Line data Source code
1 : /*
2 : * Copyright (C) 2000-2012 Free Software Foundation, Inc.
3 : *
4 : * Author: Nikos Mavrogiannopoulos
5 : *
6 : * This file is part of GnuTLS.
7 : *
8 : * The GnuTLS is free software; you can redistribute it and/or
9 : * modify it under the terms of the GNU Lesser General Public License
10 : * as published by the Free Software Foundation; either version 2.1 of
11 : * the License, or (at your option) any later version.
12 : *
13 : * This library is distributed in the hope that it will be useful, but
14 : * WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 : * Lesser General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU Lesser General Public License
19 : * along with this program. If not, see <https://www.gnu.org/licenses/>
20 : *
21 : */
22 :
23 : #include "gnutls_int.h"
24 : #include "errors.h"
25 : #ifdef STDC_HEADERS
26 : #include <stdarg.h>
27 : #endif
28 : #include "str.h"
29 :
30 : #define ERROR_ENTRY(desc, name) \
31 : { desc, #name, name}
32 :
33 : struct gnutls_error_entry {
34 : const char *desc;
35 : const char *_name;
36 : int number;
37 : };
38 : typedef struct gnutls_error_entry gnutls_error_entry;
39 :
40 : static const gnutls_error_entry error_entries[] = {
41 : /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
42 : ERROR_ENTRY(N_("Could not negotiate a supported cipher suite."),
43 : GNUTLS_E_UNKNOWN_CIPHER_SUITE),
44 : ERROR_ENTRY(N_("No or insufficient priorities were set."),
45 : GNUTLS_E_NO_PRIORITIES_WERE_SET),
46 : ERROR_ENTRY(N_("The cipher type is unsupported."),
47 : GNUTLS_E_UNKNOWN_CIPHER_TYPE),
48 : ERROR_ENTRY(N_("The certificate and the given key do not match."),
49 : GNUTLS_E_CERTIFICATE_KEY_MISMATCH),
50 : ERROR_ENTRY(N_
51 : ("Could not negotiate a supported compression method."),
52 : GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM),
53 : ERROR_ENTRY(N_("An unknown public key algorithm was encountered."),
54 : GNUTLS_E_UNKNOWN_PK_ALGORITHM),
55 :
56 : ERROR_ENTRY(N_("An algorithm that is not enabled was negotiated."),
57 : GNUTLS_E_UNWANTED_ALGORITHM),
58 : ERROR_ENTRY(N_
59 : ("A packet with illegal or unsupported version was received."),
60 : GNUTLS_E_UNSUPPORTED_VERSION_PACKET),
61 : ERROR_ENTRY(N_
62 : ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
63 : GNUTLS_E_DH_PRIME_UNACCEPTABLE),
64 : ERROR_ENTRY(N_
65 : ("Error decoding the received TLS packet."),
66 : GNUTLS_E_UNEXPECTED_PACKET_LENGTH),
67 : ERROR_ENTRY(N_
68 : ("A TLS record packet with invalid length was received."),
69 : GNUTLS_E_RECORD_OVERFLOW),
70 : ERROR_ENTRY(N_("The TLS connection was non-properly terminated."),
71 : GNUTLS_E_PREMATURE_TERMINATION),
72 : ERROR_ENTRY(N_
73 : ("The specified session has been invalidated for some reason."),
74 : GNUTLS_E_INVALID_SESSION),
75 :
76 : ERROR_ENTRY(N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR),
77 : ERROR_ENTRY(N_(
78 : "A connection with inappropriate fallback was attempted."),
79 : GNUTLS_E_INAPPROPRIATE_FALLBACK),
80 : ERROR_ENTRY(N_("An illegal TLS extension was received."),
81 : GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION),
82 : ERROR_ENTRY(N_("An required TLS extension was received."),
83 : GNUTLS_E_MISSING_EXTENSION),
84 : ERROR_ENTRY(N_("A TLS fatal alert has been received."),
85 : GNUTLS_E_FATAL_ALERT_RECEIVED),
86 : ERROR_ENTRY(N_("An unexpected TLS packet was received."),
87 : GNUTLS_E_UNEXPECTED_PACKET),
88 : ERROR_ENTRY(N_("Failed to import the key into store."),
89 : GNUTLS_E_KEY_IMPORT_FAILED),
90 : ERROR_ENTRY(N_
91 : ("An error was encountered at the TLS Finished packet calculation."),
92 : GNUTLS_E_ERROR_IN_FINISHED_PACKET),
93 : ERROR_ENTRY(N_("No certificate was found."),
94 : GNUTLS_E_NO_CERTIFICATE_FOUND),
95 : ERROR_ENTRY(N_("Certificate is required."),
96 : GNUTLS_E_CERTIFICATE_REQUIRED),
97 : ERROR_ENTRY(N_
98 : ("The given DSA key is incompatible with the selected TLS protocol."),
99 : GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL),
100 : ERROR_ENTRY(N_
101 : ("There is already a crypto algorithm with lower priority."),
102 : GNUTLS_E_CRYPTO_ALREADY_REGISTERED),
103 :
104 : ERROR_ENTRY(N_("No temporary RSA parameters were found."),
105 : GNUTLS_E_NO_TEMPORARY_RSA_PARAMS),
106 : ERROR_ENTRY(N_("No temporary DH parameters were found."),
107 : GNUTLS_E_NO_TEMPORARY_DH_PARAMS),
108 : ERROR_ENTRY(N_("An unexpected TLS handshake packet was received."),
109 : GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET),
110 : ERROR_ENTRY(N_("The scanning of a large integer has failed."),
111 : GNUTLS_E_MPI_SCAN_FAILED),
112 : ERROR_ENTRY(N_("Could not export a large integer."),
113 : GNUTLS_E_MPI_PRINT_FAILED),
114 : ERROR_ENTRY(N_("Decryption has failed."),
115 : GNUTLS_E_DECRYPTION_FAILED),
116 : ERROR_ENTRY(N_("Encryption has failed."),
117 : GNUTLS_E_ENCRYPTION_FAILED),
118 : ERROR_ENTRY(N_("Public key decryption has failed."),
119 : GNUTLS_E_PK_DECRYPTION_FAILED),
120 : ERROR_ENTRY(N_("Public key encryption has failed."),
121 : GNUTLS_E_PK_ENCRYPTION_FAILED),
122 : ERROR_ENTRY(N_("Public key signing has failed."),
123 : GNUTLS_E_PK_SIGN_FAILED),
124 : ERROR_ENTRY(N_("Public key signature verification has failed."),
125 : GNUTLS_E_PK_SIG_VERIFY_FAILED),
126 : ERROR_ENTRY(N_
127 : ("Decompression of the TLS record packet has failed."),
128 : GNUTLS_E_DECOMPRESSION_FAILED),
129 : ERROR_ENTRY(N_("Compression of the TLS record packet has failed."),
130 : GNUTLS_E_COMPRESSION_FAILED),
131 :
132 : ERROR_ENTRY(N_("Internal error in memory allocation."),
133 : GNUTLS_E_MEMORY_ERROR),
134 : ERROR_ENTRY(N_
135 : ("An unimplemented or disabled feature has been requested."),
136 : GNUTLS_E_UNIMPLEMENTED_FEATURE),
137 : ERROR_ENTRY(N_("Insufficient credentials for that request."),
138 : GNUTLS_E_INSUFFICIENT_CREDENTIALS),
139 : ERROR_ENTRY(N_("Error in password/key file."), GNUTLS_E_SRP_PWD_ERROR),
140 : ERROR_ENTRY(N_("Wrong padding in PKCS1 packet."),
141 : GNUTLS_E_PKCS1_WRONG_PAD),
142 : ERROR_ENTRY(N_("The session or certificate has expired."),
143 : GNUTLS_E_EXPIRED),
144 : ERROR_ENTRY(N_("The certificate is not yet activated."),
145 : GNUTLS_E_NOT_YET_ACTIVATED),
146 : ERROR_ENTRY(N_("Hashing has failed."), GNUTLS_E_HASH_FAILED),
147 : ERROR_ENTRY(N_("Base64 decoding error."),
148 : GNUTLS_E_BASE64_DECODING_ERROR),
149 : ERROR_ENTRY(N_("Base64 unexpected header error."),
150 : GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR),
151 : ERROR_ENTRY(N_("Base64 encoding error."),
152 : GNUTLS_E_BASE64_ENCODING_ERROR),
153 : ERROR_ENTRY(N_("Parsing error in password/key file."),
154 : GNUTLS_E_SRP_PWD_PARSING_ERROR),
155 : ERROR_ENTRY(N_("The requested data were not available."),
156 : GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE),
157 : ERROR_ENTRY(N_("There are no embedded data in the structure."),
158 : GNUTLS_E_NO_EMBEDDED_DATA),
159 : ERROR_ENTRY(N_("Error in the pull function."), GNUTLS_E_PULL_ERROR),
160 : ERROR_ENTRY(N_("Error in the push function."), GNUTLS_E_PUSH_ERROR),
161 : ERROR_ENTRY(N_
162 : ("The upper limit of record packet sequence numbers has been reached. Wow!"),
163 : GNUTLS_E_RECORD_LIMIT_REACHED),
164 : ERROR_ENTRY(N_("Error in the certificate."),
165 : GNUTLS_E_CERTIFICATE_ERROR),
166 : ERROR_ENTRY(N_("Error in the time fields of certificate."),
167 : GNUTLS_E_CERTIFICATE_TIME_ERROR),
168 : ERROR_ENTRY(N_("Error in the certificate verification."),
169 : GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR),
170 : ERROR_ENTRY(N_("Error in the CRL verification."),
171 : GNUTLS_E_CRL_VERIFICATION_ERROR),
172 : ERROR_ENTRY(N_("Error in the private key verification; seed doesn't match."),
173 : GNUTLS_E_PRIVKEY_VERIFICATION_ERROR),
174 : ERROR_ENTRY(N_("Could not authenticate peer."),
175 : GNUTLS_E_AUTH_ERROR),
176 : ERROR_ENTRY(N_
177 : ("Unknown Subject Alternative name in X.509 certificate."),
178 : GNUTLS_E_X509_UNKNOWN_SAN),
179 : ERROR_ENTRY(N_
180 : ("CIDR name constraint is malformed in size or structure."),
181 : GNUTLS_E_MALFORMED_CIDR),
182 :
183 : ERROR_ENTRY(N_
184 : ("Unsupported critical extension in X.509 certificate."),
185 : GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION),
186 : ERROR_ENTRY(N_("Unsupported extension in X.509 certificate."),
187 : GNUTLS_E_X509_UNSUPPORTED_EXTENSION),
188 : ERROR_ENTRY(N_("Duplicate extension in X.509 certificate."),
189 : GNUTLS_E_X509_DUPLICATE_EXTENSION),
190 : ERROR_ENTRY(N_
191 : ("Key usage violation in certificate has been detected."),
192 : GNUTLS_E_KEY_USAGE_VIOLATION),
193 : ERROR_ENTRY(N_("Function was interrupted."), GNUTLS_E_INTERRUPTED),
194 : ERROR_ENTRY(N_
195 : ("TLS Application data were received, while expecting handshake data."),
196 : GNUTLS_E_GOT_APPLICATION_DATA),
197 : ERROR_ENTRY(N_("Error in Database backend."), GNUTLS_E_DB_ERROR),
198 : ERROR_ENTRY(N_("The Database entry already exists."), GNUTLS_E_DB_ENTRY_EXISTS),
199 : ERROR_ENTRY(N_("The certificate type is not supported."),
200 : GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE),
201 : ERROR_ENTRY(N_
202 : ("The given memory buffer is too short to hold parameters."),
203 : GNUTLS_E_SHORT_MEMORY_BUFFER),
204 : ERROR_ENTRY(N_("The request is invalid."),
205 : GNUTLS_E_INVALID_REQUEST),
206 : ERROR_ENTRY(N_("The cookie was bad."), GNUTLS_E_BAD_COOKIE),
207 : ERROR_ENTRY(N_("An illegal parameter has been received."),
208 : GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER),
209 : ERROR_ENTRY(N_("An illegal parameter was found."),
210 : GNUTLS_E_ILLEGAL_PARAMETER),
211 : ERROR_ENTRY(N_("Error while reading file."), GNUTLS_E_FILE_ERROR),
212 : ERROR_ENTRY(N_("A disallowed SNI server name has been received."),
213 : GNUTLS_E_RECEIVED_DISALLOWED_NAME),
214 :
215 : ERROR_ENTRY(N_("ASN1 parser: Element was not found."),
216 : GNUTLS_E_ASN1_ELEMENT_NOT_FOUND),
217 : ERROR_ENTRY(N_("ASN1 parser: Identifier was not found"),
218 : GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND),
219 : ERROR_ENTRY(N_("ASN1 parser: Error in DER parsing."),
220 : GNUTLS_E_ASN1_DER_ERROR),
221 : ERROR_ENTRY(N_("ASN1 parser: Value was not found."),
222 : GNUTLS_E_ASN1_VALUE_NOT_FOUND),
223 : ERROR_ENTRY(N_("ASN1 parser: Generic parsing error."),
224 : GNUTLS_E_ASN1_GENERIC_ERROR),
225 : ERROR_ENTRY(N_("ASN1 parser: Value is not valid."),
226 : GNUTLS_E_ASN1_VALUE_NOT_VALID),
227 : ERROR_ENTRY(N_("ASN1 parser: Error in TAG."),
228 : GNUTLS_E_ASN1_TAG_ERROR),
229 : ERROR_ENTRY(N_("ASN1 parser: error in implicit tag"),
230 : GNUTLS_E_ASN1_TAG_IMPLICIT),
231 : ERROR_ENTRY(N_("ASN1 parser: Error in type 'ANY'."),
232 : GNUTLS_E_ASN1_TYPE_ANY_ERROR),
233 : ERROR_ENTRY(N_("ASN1 parser: Syntax error."),
234 : GNUTLS_E_ASN1_SYNTAX_ERROR),
235 : ERROR_ENTRY(N_("ASN1 parser: Overflow in DER parsing."),
236 : GNUTLS_E_ASN1_DER_OVERFLOW),
237 :
238 : ERROR_ENTRY(N_
239 : ("Too many empty record packets have been received."),
240 : GNUTLS_E_TOO_MANY_EMPTY_PACKETS),
241 : ERROR_ENTRY(N_("Too many handshake packets have been received."),
242 : GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS),
243 : ERROR_ENTRY(N_("More than a single object matches the criteria."),
244 : GNUTLS_E_TOO_MANY_MATCHES),
245 : ERROR_ENTRY(N_("The crypto library version is too old."),
246 : GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY),
247 :
248 : ERROR_ENTRY(N_("The tasn1 library version is too old."),
249 : GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY),
250 : ERROR_ENTRY(N_("The OpenPGP User ID is revoked."),
251 : GNUTLS_E_OPENPGP_UID_REVOKED),
252 : ERROR_ENTRY(N_("The OpenPGP key has not a preferred key set."),
253 : GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR),
254 : ERROR_ENTRY(N_("Error loading the keyring."),
255 : GNUTLS_E_OPENPGP_KEYRING_ERROR),
256 : ERROR_ENTRY(N_("The initialization of crypto backend has failed."),
257 : GNUTLS_E_CRYPTO_INIT_FAILED),
258 : ERROR_ENTRY(N_
259 : ("No supported compression algorithms have been found."),
260 : GNUTLS_E_NO_COMPRESSION_ALGORITHMS),
261 : ERROR_ENTRY(N_("No supported cipher suites have been found."),
262 : GNUTLS_E_NO_CIPHER_SUITES),
263 : ERROR_ENTRY(N_("Could not get OpenPGP key."),
264 : GNUTLS_E_OPENPGP_GETKEY_FAILED),
265 : ERROR_ENTRY(N_("Could not find OpenPGP subkey."),
266 : GNUTLS_E_OPENPGP_SUBKEY_ERROR),
267 : ERROR_ENTRY(N_("Safe renegotiation failed."),
268 : GNUTLS_E_SAFE_RENEGOTIATION_FAILED),
269 : ERROR_ENTRY(N_("Unsafe renegotiation denied."),
270 : GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED),
271 :
272 : ERROR_ENTRY(N_("The SRP username supplied is illegal."),
273 : GNUTLS_E_ILLEGAL_SRP_USERNAME),
274 : ERROR_ENTRY(N_("The username supplied is unknown."),
275 : GNUTLS_E_UNKNOWN_SRP_USERNAME),
276 :
277 : ERROR_ENTRY(N_("The OpenPGP fingerprint is not supported."),
278 : GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED),
279 : ERROR_ENTRY(N_("The signature algorithm is not supported."),
280 : GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM),
281 : ERROR_ENTRY(N_("The certificate has unsupported attributes."),
282 : GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE),
283 : ERROR_ENTRY(N_("The OID is not supported."),
284 : GNUTLS_E_X509_UNSUPPORTED_OID),
285 : ERROR_ENTRY(N_("The hash algorithm is unknown."),
286 : GNUTLS_E_UNKNOWN_HASH_ALGORITHM),
287 : ERROR_ENTRY(N_("The PKCS structure's content type is unknown."),
288 : GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE),
289 : ERROR_ENTRY(N_("The PKCS structure's bag type is unknown."),
290 : GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE),
291 : ERROR_ENTRY(N_("The given password contains invalid characters."),
292 : GNUTLS_E_INVALID_PASSWORD),
293 : ERROR_ENTRY(N_("The given string contains invalid UTF-8 characters."),
294 : GNUTLS_E_INVALID_UTF8_STRING),
295 : ERROR_ENTRY(N_("The given email string contains non-ASCII characters before '@'."),
296 : GNUTLS_E_INVALID_UTF8_EMAIL),
297 : ERROR_ENTRY(N_("The given password contains invalid characters."),
298 : GNUTLS_E_INVALID_PASSWORD_STRING),
299 : ERROR_ENTRY(N_
300 : ("The Message Authentication Code verification failed."),
301 : GNUTLS_E_MAC_VERIFY_FAILED),
302 : ERROR_ENTRY(N_("Some constraint limits were reached."),
303 : GNUTLS_E_CONSTRAINT_ERROR),
304 : ERROR_ENTRY(N_("Failed to acquire random data."),
305 : GNUTLS_E_RANDOM_FAILED),
306 : ERROR_ENTRY(N_("Verifying TLS/IA phase checksum failed"),
307 : GNUTLS_E_IA_VERIFY_FAILED),
308 :
309 : ERROR_ENTRY(N_("The specified algorithm or protocol is unknown."),
310 : GNUTLS_E_UNKNOWN_ALGORITHM),
311 :
312 : ERROR_ENTRY(N_("The handshake data size is too large."),
313 : GNUTLS_E_HANDSHAKE_TOO_LARGE),
314 :
315 : ERROR_ENTRY(N_("Error opening /dev/crypto"),
316 : GNUTLS_E_CRYPTODEV_DEVICE_ERROR),
317 :
318 : ERROR_ENTRY(N_("Error interfacing with /dev/crypto"),
319 : GNUTLS_E_CRYPTODEV_IOCTL_ERROR),
320 : ERROR_ENTRY(N_("Peer has terminated the connection"),
321 : GNUTLS_E_SESSION_EOF),
322 : ERROR_ENTRY(N_("Channel binding data not available"),
323 : GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE),
324 :
325 : ERROR_ENTRY(N_("TPM error."),
326 : GNUTLS_E_TPM_ERROR),
327 : ERROR_ENTRY(N_("The TPM library (trousers) cannot be found."),
328 : GNUTLS_E_TPM_NO_LIB),
329 : ERROR_ENTRY(N_("TPM is not initialized."),
330 : GNUTLS_E_TPM_UNINITIALIZED),
331 : ERROR_ENTRY(N_("TPM key was not found in persistent storage."),
332 : GNUTLS_E_TPM_KEY_NOT_FOUND),
333 : ERROR_ENTRY(N_("Cannot initialize a session with the TPM."),
334 : GNUTLS_E_TPM_SESSION_ERROR),
335 : ERROR_ENTRY(N_("PKCS #11 error."),
336 : GNUTLS_E_PKCS11_ERROR),
337 : ERROR_ENTRY(N_("PKCS #11 initialization error."),
338 : GNUTLS_E_PKCS11_LOAD_ERROR),
339 : ERROR_ENTRY(N_("Error in parsing."),
340 : GNUTLS_E_PARSING_ERROR),
341 : ERROR_ENTRY(N_("Error in provided PIN."),
342 : GNUTLS_E_PKCS11_PIN_ERROR),
343 : ERROR_ENTRY(N_("Error in provided SRK password for TPM."),
344 : GNUTLS_E_TPM_SRK_PASSWORD_ERROR),
345 : ERROR_ENTRY(N_
346 : ("Error in provided password for key to be loaded in TPM."),
347 : GNUTLS_E_TPM_KEY_PASSWORD_ERROR),
348 : ERROR_ENTRY(N_("PKCS #11 error in slot"),
349 : GNUTLS_E_PKCS11_SLOT_ERROR),
350 : ERROR_ENTRY(N_("Thread locking error"),
351 : GNUTLS_E_LOCKING_ERROR),
352 : ERROR_ENTRY(N_("PKCS #11 error in attribute"),
353 : GNUTLS_E_PKCS11_ATTRIBUTE_ERROR),
354 : ERROR_ENTRY(N_("PKCS #11 error in device"),
355 : GNUTLS_E_PKCS11_DEVICE_ERROR),
356 : ERROR_ENTRY(N_("PKCS #11 error in data"),
357 : GNUTLS_E_PKCS11_DATA_ERROR),
358 : ERROR_ENTRY(N_("PKCS #11 unsupported feature"),
359 : GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR),
360 : ERROR_ENTRY(N_("PKCS #11 error in key"),
361 : GNUTLS_E_PKCS11_KEY_ERROR),
362 : ERROR_ENTRY(N_("PKCS #11 PIN expired"),
363 : GNUTLS_E_PKCS11_PIN_EXPIRED),
364 : ERROR_ENTRY(N_("PKCS #11 PIN locked"),
365 : GNUTLS_E_PKCS11_PIN_LOCKED),
366 : ERROR_ENTRY(N_("PKCS #11 error in session"),
367 : GNUTLS_E_PKCS11_SESSION_ERROR),
368 : ERROR_ENTRY(N_("PKCS #11 error in signature"),
369 : GNUTLS_E_PKCS11_SIGNATURE_ERROR),
370 : ERROR_ENTRY(N_("PKCS #11 error in token"),
371 : GNUTLS_E_PKCS11_TOKEN_ERROR),
372 : ERROR_ENTRY(N_("PKCS #11 user error"),
373 : GNUTLS_E_PKCS11_USER_ERROR),
374 : ERROR_ENTRY(N_("The operation timed out"),
375 : GNUTLS_E_TIMEDOUT),
376 : ERROR_ENTRY(N_("The operation was cancelled due to user error"),
377 : GNUTLS_E_USER_ERROR),
378 : ERROR_ENTRY(N_("No supported ECC curves were found"),
379 : GNUTLS_E_ECC_NO_SUPPORTED_CURVES),
380 : ERROR_ENTRY(N_("The curve is unsupported"),
381 : GNUTLS_E_ECC_UNSUPPORTED_CURVE),
382 : ERROR_ENTRY(N_("The requested PKCS #11 object is not available"),
383 : GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE),
384 : ERROR_ENTRY(N_
385 : ("The provided X.509 certificate list is not sorted (in subject to issuer order)"),
386 : GNUTLS_E_CERTIFICATE_LIST_UNSORTED),
387 : ERROR_ENTRY(N_("The OCSP response is invalid"),
388 : GNUTLS_E_OCSP_RESPONSE_ERROR),
389 : ERROR_ENTRY(N_("The OCSP response provided doesn't match the available certificates"),
390 : GNUTLS_E_OCSP_MISMATCH_WITH_CERTS),
391 : ERROR_ENTRY(N_("There is no certificate status (OCSP)."),
392 : GNUTLS_E_NO_CERTIFICATE_STATUS),
393 : ERROR_ENTRY(N_("Error in the system's randomness device."),
394 : GNUTLS_E_RANDOM_DEVICE_ERROR),
395 : ERROR_ENTRY(N_
396 : ("No common application protocol could be negotiated."),
397 : GNUTLS_E_NO_APPLICATION_PROTOCOL),
398 : ERROR_ENTRY(N_("Error while performing self checks."),
399 : GNUTLS_E_SELF_TEST_ERROR),
400 : ERROR_ENTRY(N_("There is no self test for this algorithm."),
401 : GNUTLS_E_NO_SELF_TEST),
402 : ERROR_ENTRY(N_("An error has been detected in the library and cannot continue operations."),
403 : GNUTLS_E_LIB_IN_ERROR_STATE),
404 : ERROR_ENTRY(N_("Error in sockets initialization."),
405 : GNUTLS_E_SOCKETS_INIT_ERROR),
406 : ERROR_ENTRY(N_("Error in public key generation."),
407 : GNUTLS_E_PK_GENERATION_ERROR),
408 : ERROR_ENTRY(N_("Invalid TLS extensions length field."),
409 : GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH),
410 : ERROR_ENTRY(N_("Peer's certificate or username has changed during a rehandshake."),
411 : GNUTLS_E_SESSION_USER_ID_CHANGED),
412 : ERROR_ENTRY(N_("The provided string has an embedded null."),
413 : GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING),
414 : ERROR_ENTRY(N_("Attempted handshake during false start."),
415 : GNUTLS_E_HANDSHAKE_DURING_FALSE_START),
416 : ERROR_ENTRY(N_("The SNI host name not recognised."),
417 : GNUTLS_E_UNRECOGNIZED_NAME),
418 : ERROR_ENTRY(N_("There was an issue converting to or from UTF8."),
419 : GNUTLS_E_IDNA_ERROR),
420 : ERROR_ENTRY(N_("Cannot perform this action while handshake is in progress."),
421 : GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE),
422 : ERROR_ENTRY(N_("The public key is invalid."),
423 : GNUTLS_E_PK_INVALID_PUBKEY),
424 : ERROR_ENTRY(N_("There are no validation parameters present."),
425 : GNUTLS_E_PK_NO_VALIDATION_PARAMS),
426 : ERROR_ENTRY(N_("The public key parameters are invalid."),
427 : GNUTLS_E_PK_INVALID_PUBKEY_PARAMS),
428 : ERROR_ENTRY(N_("The private key is invalid."),
429 : GNUTLS_E_PK_INVALID_PRIVKEY),
430 : ERROR_ENTRY(N_("The DER time encoding is invalid."),
431 : GNUTLS_E_ASN1_TIME_ERROR),
432 : ERROR_ENTRY(N_("The signature is incompatible with the public key."),
433 : GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY),
434 : ERROR_ENTRY(N_("One of the involved algorithms has insufficient security level."),
435 : GNUTLS_E_INSUFFICIENT_SECURITY),
436 : ERROR_ENTRY(N_("No common key share with peer."),
437 : GNUTLS_E_NO_COMMON_KEY_SHARE),
438 : ERROR_ENTRY(N_("The early data were rejected."),
439 : GNUTLS_E_EARLY_DATA_REJECTED),
440 : {NULL, NULL, 0}
441 : };
442 :
443 : static const gnutls_error_entry non_fatal_error_entries[] = {
444 : ERROR_ENTRY(N_("Success."), GNUTLS_E_SUCCESS),
445 : ERROR_ENTRY(N_("A TLS warning alert has been received."),
446 : GNUTLS_E_WARNING_ALERT_RECEIVED),
447 : ERROR_ENTRY(N_("A heartbeat pong message was received."),
448 : GNUTLS_E_HEARTBEAT_PONG_RECEIVED),
449 : ERROR_ENTRY(N_("A heartbeat ping message was received."),
450 : GNUTLS_E_HEARTBEAT_PING_RECEIVED),
451 : ERROR_ENTRY(N_("Resource temporarily unavailable, try again."),
452 : GNUTLS_E_AGAIN),
453 : ERROR_ENTRY(N_("The transmitted packet is too large (EMSGSIZE)."),
454 : GNUTLS_E_LARGE_PACKET),
455 : ERROR_ENTRY(N_("Function was interrupted."), GNUTLS_E_INTERRUPTED),
456 : ERROR_ENTRY(N_("Rehandshake was requested by the peer."),
457 : GNUTLS_E_REHANDSHAKE),
458 : ERROR_ENTRY(N_("Re-authentication was requested by the peer."),
459 : GNUTLS_E_REAUTH_REQUEST),
460 : /* Only non fatal (for handshake) errors here */
461 : {NULL, NULL, 0}
462 : };
463 :
464 : /**
465 : * gnutls_error_is_fatal:
466 : * @error: is a GnuTLS error code, a negative error code
467 : *
468 : * If a GnuTLS function returns a negative error code you may feed that
469 : * value to this function to see if the error condition is fatal to
470 : * a TLS session (i.e., must be terminated).
471 : *
472 : * Note that you may also want to check the error code manually, since some
473 : * non-fatal errors to the protocol (such as a warning alert or
474 : * a rehandshake request) may be fatal for your program.
475 : *
476 : * This function is only useful if you are dealing with errors from
477 : * functions that relate to a TLS session (e.g., record layer or handshake
478 : * layer handling functions).
479 : *
480 : * Returns: Non-zero value on fatal errors or zero on non-fatal.
481 : **/
482 70522500 : int gnutls_error_is_fatal(int error)
483 : {
484 70522500 : int ret = 1;
485 70522500 : const gnutls_error_entry *p;
486 :
487 : /* Input sanitzation. Positive values are not errors at all, and
488 : definitely not fatal. */
489 70522500 : if (error > 0)
490 : return 0;
491 :
492 352727000 : for (p = non_fatal_error_entries; p->desc != NULL; p++) {
493 352703000 : if (p->number == error) {
494 : ret = 0;
495 : break;
496 : }
497 : }
498 :
499 : return ret;
500 : }
501 :
502 : /**
503 : * gnutls_perror:
504 : * @error: is a GnuTLS error code, a negative error code
505 : *
506 : * This function is like perror(). The only difference is that it
507 : * accepts an error number returned by a gnutls function.
508 : **/
509 1 : void gnutls_perror(int error)
510 : {
511 1 : fprintf(stderr, "GnuTLS error: %s\n", gnutls_strerror(error));
512 1 : }
513 :
514 :
515 : /**
516 : * gnutls_strerror:
517 : * @error: is a GnuTLS error code, a negative error code
518 : *
519 : * This function is similar to strerror. The difference is that it
520 : * accepts an error number returned by a gnutls function; In case of
521 : * an unknown error a descriptive string is sent instead of %NULL.
522 : *
523 : * Error codes are always a negative error code.
524 : *
525 : * Returns: A string explaining the GnuTLS error message.
526 : **/
527 6665 : const char *gnutls_strerror(int error)
528 : {
529 6665 : const char *ret = NULL;
530 6665 : const gnutls_error_entry *p;
531 :
532 455487 : for (p = error_entries; p->desc != NULL; p++) {
533 454419 : if (p->number == error) {
534 : ret = p->desc;
535 : break;
536 : }
537 : }
538 :
539 6665 : if (ret == NULL) {
540 10629 : for (p = non_fatal_error_entries; p->desc != NULL; p++) {
541 9570 : if (p->number == error) {
542 : ret = p->desc;
543 : break;
544 : }
545 : }
546 : }
547 :
548 : /* avoid prefix */
549 6665 : if (ret == NULL)
550 1059 : return _("(unknown error code)");
551 :
552 5606 : return _(ret);
553 : }
554 :
555 : /**
556 : * gnutls_strerror_name:
557 : * @error: is an error returned by a gnutls function.
558 : *
559 : * Return the GnuTLS error code define as a string. For example,
560 : * gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return
561 : * the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE".
562 : *
563 : * Returns: A string corresponding to the symbol name of the error
564 : * code.
565 : *
566 : * Since: 2.6.0
567 : **/
568 1251 : const char *gnutls_strerror_name(int error)
569 : {
570 1251 : const char *ret = NULL;
571 1251 : const gnutls_error_entry *p;
572 :
573 214415 : for (p = error_entries; p->desc != NULL; p++) {
574 213348 : if (p->number == error) {
575 184 : ret = p->_name;
576 184 : break;
577 : }
578 : }
579 :
580 1251 : if (ret == NULL) {
581 10628 : for (p = non_fatal_error_entries; p->desc != NULL; p++) {
582 9569 : if (p->number == error) {
583 8 : ret = p->_name;
584 8 : break;
585 : }
586 : }
587 : }
588 :
589 1251 : return ret;
590 : }
591 :
592 755 : void _gnutls_mpi_log(const char *prefix, bigint_t a)
593 : {
594 755 : size_t binlen = 0;
595 755 : void *binbuf;
596 755 : size_t hexlen;
597 755 : char *hexbuf;
598 755 : int res;
599 :
600 755 : if (_gnutls_log_level < 2)
601 755 : return;
602 :
603 0 : res = _gnutls_mpi_print(a, NULL, &binlen);
604 0 : if (res < 0 && res != GNUTLS_E_SHORT_MEMORY_BUFFER) {
605 0 : gnutls_assert();
606 0 : _gnutls_hard_log("MPI: %s can't print value (%d/%d)\n",
607 : prefix, res, (int) binlen);
608 0 : return;
609 : }
610 :
611 0 : if (binlen > 1024 * 1024) {
612 0 : gnutls_assert();
613 0 : _gnutls_hard_log("MPI: %s too large mpi (%d)\n", prefix,
614 : (int) binlen);
615 0 : return;
616 : }
617 :
618 0 : binbuf = gnutls_malloc(binlen);
619 0 : if (!binbuf) {
620 0 : gnutls_assert();
621 0 : _gnutls_hard_log("MPI: %s out of memory (%d)\n", prefix,
622 : (int) binlen);
623 0 : return;
624 : }
625 :
626 0 : res = _gnutls_mpi_print(a, binbuf, &binlen);
627 0 : if (res != 0) {
628 0 : gnutls_assert();
629 0 : _gnutls_hard_log("MPI: %s can't print value (%d/%d)\n",
630 : prefix, res, (int) binlen);
631 0 : gnutls_free(binbuf);
632 0 : return;
633 : }
634 :
635 0 : hexlen = 2 * binlen + 1;
636 0 : hexbuf = gnutls_malloc(hexlen);
637 :
638 0 : if (!hexbuf) {
639 0 : gnutls_assert();
640 0 : _gnutls_hard_log("MPI: %s out of memory (hex %d)\n",
641 : prefix, (int) hexlen);
642 0 : gnutls_free(binbuf);
643 0 : return;
644 : }
645 :
646 0 : _gnutls_bin2hex(binbuf, binlen, hexbuf, hexlen, NULL);
647 :
648 0 : _gnutls_hard_log("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
649 : hexbuf);
650 :
651 0 : gnutls_free(hexbuf);
652 0 : gnutls_free(binbuf);
653 : }
654 :
655 : /* this function will output a message using the
656 : * caller provided function
657 : */
658 1243900 : void _gnutls_log(int level, const char *fmt, ...)
659 : {
660 1243900 : va_list args;
661 1243900 : char *str;
662 1243900 : int ret;
663 :
664 1243900 : if (_gnutls_log_func == NULL)
665 0 : return;
666 :
667 1243900 : va_start(args, fmt);
668 1243900 : ret = vasprintf(&str, fmt, args);
669 1243900 : va_end(args);
670 :
671 1243900 : if (ret >= 0) {
672 1243900 : _gnutls_log_func(level, str);
673 1243900 : free(str);
674 : }
675 : }
676 :
677 3430 : void _gnutls_audit_log(gnutls_session_t session, const char *fmt, ...)
678 : {
679 3430 : va_list args;
680 3430 : char *str;
681 3430 : int ret;
682 :
683 3430 : if (_gnutls_audit_log_func == NULL && _gnutls_log_func == NULL)
684 2119 : return;
685 :
686 1311 : va_start(args, fmt);
687 1311 : ret = vasprintf(&str, fmt, args);
688 1311 : va_end(args);
689 :
690 1311 : if (ret >= 0) {
691 1311 : if (_gnutls_audit_log_func)
692 735 : _gnutls_audit_log_func(session, str);
693 : else
694 576 : _gnutls_log_func(1, str);
695 1311 : free(str);
696 : }
697 : }
698 :
699 : #ifndef DEBUG
700 : #ifndef C99_MACROS
701 :
702 : /* Without C99 macros these functions have to
703 : * be called. This may affect performance.
704 : */
705 : void _gnutls_null_log(void *x, ...)
706 : {
707 : return;
708 : }
709 :
710 : #endif /* C99_MACROS */
711 : #endif /* DEBUG */
|