2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 #include <gnutls_int.h>
26 #include "gnutls_errors.h"
32 /* I18n of error codes. */
34 #define _(String) dgettext (PACKAGE, String)
35 #define N_(String) gettext_noop (String)
37 extern LOG_FUNC _gnutls_log_func
;
39 #define ERROR_ENTRY(desc, name, fatal) \
40 { desc, #name, name, fatal}
42 struct gnutls_error_entry
49 typedef struct gnutls_error_entry gnutls_error_entry
;
51 static const gnutls_error_entry error_algorithms
[] = {
52 /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
53 ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS
, 0),
54 ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
55 GNUTLS_E_UNKNOWN_CIPHER_SUITE
, 1),
56 ERROR_ENTRY (N_("The cipher type is unsupported."),
57 GNUTLS_E_UNKNOWN_CIPHER_TYPE
, 1),
58 ERROR_ENTRY (N_("The certificate and the given key do not match."),
59 GNUTLS_E_CERTIFICATE_KEY_MISMATCH
, 1),
60 ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
61 GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM
, 1),
62 ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
63 GNUTLS_E_UNKNOWN_PK_ALGORITHM
, 1),
65 ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
66 GNUTLS_E_UNWANTED_ALGORITHM
, 1),
67 ERROR_ENTRY (N_("A large TLS record packet was received."),
68 GNUTLS_E_LARGE_PACKET
, 1),
69 ERROR_ENTRY (N_("A record packet with illegal version was received."),
70 GNUTLS_E_UNSUPPORTED_VERSION_PACKET
, 1),
71 ERROR_ENTRY (N_("The Diffie Hellman prime sent by the server is not acceptable (not long enough)."),
72 GNUTLS_E_DH_PRIME_UNACCEPTABLE
, 1),
73 ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
74 GNUTLS_E_UNEXPECTED_PACKET_LENGTH
, 1),
75 ERROR_ENTRY (N_("The specified session has been invalidated for some reason."),
76 GNUTLS_E_INVALID_SESSION
, 1),
78 ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR
, 1),
79 ERROR_ENTRY (N_("An illegal TLS extension was received."),
80 GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION
, 1),
81 ERROR_ENTRY (N_("A TLS fatal alert has been received."),
82 GNUTLS_E_FATAL_ALERT_RECEIVED
, 1),
83 ERROR_ENTRY (N_("An unexpected TLS packet was received."),
84 GNUTLS_E_UNEXPECTED_PACKET
, 1),
85 ERROR_ENTRY (N_("A TLS warning alert has been received."),
86 GNUTLS_E_WARNING_ALERT_RECEIVED
, 0),
87 ERROR_ENTRY (N_("An error was encountered at the TLS Finished packet calculation."),
88 GNUTLS_E_ERROR_IN_FINISHED_PACKET
, 1),
89 ERROR_ENTRY (N_("The peer did not send any certificate."),
90 GNUTLS_E_NO_CERTIFICATE_FOUND
, 1),
92 ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
93 GNUTLS_E_CRYPTO_ALREADY_REGISTERED
, 0),
95 ERROR_ENTRY (N_("No temporary RSA parameters were found."),
96 GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
, 1),
97 ERROR_ENTRY (N_("No temporary DH parameters were found."),
98 GNUTLS_E_NO_TEMPORARY_DH_PARAMS
, 1),
99 ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
100 GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET
, 1),
101 ERROR_ENTRY (N_("The scanning of a large integer has failed."),
102 GNUTLS_E_MPI_SCAN_FAILED
, 1),
103 ERROR_ENTRY (N_("Could not export a large integer."),
104 GNUTLS_E_MPI_PRINT_FAILED
, 1),
105 ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED
, 1),
106 ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED
, 1),
107 ERROR_ENTRY (N_("Public key decryption has failed."),
108 GNUTLS_E_PK_DECRYPTION_FAILED
, 1),
109 ERROR_ENTRY (N_("Public key encryption has failed."),
110 GNUTLS_E_PK_ENCRYPTION_FAILED
, 1),
111 ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED
,
113 ERROR_ENTRY (N_("Public key signature verification has failed."),
114 GNUTLS_E_PK_SIG_VERIFY_FAILED
, 1),
115 ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
116 GNUTLS_E_DECOMPRESSION_FAILED
, 1),
117 ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
118 GNUTLS_E_COMPRESSION_FAILED
, 1),
120 ERROR_ENTRY (N_("Internal error in memory allocation."),
121 GNUTLS_E_MEMORY_ERROR
, 1),
122 ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
123 GNUTLS_E_UNIMPLEMENTED_FEATURE
, 1),
124 ERROR_ENTRY (N_("Insufficient credentials for that request."),
125 GNUTLS_E_INSUFFICIENT_CREDENTIALS
, 1),
126 ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR
, 1),
127 ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD
,
129 ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED
, 1),
130 ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED
, 1),
131 ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR
,
133 ERROR_ENTRY (N_("Base64 unexpected header error."), GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR
,
135 ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR
,
137 ERROR_ENTRY (N_("Parsing error in password file."),
138 GNUTLS_E_SRP_PWD_PARSING_ERROR
, 1),
139 ERROR_ENTRY (N_("The requested data were not available."),
140 GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
, 0),
141 ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR
, 1),
142 ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR
, 1),
143 ERROR_ENTRY (N_("The upper limit of record packet sequence numbers has been reached. Wow!"),
144 GNUTLS_E_RECORD_LIMIT_REACHED
, 1),
145 ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR
,
147 ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
148 GNUTLS_E_X509_UNKNOWN_SAN
, 1),
150 ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
151 GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION
, 1),
152 ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
153 GNUTLS_E_KEY_USAGE_VIOLATION
, 1),
154 ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_AGAIN
, 0),
155 ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED
, 0),
156 ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
157 GNUTLS_E_REHANDSHAKE
, 0),
158 ERROR_ENTRY (N_("TLS Application data were received, while expecting handshake data."),
159 GNUTLS_E_GOT_APPLICATION_DATA
, 1),
160 ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR
, 1),
161 ERROR_ENTRY (N_("The certificate type is not supported."),
162 GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE
, 1),
163 ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
164 GNUTLS_E_SHORT_MEMORY_BUFFER
, 1),
165 ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST
, 1),
166 ERROR_ENTRY (N_("An illegal parameter has been received."),
167 GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
, 1),
168 ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR
, 1),
170 ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
171 GNUTLS_E_ASN1_ELEMENT_NOT_FOUND
, 1),
172 ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
173 GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND
, 1),
174 ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
175 GNUTLS_E_ASN1_DER_ERROR
, 1),
176 ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
177 GNUTLS_E_ASN1_VALUE_NOT_FOUND
, 1),
178 ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
179 GNUTLS_E_ASN1_GENERIC_ERROR
, 1),
180 ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
181 GNUTLS_E_ASN1_VALUE_NOT_VALID
, 1),
182 ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR
, 1),
183 ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
184 GNUTLS_E_ASN1_TAG_IMPLICIT
, 1),
185 ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
186 GNUTLS_E_ASN1_TYPE_ANY_ERROR
, 1),
187 ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR
,
189 ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
190 GNUTLS_E_ASN1_DER_OVERFLOW
, 1),
192 ERROR_ENTRY (N_("Too many empty record packets have been received."),
193 GNUTLS_E_TOO_MANY_EMPTY_PACKETS
, 1),
194 ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
195 GNUTLS_E_INIT_LIBEXTRA
, 1),
196 ERROR_ENTRY (N_("The GnuTLS library version does not match the GnuTLS-extra library version."),
197 GNUTLS_E_LIBRARY_VERSION_MISMATCH
, 1),
198 ERROR_ENTRY (N_("The gcrypt library version is too old."),
199 GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY
, 1),
201 ERROR_ENTRY (N_("The tasn1 library version is too old."),
202 GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY
, 1),
203 ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
204 GNUTLS_E_OPENPGP_UID_REVOKED
, 1),
205 ERROR_ENTRY (N_("Error loading the keyring."),
206 GNUTLS_E_OPENPGP_KEYRING_ERROR
, 1),
207 ERROR_ENTRY (N_("The initialization of LZO has failed."),
208 GNUTLS_E_LZO_INIT_FAILED
, 1),
209 ERROR_ENTRY (N_("No supported compression algorithms have been found."),
210 GNUTLS_E_NO_COMPRESSION_ALGORITHMS
, 1),
211 ERROR_ENTRY (N_("No supported cipher suites have been found."),
212 GNUTLS_E_NO_CIPHER_SUITES
, 1),
213 ERROR_ENTRY (N_("Could not get OpenPGP key."),
214 GNUTLS_E_OPENPGP_GETKEY_FAILED
, 1),
215 ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
216 GNUTLS_E_OPENPGP_SUBKEY_ERROR
, 1),
218 ERROR_ENTRY (N_("The SRP username supplied is illegal."),
219 GNUTLS_E_ILLEGAL_SRP_USERNAME
, 1),
221 ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
222 GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED
, 1),
223 ERROR_ENTRY (N_("The certificate has unsupported attributes."),
224 GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE
, 1),
225 ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID
,
227 ERROR_ENTRY (N_("The hash algorithm is unknown."),
228 GNUTLS_E_UNKNOWN_HASH_ALGORITHM
, 1),
229 ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
230 GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE
, 1),
231 ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
232 GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE
, 1),
233 ERROR_ENTRY (N_("The given password contains invalid characters."),
234 GNUTLS_E_INVALID_PASSWORD
, 1),
235 ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
236 GNUTLS_E_MAC_VERIFY_FAILED
, 1),
237 ERROR_ENTRY (N_("Some constraint limits were reached."),
238 GNUTLS_E_CONSTRAINT_ERROR
, 1),
239 ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED
,
242 ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
243 GNUTLS_E_WARNING_IA_IPHF_RECEIVED
, 0),
244 ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
245 GNUTLS_E_WARNING_IA_FPHF_RECEIVED
, 0),
246 ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
247 GNUTLS_E_IA_VERIFY_FAILED
, 1),
249 ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
250 GNUTLS_E_UNKNOWN_ALGORITHM
, 1),
252 ERROR_ENTRY (N_("The handshake data size is too large (DoS?), "
253 "check gnutls_handshake_set_max_packet_length()."),
254 GNUTLS_E_HANDSHAKE_TOO_LARGE
, 1),
259 #define GNUTLS_ERROR_LOOP(b) \
260 const gnutls_error_entry *p; \
261 for(p = error_algorithms; p->desc != NULL; p++) { b ; }
263 #define GNUTLS_ERROR_ALG_LOOP(a) \
264 GNUTLS_ERROR_LOOP( if(p->number == error) { a; break; } )
269 * gnutls_error_is_fatal - Returns non-zero in case of a fatal error
270 * @error: is an error returned by a gnutls function. Error should be a negative value.
272 * If a function returns a negative value you may feed that value
273 * to this function to see if it is fatal. Returns 1 for a fatal
274 * error 0 otherwise. However you may want to check the
275 * error code manually, since some non-fatal errors to the protocol
276 * may be fatal for you (your program).
278 * This is only useful if you are dealing with errors from the
279 * record layer or the handshake layer.
281 * For positive @error values, 0 is returned.
285 gnutls_error_is_fatal (int error
)
289 /* Input sanitzation. Positive values are not errors at all, and
290 definitely not fatal. */
294 GNUTLS_ERROR_ALG_LOOP (ret
= p
->fatal
);
300 * gnutls_perror - prints a string to stderr with a description of an error
301 * @error: is an error returned by a gnutls function. Error is always a negative value.
303 * This function is like perror(). The only difference is that it accepts an
304 * error number returned by a gnutls function.
307 gnutls_perror (int error
)
309 const char *ret
= NULL
;
312 GNUTLS_ERROR_ALG_LOOP (ret
= p
->desc
);
315 fprintf (stderr
, "GNUTLS ERROR: %s\n", _(ret
));
320 * gnutls_strerror - Returns a string with a description of an error
321 * @error: is an error returned by a gnutls function. Error is always a negative value.
323 * This function is similar to strerror(). Differences: it accepts an error
324 * number returned by a gnutls function; In case of an unknown error
325 * a descriptive string is sent instead of NULL.
328 gnutls_strerror (int error
)
330 const char *ret
= NULL
;
333 GNUTLS_ERROR_ALG_LOOP (ret
= p
->desc
);
335 return "(unknown error code)";
339 /* This will print the actual define of the
343 _gnutls_strerror (int error
)
345 const char *ret
= NULL
;
348 GNUTLS_ERROR_ALG_LOOP (ret
= p
->_name
);
354 _gnutls_asn2err (int asn_err
)
358 case ASN1_FILE_NOT_FOUND
:
359 return GNUTLS_E_FILE_ERROR
;
360 case ASN1_ELEMENT_NOT_FOUND
:
361 return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND
;
362 case ASN1_IDENTIFIER_NOT_FOUND
:
363 return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND
;
365 return GNUTLS_E_ASN1_DER_ERROR
;
366 case ASN1_VALUE_NOT_FOUND
:
367 return GNUTLS_E_ASN1_VALUE_NOT_FOUND
;
368 case ASN1_GENERIC_ERROR
:
369 return GNUTLS_E_ASN1_GENERIC_ERROR
;
370 case ASN1_VALUE_NOT_VALID
:
371 return GNUTLS_E_ASN1_VALUE_NOT_VALID
;
373 return GNUTLS_E_ASN1_TAG_ERROR
;
374 case ASN1_TAG_IMPLICIT
:
375 return GNUTLS_E_ASN1_TAG_IMPLICIT
;
376 case ASN1_ERROR_TYPE_ANY
:
377 return GNUTLS_E_ASN1_TYPE_ANY_ERROR
;
378 case ASN1_SYNTAX_ERROR
:
379 return GNUTLS_E_ASN1_SYNTAX_ERROR
;
381 return GNUTLS_E_SHORT_MEMORY_BUFFER
;
382 case ASN1_MEM_ALLOC_ERROR
:
383 return GNUTLS_E_MEMORY_ERROR
;
384 case ASN1_DER_OVERFLOW
:
385 return GNUTLS_E_ASN1_DER_OVERFLOW
;
387 return GNUTLS_E_ASN1_GENERIC_ERROR
;
392 /* this function will output a message using the
393 * caller provided function
396 _gnutls_log (int level
, const char *fmt
, ...)
399 char str
[MAX_LOG_SIZE
];
400 void (*log_func
) (int, const char *) = _gnutls_log_func
;
402 if (_gnutls_log_func
== NULL
)
405 va_start (args
, fmt
);
406 vsnprintf (str
, MAX_LOG_SIZE
- 1, fmt
, args
); /* Flawfinder: ignore */
409 log_func (level
, str
);
415 /* Without C99 macros these functions have to
416 * be called. This may affect performance.
419 _gnutls_null_log (void *x
, ...)
424 # endif /* C99_MACROS */