;
290 
291 #define TO_STRING(s) #s
292 #define STRING_(s) TO_STRING(s)
293 #define STRING__LINE__ STRING_(__LINE__)
294 
295 #define _S2N_DEBUG_LINE     "Error encountered in " __FILE__ ":" STRING__LINE__
296 #define _S2N_ERROR( x )     do { s2n_debug_str = _S2N_DEBUG_LINE; s2n_errno = ( x ); s2n_calculate_stacktrace(); } while (0)
297 #define S2N_ERROR( x )      do { _S2N_ERROR( ( x ) ); return -1; } while (0)
298 #define S2N_ERROR_PRESERVE_ERRNO() do { return -1; } while (0)
299 #define S2N_ERROR_PTR( x )  do { _S2N_ERROR( ( x ) ); return NULL; } while (0)
300 #define S2N_ERROR_IF( cond , x ) do { if ( cond ) { S2N_ERROR( x ); }} while (0)
301 #define S2N_ERROR_IS_BLOCKING( x )    ( s2n_error_get_type(x) == S2N_ERR_T_BLOCKED )
302 
303 /** Calculate and print stacktraces */
304 struct s2n_stacktrace {
305   char **trace;
306   int trace_size;
307 };
308 
309 extern bool s2n_stack_traces_enabled();
310 extern int s2n_stack_traces_enabled_set(bool newval);
311 
312 extern int s2n_calculate_stacktrace(void);
313 extern int s2n_print_stacktrace(FILE *fptr);
314 extern int s2n_free_stacktrace(void);
315 extern int s2n_get_stacktrace(struct s2n_stacktrace *trace);
316 
317 /* clang-format on */
318