search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
set PIN function when reading a certificate
[gnutls.git] / lib / gnutls_errors.c
blobd41ef2c86317831d0902d5c957dfd71fc019dd5d
1 /*
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <gnutls_int.h>
24 #include "gnutls_errors.h"
25 #include <libtasn1.h>
26 #ifdef STDC_HEADERS
27 #include <stdarg.h>
28 #endif
29
30 /* I18n of error codes. */
31 #include "gettext.h"
32 #define _(String) dgettext (PACKAGE, String)
33 #define N_(String) gettext_noop (String)
34
35 #define ERROR_ENTRY(desc, name, fatal) \
36 { desc, #name, name, fatal}
37
38 struct gnutls_error_entry
39 {
40 const char *desc;
41 const char *_name;
42 int number;
43 int fatal; /* whether this error is fatal and the session for handshake
44 * should be terminated.
45 */
46 };
47 typedef struct gnutls_error_entry gnutls_error_entry;
48
49 static const gnutls_error_entry error_algorithms[] = {
50 /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
51 ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
52 ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
53 GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
54 ERROR_ENTRY (N_("No or insufficient priorities were set."),
55 GNUTLS_E_NO_PRIORITIES_WERE_SET, 1),
56 ERROR_ENTRY (N_("The cipher type is unsupported."),
57 GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
58 ERROR_ENTRY (N_("The certificate and the given key do not match."),
59 GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
60 ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
61 GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
62 ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
63 GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
64
65 ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
66 GNUTLS_E_UNWANTED_ALGORITHM, 1),
67 ERROR_ENTRY (N_("A record packet with illegal version was received."),
68 GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
69 ERROR_ENTRY (N_
70 ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
71 GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
72 ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
73 GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
74 ERROR_ENTRY (N_("The TLS connection was non-properly terminated."),
75 GNUTLS_E_PREMATURE_TERMINATION, 1),
76 ERROR_ENTRY (N_
77 ("The specified session has been invalidated for some reason."),
78 GNUTLS_E_INVALID_SESSION, 1),
79
80 ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
81 ERROR_ENTRY (N_("An illegal TLS extension was received."),
82 GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
83 ERROR_ENTRY (N_("A TLS fatal alert has been received."),
84 GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
85 ERROR_ENTRY (N_("An unexpected TLS packet was received."),
86 GNUTLS_E_UNEXPECTED_PACKET, 1),
87 ERROR_ENTRY (N_("A TLS warning alert has been received."),
88 GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
89 ERROR_ENTRY (N_
90 ("An error was encountered at the TLS Finished packet calculation."),
91 GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
92 ERROR_ENTRY (N_("No certificate was found."),
93 GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
94 ERROR_ENTRY (N_("The given DSA key is incompatible with the selected TLS protocol."),
95 GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL, 1),
96
97 ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
98 GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
99
100 ERROR_ENTRY (N_("No temporary RSA parameters were found."),
101 GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
102 ERROR_ENTRY (N_("No temporary DH parameters were found."),
103 GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
104 ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
105 GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
106 ERROR_ENTRY (N_("The scanning of a large integer has failed."),
107 GNUTLS_E_MPI_SCAN_FAILED, 1),
108 ERROR_ENTRY (N_("Could not export a large integer."),
109 GNUTLS_E_MPI_PRINT_FAILED, 1),
110 ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
111 ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
112 ERROR_ENTRY (N_("Public key decryption has failed."),
113 GNUTLS_E_PK_DECRYPTION_FAILED, 1),
114 ERROR_ENTRY (N_("Public key encryption has failed."),
115 GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
116 ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
117 1),
118 ERROR_ENTRY (N_("Public key signature verification has failed."),
119 GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
120 ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
121 GNUTLS_E_DECOMPRESSION_FAILED, 1),
122 ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
123 GNUTLS_E_COMPRESSION_FAILED, 1),
124
125 ERROR_ENTRY (N_("Internal error in memory allocation."),
126 GNUTLS_E_MEMORY_ERROR, 1),
127 ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
128 GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
129 ERROR_ENTRY (N_("Insufficient credentials for that request."),
130 GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
131 ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
132 ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
133 1),
134 ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
135 ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
136 ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
137 1),
138 ERROR_ENTRY (N_("Base64 unexpected header error."),
139 GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
140 1),
141 ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
142 1),
143 ERROR_ENTRY (N_("Parsing error in password file."),
144 GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
145 ERROR_ENTRY (N_("The requested data were not available."),
146 GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1),
147 ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
148 ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
149 ERROR_ENTRY (N_
150 ("The upper limit of record packet sequence numbers has been reached. Wow!"),
151 GNUTLS_E_RECORD_LIMIT_REACHED, 1),
152 ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
153 1),
154 ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
155 GNUTLS_E_X509_UNKNOWN_SAN, 1),
156
157 ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
158 GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
159 ERROR_ENTRY (N_("Unsupported extension in X.509 certificate."),
160 GNUTLS_E_X509_UNSUPPORTED_EXTENSION, 1),
161 ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
162 GNUTLS_E_KEY_USAGE_VIOLATION, 1),
163 ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
164 GNUTLS_E_AGAIN, 0),
165 ERROR_ENTRY (N_("The transmitted packet is too large (EMSGSIZE)."),
166 GNUTLS_E_LARGE_PACKET, 0),
167 ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
168 ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
169 GNUTLS_E_REHANDSHAKE, 0),
170 ERROR_ENTRY (N_
171 ("TLS Application data were received, while expecting handshake data."),
172 GNUTLS_E_GOT_APPLICATION_DATA, 1),
173 ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
174 ERROR_ENTRY (N_("The certificate type is not supported."),
175 GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
176 ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
177 GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
178 ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
179 ERROR_ENTRY (N_("The cookie was bad."), GNUTLS_E_BAD_COOKIE, 1),
180 ERROR_ENTRY (N_("An illegal parameter has been received."),
181 GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
182 ERROR_ENTRY (N_("An illegal parameter was found."),
183 GNUTLS_E_ILLEGAL_PARAMETER, 1),
184 ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
185
186 ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
187 GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
188 ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
189 GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
190 ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
191 GNUTLS_E_ASN1_DER_ERROR, 1),
192 ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
193 GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
194 ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
195 GNUTLS_E_ASN1_GENERIC_ERROR, 1),
196 ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
197 GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
198 ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
199 ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
200 GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
201 ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
202 GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
203 ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
204 1),
205 ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
206 GNUTLS_E_ASN1_DER_OVERFLOW, 1),
207
208 ERROR_ENTRY (N_("Too many empty record packets have been received."),
209 GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
210 ERROR_ENTRY (N_("Too many handshake packets have been received."),
211 GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS, 1),
212 ERROR_ENTRY (N_("The crypto library version is too old."),
213 GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
214
215 ERROR_ENTRY (N_("The tasn1 library version is too old."),
216 GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
217 ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
218 GNUTLS_E_OPENPGP_UID_REVOKED, 1),
219 ERROR_ENTRY (N_("The OpenPGP key has not a preferred key set."),
220 GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR, 1),
221 ERROR_ENTRY (N_("Error loading the keyring."),
222 GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
223 ERROR_ENTRY (N_("The initialization of crypto backend has failed."),
224 GNUTLS_E_CRYPTO_INIT_FAILED, 1),
225 ERROR_ENTRY (N_("No supported compression algorithms have been found."),
226 GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
227 ERROR_ENTRY (N_("No supported cipher suites have been found."),
228 GNUTLS_E_NO_CIPHER_SUITES, 1),
229 ERROR_ENTRY (N_("Could not get OpenPGP key."),
230 GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
231 ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
232 GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
233 ERROR_ENTRY (N_("Safe renegotiation failed."),
234 GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
235 ERROR_ENTRY (N_("Unsafe renegotiation denied."),
236 GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
237
238 ERROR_ENTRY (N_("The SRP username supplied is illegal."),
239 GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
240 ERROR_ENTRY (N_("The SRP username supplied is unknown."),
241 GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
242
243 ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
244 GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
245 ERROR_ENTRY (N_("The signature algorithm is not supported."),
246 GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
247 ERROR_ENTRY (N_("The certificate has unsupported attributes."),
248 GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
249 ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
250 1),
251 ERROR_ENTRY (N_("The hash algorithm is unknown."),
252 GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
253 ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
254 GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
255 ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
256 GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
257 ERROR_ENTRY (N_("The given password contains invalid characters."),
258 GNUTLS_E_INVALID_PASSWORD, 1),
259 ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
260 GNUTLS_E_MAC_VERIFY_FAILED, 1),
261 ERROR_ENTRY (N_("Some constraint limits were reached."),
262 GNUTLS_E_CONSTRAINT_ERROR, 1),
263 ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
264 1),
265
266 ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
267 GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
268 ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
269 GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
270 ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
271 GNUTLS_E_IA_VERIFY_FAILED, 1),
272
273 ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
274 GNUTLS_E_UNKNOWN_ALGORITHM, 1),
275
276 ERROR_ENTRY (N_("The handshake data size is too large."),
277 GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
278
279 ERROR_ENTRY (N_("Error opening /dev/crypto"),
280 GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
281
282 ERROR_ENTRY (N_("Error interfacing with /dev/crypto"),
283 GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
284 ERROR_ENTRY (N_("Peer has terminated the connection"),
285 GNUTLS_E_SESSION_EOF, 1),
286 ERROR_ENTRY (N_("Channel binding data not available"),
287 GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1),
288
289 ERROR_ENTRY (N_("TPM error."),
290 GNUTLS_E_TPM_ERROR, 1),
291 ERROR_ENTRY (N_("TPM is not initialized."),
292 GNUTLS_E_TPM_UNINITIALIZED, 1),
293 ERROR_ENTRY (N_("TPM key was not found in persistent storage."),
294 GNUTLS_E_TPM_KEY_NOT_FOUND, 1),
295 ERROR_ENTRY (N_("Cannot initialize a session with the TPM."),
296 GNUTLS_E_TPM_SESSION_ERROR, 1),
297 ERROR_ENTRY (N_("PKCS #11 error."),
298 GNUTLS_E_PKCS11_ERROR, 1),
299 ERROR_ENTRY (N_("PKCS #11 initialization error."),
300 GNUTLS_E_PKCS11_LOAD_ERROR, 1),
301 ERROR_ENTRY (N_("Error in parsing."),
302 GNUTLS_E_PARSING_ERROR, 1),
303 ERROR_ENTRY (N_("Error in provided PIN."),
304 GNUTLS_E_PKCS11_PIN_ERROR, 1),
305 ERROR_ENTRY (N_("Error in provided SRK password for TPM."),
306 GNUTLS_E_TPM_SRK_PASSWORD_ERROR, 1),
307 ERROR_ENTRY (N_("Error in provided password for key to be loaded in TPM."),
308 GNUTLS_E_TPM_KEY_PASSWORD_ERROR, 1),
309 ERROR_ENTRY (N_("PKCS #11 error in slot"),
310 GNUTLS_E_PKCS11_SLOT_ERROR, 1),
311 ERROR_ENTRY (N_("Thread locking error"),
312 GNUTLS_E_LOCKING_ERROR, 1),
313 ERROR_ENTRY (N_("PKCS #11 error in attribute"),
314 GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
315 ERROR_ENTRY (N_("PKCS #11 error in device"),
316 GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
317 ERROR_ENTRY (N_("PKCS #11 error in data"),
318 GNUTLS_E_PKCS11_DATA_ERROR, 1),
319 ERROR_ENTRY (N_("PKCS #11 unsupported feature"),
320 GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
321 ERROR_ENTRY (N_("PKCS #11 error in key"),
322 GNUTLS_E_PKCS11_KEY_ERROR, 1),
323 ERROR_ENTRY (N_("PKCS #11 PIN expired"),
324 GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
325 ERROR_ENTRY (N_("PKCS #11 PIN locked"),
326 GNUTLS_E_PKCS11_PIN_LOCKED, 1),
327 ERROR_ENTRY (N_("PKCS #11 error in session"),
328 GNUTLS_E_PKCS11_SESSION_ERROR, 1),
329 ERROR_ENTRY (N_("PKCS #11 error in signature"),
330 GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
331 ERROR_ENTRY (N_("PKCS #11 error in token"),
332 GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
333 ERROR_ENTRY (N_("PKCS #11 user error"),
334 GNUTLS_E_PKCS11_USER_ERROR, 1),
335 ERROR_ENTRY (N_("The operation timed out"),
336 GNUTLS_E_TIMEDOUT, 1),
337 ERROR_ENTRY (N_("The operation was cancelled due to user error"),
338 GNUTLS_E_USER_ERROR, 1),
339 ERROR_ENTRY (N_("No supported ECC curves were found"),
340 GNUTLS_E_ECC_NO_SUPPORTED_CURVES, 1),
341 ERROR_ENTRY (N_("The curve is unsupported"),
342 GNUTLS_E_ECC_UNSUPPORTED_CURVE, 1),
343 ERROR_ENTRY (N_("The requested PKCS #11 object is not available"),
344 GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE, 1),
345 ERROR_ENTRY (N_("The provided X.509 certificate list is not sorted (in subject to issuer order)"),
346 GNUTLS_E_CERTIFICATE_LIST_UNSORTED, 1),
347 {NULL, NULL, 0, 0}
348 };
349
350 /**
351 * gnutls_error_is_fatal:
352 * @error: is a GnuTLS error code, a negative error code
353 *
354 * If a GnuTLS function returns a negative error code you may feed that
355 * value to this function to see if the error condition is fatal.
356 * Note that you may also want to check the error code manually, since some
357 * non-fatal errors to the protocol (such as a warning alert or
358 * a rehandshake request) may be fatal for your program.
359 *
360 * This function is only useful if you are dealing with errors from
361 * the record layer or the handshake layer.
362 *
363 * Returns: 1 if the error code is fatal, for positive @error values,
364 * 0 is returned. For unknown @error values, -1 is returned.
365 **/
366 int
367 gnutls_error_is_fatal (int error)
368 {
369 int ret = 1;
370 const gnutls_error_entry *p;
371
372 /* Input sanitzation. Positive values are not errors at all, and
373 definitely not fatal. */
374 if (error > 0)
375 return 0;
376
377 for (p = error_algorithms; p->desc != NULL; p++)
378 {
379 if (p->number == error)
380 {
381 ret = p->fatal;
382 break;
383 }
384 }
385
386 return ret;
387 }
388
389 /**
390 * gnutls_perror:
391 * @error: is a GnuTLS error code, a negative error code
392 *
393 * This function is like perror(). The only difference is that it
394 * accepts an error number returned by a gnutls function.
395 **/
396 void
397 gnutls_perror (int error)
398 {
399 fprintf (stderr, "GnuTLS error: %s\n", gnutls_strerror (error));
400 }
401
402
403 /**
404 * gnutls_strerror:
405 * @error: is a GnuTLS error code, a negative error code
406 *
407 * This function is similar to strerror. The difference is that it
408 * accepts an error number returned by a gnutls function; In case of
409 * an unknown error a descriptive string is sent instead of %NULL.
410 *
411 * Error codes are always a negative error code.
412 *
413 * Returns: A string explaining the GnuTLS error message.
414 **/
415 const char *
416 gnutls_strerror (int error)
417 {
418 const char *ret = NULL;
419 const gnutls_error_entry *p;
420
421 for (p = error_algorithms; p->desc != NULL; p++)
422 {
423 if (p->number == error)
424 {
425 ret = p->desc;
426 break;
427 }
428 }
429
430 /* avoid prefix */
431 if (ret == NULL)
432 return _("(unknown error code)");
433
434 return _(ret);
435 }
436
437 /**
438 * gnutls_strerror_name:
439 * @error: is an error returned by a gnutls function.
440 *
441 * Return the GnuTLS error code define as a string. For example,
442 * gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return
443 * the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE".
444 *
445 * Returns: A string corresponding to the symbol name of the error
446 * code.
447 *
448 * Since: 2.6.0
449 **/
450 const char *
451 gnutls_strerror_name (int error)
452 {
453 const char *ret = NULL;
454 const gnutls_error_entry *p;
455
456 for (p = error_algorithms; p->desc != NULL; p++)
457 {
458 if (p->number == error)
459 {
460 ret = p->_name;
461 break;
462 }
463 }
464
465 return ret;
466 }
467
468 int
469 _gnutls_asn2err (int asn_err)
470 {
471 switch (asn_err)
472 {
473 case ASN1_FILE_NOT_FOUND:
474 return GNUTLS_E_FILE_ERROR;
475 case ASN1_ELEMENT_NOT_FOUND:
476 return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
477 case ASN1_IDENTIFIER_NOT_FOUND:
478 return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
479 case ASN1_DER_ERROR:
480 return GNUTLS_E_ASN1_DER_ERROR;
481 case ASN1_VALUE_NOT_FOUND:
482 return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
483 case ASN1_GENERIC_ERROR:
484 return GNUTLS_E_ASN1_GENERIC_ERROR;
485 case ASN1_VALUE_NOT_VALID:
486 return GNUTLS_E_ASN1_VALUE_NOT_VALID;
487 case ASN1_TAG_ERROR:
488 return GNUTLS_E_ASN1_TAG_ERROR;
489 case ASN1_TAG_IMPLICIT:
490 return GNUTLS_E_ASN1_TAG_IMPLICIT;
491 case ASN1_ERROR_TYPE_ANY:
492 return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
493 case ASN1_SYNTAX_ERROR:
494 return GNUTLS_E_ASN1_SYNTAX_ERROR;
495 case ASN1_MEM_ERROR:
496 return GNUTLS_E_SHORT_MEMORY_BUFFER;
497 case ASN1_MEM_ALLOC_ERROR:
498 return GNUTLS_E_MEMORY_ERROR;
499 case ASN1_DER_OVERFLOW:
500 return GNUTLS_E_ASN1_DER_OVERFLOW;
501 default:
502 return GNUTLS_E_ASN1_GENERIC_ERROR;
503 }
504 }
505
506 void
507 _gnutls_mpi_log (const char *prefix, bigint_t a)
508 {
509 size_t binlen = 0;
510 void *binbuf;
511 size_t hexlen;
512 char *hexbuf;
513 int res;
514
515 if (_gnutls_log_level < 2) return;
516
517 res = _gnutls_mpi_print (a, NULL, &binlen);
518 if (res < 0 && res != GNUTLS_E_SHORT_MEMORY_BUFFER)
519 {
520 gnutls_assert ();
521 _gnutls_hard_log ("MPI: %s can't print value (%d/%d)\n", prefix, res,
522 (int) binlen);
523 return;
524 }
525
526 if (binlen > 1024 * 1024)
527 {
528 gnutls_assert ();
529 _gnutls_hard_log ("MPI: %s too large mpi (%d)\n", prefix, (int) binlen);
530 return;
531 }
532
533 binbuf = gnutls_malloc (binlen);
534 if (!binbuf)
535 {
536 gnutls_assert ();
537 _gnutls_hard_log ("MPI: %s out of memory (%d)\n", prefix, (int) binlen);
538 return;
539 }
540
541 res = _gnutls_mpi_print (a, binbuf, &binlen);
542 if (res != 0)
543 {
544 gnutls_assert ();
545 _gnutls_hard_log ("MPI: %s can't print value (%d/%d)\n", prefix, res,
546 (int) binlen);
547 gnutls_free (binbuf);
548 return;
549 }
550
551 hexlen = 2 * binlen + 1;
552 hexbuf = gnutls_malloc (hexlen);
553
554 if (!hexbuf)
555 {
556 gnutls_assert ();
557 _gnutls_hard_log ("MPI: %s out of memory (hex %d)\n", prefix, (int) hexlen);
558 gnutls_free (binbuf);
559 return;
560 }
561
562 _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen, NULL);
563
564 _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
565 hexbuf);
566
567 gnutls_free (hexbuf);
568 gnutls_free (binbuf);
569 }
570
571 /* this function will output a message using the
572 * caller provided function
573 */
574 void
575 _gnutls_log (int level, const char *fmt, ...)
576 {
577 va_list args;
578 char *str;
579 int ret;
580
581 if (_gnutls_log_func == NULL)
582 return;
583
584 va_start (args, fmt);
585 ret = vasprintf (&str, fmt, args);
586 va_end (args);
587
588 if (ret >= 0)
589 {
590 _gnutls_log_func (level, str);
591 free (str);
592 }
593 }
594
595 void
596 _gnutls_audit_log (gnutls_session_t session, const char *fmt, ...)
597 {
598 va_list args;
599 char *str;
600 int ret;
601
602 if (_gnutls_audit_log_func == NULL && _gnutls_log_func == NULL)
603 return;
604
605 va_start (args, fmt);
606 ret = vasprintf (&str, fmt, args);
607 va_end (args);
608
609 if (ret >= 0)
610 {
611 if (_gnutls_audit_log_func)
612 _gnutls_audit_log_func (session, str);
613 else
614 _gnutls_log_func(1, str);
615 free (str);
616 }
617 }
618
619 #ifndef DEBUG
620 #ifndef C99_MACROS
621
622 /* Without C99 macros these functions have to
623 * be called. This may affect performance.
624 */
625 void
626 _gnutls_null_log (void *x, ...)
627 {
628 return;
629 }
630
631 #endif /* C99_MACROS */
632 #endif /* DEBUG */
Implementation of the SSL/TLS protocol