lib/gnutls_errors.c

   1 /*
   2  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
   3  * 2009, 2010 Free Software Foundation, Inc.
   4  *
   5  * Author: Nikos Mavrogiannopoulos
   6  *
   7  * This file is part of GNUTLS.
   8  *
   9  * The GNUTLS library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 2.1 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  22  * USA
  23  *
  24  */
  25
  26 #include <gnutls_int.h>
  27 #include "gnutls_errors.h"
  28 #include <libtasn1.h>
  29 #ifdef STDC_HEADERS
  30 # include <stdarg.h>
  31 #endif
  32
  33 /* I18n of error codes. */
  34 #include "gettext.h"
  35 #define _(String) dgettext (PACKAGE, String)
  36 #define N_(String) gettext_noop (String)
  37
  38 #define ERROR_ENTRY(desc, name, fatal) \
  39         { desc, #name, name, fatal}
  40
  41 struct gnutls_error_entry
  42 {
  43   const char *desc;
  44   const char *_name;
  45   int number;
  46   int fatal;
  47 };
  48 typedef struct gnutls_error_entry gnutls_error_entry;
  49
  50 static const gnutls_error_entry error_algorithms[] = {
  51   /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
  52   ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
  53   ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
  54                GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
  55   ERROR_ENTRY (N_("The cipher type is unsupported."),
  56                GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
  57   ERROR_ENTRY (N_("The certificate and the given key do not match."),
  58                GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
  59   ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
  60                GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
  61   ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
  62                GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
  63
  64   ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
  65                GNUTLS_E_UNWANTED_ALGORITHM, 1),
  66   ERROR_ENTRY (N_("A large TLS record packet was received."),
  67                GNUTLS_E_LARGE_PACKET, 1),
  68   ERROR_ENTRY (N_("A record packet with illegal version was received."),
  69                GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
  70   ERROR_ENTRY (N_
  71                ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
  72                GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
  73   ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
  74                GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
  75   ERROR_ENTRY (N_
  76                ("The specified session has been invalidated for some reason."),
  77                GNUTLS_E_INVALID_SESSION, 1),
  78
  79   ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
  80   ERROR_ENTRY (N_("An illegal TLS extension was received."),
  81                GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
  82   ERROR_ENTRY (N_("A TLS fatal alert has been received."),
  83                GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
  84   ERROR_ENTRY (N_("An unexpected TLS packet was received."),
  85                GNUTLS_E_UNEXPECTED_PACKET, 1),
  86   ERROR_ENTRY (N_("A TLS warning alert has been received."),
  87                GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
  88   ERROR_ENTRY (N_
  89                ("An error was encountered at the TLS Finished packet calculation."),
  90                GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
  91   ERROR_ENTRY (N_("The peer did not send any certificate."),
  92                GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
  93
  94   ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
  95                GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 0),
  96
  97   ERROR_ENTRY (N_("No temporary RSA parameters were found."),
  98                GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
  99   ERROR_ENTRY (N_("No temporary DH parameters were found."),
 100                GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
 101   ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
 102                GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
 103   ERROR_ENTRY (N_("The scanning of a large integer has failed."),
 104                GNUTLS_E_MPI_SCAN_FAILED, 1),
 105   ERROR_ENTRY (N_("Could not export a large integer."),
 106                GNUTLS_E_MPI_PRINT_FAILED, 1),
 107   ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
 108   ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
 109   ERROR_ENTRY (N_("Public key decryption has failed."),
 110                GNUTLS_E_PK_DECRYPTION_FAILED, 1),
 111   ERROR_ENTRY (N_("Public key encryption has failed."),
 112                GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
 113   ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
 114                1),
 115   ERROR_ENTRY (N_("Public key signature verification has failed."),
 116                GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
 117   ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
 118                GNUTLS_E_DECOMPRESSION_FAILED, 1),
 119   ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
 120                GNUTLS_E_COMPRESSION_FAILED, 1),
 121
 122   ERROR_ENTRY (N_("Internal error in memory allocation."),
 123                GNUTLS_E_MEMORY_ERROR, 1),
 124   ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
 125                GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
 126   ERROR_ENTRY (N_("Insufficient credentials for that request."),
 127                GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
 128   ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
 129   ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
 130                1),
 131   ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
 132   ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
 133   ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
 134                1),
 135   ERROR_ENTRY (N_("Base64 unexpected header error."),
 136                GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
 137                1),
 138   ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
 139                1),
 140   ERROR_ENTRY (N_("Parsing error in password file."),
 141                GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
 142   ERROR_ENTRY (N_("The requested data were not available."),
 143                GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0),
 144   ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
 145   ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
 146   ERROR_ENTRY (N_
 147                ("The upper limit of record packet sequence numbers has been reached. Wow!"),
 148                GNUTLS_E_RECORD_LIMIT_REACHED, 1),
 149   ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
 150                1),
 151   ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
 152                GNUTLS_E_X509_UNKNOWN_SAN, 1),
 153
 154   ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
 155                GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
 156   ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
 157                GNUTLS_E_KEY_USAGE_VIOLATION, 1),
 158   ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
 159                GNUTLS_E_AGAIN, 0),
 160   ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
 161   ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
 162                GNUTLS_E_REHANDSHAKE, 0),
 163   ERROR_ENTRY (N_
 164                ("TLS Application data were received, while expecting handshake data."),
 165                GNUTLS_E_GOT_APPLICATION_DATA, 1),
 166   ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
 167   ERROR_ENTRY (N_("The certificate type is not supported."),
 168                GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
 169   ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
 170                GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
 171   ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
 172   ERROR_ENTRY (N_("An illegal parameter has been received."),
 173                GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
 174   ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
 175
 176   ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
 177                GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
 178   ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
 179                GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
 180   ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
 181                GNUTLS_E_ASN1_DER_ERROR, 1),
 182   ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
 183                GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
 184   ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
 185                GNUTLS_E_ASN1_GENERIC_ERROR, 1),
 186   ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
 187                GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
 188   ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
 189   ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
 190                GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
 191   ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
 192                GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
 193   ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
 194                1),
 195   ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
 196                GNUTLS_E_ASN1_DER_OVERFLOW, 1),
 197
 198   ERROR_ENTRY (N_("Too many empty record packets have been received."),
 199                GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
 200   ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
 201                GNUTLS_E_INIT_LIBEXTRA, 1),
 202   ERROR_ENTRY (N_
 203                ("The GnuTLS library version does not match the GnuTLS-extra library version."),
 204                GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
 205   ERROR_ENTRY (N_("The gcrypt library version is too old."),
 206                GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
 207
 208   ERROR_ENTRY (N_("The tasn1 library version is too old."),
 209                GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
 210   ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
 211                GNUTLS_E_OPENPGP_UID_REVOKED, 1),
 212   ERROR_ENTRY (N_("Error loading the keyring."),
 213                GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
 214   ERROR_ENTRY (N_("The initialization of LZO has failed."),
 215                GNUTLS_E_LZO_INIT_FAILED, 1),
 216   ERROR_ENTRY (N_("No supported compression algorithms have been found."),
 217                GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
 218   ERROR_ENTRY (N_("No supported cipher suites have been found."),
 219                GNUTLS_E_NO_CIPHER_SUITES, 1),
 220   ERROR_ENTRY (N_("Could not get OpenPGP key."),
 221                GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
 222   ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
 223                GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
 224   ERROR_ENTRY (N_("Safe renegotiation failed."),
 225                GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
 226
 227   ERROR_ENTRY (N_("The SRP username supplied is illegal."),
 228                GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
 229
 230   ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
 231                GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
 232   ERROR_ENTRY (N_("The signature algorithm is not supported."),
 233                GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
 234   ERROR_ENTRY (N_("The certificate has unsupported attributes."),
 235                GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
 236   ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
 237                1),
 238   ERROR_ENTRY (N_("The hash algorithm is unknown."),
 239                GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
 240   ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
 241                GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
 242   ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
 243                GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
 244   ERROR_ENTRY (N_("The given password contains invalid characters."),
 245                GNUTLS_E_INVALID_PASSWORD, 1),
 246   ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
 247                GNUTLS_E_MAC_VERIFY_FAILED, 1),
 248   ERROR_ENTRY (N_("Some constraint limits were reached."),
 249                GNUTLS_E_CONSTRAINT_ERROR, 1),
 250   ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
 251                1),
 252
 253   ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
 254                GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
 255   ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
 256                GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
 257   ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
 258                GNUTLS_E_IA_VERIFY_FAILED, 1),
 259
 260   ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
 261                GNUTLS_E_UNKNOWN_ALGORITHM, 1),
 262
 263   ERROR_ENTRY (N_("The handshake data size is too large (DoS?), "
 264                   "check gnutls_handshake_set_max_packet_length()."),
 265                GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
 266
 267   ERROR_ENTRY (N_("Error opening /dev/crypto"),
 268                GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
 269
 270   ERROR_ENTRY (N_("Error interfacing with /dev/crypto"),
 271                GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
 272
 273   {NULL, NULL, 0, 0}
 274 };
 275
 276 /**
 277  * gnutls_error_is_fatal - Returns non-zero in case of a fatal error
 278  * @error: is a GnuTLS error code, a negative value
 279  *
 280  * If a GnuTLS function returns a negative value you may feed that
 281  * value to this function to see if the error condition is fatal.
 282  *
 283  * Note that you may want to check the error code manually, since some
 284  * non-fatal errors to the protocol may be fatal for you program.
 285  *
 286  * This function is only useful if you are dealing with errors from
 287  * the record layer or the handshake layer.
 288  *
 289  * Returns: 1 if the error code is fatal, for positive @error values,
 290  *   0 is returned.  For unknown @error values, -1 is returned.
 291  **/
 292 int
 293 gnutls_error_is_fatal (int error)
 294 {
 295   int ret = 1;
 296   const gnutls_error_entry *p;
 297
 298   /* Input sanitzation.  Positive values are not errors at all, and
 299      definitely not fatal. */
 300   if (error > 0)
 301     return 0;
 302
 303   for (p = error_algorithms; p->desc != NULL; p++)
 304     {
 305       if (p->number == error)
 306         {
 307           ret = p->fatal;
 308           break;
 309         }
 310     }
 311
 312   return ret;
 313 }
 314
 315 /**
 316  * gnutls_perror - prints a string to stderr with a description of an error
 317  * @error: is a GnuTLS error code, a negative value
 318  *
 319  * This function is like perror(). The only difference is that it
 320  * accepts an error number returned by a gnutls function.
 321  **/
 322 void
 323 gnutls_perror (int error)
 324 {
 325   fprintf (stderr, "GNUTLS ERROR: %s\n", gnutls_strerror (error));
 326 }
 327
 328
 329 /**
 330  * gnutls_strerror - Returns a string with a description of an error
 331  * @error: is a GnuTLS error code, a negative value
 332  *
 333  * This function is similar to strerror.  The difference is that it
 334  * accepts an error number returned by a gnutls function; In case of
 335  * an unknown error a descriptive string is sent instead of %NULL.
 336  *
 337  * Error codes are always a negative value.
 338  *
 339  * Returns: A string explaining the GnuTLS error message.
 340  **/
 341 const char *
 342 gnutls_strerror (int error)
 343 {
 344   const char *ret = NULL;
 345   const gnutls_error_entry *p;
 346
 347   for (p = error_algorithms; p->desc != NULL; p++)
 348     {
 349       if (p->number == error)
 350         {
 351           ret = p->desc;
 352           break;
 353         }
 354     }
 355
 356   /* avoid prefix */
 357   if (ret == NULL)
 358     return _("(unknown error code)");
 359
 360   return _(ret);
 361 }
 362
 363 /**
 364  * gnutls_strerror_name:
 365  * @error: is an error returned by a gnutls function.
 366  *
 367  * Return the GnuTLS error code define as a string.  For example,
 368  * gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return
 369  * the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE".
 370  *
 371  * Returns: A string corresponding to the symbol name of the error
 372  * code.
 373  *
 374  * Since: 2.6.0
 375  **/
 376 const char *
 377 gnutls_strerror_name (int error)
 378 {
 379   const char *ret = NULL;
 380   const gnutls_error_entry *p;
 381
 382   for (p = error_algorithms; p->desc != NULL; p++)
 383     {
 384       if (p->number == error)
 385         {
 386           ret = p->_name;
 387           break;
 388         }
 389     }
 390
 391   return ret;
 392 }
 393
 394 int
 395 _gnutls_asn2err (int asn_err)
 396 {
 397   switch (asn_err)
 398     {
 399     case ASN1_FILE_NOT_FOUND:
 400       return GNUTLS_E_FILE_ERROR;
 401     case ASN1_ELEMENT_NOT_FOUND:
 402       return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
 403     case ASN1_IDENTIFIER_NOT_FOUND:
 404       return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
 405     case ASN1_DER_ERROR:
 406       return GNUTLS_E_ASN1_DER_ERROR;
 407     case ASN1_VALUE_NOT_FOUND:
 408       return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
 409     case ASN1_GENERIC_ERROR:
 410       return GNUTLS_E_ASN1_GENERIC_ERROR;
 411     case ASN1_VALUE_NOT_VALID:
 412       return GNUTLS_E_ASN1_VALUE_NOT_VALID;
 413     case ASN1_TAG_ERROR:
 414       return GNUTLS_E_ASN1_TAG_ERROR;
 415     case ASN1_TAG_IMPLICIT:
 416       return GNUTLS_E_ASN1_TAG_IMPLICIT;
 417     case ASN1_ERROR_TYPE_ANY:
 418       return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
 419     case ASN1_SYNTAX_ERROR:
 420       return GNUTLS_E_ASN1_SYNTAX_ERROR;
 421     case ASN1_MEM_ERROR:
 422       return GNUTLS_E_SHORT_MEMORY_BUFFER;
 423     case ASN1_MEM_ALLOC_ERROR:
 424       return GNUTLS_E_MEMORY_ERROR;
 425     case ASN1_DER_OVERFLOW:
 426       return GNUTLS_E_ASN1_DER_OVERFLOW;
 427     default:
 428       return GNUTLS_E_ASN1_GENERIC_ERROR;
 429     }
 430 }
 431
 432 void
 433 _gnutls_mpi_log (const char *prefix, bigint_t a)
 434 {
 435   size_t binlen = 0;
 436   void *binbuf;
 437   size_t hexlen;
 438   char *hexbuf;
 439   int res;
 440
 441   res = _gnutls_mpi_print (a, NULL, &binlen);
 442   if (res != 0)
 443     {
 444       gnutls_assert ();
 445       _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res,
 446                         (int) binlen);
 447       return;
 448     }
 449
 450   if (binlen > 1024 * 1024)
 451     {
 452       gnutls_assert ();
 453       _gnutls_hard_log ("MPI: too large mpi (%d)\n", (int) binlen);
 454       return;
 455     }
 456
 457   binbuf = gnutls_malloc (binlen);
 458   if (!binbuf)
 459     {
 460       gnutls_assert ();
 461       _gnutls_hard_log ("MPI: out of memory (%d)\n", (int) binlen);
 462       return;
 463     }
 464
 465   res = _gnutls_mpi_print (a, binbuf, &binlen);
 466   if (res != 0)
 467     {
 468       gnutls_assert ();
 469       _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res,
 470                         (int) binlen);
 471       gnutls_free (binbuf);
 472       return;
 473     }
 474
 475   hexlen = 2 * binlen + 1;
 476   hexbuf = gnutls_malloc (hexlen);
 477
 478   if (!hexbuf)
 479     {
 480       gnutls_assert ();
 481       _gnutls_hard_log ("MPI: out of memory (hex %d)\n", (int) hexlen);
 482       gnutls_free (binbuf);
 483       return;
 484     }
 485
 486   _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen);
 487
 488   _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
 489                     hexbuf);
 490
 491   gnutls_free (hexbuf);
 492   gnutls_free (binbuf);
 493 }
 494
 495 /* this function will output a message using the
 496  * caller provided function
 497  */
 498 void
 499 _gnutls_log (int level, const char *fmt, ...)
 500 {
 501   va_list args;
 502   char *str;
 503   int ret;
 504
 505   if (_gnutls_log_func == NULL)
 506     return;
 507
 508   va_start (args, fmt);
 509   ret = vasprintf (&str, fmt, args);
 510   va_end (args);
 511
 512   if (ret >= 0)
 513     {
 514       _gnutls_log_func (level, str);
 515       free (str);
 516     }
 517 }
 518
 519 #ifndef DEBUG
 520 # ifndef C99_MACROS
 521
 522 /* Without C99 macros these functions have to
 523  * be called. This may affect performance.
 524  */
 525 void
 526 _gnutls_null_log (void *x, ...)
 527 {
 528   return;
 529 }
 530
 531 # endif /* C99_MACROS */
 532 #endif /* DEBUG */