pbTLS  1.1
tls_error.h File Reference

Go to the source code of this file.

Macros

#define TLS_ERR_INSUFFICIENT_DATA   -100
 
#define TLS_ERR_FATAL_UNEXPECTED_MESSAGE   -99
 Should not be observed in TLS communication between correct implementations. More...
 
#define TLS_ERR_FATAL_PROTOCOL_VERSION   -98
 As of now, the only supported TLS version is 1.2. This code is returned if a peer operates only versions older than 1.2. More...
 
#define TLS_ERR_BAD_CLIENT_HELLO   -97
 
#define TLS_ERR_FATAL_ILLEGAL_PARAMETER   -96
 
#define TLS_ERR_FATAL_HS_FAILURE   -95
 Handshake has completely failed for some reason that needs further investigation, i.e. debugging. More...
 
#define TLS_ERR_FATAL_INTERNAL_ERROR_DRBG   -94
 
#define TLS_ERR_BAD_RECORD   -93
 
#define TLS_ERR_FATAL_INVALID_LENGTH   -92
 
#define TLS_ERR_CLOSE_NOTIFY   -91
 Despite being classified as error, this code may very well be returned at the end of almost every TLS communication. More...
 
#define TLS_ERR_FATAL_PEER_SENT_FATAL_ALERT   -90
 
#define TLS_ERR_BAD_FUNC_PARAMS   -89
 
#define TLS_ERR_RSA_OPERATION_FAILED   -88
 
#define TLS_ERR_BAD_DEC_PMS_BLOCK_LEN   -87
 Decrypted PMS (pre-master secret) block MUST be as long as the RSA modulus! More...
 
#define TLS_ERR_DEC_PMS_BLOCK_PADDING   -86
 
#define TLS_ERR_FATAL_INTERNAL_PRF   -85
 
#define TLS_ERR_FATAL_BAD_CHANGECIPHERSPEC   -84
 
#define TLS_ERR_FATAL_INTERNAL_KEYS   -83
 
#define TLS_ERR_INTERNAL_AES_INIT   -82
 
#define TLS_ERR_INTERNAL_AES_OPERATION   -81
 
#define TLS_ERR_FATAL_AES_BAD_PADDING   -80
 
#define TLS_ERR_FATAL_BAD_FINISHED   -79
 
#define TLS_ERR_SEQ_NUM_OVERFLOW   -78
 
#define TLS_ERR_EOF   -77
 
#define TLS_ERR_WARNING_NO_RENEGOTIATION   -76
 
#define TLS_ERR_MEM_ALLOC   -75
 where memory is fairly limited. More...
 
#define TLS_ERR_MEM_FREE   -74
 memory has been successfully allocated in the first place. More...
 
#define TLS_ERR_INIT_MISSING   -73
 
#define TLS_ERR_FATAL_DECODE_ERROR   -72
 
#define TLS_ERR_UNEXPECTED_CA_CERTIFICATE   -71
 This error is returned if the root CA certificate reported by a server does not match the pre-coded one. More...
 
#define TLS_ERR_CERTIFICATE_PARSE   -70
 This error is returned if a certificate could not be successfully parsed. More...
 
#define TLS_ERR_CERTIFICATE_VERIFY   -69
 Certificate verification has failed, i.e. its signature is not correct. More...
 
#define TLS_ERR_FATAL_UNSUPPORTED_CERTIFICATE   -68
 Will also be returned, if more than two certificates are detected, i.e. when server uses intermediate CAs. More...
 
#define TLS_ERR_WRONG_CN_OR_FQDN   -67
 This will be reported, if the CN check fails, that is the server's CN does not match the FQDN used to establish the connection in question. More...
 
#define TLS_ERR_FATAL_RSA_ENC   -66
 
#define TLS_ERR_KEY_SIZE_MISMATCH   -65
 This error will be returned, if the peer uses key sizes different from the ones this version has been compiled with. More...
 
#define TLS_ERR_CONNECTION_RESET   -10054
 without warning. In certain situations this could be normal. More...
 
#define TLS_ERR_FATAL_ECC_PUBLICKEY_VALIDATION   -64
 
#define TLS_ERR_FATAL_ECC_SHARED_SECRET   -63
 
#define TLS_ERR_INTERNAL_BAD_PARAMETER   -750
 

Macro Definition Documentation

#define TLS_ERR_BAD_CLIENT_HELLO   -97
#define TLS_ERR_BAD_DEC_PMS_BLOCK_LEN   -87

Decrypted PMS (pre-master secret) block MUST be as long as the RSA modulus!

#define TLS_ERR_BAD_FUNC_PARAMS   -89
#define TLS_ERR_BAD_RECORD   -93
#define TLS_ERR_CERTIFICATE_PARSE   -70

This error is returned if a certificate could not be successfully parsed.

#define TLS_ERR_CERTIFICATE_VERIFY   -69

Certificate verification has failed, i.e. its signature is not correct.

#define TLS_ERR_CLOSE_NOTIFY   -91

Despite being classified as error, this code may very well be returned at the end of almost every TLS communication.

Close Notify is used to properly terminate a successful session in order to signal the upcoming end of connection to peer.

#define TLS_ERR_CONNECTION_RESET   -10054

without warning. In certain situations this could be normal.

Peer has reset and closed connection. This will mostly happen if the peer has decided to terminate communication

#define TLS_ERR_DEC_PMS_BLOCK_PADDING   -86
#define TLS_ERR_EOF   -77
#define TLS_ERR_FATAL_AES_BAD_PADDING   -80
#define TLS_ERR_FATAL_BAD_CHANGECIPHERSPEC   -84
#define TLS_ERR_FATAL_BAD_FINISHED   -79
#define TLS_ERR_FATAL_DECODE_ERROR   -72
#define TLS_ERR_FATAL_ECC_PUBLICKEY_VALIDATION   -64
#define TLS_ERR_FATAL_ECC_SHARED_SECRET   -63
#define TLS_ERR_FATAL_HS_FAILURE   -95

Handshake has completely failed for some reason that needs further investigation, i.e. debugging.

#define TLS_ERR_FATAL_ILLEGAL_PARAMETER   -96
#define TLS_ERR_FATAL_INTERNAL_ERROR_DRBG   -94
#define TLS_ERR_FATAL_INTERNAL_KEYS   -83
#define TLS_ERR_FATAL_INTERNAL_PRF   -85
#define TLS_ERR_FATAL_INVALID_LENGTH   -92
#define TLS_ERR_FATAL_PEER_SENT_FATAL_ALERT   -90
#define TLS_ERR_FATAL_PROTOCOL_VERSION   -98

As of now, the only supported TLS version is 1.2. This code is returned if a peer operates only versions older than 1.2.

#define TLS_ERR_FATAL_RSA_ENC   -66
#define TLS_ERR_FATAL_UNEXPECTED_MESSAGE   -99

Should not be observed in TLS communication between correct implementations.

#define TLS_ERR_FATAL_UNSUPPORTED_CERTIFICATE   -68

Will also be returned, if more than two certificates are detected, i.e. when server uses intermediate CAs.

#define TLS_ERR_INIT_MISSING   -73
#define TLS_ERR_INSUFFICIENT_DATA   -100
#define TLS_ERR_INTERNAL_AES_INIT   -82
#define TLS_ERR_INTERNAL_AES_OPERATION   -81
#define TLS_ERR_INTERNAL_BAD_PARAMETER   -750

The following error is returned if one of the main functions detects invalid input or output parameters such as NULL pointers to buffers for instance.

#define TLS_ERR_KEY_SIZE_MISMATCH   -65

This error will be returned, if the peer uses key sizes different from the ones this version has been compiled with.

#define TLS_ERR_MEM_ALLOC   -75

where memory is fairly limited.

This kind of error is essential because dynamic memory allocation plays a key role on the W7200 platform,

#define TLS_ERR_MEM_FREE   -74

memory has been successfully allocated in the first place.

Should not be observed in real-life applications, since freeing memory should generally work, always supposing

#define TLS_ERR_RSA_OPERATION_FAILED   -88
#define TLS_ERR_SEQ_NUM_OVERFLOW   -78

After successful handshake every TLS record at the so called Application Data layer gets its own consecutive sequence number. There are actually two separate counters to determine sequence numbers of both outgoing and incoming records. According to the RFC, sequence numbers are of type uint64 and hence may not exceed 264-1. Sequence numbers do not wrap. If a TLS implementation would need to wrap a sequence number, it must renegotiate instead. Since renegotiation is not supported yet, the high level application may receive this error instead. In this case, the calling application should consider closing current session and establishing a new one.

#define TLS_ERR_UNEXPECTED_CA_CERTIFICATE   -71

This error is returned if the root CA certificate reported by a server does not match the pre-coded one.

#define TLS_ERR_WARNING_NO_RENEGOTIATION   -76
#define TLS_ERR_WRONG_CN_OR_FQDN   -67

This will be reported, if the CN check fails, that is the server's CN does not match the FQDN used to establish the connection in question.