Branch data Line data Source code
1 : : /*
2 : : * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 : : *
4 : : * Licensed under the Apache License, Version 2.0 (the "License").
5 : : * You may not use this file except in compliance with the License.
6 : : * A copy of the License is located at
7 : : *
8 : : * http://aws.amazon.com/apache2.0
9 : : *
10 : : * or in the "license" file accompanying this file. This file is distributed
11 : : * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 : : * express or implied. See the License for the specific language governing
13 : : * permissions and limitations under the License.
14 : : */
15 : :
16 : : #pragma once
17 : :
18 : : #include <stdint.h>
19 : :
20 : : #include "tls/s2n_connection.h"
21 : :
22 : 2352 : #define S2N_TLS_ALERT_LEVEL_WARNING 1
23 : 8 : #define S2N_TLS_ALERT_LEVEL_FATAL 2
24 : :
25 : : typedef enum {
26 : : /*
27 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-6
28 : : *# enum {
29 : : *# close_notify(0),
30 : : *# unexpected_message(10),
31 : : *# bad_record_mac(20),
32 : : *# record_overflow(22),
33 : : *# handshake_failure(40),
34 : : */
35 : : S2N_TLS_ALERT_CLOSE_NOTIFY = 0,
36 : : S2N_TLS_ALERT_UNEXPECTED_MESSAGE = 10,
37 : : S2N_TLS_ALERT_BAD_RECORD_MAC = 20,
38 : : S2N_TLS_ALERT_RECORD_OVERFLOW = 22,
39 : : S2N_TLS_ALERT_HANDSHAKE_FAILURE = 40,
40 : : /*
41 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-6
42 : : *# bad_certificate(42),
43 : : *# unsupported_certificate(43),
44 : : *# certificate_revoked(44),
45 : : *# certificate_expired(45),
46 : : *# certificate_unknown(46),
47 : : */
48 : : S2N_TLS_ALERT_BAD_CERTIFICATE = 42,
49 : : S2N_TLS_ALERT_UNSUPPORTED_CERTIFICATE = 43,
50 : : S2N_TLS_ALERT_CERTIFICATE_REVOKED = 44,
51 : : S2N_TLS_ALERT_CERTIFICATE_EXPIRED = 45,
52 : : S2N_TLS_ALERT_CERTIFICATE_UNKNOWN = 46,
53 : : /*
54 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-6
55 : : *# illegal_parameter(47),
56 : : *# unknown_ca(48),
57 : : *# access_denied(49),
58 : : *# decode_error(50),
59 : : *# decrypt_error(51),
60 : : */
61 : : S2N_TLS_ALERT_ILLEGAL_PARAMETER = 47,
62 : : S2N_TLS_ALERT_UNKNOWN_CA = 48,
63 : : S2N_TLS_ALERT_ACCESS_DENIED = 49,
64 : : S2N_TLS_ALERT_DECODE_ERROR = 50,
65 : : S2N_TLS_ALERT_DECRYPT_ERROR = 51,
66 : : /*
67 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-6
68 : : *# protocol_version(70),
69 : : *# insufficient_security(71),
70 : : *# internal_error(80),
71 : : *# inappropriate_fallback(86),
72 : : *# user_canceled(90),
73 : : */
74 : : S2N_TLS_ALERT_PROTOCOL_VERSION = 70,
75 : : S2N_TLS_ALERT_INSUFFICIENT_SECURITY = 71,
76 : : S2N_TLS_ALERT_INTERNAL_ERROR = 80,
77 : : S2N_TLS_ALERT_INAPPROPRIATE_FALLBACK = 86,
78 : : S2N_TLS_ALERT_USER_CANCELED = 90,
79 : : /*
80 : : *= https://www.rfc-editor.org/rfc/rfc5246#section-7.2
81 : : *# no_renegotiation(100),
82 : : */
83 : : S2N_TLS_ALERT_NO_RENEGOTIATION = 100,
84 : : /*
85 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-6
86 : : *# missing_extension(109),
87 : : *# unsupported_extension(110),
88 : : *# unrecognized_name(112),
89 : : *# bad_certificate_status_response(113),
90 : : *# unknown_psk_identity(115),
91 : : */
92 : : S2N_TLS_ALERT_MISSING_EXTENSION = 109,
93 : : S2N_TLS_ALERT_UNSUPPORTED_EXTENSION = 110,
94 : : S2N_TLS_ALERT_UNRECOGNIZED_NAME = 112,
95 : : S2N_TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE = 113,
96 : : S2N_TLS_ALERT_UNKNOWN_PSK_IDENTITY = 115,
97 : : /*
98 : : *= https://www.rfc-editor.org/rfc/rfc8446#section-6
99 : : *# certificate_required(116),
100 : : *# no_application_protocol(120),
101 : : *# (255)
102 : : *# } AlertDescription;
103 : : */
104 : : S2N_TLS_ALERT_CERTIFICATE_REQUIRED = 116,
105 : : S2N_TLS_ALERT_NO_APPLICATION_PROTOCOL = 120,
106 : : } s2n_tls_alert_code;
107 : :
108 : : int s2n_process_alert_fragment(struct s2n_connection *conn);
109 : : int s2n_queue_reader_unsupported_protocol_version_alert(struct s2n_connection *conn);
110 : : int s2n_queue_reader_handshake_failure_alert(struct s2n_connection *conn);
111 : : S2N_RESULT s2n_queue_reader_no_renegotiation_alert(struct s2n_connection *conn);
112 : : S2N_RESULT s2n_alerts_write_error_or_close_notify(struct s2n_connection *conn);
113 : : S2N_RESULT s2n_alerts_write_warning(struct s2n_connection *conn);
|
