lib/gnutls_errors.c

   1 /*
   2  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 #include <gnutls_int.h>
  26 #include "gnutls_errors.h"
  27 #include <libtasn1.h>
  28 #ifdef STDC_HEADERS
  29 # include <stdarg.h>
  30 #endif
  31
  32 /* I18n of error codes. */
  33 #include "gettext.h"
  34 #define _(String) dgettext (PACKAGE, String)
  35 #define N_(String) gettext_noop (String)
  36
  37 extern LOG_FUNC _gnutls_log_func;
  38
  39 #define ERROR_ENTRY(desc, name, fatal) \
  40         { desc, #name, name, fatal}
  41
  42 struct gnutls_error_entry
  43 {
  44   const char *desc;
  45   const char *_name;
  46   int number;
  47   int fatal;
  48 };
  49 typedef struct gnutls_error_entry gnutls_error_entry;
  50
  51 static const gnutls_error_entry error_algorithms[] = {
  52   /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
  53   ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
  54   ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
  55                GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
  56   ERROR_ENTRY (N_("The cipher type is unsupported."),
  57                GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
  58   ERROR_ENTRY (N_("The certificate and the given key do not match."),
  59                GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
  60   ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
  61                GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
  62   ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
  63                GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
  64
  65   ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
  66                GNUTLS_E_UNWANTED_ALGORITHM, 1),
  67   ERROR_ENTRY (N_("A large TLS record packet was received."),
  68                GNUTLS_E_LARGE_PACKET, 1),
  69   ERROR_ENTRY (N_("A record packet with illegal version was received."),
  70                GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
  71   ERROR_ENTRY (N_("The Diffie Hellman prime sent by the server is not acceptable (not long enough)."),
  72      GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
  73   ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
  74                GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
  75   ERROR_ENTRY (N_("The specified session has been invalidated for some reason."),
  76                GNUTLS_E_INVALID_SESSION, 1),
  77
  78   ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
  79   ERROR_ENTRY (N_("An illegal TLS extension was received."),
  80                GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
  81   ERROR_ENTRY (N_("A TLS fatal alert has been received."),
  82                GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
  83   ERROR_ENTRY (N_("An unexpected TLS packet was received."),
  84                GNUTLS_E_UNEXPECTED_PACKET, 1),
  85   ERROR_ENTRY (N_("A TLS warning alert has been received."),
  86                GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
  87   ERROR_ENTRY (N_("An error was encountered at the TLS Finished packet calculation."),
  88      GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
  89   ERROR_ENTRY (N_("The peer did not send any certificate."),
  90                GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
  91
  92   ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
  93                GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 0),
  94
  95   ERROR_ENTRY (N_("No temporary RSA parameters were found."),
  96                GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
  97   ERROR_ENTRY (N_("No temporary DH parameters were found."),
  98                GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
  99   ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
 100                GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
 101   ERROR_ENTRY (N_("The scanning of a large integer has failed."),
 102                GNUTLS_E_MPI_SCAN_FAILED, 1),
 103   ERROR_ENTRY (N_("Could not export a large integer."),
 104                GNUTLS_E_MPI_PRINT_FAILED, 1),
 105   ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
 106   ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
 107   ERROR_ENTRY (N_("Public key decryption has failed."),
 108                GNUTLS_E_PK_DECRYPTION_FAILED, 1),
 109   ERROR_ENTRY (N_("Public key encryption has failed."),
 110                GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
 111   ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
 112                1),
 113   ERROR_ENTRY (N_("Public key signature verification has failed."),
 114                GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
 115   ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
 116                GNUTLS_E_DECOMPRESSION_FAILED, 1),
 117   ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
 118                GNUTLS_E_COMPRESSION_FAILED, 1),
 119
 120   ERROR_ENTRY (N_("Internal error in memory allocation."),
 121                GNUTLS_E_MEMORY_ERROR, 1),
 122   ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
 123                GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
 124   ERROR_ENTRY (N_("Insufficient credentials for that request."),
 125                GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
 126   ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
 127   ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
 128                1),
 129   ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
 130   ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
 131   ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
 132                1),
 133   ERROR_ENTRY (N_("Base64 unexpected header error."), GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
 134                1),
 135   ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
 136                1),
 137   ERROR_ENTRY (N_("Parsing error in password file."),
 138                GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
 139   ERROR_ENTRY (N_("The requested data were not available."),
 140                GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0),
 141   ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
 142   ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
 143   ERROR_ENTRY (N_("The upper limit of record packet sequence numbers has been reached. Wow!"),
 144      GNUTLS_E_RECORD_LIMIT_REACHED, 1),
 145   ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
 146                1),
 147   ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
 148                GNUTLS_E_X509_UNKNOWN_SAN, 1),
 149
 150   ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
 151                GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
 152   ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
 153                GNUTLS_E_KEY_USAGE_VIOLATION, 1),
 154   ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_AGAIN, 0),
 155   ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
 156   ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
 157                GNUTLS_E_REHANDSHAKE, 0),
 158   ERROR_ENTRY (N_("TLS Application data were received, while expecting handshake data."),
 159      GNUTLS_E_GOT_APPLICATION_DATA, 1),
 160   ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
 161   ERROR_ENTRY (N_("The certificate type is not supported."),
 162                GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
 163   ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
 164                GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
 165   ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
 166   ERROR_ENTRY (N_("An illegal parameter has been received."),
 167                GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
 168   ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
 169
 170   ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
 171                GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
 172   ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
 173                GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
 174   ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
 175                GNUTLS_E_ASN1_DER_ERROR, 1),
 176   ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
 177                GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
 178   ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
 179                GNUTLS_E_ASN1_GENERIC_ERROR, 1),
 180   ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
 181                GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
 182   ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
 183   ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
 184                GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
 185   ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
 186                GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
 187   ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
 188                1),
 189   ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
 190                GNUTLS_E_ASN1_DER_OVERFLOW, 1),
 191
 192   ERROR_ENTRY (N_("Too many empty record packets have been received."),
 193                GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
 194   ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
 195                GNUTLS_E_INIT_LIBEXTRA, 1),
 196   ERROR_ENTRY (N_("The GnuTLS library version does not match the GnuTLS-extra library version."),
 197      GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
 198   ERROR_ENTRY (N_("The gcrypt library version is too old."),
 199                GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
 200
 201   ERROR_ENTRY (N_("The tasn1 library version is too old."),
 202                GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
 203   ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
 204                GNUTLS_E_OPENPGP_UID_REVOKED, 1),
 205   ERROR_ENTRY (N_("Error loading the keyring."),
 206                GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
 207   ERROR_ENTRY (N_("The initialization of LZO has failed."),
 208                GNUTLS_E_LZO_INIT_FAILED, 1),
 209   ERROR_ENTRY (N_("No supported compression algorithms have been found."),
 210                GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
 211   ERROR_ENTRY (N_("No supported cipher suites have been found."),
 212                GNUTLS_E_NO_CIPHER_SUITES, 1),
 213   ERROR_ENTRY (N_("Could not get OpenPGP key."),
 214                GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
 215   ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
 216                GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
 217
 218   ERROR_ENTRY (N_("The SRP username supplied is illegal."),
 219                GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
 220
 221   ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
 222                GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
 223   ERROR_ENTRY (N_("The certificate has unsupported attributes."),
 224                GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
 225   ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
 226                1),
 227   ERROR_ENTRY (N_("The hash algorithm is unknown."),
 228                GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
 229   ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
 230                GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
 231   ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
 232                GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
 233   ERROR_ENTRY (N_("The given password contains invalid characters."),
 234                GNUTLS_E_INVALID_PASSWORD, 1),
 235   ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
 236                GNUTLS_E_MAC_VERIFY_FAILED, 1),
 237   ERROR_ENTRY (N_("Some constraint limits were reached."),
 238                GNUTLS_E_CONSTRAINT_ERROR, 1),
 239   ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
 240                1),
 241
 242   ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
 243                GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
 244   ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
 245                GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
 246   ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
 247                GNUTLS_E_IA_VERIFY_FAILED, 1),
 248
 249   ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
 250                GNUTLS_E_UNKNOWN_ALGORITHM, 1),
 251
 252   ERROR_ENTRY (N_("The handshake data size is too large (DoS?), "
 253                   "check gnutls_handshake_set_max_packet_length()."),
 254                GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
 255
 256   {NULL, NULL, 0, 0}
 257 };
 258
 259 #define GNUTLS_ERROR_LOOP(b) \
 260         const gnutls_error_entry *p; \
 261                 for(p = error_algorithms; p->desc != NULL; p++) { b ; }
 262
 263 #define GNUTLS_ERROR_ALG_LOOP(a) \
 264                         GNUTLS_ERROR_LOOP( if(p->number == error) { a; break; } )
 265
 266
 267
 268 /**
 269   * gnutls_error_is_fatal - Returns non-zero in case of a fatal error
 270   * @error: is an error returned by a gnutls function. Error should be a negative value.
 271   *
 272   * If a function returns a negative value you may feed that value
 273   * to this function to see if it is fatal. Returns 1 for a fatal
 274   * error 0 otherwise. However you may want to check the
 275   * error code manually, since some non-fatal errors to the protocol
 276   * may be fatal for you (your program).
 277   *
 278   * This is only useful if you are dealing with errors from the
 279   * record layer or the handshake layer.
 280   *
 281   * For positive @error values, 0 is returned.
 282   *
 283   **/
 284 int
 285 gnutls_error_is_fatal (int error)
 286 {
 287   int ret = 1;
 288
 289   /* Input sanitzation.  Positive values are not errors at all, and
 290      definitely not fatal. */
 291   if (error > 0)
 292     return 0;
 293
 294   GNUTLS_ERROR_ALG_LOOP (ret = p->fatal);
 295
 296   return ret;
 297 }
 298
 299 /**
 300   * gnutls_perror - prints a string to stderr with a description of an error
 301   * @error: is an error returned by a gnutls function. Error is always a negative value.
 302   *
 303   * This function is like perror(). The only difference is that it accepts an
 304   * error number returned by a gnutls function.
 305   **/
 306 void
 307 gnutls_perror (int error)
 308 {
 309   const char *ret = NULL;
 310
 311   /* avoid prefix */
 312   GNUTLS_ERROR_ALG_LOOP (ret = p->desc);
 313   if (ret == NULL)
 314     ret = "(unknown)";
 315   fprintf (stderr, "GNUTLS ERROR: %s\n", _(ret));
 316 }
 317
 318
 319 /**
 320   * gnutls_strerror - Returns a string with a description of an error
 321   * @error: is an error returned by a gnutls function. Error is always a negative value.
 322   *
 323   * This function is similar to strerror(). Differences: it accepts an error
 324   * number returned by a gnutls function; In case of an unknown error
 325   * a descriptive string is sent instead of NULL.
 326   **/
 327 const char *
 328 gnutls_strerror (int error)
 329 {
 330   const char *ret = NULL;
 331
 332   /* avoid prefix */
 333   GNUTLS_ERROR_ALG_LOOP (ret = p->desc);
 334   if (ret == NULL)
 335     return "(unknown error code)";
 336   return _(ret);
 337 }
 338
 339 /* This will print the actual define of the
 340  * given error code.
 341  */
 342 const char *
 343 _gnutls_strerror (int error)
 344 {
 345   const char *ret = NULL;
 346
 347   /* avoid prefix */
 348   GNUTLS_ERROR_ALG_LOOP (ret = p->_name);
 349
 350   return _(ret);
 351 }
 352
 353 int
 354 _gnutls_asn2err (int asn_err)
 355 {
 356   switch (asn_err)
 357     {
 358     case ASN1_FILE_NOT_FOUND:
 359       return GNUTLS_E_FILE_ERROR;
 360     case ASN1_ELEMENT_NOT_FOUND:
 361       return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
 362     case ASN1_IDENTIFIER_NOT_FOUND:
 363       return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
 364     case ASN1_DER_ERROR:
 365       return GNUTLS_E_ASN1_DER_ERROR;
 366     case ASN1_VALUE_NOT_FOUND:
 367       return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
 368     case ASN1_GENERIC_ERROR:
 369       return GNUTLS_E_ASN1_GENERIC_ERROR;
 370     case ASN1_VALUE_NOT_VALID:
 371       return GNUTLS_E_ASN1_VALUE_NOT_VALID;
 372     case ASN1_TAG_ERROR:
 373       return GNUTLS_E_ASN1_TAG_ERROR;
 374     case ASN1_TAG_IMPLICIT:
 375       return GNUTLS_E_ASN1_TAG_IMPLICIT;
 376     case ASN1_ERROR_TYPE_ANY:
 377       return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
 378     case ASN1_SYNTAX_ERROR:
 379       return GNUTLS_E_ASN1_SYNTAX_ERROR;
 380     case ASN1_MEM_ERROR:
 381       return GNUTLS_E_SHORT_MEMORY_BUFFER;
 382     case ASN1_MEM_ALLOC_ERROR:
 383       return GNUTLS_E_MEMORY_ERROR;
 384     case ASN1_DER_OVERFLOW:
 385       return GNUTLS_E_ASN1_DER_OVERFLOW;
 386     default:
 387       return GNUTLS_E_ASN1_GENERIC_ERROR;
 388     }
 389 }
 390
 391
 392 /* this function will output a message using the
 393  * caller provided function
 394  */
 395 void
 396 _gnutls_log (int level, const char *fmt, ...)
 397 {
 398   va_list args;
 399   char str[MAX_LOG_SIZE];
 400   void (*log_func) (int, const char *) = _gnutls_log_func;
 401
 402   if (_gnutls_log_func == NULL)
 403     return;
 404
 405   va_start (args, fmt);
 406   vsnprintf (str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */
 407   va_end (args);
 408
 409   log_func (level, str);
 410 }
 411
 412 #ifndef DEBUG
 413 # ifndef C99_MACROS
 414
 415 /* Without C99 macros these functions have to
 416  * be called. This may affect performance.
 417  */
 418 void
 419 _gnutls_null_log (void *x, ...)
 420 {
 421   return;
 422 }
 423
 424 # endif /* C99_MACROS */
 425 #endif /* DEBUG */