lib/gnutls_errors.c

   1 /*
   2  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
   3  *
   4  * Author: Nikos Mavroyanopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 #include <gnutls_int.h>
  26 #include "gnutls_errors.h"
  27 #include <libtasn1.h>
  28 #ifdef STDC_HEADERS
  29 # include <stdarg.h>
  30 #endif
  31
  32 /* I18n of error codes. */
  33 #include "gettext.h"
  34 #define _(String) dgettext (PACKAGE, String)
  35 #define N_(String) gettext_noop (String)
  36
  37 extern LOG_FUNC _gnutls_log_func;
  38
  39 #define ERROR_ENTRY(desc, name, fatal) \
  40         { desc, #name, name, fatal}
  41
  42 struct gnutls_error_entry
  43 {
  44   const char *desc;
  45   const char *_name;
  46   int number;
  47   int fatal;
  48 };
  49 typedef struct gnutls_error_entry gnutls_error_entry;
  50
  51 static const gnutls_error_entry error_algorithms[] = {
  52   /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
  53   ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
  54   ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
  55                GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
  56   ERROR_ENTRY (N_("The cipher type is unsupported."),
  57                GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
  58   ERROR_ENTRY (N_("The certificate and the given key do not match."),
  59                GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
  60   ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
  61                GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
  62   ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
  63                GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
  64
  65   ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
  66                GNUTLS_E_UNWANTED_ALGORITHM, 1),
  67   ERROR_ENTRY (N_("A large TLS record packet was received."),
  68                GNUTLS_E_LARGE_PACKET, 1),
  69   ERROR_ENTRY (N_("A record packet with illegal version was received."),
  70                GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
  71   ERROR_ENTRY (N_("The Diffie Hellman prime sent by the server is not acceptable (not long enough)."),
  72      GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
  73   ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
  74                GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
  75   ERROR_ENTRY (N_("The specified session has been invalidated for some reason."),
  76                GNUTLS_E_INVALID_SESSION, 1),
  77
  78   ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
  79   ERROR_ENTRY (N_("An illegal TLS extension was received."),
  80                GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
  81   ERROR_ENTRY (N_("A TLS fatal alert has been received."),
  82                GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
  83   ERROR_ENTRY (N_("An unexpected TLS packet was received."),
  84                GNUTLS_E_UNEXPECTED_PACKET, 1),
  85   ERROR_ENTRY (N_("A TLS warning alert has been received."),
  86                GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
  87   ERROR_ENTRY (N_("An error was encountered at the TLS Finished packet calculation."),
  88      GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
  89   ERROR_ENTRY (N_("The peer did not send any certificate."),
  90                GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
  91
  92   ERROR_ENTRY (N_("No temporary RSA parameters were found."),
  93                GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
  94   ERROR_ENTRY (N_("No temporary DH parameters were found."),
  95                GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
  96   ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
  97                GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
  98   ERROR_ENTRY (N_("The scanning of a large integer has failed."),
  99                GNUTLS_E_MPI_SCAN_FAILED, 1),
 100   ERROR_ENTRY (N_("Could not export a large integer."),
 101                GNUTLS_E_MPI_PRINT_FAILED, 1),
 102   ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
 103   ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
 104   ERROR_ENTRY (N_("Public key decryption has failed."),
 105                GNUTLS_E_PK_DECRYPTION_FAILED, 1),
 106   ERROR_ENTRY (N_("Public key encryption has failed."),
 107                GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
 108   ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
 109                1),
 110   ERROR_ENTRY (N_("Public key signature verification has failed."),
 111                GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
 112   ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
 113                GNUTLS_E_DECOMPRESSION_FAILED, 1),
 114   ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
 115                GNUTLS_E_COMPRESSION_FAILED, 1),
 116
 117   ERROR_ENTRY (N_("Internal error in memory allocation."),
 118                GNUTLS_E_MEMORY_ERROR, 1),
 119   ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
 120                GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
 121   ERROR_ENTRY (N_("Insufficient credentials for that request."),
 122                GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
 123   ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
 124   ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
 125                1),
 126   ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
 127   ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
 128   ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
 129                1),
 130   ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
 131                1),
 132   ERROR_ENTRY (N_("Parsing error in password file."),
 133                GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
 134   ERROR_ENTRY (N_("The requested data were not available."),
 135                GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0),
 136   ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
 137   ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
 138   ERROR_ENTRY (N_("The upper limit of record packet sequence numbers has been reached. Wow!"),
 139      GNUTLS_E_RECORD_LIMIT_REACHED, 1),
 140   ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
 141                1),
 142   ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
 143                GNUTLS_E_X509_UNKNOWN_SAN, 1),
 144
 145   ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
 146                GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
 147   ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
 148                GNUTLS_E_KEY_USAGE_VIOLATION, 1),
 149   ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_AGAIN, 0),
 150   ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
 151   ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
 152                GNUTLS_E_REHANDSHAKE, 0),
 153   ERROR_ENTRY (N_("TLS Application data were received, while expecting handshake data."),
 154      GNUTLS_E_GOT_APPLICATION_DATA, 1),
 155   ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
 156   ERROR_ENTRY (N_("The certificate type is not supported."),
 157                GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
 158   ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
 159                GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
 160   ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
 161   ERROR_ENTRY (N_("An illegal parameter has been received."),
 162                GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
 163   ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
 164
 165   ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
 166                GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
 167   ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
 168                GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
 169   ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
 170                GNUTLS_E_ASN1_DER_ERROR, 1),
 171   ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
 172                GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
 173   ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
 174                GNUTLS_E_ASN1_GENERIC_ERROR, 1),
 175   ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
 176                GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
 177   ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
 178   ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
 179                GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
 180   ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
 181                GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
 182   ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
 183                1),
 184   ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
 185                GNUTLS_E_ASN1_DER_OVERFLOW, 1),
 186
 187   ERROR_ENTRY (N_("Too many empty record packets have been received."),
 188                GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
 189   ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
 190                GNUTLS_E_INIT_LIBEXTRA, 1),
 191   ERROR_ENTRY (N_("The GnuTLS library version does not match the GnuTLS-extra library version."),
 192      GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
 193   ERROR_ENTRY (N_("The gcrypt library version is too old."),
 194                GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
 195
 196   ERROR_ENTRY (N_("The tasn1 library version is too old."),
 197                GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
 198   ERROR_ENTRY (N_("The specified GnuPG TrustDB version is not supported. TrustDB v4 is supported."),
 199      GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED, 1),
 200
 201   ERROR_ENTRY (N_("Error loading the keyring."),
 202                GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
 203   ERROR_ENTRY (N_("The initialization of LZO has failed."),
 204                GNUTLS_E_LZO_INIT_FAILED, 1),
 205   ERROR_ENTRY (N_("No supported compression algorithms have been found."),
 206                GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
 207   ERROR_ENTRY (N_("No supported cipher suites have been found."),
 208                GNUTLS_E_NO_CIPHER_SUITES, 1),
 209   ERROR_ENTRY (N_("Could not get OpenPGP key."),
 210                GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
 211
 212   ERROR_ENTRY (N_("The SRP username supplied is illegal."),
 213                GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
 214
 215   ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
 216                GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
 217   ERROR_ENTRY (N_("The certificate has unsupported attributes."),
 218                GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
 219   ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
 220                1),
 221   ERROR_ENTRY (N_("The hash algorithm is unknown."),
 222                GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
 223   ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
 224                GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
 225   ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
 226                GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
 227   ERROR_ENTRY (N_("The given password contains invalid characters."),
 228                GNUTLS_E_INVALID_PASSWORD, 1),
 229   ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
 230                GNUTLS_E_MAC_VERIFY_FAILED, 1),
 231   ERROR_ENTRY (N_("Some constraint limits were reached."),
 232                GNUTLS_E_CONSTRAINT_ERROR, 1),
 233   ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
 234                1),
 235
 236   ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
 237                GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
 238   ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
 239                GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
 240   ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
 241                GNUTLS_E_IA_VERIFY_FAILED, 1),
 242
 243   {NULL, NULL, 0, 0}
 244 };
 245
 246 #define GNUTLS_ERROR_LOOP(b) \
 247         const gnutls_error_entry *p; \
 248                 for(p = error_algorithms; p->desc != NULL; p++) { b ; }
 249
 250 #define GNUTLS_ERROR_ALG_LOOP(a) \
 251                         GNUTLS_ERROR_LOOP( if(p->number == error) { a; break; } )
 252
 253
 254
 255 /**
 256   * gnutls_error_is_fatal - Returns non-zero in case of a fatal error
 257   * @error: is an error returned by a gnutls function. Error should be a negative value.
 258   *
 259   * If a function returns a negative value you may feed that value
 260   * to this function to see if it is fatal. Returns 1 for a fatal
 261   * error 0 otherwise. However you may want to check the
 262   * error code manually, since some non-fatal errors to the protocol
 263   * may be fatal for you (your program).
 264   *
 265   * This is only useful if you are dealing with errors from the
 266   * record layer or the handshake layer.
 267   *
 268   * For positive @error values, 0 is returned.
 269   *
 270   **/
 271 int
 272 gnutls_error_is_fatal (int error)
 273 {
 274   int ret = 1;
 275
 276   /* Input sanitzation.  Positive values are not errors at all, and
 277      definitely not fatal. */
 278   if (error > 0)
 279     return 0;
 280
 281   GNUTLS_ERROR_ALG_LOOP (ret = p->fatal);
 282
 283   return ret;
 284 }
 285
 286 /**
 287   * gnutls_perror - prints a string to stderr with a description of an error
 288   * @error: is an error returned by a gnutls function. Error is always a negative value.
 289   *
 290   * This function is like perror(). The only difference is that it accepts an
 291   * error number returned by a gnutls function.
 292   **/
 293 void
 294 gnutls_perror (int error)
 295 {
 296   const char *ret = NULL;
 297
 298   /* avoid prefix */
 299   GNUTLS_ERROR_ALG_LOOP (ret = p->desc);
 300   if (ret == NULL)
 301     ret = "(unknown)";
 302   fprintf (stderr, "GNUTLS ERROR: %s\n", _(ret));
 303 }
 304
 305
 306 /**
 307   * gnutls_strerror - Returns a string with a description of an error
 308   * @error: is an error returned by a gnutls function. Error is always a negative value.
 309   *
 310   * This function is similar to strerror(). Differences: it accepts an error
 311   * number returned by a gnutls function; In case of an unknown error
 312   * a descriptive string is sent instead of NULL.
 313   **/
 314 const char *
 315 gnutls_strerror (int error)
 316 {
 317   const char *ret = NULL;
 318
 319   /* avoid prefix */
 320   GNUTLS_ERROR_ALG_LOOP (ret = p->desc);
 321   if (ret == NULL)
 322     return "(unknown error code)";
 323   return _(ret);
 324 }
 325
 326 /* This will print the actual define of the
 327  * given error code.
 328  */
 329 const char *
 330 _gnutls_strerror (int error)
 331 {
 332   const char *ret = NULL;
 333
 334   /* avoid prefix */
 335   GNUTLS_ERROR_ALG_LOOP (ret = p->_name);
 336
 337   return _(ret);
 338 }
 339
 340 int
 341 _gnutls_asn2err (int asn_err)
 342 {
 343   switch (asn_err)
 344     {
 345     case ASN1_FILE_NOT_FOUND:
 346       return GNUTLS_E_FILE_ERROR;
 347     case ASN1_ELEMENT_NOT_FOUND:
 348       return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
 349     case ASN1_IDENTIFIER_NOT_FOUND:
 350       return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
 351     case ASN1_DER_ERROR:
 352       return GNUTLS_E_ASN1_DER_ERROR;
 353     case ASN1_VALUE_NOT_FOUND:
 354       return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
 355     case ASN1_GENERIC_ERROR:
 356       return GNUTLS_E_ASN1_GENERIC_ERROR;
 357     case ASN1_VALUE_NOT_VALID:
 358       return GNUTLS_E_ASN1_VALUE_NOT_VALID;
 359     case ASN1_TAG_ERROR:
 360       return GNUTLS_E_ASN1_TAG_ERROR;
 361     case ASN1_TAG_IMPLICIT:
 362       return GNUTLS_E_ASN1_TAG_IMPLICIT;
 363     case ASN1_ERROR_TYPE_ANY:
 364       return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
 365     case ASN1_SYNTAX_ERROR:
 366       return GNUTLS_E_ASN1_SYNTAX_ERROR;
 367     case ASN1_MEM_ERROR:
 368       return GNUTLS_E_SHORT_MEMORY_BUFFER;
 369     case ASN1_MEM_ALLOC_ERROR:
 370       return GNUTLS_E_MEMORY_ERROR;
 371     case ASN1_DER_OVERFLOW:
 372       return GNUTLS_E_ASN1_DER_OVERFLOW;
 373     default:
 374       return GNUTLS_E_ASN1_GENERIC_ERROR;
 375     }
 376 }
 377
 378
 379 /* this function will output a message using the
 380  * caller provided function
 381  */
 382 void
 383 _gnutls_log (int level, const char *fmt, ...)
 384 {
 385   va_list args;
 386   char str[MAX_LOG_SIZE];
 387   void (*log_func) (int, const char *) = _gnutls_log_func;
 388
 389   if (_gnutls_log_func == NULL)
 390     return;
 391
 392   va_start (args, fmt);
 393   vsnprintf (str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */
 394   va_end (args);
 395
 396   log_func (level, str);
 397 }
 398
 399 #ifndef DEBUG
 400 # ifndef C99_MACROS
 401
 402 /* Without C99 macros these functions have to
 403  * be called. This may affect performance.
 404  */
 405 void
 406 _gnutls_null_log (void *x, ...)
 407 {
 408   return;
 409 }
 410
 411 # endif /* C99_MACROS */
 412 #endif /* DEBUG */