lib/gnutls_errors.c

   1 /*
   2  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation
   3  *
   4  * Author: Nikos Mavrogiannopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 #include <gnutls_int.h>
  26 #include "gnutls_errors.h"
  27 #include <libtasn1.h>
  28 #ifdef STDC_HEADERS
  29 # include <stdarg.h>
  30 #endif
  31
  32 /* I18n of error codes. */
  33 #include "gettext.h"
  34 #define _(String) dgettext (PACKAGE, String)
  35 #define N_(String) gettext_noop (String)
  36
  37 #define ERROR_ENTRY(desc, name, fatal) \
  38         { desc, #name, name, fatal}
  39
  40 struct gnutls_error_entry
  41 {
  42   const char *desc;
  43   const char *_name;
  44   int number;
  45   int fatal;
  46 };
  47 typedef struct gnutls_error_entry gnutls_error_entry;
  48
  49 static const gnutls_error_entry error_algorithms[] = {
  50   /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
  51   ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
  52   ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
  53                GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
  54   ERROR_ENTRY (N_("The cipher type is unsupported."),
  55                GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
  56   ERROR_ENTRY (N_("The certificate and the given key do not match."),
  57                GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
  58   ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
  59                GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
  60   ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
  61                GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
  62
  63   ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
  64                GNUTLS_E_UNWANTED_ALGORITHM, 1),
  65   ERROR_ENTRY (N_("A large TLS record packet was received."),
  66                GNUTLS_E_LARGE_PACKET, 1),
  67   ERROR_ENTRY (N_("A record packet with illegal version was received."),
  68                GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
  69   ERROR_ENTRY (N_
  70                ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
  71                GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
  72   ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
  73                GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
  74   ERROR_ENTRY (N_
  75                ("The specified session has been invalidated for some reason."),
  76                GNUTLS_E_INVALID_SESSION, 1),
  77
  78   ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
  79   ERROR_ENTRY (N_("An illegal TLS extension was received."),
  80                GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
  81   ERROR_ENTRY (N_("A TLS fatal alert has been received."),
  82                GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
  83   ERROR_ENTRY (N_("An unexpected TLS packet was received."),
  84                GNUTLS_E_UNEXPECTED_PACKET, 1),
  85   ERROR_ENTRY (N_("A TLS warning alert has been received."),
  86                GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
  87   ERROR_ENTRY (N_
  88                ("An error was encountered at the TLS Finished packet calculation."),
  89                GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
  90   ERROR_ENTRY (N_("The peer did not send any certificate."),
  91                GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
  92
  93   ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
  94                GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 0),
  95
  96   ERROR_ENTRY (N_("No temporary RSA parameters were found."),
  97                GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
  98   ERROR_ENTRY (N_("No temporary DH parameters were found."),
  99                GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
 100   ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
 101                GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
 102   ERROR_ENTRY (N_("The scanning of a large integer has failed."),
 103                GNUTLS_E_MPI_SCAN_FAILED, 1),
 104   ERROR_ENTRY (N_("Could not export a large integer."),
 105                GNUTLS_E_MPI_PRINT_FAILED, 1),
 106   ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
 107   ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
 108   ERROR_ENTRY (N_("Public key decryption has failed."),
 109                GNUTLS_E_PK_DECRYPTION_FAILED, 1),
 110   ERROR_ENTRY (N_("Public key encryption has failed."),
 111                GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
 112   ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
 113                1),
 114   ERROR_ENTRY (N_("Public key signature verification has failed."),
 115                GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
 116   ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
 117                GNUTLS_E_DECOMPRESSION_FAILED, 1),
 118   ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
 119                GNUTLS_E_COMPRESSION_FAILED, 1),
 120
 121   ERROR_ENTRY (N_("Internal error in memory allocation."),
 122                GNUTLS_E_MEMORY_ERROR, 1),
 123   ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
 124                GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
 125   ERROR_ENTRY (N_("Insufficient credentials for that request."),
 126                GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
 127   ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
 128   ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
 129                1),
 130   ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
 131   ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
 132   ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
 133                1),
 134   ERROR_ENTRY (N_("Base64 unexpected header error."),
 135                GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
 136                1),
 137   ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
 138                1),
 139   ERROR_ENTRY (N_("Parsing error in password file."),
 140                GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
 141   ERROR_ENTRY (N_("The requested data were not available."),
 142                GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0),
 143   ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
 144   ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
 145   ERROR_ENTRY (N_
 146                ("The upper limit of record packet sequence numbers has been reached. Wow!"),
 147                GNUTLS_E_RECORD_LIMIT_REACHED, 1),
 148   ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
 149                1),
 150   ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
 151                GNUTLS_E_X509_UNKNOWN_SAN, 1),
 152
 153   ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
 154                GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
 155   ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
 156                GNUTLS_E_KEY_USAGE_VIOLATION, 1),
 157   ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
 158                GNUTLS_E_AGAIN, 0),
 159   ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
 160   ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
 161                GNUTLS_E_REHANDSHAKE, 0),
 162   ERROR_ENTRY (N_
 163                ("TLS Application data were received, while expecting handshake data."),
 164                GNUTLS_E_GOT_APPLICATION_DATA, 1),
 165   ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
 166   ERROR_ENTRY (N_("The certificate type is not supported."),
 167                GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
 168   ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
 169                GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
 170   ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
 171   ERROR_ENTRY (N_("An illegal parameter has been received."),
 172                GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
 173   ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
 174
 175   ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
 176                GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
 177   ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
 178                GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
 179   ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
 180                GNUTLS_E_ASN1_DER_ERROR, 1),
 181   ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
 182                GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
 183   ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
 184                GNUTLS_E_ASN1_GENERIC_ERROR, 1),
 185   ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
 186                GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
 187   ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
 188   ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
 189                GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
 190   ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
 191                GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
 192   ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
 193                1),
 194   ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
 195                GNUTLS_E_ASN1_DER_OVERFLOW, 1),
 196
 197   ERROR_ENTRY (N_("Too many empty record packets have been received."),
 198                GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
 199   ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
 200                GNUTLS_E_INIT_LIBEXTRA, 1),
 201   ERROR_ENTRY (N_
 202                ("The GnuTLS library version does not match the GnuTLS-extra library version."),
 203                GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
 204   ERROR_ENTRY (N_("The gcrypt library version is too old."),
 205                GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
 206
 207   ERROR_ENTRY (N_("The tasn1 library version is too old."),
 208                GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
 209   ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
 210                GNUTLS_E_OPENPGP_UID_REVOKED, 1),
 211   ERROR_ENTRY (N_("Error loading the keyring."),
 212                GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
 213   ERROR_ENTRY (N_("The initialization of LZO has failed."),
 214                GNUTLS_E_LZO_INIT_FAILED, 1),
 215   ERROR_ENTRY (N_("No supported compression algorithms have been found."),
 216                GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
 217   ERROR_ENTRY (N_("No supported cipher suites have been found."),
 218                GNUTLS_E_NO_CIPHER_SUITES, 1),
 219   ERROR_ENTRY (N_("Could not get OpenPGP key."),
 220                GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
 221   ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
 222                GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
 223
 224   ERROR_ENTRY (N_("The SRP username supplied is illegal."),
 225                GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
 226
 227   ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
 228                GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
 229   ERROR_ENTRY (N_("The certificate has unsupported attributes."),
 230                GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
 231   ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
 232                1),
 233   ERROR_ENTRY (N_("The hash algorithm is unknown."),
 234                GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
 235   ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
 236                GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
 237   ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
 238                GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
 239   ERROR_ENTRY (N_("The given password contains invalid characters."),
 240                GNUTLS_E_INVALID_PASSWORD, 1),
 241   ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
 242                GNUTLS_E_MAC_VERIFY_FAILED, 1),
 243   ERROR_ENTRY (N_("Some constraint limits were reached."),
 244                GNUTLS_E_CONSTRAINT_ERROR, 1),
 245   ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
 246                1),
 247
 248   ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
 249                GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
 250   ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
 251                GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
 252   ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
 253                GNUTLS_E_IA_VERIFY_FAILED, 1),
 254
 255   ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
 256                GNUTLS_E_UNKNOWN_ALGORITHM, 1),
 257
 258   ERROR_ENTRY (N_("The handshake data size is too large (DoS?), "
 259                   "check gnutls_handshake_set_max_packet_length()."),
 260                GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
 261
 262   {NULL, NULL, 0, 0}
 263 };
 264
 265 /**
 266  * gnutls_error_is_fatal - Returns non-zero in case of a fatal error
 267  * @error: is a GnuTLS error code, a negative value
 268  *
 269  * If a GnuTLS function returns a negative value you may feed that
 270  * value to this function to see if the error condition is fatal.
 271  *
 272  * Note that you may want to check the error code manually, since some
 273  * non-fatal errors to the protocol may be fatal for you program.
 274  *
 275  * This function is only useful if you are dealing with errors from
 276  * the record layer or the handshake layer.
 277  *
 278  * Returns: 1 if the error code is fatal, for positive @error values,
 279  *   0 is returned.  For unknown @error values, -1 is returned.
 280  **/
 281 int
 282 gnutls_error_is_fatal (int error)
 283 {
 284   int ret = 1;
 285   const gnutls_error_entry *p;
 286
 287   /* Input sanitzation.  Positive values are not errors at all, and
 288      definitely not fatal. */
 289   if (error > 0)
 290     return 0;
 291
 292   for (p = error_algorithms; p->desc != NULL; p++)
 293     {
 294       if (p->number == error)
 295         {
 296           ret = p->fatal;
 297           break;
 298         }
 299     }
 300
 301   return ret;
 302 }
 303
 304 /**
 305  * gnutls_perror - prints a string to stderr with a description of an error
 306  * @error: is a GnuTLS error code, a negative value
 307  *
 308  * This function is like perror(). The only difference is that it
 309  * accepts an error number returned by a gnutls function.
 310  **/
 311 void
 312 gnutls_perror (int error)
 313 {
 314   fprintf (stderr, "GNUTLS ERROR: %s\n", gnutls_strerror (error));
 315 }
 316
 317
 318 /**
 319  * gnutls_strerror - Returns a string with a description of an error
 320  * @error: is a GnuTLS error code, a negative value
 321  *
 322  * This function is similar to strerror.  The difference is that it
 323  * accepts an error number returned by a gnutls function; In case of
 324  * an unknown error a descriptive string is sent instead of %NULL.
 325  *
 326  * Error codes are always a negative value.
 327  *
 328  * Returns: A string explaining the GnuTLS error message.
 329  **/
 330 const char *
 331 gnutls_strerror (int error)
 332 {
 333   const char *ret = NULL;
 334   const gnutls_error_entry *p;
 335
 336   for (p = error_algorithms; p->desc != NULL; p++)
 337     {
 338       if (p->number == error)
 339         {
 340           ret = p->desc;
 341           break;
 342         }
 343     }
 344
 345   /* avoid prefix */
 346   if (ret == NULL)
 347     return _("(unknown error code)");
 348
 349   return _(ret);
 350 }
 351
 352 /**
 353  * gnutls_strerror_name:
 354  * @error: is an error returned by a gnutls function.
 355  *
 356  * Return the GnuTLS error code define as a string.  For example,
 357  * gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return
 358  * the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE".
 359  *
 360  * Returns: A string corresponding to the symbol name of the error
 361  * code.
 362  *
 363  * Since: 2.6.0
 364  **/
 365 const char *
 366 gnutls_strerror_name (int error)
 367 {
 368   const char *ret = NULL;
 369   const gnutls_error_entry *p;
 370
 371   for (p = error_algorithms; p->desc != NULL; p++)
 372     {
 373       if (p->number == error)
 374         {
 375           ret = p->_name;
 376           break;
 377         }
 378     }
 379
 380   return ret;
 381 }
 382
 383 int
 384 _gnutls_asn2err (int asn_err)
 385 {
 386   switch (asn_err)
 387     {
 388     case ASN1_FILE_NOT_FOUND:
 389       return GNUTLS_E_FILE_ERROR;
 390     case ASN1_ELEMENT_NOT_FOUND:
 391       return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
 392     case ASN1_IDENTIFIER_NOT_FOUND:
 393       return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
 394     case ASN1_DER_ERROR:
 395       return GNUTLS_E_ASN1_DER_ERROR;
 396     case ASN1_VALUE_NOT_FOUND:
 397       return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
 398     case ASN1_GENERIC_ERROR:
 399       return GNUTLS_E_ASN1_GENERIC_ERROR;
 400     case ASN1_VALUE_NOT_VALID:
 401       return GNUTLS_E_ASN1_VALUE_NOT_VALID;
 402     case ASN1_TAG_ERROR:
 403       return GNUTLS_E_ASN1_TAG_ERROR;
 404     case ASN1_TAG_IMPLICIT:
 405       return GNUTLS_E_ASN1_TAG_IMPLICIT;
 406     case ASN1_ERROR_TYPE_ANY:
 407       return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
 408     case ASN1_SYNTAX_ERROR:
 409       return GNUTLS_E_ASN1_SYNTAX_ERROR;
 410     case ASN1_MEM_ERROR:
 411       return GNUTLS_E_SHORT_MEMORY_BUFFER;
 412     case ASN1_MEM_ALLOC_ERROR:
 413       return GNUTLS_E_MEMORY_ERROR;
 414     case ASN1_DER_OVERFLOW:
 415       return GNUTLS_E_ASN1_DER_OVERFLOW;
 416     default:
 417       return GNUTLS_E_ASN1_GENERIC_ERROR;
 418     }
 419 }
 420
 421 void
 422 _gnutls_mpi_log (const char *prefix, bigint_t a)
 423 {
 424   size_t binlen = 0;
 425   void *binbuf;
 426   size_t hexlen;
 427   char *hexbuf;
 428   int res;
 429
 430   res = _gnutls_mpi_print (a, NULL, &binlen);
 431   if (res != 0)
 432     {
 433       gnutls_assert ();
 434       _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, (int)binlen);
 435       return;
 436     }
 437
 438   if (binlen > 1024*1024)
 439     {
 440       gnutls_assert ();
 441       _gnutls_hard_log ("MPI: too large mpi (%d)\n", (int)binlen);
 442       return;
 443     }
 444
 445   binbuf = gnutls_malloc (binlen);
 446   if (!binbuf)
 447     {
 448       gnutls_assert ();
 449       _gnutls_hard_log ("MPI: out of memory (%d)\n", (int)binlen);
 450       return;
 451     }
 452
 453   res = _gnutls_mpi_print (a, binbuf, &binlen);
 454   if (res != 0)
 455     {
 456       gnutls_assert ();
 457       _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, (int)binlen);
 458       gnutls_free (binbuf);
 459       return;
 460     }
 461
 462   hexlen = 2 * binlen + 1;
 463   hexbuf = gnutls_malloc (hexlen);
 464
 465   if (!hexbuf)
 466     {
 467       gnutls_assert ();
 468       _gnutls_hard_log ("MPI: out of memory (hex %d)\n", (int)hexlen);
 469       gnutls_free (binbuf);
 470       return;
 471     }
 472
 473   _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen);
 474
 475   _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int)binlen, prefix, hexbuf);
 476
 477   gnutls_free (hexbuf);
 478   gnutls_free (binbuf);
 479 }
 480
 481 /* this function will output a message using the
 482  * caller provided function
 483  */
 484 void
 485 _gnutls_log (int level, const char *fmt, ...)
 486 {
 487   va_list args;
 488   char *str;
 489   int ret;
 490
 491   if (_gnutls_log_func == NULL)
 492     return;
 493
 494   va_start (args, fmt);
 495   ret = vasprintf (&str, fmt, args);
 496   va_end (args);
 497
 498   if (ret >= 0)
 499     {
 500       _gnutls_log_func (level, str);
 501       free (str);
 502     }
 503 }
 504
 505 #ifndef DEBUG
 506 # ifndef C99_MACROS
 507
 508 /* Without C99 macros these functions have to
 509  * be called. This may affect performance.
 510  */
 511 void
 512 _gnutls_null_log (void *x, ...)
 513 {
 514   return;
 515 }
 516
 517 # endif /* C99_MACROS */
 518 #endif /* DEBUG */