2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
3 * 2009, 2010 Free Software Foundation, Inc.
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GNUTLS.
9 * The GNUTLS library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 #include <gnutls_int.h>
27 #include "gnutls_errors.h"
33 /* I18n of error codes. */
35 #define _(String) dgettext (PACKAGE, String)
36 #define N_(String) gettext_noop (String)
38 #define ERROR_ENTRY(desc, name, fatal) \
39 { desc, #name, name, fatal}
41 struct gnutls_error_entry
48 typedef struct gnutls_error_entry gnutls_error_entry
;
50 static const gnutls_error_entry error_algorithms
[] = {
51 /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
52 ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS
, 0),
53 ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
54 GNUTLS_E_UNKNOWN_CIPHER_SUITE
, 1),
55 ERROR_ENTRY (N_("The cipher type is unsupported."),
56 GNUTLS_E_UNKNOWN_CIPHER_TYPE
, 1),
57 ERROR_ENTRY (N_("The certificate and the given key do not match."),
58 GNUTLS_E_CERTIFICATE_KEY_MISMATCH
, 1),
59 ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
60 GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM
, 1),
61 ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
62 GNUTLS_E_UNKNOWN_PK_ALGORITHM
, 1),
64 ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
65 GNUTLS_E_UNWANTED_ALGORITHM
, 1),
66 ERROR_ENTRY (N_("A large TLS record packet was received."),
67 GNUTLS_E_LARGE_PACKET
, 1),
68 ERROR_ENTRY (N_("A record packet with illegal version was received."),
69 GNUTLS_E_UNSUPPORTED_VERSION_PACKET
, 1),
71 ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
72 GNUTLS_E_DH_PRIME_UNACCEPTABLE
, 1),
73 ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
74 GNUTLS_E_UNEXPECTED_PACKET_LENGTH
, 1),
76 ("The specified session has been invalidated for some reason."),
77 GNUTLS_E_INVALID_SESSION
, 1),
79 ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR
, 1),
80 ERROR_ENTRY (N_("An illegal TLS extension was received."),
81 GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION
, 1),
82 ERROR_ENTRY (N_("A TLS fatal alert has been received."),
83 GNUTLS_E_FATAL_ALERT_RECEIVED
, 1),
84 ERROR_ENTRY (N_("An unexpected TLS packet was received."),
85 GNUTLS_E_UNEXPECTED_PACKET
, 1),
86 ERROR_ENTRY (N_("A TLS warning alert has been received."),
87 GNUTLS_E_WARNING_ALERT_RECEIVED
, 0),
89 ("An error was encountered at the TLS Finished packet calculation."),
90 GNUTLS_E_ERROR_IN_FINISHED_PACKET
, 1),
91 ERROR_ENTRY (N_("The peer did not send any certificate."),
92 GNUTLS_E_NO_CERTIFICATE_FOUND
, 1),
94 ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
95 GNUTLS_E_CRYPTO_ALREADY_REGISTERED
, 0),
97 ERROR_ENTRY (N_("No temporary RSA parameters were found."),
98 GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
, 1),
99 ERROR_ENTRY (N_("No temporary DH parameters were found."),
100 GNUTLS_E_NO_TEMPORARY_DH_PARAMS
, 1),
101 ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
102 GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET
, 1),
103 ERROR_ENTRY (N_("The scanning of a large integer has failed."),
104 GNUTLS_E_MPI_SCAN_FAILED
, 1),
105 ERROR_ENTRY (N_("Could not export a large integer."),
106 GNUTLS_E_MPI_PRINT_FAILED
, 1),
107 ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED
, 1),
108 ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED
, 1),
109 ERROR_ENTRY (N_("Public key decryption has failed."),
110 GNUTLS_E_PK_DECRYPTION_FAILED
, 1),
111 ERROR_ENTRY (N_("Public key encryption has failed."),
112 GNUTLS_E_PK_ENCRYPTION_FAILED
, 1),
113 ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED
,
115 ERROR_ENTRY (N_("Public key signature verification has failed."),
116 GNUTLS_E_PK_SIG_VERIFY_FAILED
, 1),
117 ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
118 GNUTLS_E_DECOMPRESSION_FAILED
, 1),
119 ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
120 GNUTLS_E_COMPRESSION_FAILED
, 1),
122 ERROR_ENTRY (N_("Internal error in memory allocation."),
123 GNUTLS_E_MEMORY_ERROR
, 1),
124 ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
125 GNUTLS_E_UNIMPLEMENTED_FEATURE
, 1),
126 ERROR_ENTRY (N_("Insufficient credentials for that request."),
127 GNUTLS_E_INSUFFICIENT_CREDENTIALS
, 1),
128 ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR
, 1),
129 ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD
,
131 ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED
, 1),
132 ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED
, 1),
133 ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR
,
135 ERROR_ENTRY (N_("Base64 unexpected header error."),
136 GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR
,
138 ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR
,
140 ERROR_ENTRY (N_("Parsing error in password file."),
141 GNUTLS_E_SRP_PWD_PARSING_ERROR
, 1),
142 ERROR_ENTRY (N_("The requested data were not available."),
143 GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
, 0),
144 ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR
, 1),
145 ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR
, 1),
147 ("The upper limit of record packet sequence numbers has been reached. Wow!"),
148 GNUTLS_E_RECORD_LIMIT_REACHED
, 1),
149 ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR
,
151 ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
152 GNUTLS_E_X509_UNKNOWN_SAN
, 1),
154 ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
155 GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION
, 1),
156 ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
157 GNUTLS_E_KEY_USAGE_VIOLATION
, 1),
158 ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
160 ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED
, 0),
161 ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
162 GNUTLS_E_REHANDSHAKE
, 0),
164 ("TLS Application data were received, while expecting handshake data."),
165 GNUTLS_E_GOT_APPLICATION_DATA
, 1),
166 ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR
, 1),
167 ERROR_ENTRY (N_("The certificate type is not supported."),
168 GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE
, 1),
169 ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
170 GNUTLS_E_SHORT_MEMORY_BUFFER
, 1),
171 ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST
, 1),
172 ERROR_ENTRY (N_("An illegal parameter has been received."),
173 GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER
, 1),
174 ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR
, 1),
176 ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
177 GNUTLS_E_ASN1_ELEMENT_NOT_FOUND
, 1),
178 ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
179 GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND
, 1),
180 ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
181 GNUTLS_E_ASN1_DER_ERROR
, 1),
182 ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
183 GNUTLS_E_ASN1_VALUE_NOT_FOUND
, 1),
184 ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
185 GNUTLS_E_ASN1_GENERIC_ERROR
, 1),
186 ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
187 GNUTLS_E_ASN1_VALUE_NOT_VALID
, 1),
188 ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR
, 1),
189 ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
190 GNUTLS_E_ASN1_TAG_IMPLICIT
, 1),
191 ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
192 GNUTLS_E_ASN1_TYPE_ANY_ERROR
, 1),
193 ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR
,
195 ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
196 GNUTLS_E_ASN1_DER_OVERFLOW
, 1),
198 ERROR_ENTRY (N_("Too many empty record packets have been received."),
199 GNUTLS_E_TOO_MANY_EMPTY_PACKETS
, 1),
200 ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
201 GNUTLS_E_INIT_LIBEXTRA
, 1),
203 ("The GnuTLS library version does not match the GnuTLS-extra library version."),
204 GNUTLS_E_LIBRARY_VERSION_MISMATCH
, 1),
205 ERROR_ENTRY (N_("The gcrypt library version is too old."),
206 GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY
, 1),
208 ERROR_ENTRY (N_("The tasn1 library version is too old."),
209 GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY
, 1),
210 ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
211 GNUTLS_E_OPENPGP_UID_REVOKED
, 1),
212 ERROR_ENTRY (N_("Error loading the keyring."),
213 GNUTLS_E_OPENPGP_KEYRING_ERROR
, 1),
214 ERROR_ENTRY (N_("The initialization of LZO has failed."),
215 GNUTLS_E_LZO_INIT_FAILED
, 1),
216 ERROR_ENTRY (N_("No supported compression algorithms have been found."),
217 GNUTLS_E_NO_COMPRESSION_ALGORITHMS
, 1),
218 ERROR_ENTRY (N_("No supported cipher suites have been found."),
219 GNUTLS_E_NO_CIPHER_SUITES
, 1),
220 ERROR_ENTRY (N_("Could not get OpenPGP key."),
221 GNUTLS_E_OPENPGP_GETKEY_FAILED
, 1),
222 ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
223 GNUTLS_E_OPENPGP_SUBKEY_ERROR
, 1),
224 ERROR_ENTRY (N_("Safe renegotiation failed."),
225 GNUTLS_E_SAFE_RENEGOTIATION_FAILED
, 1),
227 ERROR_ENTRY (N_("The SRP username supplied is illegal."),
228 GNUTLS_E_ILLEGAL_SRP_USERNAME
, 1),
230 ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
231 GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED
, 1),
232 ERROR_ENTRY (N_("The signature algorithm is not supported."),
233 GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM
, 1),
234 ERROR_ENTRY (N_("The certificate has unsupported attributes."),
235 GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE
, 1),
236 ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID
,
238 ERROR_ENTRY (N_("The hash algorithm is unknown."),
239 GNUTLS_E_UNKNOWN_HASH_ALGORITHM
, 1),
240 ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
241 GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE
, 1),
242 ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
243 GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE
, 1),
244 ERROR_ENTRY (N_("The given password contains invalid characters."),
245 GNUTLS_E_INVALID_PASSWORD
, 1),
246 ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
247 GNUTLS_E_MAC_VERIFY_FAILED
, 1),
248 ERROR_ENTRY (N_("Some constraint limits were reached."),
249 GNUTLS_E_CONSTRAINT_ERROR
, 1),
250 ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED
,
253 ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
254 GNUTLS_E_WARNING_IA_IPHF_RECEIVED
, 0),
255 ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
256 GNUTLS_E_WARNING_IA_FPHF_RECEIVED
, 0),
257 ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
258 GNUTLS_E_IA_VERIFY_FAILED
, 1),
260 ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
261 GNUTLS_E_UNKNOWN_ALGORITHM
, 1),
263 ERROR_ENTRY (N_("The handshake data size is too large (DoS?), "
264 "check gnutls_handshake_set_max_packet_length()."),
265 GNUTLS_E_HANDSHAKE_TOO_LARGE
, 1),
267 ERROR_ENTRY (N_("Error opening /dev/crypto"),
268 GNUTLS_E_CRYPTODEV_DEVICE_ERROR
, 1),
270 ERROR_ENTRY (N_("Error interfacing with /dev/crypto"),
271 GNUTLS_E_CRYPTODEV_IOCTL_ERROR
, 1),
277 * gnutls_error_is_fatal - Returns non-zero in case of a fatal error
278 * @error: is a GnuTLS error code, a negative value
280 * If a GnuTLS function returns a negative value you may feed that
281 * value to this function to see if the error condition is fatal.
283 * Note that you may want to check the error code manually, since some
284 * non-fatal errors to the protocol may be fatal for you program.
286 * This function is only useful if you are dealing with errors from
287 * the record layer or the handshake layer.
289 * Returns: 1 if the error code is fatal, for positive @error values,
290 * 0 is returned. For unknown @error values, -1 is returned.
293 gnutls_error_is_fatal (int error
)
296 const gnutls_error_entry
*p
;
298 /* Input sanitzation. Positive values are not errors at all, and
299 definitely not fatal. */
303 for (p
= error_algorithms
; p
->desc
!= NULL
; p
++)
305 if (p
->number
== error
)
316 * gnutls_perror - prints a string to stderr with a description of an error
317 * @error: is a GnuTLS error code, a negative value
319 * This function is like perror(). The only difference is that it
320 * accepts an error number returned by a gnutls function.
323 gnutls_perror (int error
)
325 fprintf (stderr
, "GNUTLS ERROR: %s\n", gnutls_strerror (error
));
330 * gnutls_strerror - Returns a string with a description of an error
331 * @error: is a GnuTLS error code, a negative value
333 * This function is similar to strerror. The difference is that it
334 * accepts an error number returned by a gnutls function; In case of
335 * an unknown error a descriptive string is sent instead of %NULL.
337 * Error codes are always a negative value.
339 * Returns: A string explaining the GnuTLS error message.
342 gnutls_strerror (int error
)
344 const char *ret
= NULL
;
345 const gnutls_error_entry
*p
;
347 for (p
= error_algorithms
; p
->desc
!= NULL
; p
++)
349 if (p
->number
== error
)
358 return _("(unknown error code)");
364 * gnutls_strerror_name:
365 * @error: is an error returned by a gnutls function.
367 * Return the GnuTLS error code define as a string. For example,
368 * gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return
369 * the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE".
371 * Returns: A string corresponding to the symbol name of the error
377 gnutls_strerror_name (int error
)
379 const char *ret
= NULL
;
380 const gnutls_error_entry
*p
;
382 for (p
= error_algorithms
; p
->desc
!= NULL
; p
++)
384 if (p
->number
== error
)
395 _gnutls_asn2err (int asn_err
)
399 case ASN1_FILE_NOT_FOUND
:
400 return GNUTLS_E_FILE_ERROR
;
401 case ASN1_ELEMENT_NOT_FOUND
:
402 return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND
;
403 case ASN1_IDENTIFIER_NOT_FOUND
:
404 return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND
;
406 return GNUTLS_E_ASN1_DER_ERROR
;
407 case ASN1_VALUE_NOT_FOUND
:
408 return GNUTLS_E_ASN1_VALUE_NOT_FOUND
;
409 case ASN1_GENERIC_ERROR
:
410 return GNUTLS_E_ASN1_GENERIC_ERROR
;
411 case ASN1_VALUE_NOT_VALID
:
412 return GNUTLS_E_ASN1_VALUE_NOT_VALID
;
414 return GNUTLS_E_ASN1_TAG_ERROR
;
415 case ASN1_TAG_IMPLICIT
:
416 return GNUTLS_E_ASN1_TAG_IMPLICIT
;
417 case ASN1_ERROR_TYPE_ANY
:
418 return GNUTLS_E_ASN1_TYPE_ANY_ERROR
;
419 case ASN1_SYNTAX_ERROR
:
420 return GNUTLS_E_ASN1_SYNTAX_ERROR
;
422 return GNUTLS_E_SHORT_MEMORY_BUFFER
;
423 case ASN1_MEM_ALLOC_ERROR
:
424 return GNUTLS_E_MEMORY_ERROR
;
425 case ASN1_DER_OVERFLOW
:
426 return GNUTLS_E_ASN1_DER_OVERFLOW
;
428 return GNUTLS_E_ASN1_GENERIC_ERROR
;
433 _gnutls_mpi_log (const char *prefix
, bigint_t a
)
441 res
= _gnutls_mpi_print (a
, NULL
, &binlen
);
445 _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res
,
450 if (binlen
> 1024 * 1024)
453 _gnutls_hard_log ("MPI: too large mpi (%d)\n", (int) binlen
);
457 binbuf
= gnutls_malloc (binlen
);
461 _gnutls_hard_log ("MPI: out of memory (%d)\n", (int) binlen
);
465 res
= _gnutls_mpi_print (a
, binbuf
, &binlen
);
469 _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res
,
471 gnutls_free (binbuf
);
475 hexlen
= 2 * binlen
+ 1;
476 hexbuf
= gnutls_malloc (hexlen
);
481 _gnutls_hard_log ("MPI: out of memory (hex %d)\n", (int) hexlen
);
482 gnutls_free (binbuf
);
486 _gnutls_bin2hex (binbuf
, binlen
, hexbuf
, hexlen
);
488 _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen
, prefix
,
491 gnutls_free (hexbuf
);
492 gnutls_free (binbuf
);
495 /* this function will output a message using the
496 * caller provided function
499 _gnutls_log (int level
, const char *fmt
, ...)
505 if (_gnutls_log_func
== NULL
)
508 va_start (args
, fmt
);
509 ret
= vasprintf (&str
, fmt
, args
);
514 _gnutls_log_func (level
, str
);
522 /* Without C99 macros these functions have to
523 * be called. This may affect performance.
526 _gnutls_null_log (void *x
, ...)
531 # endif /* C99_MACROS */