diff options
Diffstat (limited to 'src/lib/tls')
| -rw-r--r-- | src/lib/tls/msg_client_hello.cpp | 2 | ||||
| -rw-r--r-- | src/lib/tls/sessions_sql/tls_session_manager_sql.cpp | 4 | ||||
| -rw-r--r-- | src/lib/tls/tls_callbacks.cpp | 5 | ||||
| -rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp | 2 | ||||
| -rw-r--r-- | src/lib/tls/tls_channel.cpp | 20 | ||||
| -rw-r--r-- | src/lib/tls/tls_exceptn.h | 6 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.cpp | 2 | ||||
| -rw-r--r-- | src/lib/tls/tls_record.cpp | 2 | ||||
| -rw-r--r-- | src/lib/tls/tls_seq_numbers.h | 2 | ||||
| -rw-r--r-- | src/lib/tls/tls_text_policy.cpp | 2 |
10 files changed, 28 insertions, 19 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp index a9da82f07..2d303a77e 100644 --- a/src/lib/tls/msg_client_hello.cpp +++ b/src/lib/tls/msg_client_hello.cpp @@ -212,7 +212,7 @@ Client_Hello::Client_Hello(Handshake_IO& io, void Client_Hello::update_hello_cookie(const Hello_Verify_Request& hello_verify) { if(!m_version.is_datagram_protocol()) - throw Exception("Cannot use hello cookie with stream protocol"); + throw Invalid_State("Cannot use hello cookie with stream protocol"); m_hello_cookie = hello_verify.cookie(); } diff --git a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp index 45b3059f5..1959db266 100644 --- a/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp +++ b/src/lib/tls/sessions_sql/tls_session_manager_sql.cpp @@ -69,14 +69,14 @@ Session_Manager_SQL::Session_Manager_SQL(std::shared_ptr<SQL_Database> db, m_session_key.assign(x.begin() + 2, x.end()); if(check_val_created != check_val_db) - throw Exception("Session database password not valid"); + throw Invalid_Argument("Session database password not valid"); } } else { // maybe just zap the salts + sessions tables in this case? if(salts != 0) - throw Exception("Seemingly corrupted database, multiple salts found"); + throw Internal_Error("Seemingly corrupted TLS session db, multiple salts found"); // new database case diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index 6919c36ca..28884c1e2 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -71,7 +71,10 @@ void TLS::Callbacks::tls_verify_cert_chain( ocsp_responses); if(!result.successful_validation()) - throw Exception("Certificate validation failure: " + result.result_string()); + { + throw TLS_Exception(Alert::BAD_CERTIFICATE, + "Certificate validation failure: " + result.result_string()); + } } std::vector<uint8_t> TLS::Callbacks::tls_sign_message( diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index 23127642d..7376e655b 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -129,7 +129,7 @@ std::vector<uint8_t> TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len(uint16_t len) void TLS_CBC_HMAC_AEAD_Mode::set_associated_data(const uint8_t ad[], size_t ad_len) { if(ad_len != 13) - throw Exception("Invalid TLS AEAD associated data length"); + throw Invalid_Argument("Invalid TLS AEAD associated data length"); m_ad.assign(ad, ad + ad_len); } diff --git a/src/lib/tls/tls_channel.cpp b/src/lib/tls/tls_channel.cpp index 37f3ec415..d3d8f899d 100644 --- a/src/lib/tls/tls_channel.cpp +++ b/src/lib/tls/tls_channel.cpp @@ -132,11 +132,11 @@ Handshake_State& Channel::create_handshake_state(Protocol_Version version) Protocol_Version active_version = active->version(); if(active_version.is_datagram_protocol() != version.is_datagram_protocol()) - throw Exception("Active state using version " + - active_version.to_string() + - " cannot change to " + - version.to_string() + - " in pending"); + { + throw TLS_Exception(Alert::PROTOCOL_VERSION, + "Active state using version " + active_version.to_string() + + " cannot change to " + version.to_string() + " in pending"); + } } if(!m_sequence_numbers) @@ -190,7 +190,7 @@ void Channel::renegotiate(bool force_full_renegotiation) initiate_handshake(create_handshake_state(active->version()), force_full_renegotiation); else - throw Exception("Cannot renegotiate on inactive connection"); + throw Invalid_State("Cannot renegotiate on inactive connection"); } void Channel::change_cipher_spec_reader(Connection_Side side) @@ -550,7 +550,7 @@ void Channel::send_record_under_epoch(uint16_t epoch, uint8_t record_type, void Channel::send(const uint8_t buf[], size_t buf_size) { if(!is_active()) - throw Exception("Data cannot be sent on inactive TLS connection"); + throw Invalid_State("Data cannot be sent on inactive TLS connection"); send_record_array(sequence_numbers().current_write_epoch(), APPLICATION_DATA, buf, buf_size); @@ -679,7 +679,7 @@ SymmetricKey Channel::key_material_export(const std::string& label, { size_t context_size = context.length(); if(context_size > 0xFFFF) - throw Exception("key_material_export context is too long"); + throw Invalid_Argument("key_material_export context is too long"); salt.push_back(get_byte(0, static_cast<uint16_t>(context_size))); salt.push_back(get_byte(1, static_cast<uint16_t>(context_size))); salt += to_byte_vector(context); @@ -688,7 +688,9 @@ SymmetricKey Channel::key_material_export(const std::string& label, return prf->derive_key(length, master_secret, salt, to_byte_vector(label)); } else - throw Exception("Channel::key_material_export connection not active"); + { + throw Invalid_State("Channel::key_material_export connection not active"); + } } } diff --git a/src/lib/tls/tls_exceptn.h b/src/lib/tls/tls_exceptn.h index 572ff1885..e7d8c1963 100644 --- a/src/lib/tls/tls_exceptn.h +++ b/src/lib/tls/tls_exceptn.h @@ -16,7 +16,7 @@ namespace Botan { namespace TLS { /** -* Exception Base Class +* TLS Exception Base Class */ class BOTAN_PUBLIC_API(2,0) TLS_Exception : public Exception { @@ -27,6 +27,10 @@ class BOTAN_PUBLIC_API(2,0) TLS_Exception : public Exception const std::string& err_msg = "Unknown error") : Exception(err_msg), m_alert_type(type) {} + int error_code() const noexcept override { return static_cast<int>(m_alert_type); } + + ErrorType error_type() const noexcept override { return ErrorType::TLSError; } + private: Alert::Type m_alert_type; }; diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index c2d3ccf26..4c6c32d5d 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -486,7 +486,7 @@ std::vector<uint16_t> Policy::ciphersuite_list(Protocol_Version version, if(ciphersuites.empty()) { - throw Exception("Policy does not allow any available cipher suite"); + throw Invalid_State("Policy does not allow any available cipher suite"); } Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs); diff --git a/src/lib/tls/tls_record.cpp b/src/lib/tls/tls_record.cpp index b5ea33c07..ae807fcdc 100644 --- a/src/lib/tls/tls_record.cpp +++ b/src/lib/tls/tls_record.cpp @@ -90,7 +90,7 @@ Connection_Cipher_State::Connection_Cipher_State(Protocol_Version version, else if(our_side == false) m_aead->start(iv.bits_of()); #else - throw Exception("Negotiated disabled TLS CBC+HMAC ciphersuite"); + throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite"); #endif } else diff --git a/src/lib/tls/tls_seq_numbers.h b/src/lib/tls/tls_seq_numbers.h index 1be280453..85077f5f5 100644 --- a/src/lib/tls/tls_seq_numbers.h +++ b/src/lib/tls/tls_seq_numbers.h @@ -79,7 +79,7 @@ class Datagram_Sequence_Numbers final : public Connection_Sequence_Numbers uint64_t next_read_sequence() override { - throw Exception("DTLS uses explicit sequence numbers"); + throw Invalid_State("DTLS uses explicit sequence numbers"); } bool already_seen(uint64_t sequence) const override diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp index 5c7a4b278..829899fbc 100644 --- a/src/lib/tls/tls_text_policy.cpp +++ b/src/lib/tls/tls_text_policy.cpp @@ -283,7 +283,7 @@ bool Text_Policy::get_bool(const std::string& key, bool def) const } else { - throw Exception("Invalid boolean '" + v + "'"); + throw Decoding_Error("Invalid boolean '" + v + "'"); } } |