Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2000-2012 Free Software Foundation, Inc. |
3 | | * |
4 | | * Author: Nikos Mavrogiannopoulos |
5 | | * |
6 | | * This file is part of GnuTLS. |
7 | | * |
8 | | * The GnuTLS is free software; you can redistribute it and/or |
9 | | * modify it under the terms of the GNU Lesser General Public License |
10 | | * as published by the Free Software Foundation; either version 2.1 of |
11 | | * the License, or (at your option) any later version. |
12 | | * |
13 | | * This library is distributed in the hope that it will be useful, but |
14 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | | * Lesser General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU Lesser General Public License |
19 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
20 | | * |
21 | | */ |
22 | | |
23 | | #include "gnutls_int.h" |
24 | | #include "errors.h" |
25 | | #ifdef STDC_HEADERS |
26 | | # include <stdarg.h> |
27 | | #endif |
28 | | #include "str.h" |
29 | | |
30 | | #define ERROR_ENTRY(desc, name) \ |
31 | | { desc, #name, name} |
32 | | |
33 | | struct gnutls_error_entry { |
34 | | const char *desc; |
35 | | const char *_name; |
36 | | int number; |
37 | | }; |
38 | | typedef struct gnutls_error_entry gnutls_error_entry; |
39 | | |
40 | | static const gnutls_error_entry error_entries[] = { |
41 | | /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */ |
42 | | ERROR_ENTRY(N_("Could not negotiate a supported cipher suite."), |
43 | | GNUTLS_E_UNKNOWN_CIPHER_SUITE), |
44 | | ERROR_ENTRY(N_("No or insufficient priorities were set."), |
45 | | GNUTLS_E_NO_PRIORITIES_WERE_SET), |
46 | | ERROR_ENTRY(N_("The cipher type is unsupported."), |
47 | | GNUTLS_E_UNKNOWN_CIPHER_TYPE), |
48 | | ERROR_ENTRY(N_("The certificate and the given key do not match."), |
49 | | GNUTLS_E_CERTIFICATE_KEY_MISMATCH), |
50 | | ERROR_ENTRY(N_("Could not negotiate a supported compression method."), |
51 | | GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM), |
52 | | ERROR_ENTRY(N_("An unknown public key algorithm was encountered."), |
53 | | GNUTLS_E_UNKNOWN_PK_ALGORITHM), |
54 | | |
55 | | ERROR_ENTRY(N_("An algorithm that is not enabled was negotiated."), |
56 | | GNUTLS_E_UNWANTED_ALGORITHM), |
57 | | ERROR_ENTRY(N_ |
58 | | ("A packet with illegal or unsupported version was received."), |
59 | | GNUTLS_E_UNSUPPORTED_VERSION_PACKET), |
60 | | ERROR_ENTRY(N_ |
61 | | ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."), |
62 | | GNUTLS_E_DH_PRIME_UNACCEPTABLE), |
63 | | ERROR_ENTRY(N_("Error decoding the received TLS packet."), |
64 | | GNUTLS_E_UNEXPECTED_PACKET_LENGTH), |
65 | | ERROR_ENTRY(N_("A TLS record packet with invalid length was received."), |
66 | | GNUTLS_E_RECORD_OVERFLOW), |
67 | | ERROR_ENTRY(N_("The TLS connection was non-properly terminated."), |
68 | | GNUTLS_E_PREMATURE_TERMINATION), |
69 | | ERROR_ENTRY(N_ |
70 | | ("The specified session has been invalidated for some reason."), |
71 | | GNUTLS_E_INVALID_SESSION), |
72 | | |
73 | | ERROR_ENTRY(N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR), |
74 | | ERROR_ENTRY(N_ |
75 | | ("A connection with inappropriate fallback was attempted."), |
76 | | GNUTLS_E_INAPPROPRIATE_FALLBACK), |
77 | | ERROR_ENTRY(N_("An illegal TLS extension was received."), |
78 | | GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION), |
79 | | ERROR_ENTRY(N_("An required TLS extension was received."), |
80 | | GNUTLS_E_MISSING_EXTENSION), |
81 | | ERROR_ENTRY(N_("A TLS fatal alert has been received."), |
82 | | GNUTLS_E_FATAL_ALERT_RECEIVED), |
83 | | ERROR_ENTRY(N_("An unexpected TLS packet was received."), |
84 | | GNUTLS_E_UNEXPECTED_PACKET), |
85 | | ERROR_ENTRY(N_("Failed to import the key into store."), |
86 | | GNUTLS_E_KEY_IMPORT_FAILED), |
87 | | ERROR_ENTRY(N_ |
88 | | ("An error was encountered at the TLS Finished packet calculation."), |
89 | | GNUTLS_E_ERROR_IN_FINISHED_PACKET), |
90 | | ERROR_ENTRY(N_("No certificate was found."), |
91 | | GNUTLS_E_NO_CERTIFICATE_FOUND), |
92 | | ERROR_ENTRY(N_("Certificate is required."), |
93 | | GNUTLS_E_CERTIFICATE_REQUIRED), |
94 | | ERROR_ENTRY(N_ |
95 | | ("The given DSA key is incompatible with the selected TLS protocol."), |
96 | | GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL), |
97 | | ERROR_ENTRY(N_ |
98 | | ("There is already a crypto algorithm with lower priority."), |
99 | | GNUTLS_E_CRYPTO_ALREADY_REGISTERED), |
100 | | |
101 | | ERROR_ENTRY(N_("No temporary RSA parameters were found."), |
102 | | GNUTLS_E_NO_TEMPORARY_RSA_PARAMS), |
103 | | ERROR_ENTRY(N_("No temporary DH parameters were found."), |
104 | | GNUTLS_E_NO_TEMPORARY_DH_PARAMS), |
105 | | ERROR_ENTRY(N_("An unexpected TLS handshake packet was received."), |
106 | | GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET), |
107 | | ERROR_ENTRY(N_("The scanning of a large integer has failed."), |
108 | | GNUTLS_E_MPI_SCAN_FAILED), |
109 | | ERROR_ENTRY(N_("Could not export a large integer."), |
110 | | GNUTLS_E_MPI_PRINT_FAILED), |
111 | | ERROR_ENTRY(N_("Decryption has failed."), |
112 | | GNUTLS_E_DECRYPTION_FAILED), |
113 | | ERROR_ENTRY(N_("Encryption has failed."), |
114 | | GNUTLS_E_ENCRYPTION_FAILED), |
115 | | ERROR_ENTRY(N_("Public key decryption has failed."), |
116 | | GNUTLS_E_PK_DECRYPTION_FAILED), |
117 | | ERROR_ENTRY(N_("Public key encryption has failed."), |
118 | | GNUTLS_E_PK_ENCRYPTION_FAILED), |
119 | | ERROR_ENTRY(N_("Public key signing has failed."), |
120 | | GNUTLS_E_PK_SIGN_FAILED), |
121 | | ERROR_ENTRY(N_("Public key signature verification has failed."), |
122 | | GNUTLS_E_PK_SIG_VERIFY_FAILED), |
123 | | ERROR_ENTRY(N_("Decompression of the TLS record packet has failed."), |
124 | | GNUTLS_E_DECOMPRESSION_FAILED), |
125 | | ERROR_ENTRY(N_("Compression of the TLS record packet has failed."), |
126 | | GNUTLS_E_COMPRESSION_FAILED), |
127 | | |
128 | | ERROR_ENTRY(N_("Internal error in memory allocation."), |
129 | | GNUTLS_E_MEMORY_ERROR), |
130 | | ERROR_ENTRY(N_ |
131 | | ("An unimplemented or disabled feature has been requested."), |
132 | | GNUTLS_E_UNIMPLEMENTED_FEATURE), |
133 | | ERROR_ENTRY(N_("Insufficient credentials for that request."), |
134 | | GNUTLS_E_INSUFFICIENT_CREDENTIALS), |
135 | | ERROR_ENTRY(N_("Error in password/key file."), GNUTLS_E_SRP_PWD_ERROR), |
136 | | ERROR_ENTRY(N_("Wrong padding in PKCS1 packet."), |
137 | | GNUTLS_E_PKCS1_WRONG_PAD), |
138 | | ERROR_ENTRY(N_("The session or certificate has expired."), |
139 | | GNUTLS_E_EXPIRED), |
140 | | ERROR_ENTRY(N_("The certificate is not yet activated."), |
141 | | GNUTLS_E_NOT_YET_ACTIVATED), |
142 | | ERROR_ENTRY(N_("Hashing has failed."), GNUTLS_E_HASH_FAILED), |
143 | | ERROR_ENTRY(N_("Base64 decoding error."), |
144 | | GNUTLS_E_BASE64_DECODING_ERROR), |
145 | | ERROR_ENTRY(N_("Base64 unexpected header error."), |
146 | | GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR), |
147 | | ERROR_ENTRY(N_("Base64 encoding error."), |
148 | | GNUTLS_E_BASE64_ENCODING_ERROR), |
149 | | ERROR_ENTRY(N_("Parsing error in password/key file."), |
150 | | GNUTLS_E_SRP_PWD_PARSING_ERROR), |
151 | | ERROR_ENTRY(N_("The requested data were not available."), |
152 | | GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE), |
153 | | ERROR_ENTRY(N_("There are no embedded data in the structure."), |
154 | | GNUTLS_E_NO_EMBEDDED_DATA), |
155 | | ERROR_ENTRY(N_("Error in the pull function."), GNUTLS_E_PULL_ERROR), |
156 | | ERROR_ENTRY(N_("Error in the push function."), GNUTLS_E_PUSH_ERROR), |
157 | | ERROR_ENTRY(N_ |
158 | | ("The upper limit of record packet sequence numbers has been reached. Wow!"), |
159 | | GNUTLS_E_RECORD_LIMIT_REACHED), |
160 | | ERROR_ENTRY(N_("Error in the certificate."), |
161 | | GNUTLS_E_CERTIFICATE_ERROR), |
162 | | ERROR_ENTRY(N_("Error in the time fields of certificate."), |
163 | | GNUTLS_E_CERTIFICATE_TIME_ERROR), |
164 | | ERROR_ENTRY(N_("Error in the certificate verification."), |
165 | | GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR), |
166 | | ERROR_ENTRY(N_("Error in the CRL verification."), |
167 | | GNUTLS_E_CRL_VERIFICATION_ERROR), |
168 | | ERROR_ENTRY(N_ |
169 | | ("Error in the private key verification; seed doesn't match."), |
170 | | GNUTLS_E_PRIVKEY_VERIFICATION_ERROR), |
171 | | ERROR_ENTRY(N_("Could not authenticate peer."), |
172 | | GNUTLS_E_AUTH_ERROR), |
173 | | ERROR_ENTRY(N_ |
174 | | ("Unknown Subject Alternative name in X.509 certificate."), |
175 | | GNUTLS_E_X509_UNKNOWN_SAN), |
176 | | ERROR_ENTRY(N_ |
177 | | ("CIDR name constraint is malformed in size or structure."), |
178 | | GNUTLS_E_MALFORMED_CIDR), |
179 | | |
180 | | ERROR_ENTRY(N_("Unsupported critical extension in X.509 certificate."), |
181 | | GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION), |
182 | | ERROR_ENTRY(N_("Unsupported extension in X.509 certificate."), |
183 | | GNUTLS_E_X509_UNSUPPORTED_EXTENSION), |
184 | | ERROR_ENTRY(N_("Duplicate extension in X.509 certificate."), |
185 | | GNUTLS_E_X509_DUPLICATE_EXTENSION), |
186 | | ERROR_ENTRY(N_("Key usage violation in certificate has been detected."), |
187 | | GNUTLS_E_KEY_USAGE_VIOLATION), |
188 | | ERROR_ENTRY(N_("Function was interrupted."), GNUTLS_E_INTERRUPTED), |
189 | | ERROR_ENTRY(N_ |
190 | | ("TLS Application data were received, while expecting handshake data."), |
191 | | GNUTLS_E_GOT_APPLICATION_DATA), |
192 | | ERROR_ENTRY(N_("Error in Database backend."), GNUTLS_E_DB_ERROR), |
193 | | ERROR_ENTRY(N_("The Database entry already exists."), |
194 | | GNUTLS_E_DB_ENTRY_EXISTS), |
195 | | ERROR_ENTRY(N_("The certificate type is not supported."), |
196 | | GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE), |
197 | | ERROR_ENTRY(N_ |
198 | | ("The given memory buffer is too short to hold parameters."), |
199 | | GNUTLS_E_SHORT_MEMORY_BUFFER), |
200 | | ERROR_ENTRY(N_("The request is invalid."), |
201 | | GNUTLS_E_INVALID_REQUEST), |
202 | | ERROR_ENTRY(N_("The cookie was bad."), GNUTLS_E_BAD_COOKIE), |
203 | | ERROR_ENTRY(N_("An illegal parameter has been received."), |
204 | | GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER), |
205 | | ERROR_ENTRY(N_("An illegal parameter was found."), |
206 | | GNUTLS_E_ILLEGAL_PARAMETER), |
207 | | ERROR_ENTRY(N_("Error while reading file."), GNUTLS_E_FILE_ERROR), |
208 | | ERROR_ENTRY(N_("A disallowed SNI server name has been received."), |
209 | | GNUTLS_E_RECEIVED_DISALLOWED_NAME), |
210 | | |
211 | | ERROR_ENTRY(N_("ASN1 parser: Element was not found."), |
212 | | GNUTLS_E_ASN1_ELEMENT_NOT_FOUND), |
213 | | ERROR_ENTRY(N_("ASN1 parser: Identifier was not found"), |
214 | | GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND), |
215 | | ERROR_ENTRY(N_("ASN1 parser: Error in DER parsing."), |
216 | | GNUTLS_E_ASN1_DER_ERROR), |
217 | | ERROR_ENTRY(N_("ASN1 parser: Value was not found."), |
218 | | GNUTLS_E_ASN1_VALUE_NOT_FOUND), |
219 | | ERROR_ENTRY(N_("ASN1 parser: Generic parsing error."), |
220 | | GNUTLS_E_ASN1_GENERIC_ERROR), |
221 | | ERROR_ENTRY(N_("ASN1 parser: Value is not valid."), |
222 | | GNUTLS_E_ASN1_VALUE_NOT_VALID), |
223 | | ERROR_ENTRY(N_("ASN1 parser: Error in TAG."), |
224 | | GNUTLS_E_ASN1_TAG_ERROR), |
225 | | ERROR_ENTRY(N_("ASN1 parser: error in implicit tag"), |
226 | | GNUTLS_E_ASN1_TAG_IMPLICIT), |
227 | | ERROR_ENTRY(N_("ASN1 parser: Error in type 'ANY'."), |
228 | | GNUTLS_E_ASN1_TYPE_ANY_ERROR), |
229 | | ERROR_ENTRY(N_("ASN1 parser: Syntax error."), |
230 | | GNUTLS_E_ASN1_SYNTAX_ERROR), |
231 | | ERROR_ENTRY(N_("ASN1 parser: Overflow in DER parsing."), |
232 | | GNUTLS_E_ASN1_DER_OVERFLOW), |
233 | | |
234 | | ERROR_ENTRY(N_("Too many empty record packets have been received."), |
235 | | GNUTLS_E_TOO_MANY_EMPTY_PACKETS), |
236 | | ERROR_ENTRY(N_("Too many handshake packets have been received."), |
237 | | GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS), |
238 | | ERROR_ENTRY(N_("More than a single object matches the criteria."), |
239 | | GNUTLS_E_TOO_MANY_MATCHES), |
240 | | ERROR_ENTRY(N_("The crypto library version is too old."), |
241 | | GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY), |
242 | | |
243 | | ERROR_ENTRY(N_("The tasn1 library version is too old."), |
244 | | GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY), |
245 | | ERROR_ENTRY(N_("The OpenPGP User ID is revoked."), |
246 | | GNUTLS_E_OPENPGP_UID_REVOKED), |
247 | | ERROR_ENTRY(N_("The OpenPGP key has not a preferred key set."), |
248 | | GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR), |
249 | | ERROR_ENTRY(N_("Error loading the keyring."), |
250 | | GNUTLS_E_OPENPGP_KEYRING_ERROR), |
251 | | ERROR_ENTRY(N_("The initialization of crypto backend has failed."), |
252 | | GNUTLS_E_CRYPTO_INIT_FAILED), |
253 | | ERROR_ENTRY(N_("No supported compression algorithms have been found."), |
254 | | GNUTLS_E_NO_COMPRESSION_ALGORITHMS), |
255 | | ERROR_ENTRY(N_("No supported cipher suites have been found."), |
256 | | GNUTLS_E_NO_CIPHER_SUITES), |
257 | | ERROR_ENTRY(N_("Could not get OpenPGP key."), |
258 | | GNUTLS_E_OPENPGP_GETKEY_FAILED), |
259 | | ERROR_ENTRY(N_("Could not find OpenPGP subkey."), |
260 | | GNUTLS_E_OPENPGP_SUBKEY_ERROR), |
261 | | ERROR_ENTRY(N_("Safe renegotiation failed."), |
262 | | GNUTLS_E_SAFE_RENEGOTIATION_FAILED), |
263 | | ERROR_ENTRY(N_("Unsafe renegotiation denied."), |
264 | | GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED), |
265 | | |
266 | | ERROR_ENTRY(N_("The SRP username supplied is illegal."), |
267 | | GNUTLS_E_ILLEGAL_SRP_USERNAME), |
268 | | ERROR_ENTRY(N_("The username supplied is unknown."), |
269 | | GNUTLS_E_UNKNOWN_SRP_USERNAME), |
270 | | |
271 | | ERROR_ENTRY(N_("The OpenPGP fingerprint is not supported."), |
272 | | GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED), |
273 | | ERROR_ENTRY(N_("The signature algorithm is not supported."), |
274 | | GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM), |
275 | | ERROR_ENTRY(N_("The certificate has unsupported attributes."), |
276 | | GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE), |
277 | | ERROR_ENTRY(N_("The OID is not supported."), |
278 | | GNUTLS_E_X509_UNSUPPORTED_OID), |
279 | | ERROR_ENTRY(N_("The hash algorithm is unknown."), |
280 | | GNUTLS_E_UNKNOWN_HASH_ALGORITHM), |
281 | | ERROR_ENTRY(N_("The PKCS structure's content type is unknown."), |
282 | | GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE), |
283 | | ERROR_ENTRY(N_("The PKCS structure's bag type is unknown."), |
284 | | GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE), |
285 | | ERROR_ENTRY(N_("The given password contains invalid characters."), |
286 | | GNUTLS_E_INVALID_PASSWORD), |
287 | | ERROR_ENTRY(N_("The given string contains invalid UTF-8 characters."), |
288 | | GNUTLS_E_INVALID_UTF8_STRING), |
289 | | ERROR_ENTRY(N_ |
290 | | ("The given email string contains non-ASCII characters before '@'."), |
291 | | GNUTLS_E_INVALID_UTF8_EMAIL), |
292 | | ERROR_ENTRY(N_("The given password contains invalid characters."), |
293 | | GNUTLS_E_INVALID_PASSWORD_STRING), |
294 | | ERROR_ENTRY(N_("The Message Authentication Code verification failed."), |
295 | | GNUTLS_E_MAC_VERIFY_FAILED), |
296 | | ERROR_ENTRY(N_("Some constraint limits were reached."), |
297 | | GNUTLS_E_CONSTRAINT_ERROR), |
298 | | ERROR_ENTRY(N_("Failed to acquire random data."), |
299 | | GNUTLS_E_RANDOM_FAILED), |
300 | | ERROR_ENTRY(N_("Verifying TLS/IA phase checksum failed"), |
301 | | GNUTLS_E_IA_VERIFY_FAILED), |
302 | | |
303 | | ERROR_ENTRY(N_("The specified algorithm or protocol is unknown."), |
304 | | GNUTLS_E_UNKNOWN_ALGORITHM), |
305 | | |
306 | | ERROR_ENTRY(N_("The handshake data size is too large."), |
307 | | GNUTLS_E_HANDSHAKE_TOO_LARGE), |
308 | | |
309 | | ERROR_ENTRY(N_("Error opening /dev/crypto"), |
310 | | GNUTLS_E_CRYPTODEV_DEVICE_ERROR), |
311 | | |
312 | | ERROR_ENTRY(N_("Error interfacing with /dev/crypto"), |
313 | | GNUTLS_E_CRYPTODEV_IOCTL_ERROR), |
314 | | ERROR_ENTRY(N_("Peer has terminated the connection"), |
315 | | GNUTLS_E_SESSION_EOF), |
316 | | ERROR_ENTRY(N_("Channel binding data not available"), |
317 | | GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE), |
318 | | |
319 | | ERROR_ENTRY(N_("TPM error."), |
320 | | GNUTLS_E_TPM_ERROR), |
321 | | ERROR_ENTRY(N_("The TPM library (trousers) cannot be found."), |
322 | | GNUTLS_E_TPM_NO_LIB), |
323 | | ERROR_ENTRY(N_("TPM is not initialized."), |
324 | | GNUTLS_E_TPM_UNINITIALIZED), |
325 | | ERROR_ENTRY(N_("TPM key was not found in persistent storage."), |
326 | | GNUTLS_E_TPM_KEY_NOT_FOUND), |
327 | | ERROR_ENTRY(N_("Cannot initialize a session with the TPM."), |
328 | | GNUTLS_E_TPM_SESSION_ERROR), |
329 | | ERROR_ENTRY(N_("PKCS #11 error."), |
330 | | GNUTLS_E_PKCS11_ERROR), |
331 | | ERROR_ENTRY(N_("PKCS #11 initialization error."), |
332 | | GNUTLS_E_PKCS11_LOAD_ERROR), |
333 | | ERROR_ENTRY(N_("Error in parsing."), |
334 | | GNUTLS_E_PARSING_ERROR), |
335 | | ERROR_ENTRY(N_("Error in provided PIN."), |
336 | | GNUTLS_E_PKCS11_PIN_ERROR), |
337 | | ERROR_ENTRY(N_("Error in provided SRK password for TPM."), |
338 | | GNUTLS_E_TPM_SRK_PASSWORD_ERROR), |
339 | | ERROR_ENTRY(N_ |
340 | | ("Error in provided password for key to be loaded in TPM."), |
341 | | GNUTLS_E_TPM_KEY_PASSWORD_ERROR), |
342 | | ERROR_ENTRY(N_("PKCS #11 error in slot"), |
343 | | GNUTLS_E_PKCS11_SLOT_ERROR), |
344 | | ERROR_ENTRY(N_("Thread locking error"), |
345 | | GNUTLS_E_LOCKING_ERROR), |
346 | | ERROR_ENTRY(N_("PKCS #11 error in attribute"), |
347 | | GNUTLS_E_PKCS11_ATTRIBUTE_ERROR), |
348 | | ERROR_ENTRY(N_("PKCS #11 error in device"), |
349 | | GNUTLS_E_PKCS11_DEVICE_ERROR), |
350 | | ERROR_ENTRY(N_("PKCS #11 error in data"), |
351 | | GNUTLS_E_PKCS11_DATA_ERROR), |
352 | | ERROR_ENTRY(N_("PKCS #11 unsupported feature"), |
353 | | GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR), |
354 | | ERROR_ENTRY(N_("PKCS #11 error in key"), |
355 | | GNUTLS_E_PKCS11_KEY_ERROR), |
356 | | ERROR_ENTRY(N_("PKCS #11 PIN expired"), |
357 | | GNUTLS_E_PKCS11_PIN_EXPIRED), |
358 | | ERROR_ENTRY(N_("PKCS #11 PIN locked"), |
359 | | GNUTLS_E_PKCS11_PIN_LOCKED), |
360 | | ERROR_ENTRY(N_("PKCS #11 error in session"), |
361 | | GNUTLS_E_PKCS11_SESSION_ERROR), |
362 | | ERROR_ENTRY(N_("PKCS #11 error in signature"), |
363 | | GNUTLS_E_PKCS11_SIGNATURE_ERROR), |
364 | | ERROR_ENTRY(N_("PKCS #11 error in token"), |
365 | | GNUTLS_E_PKCS11_TOKEN_ERROR), |
366 | | ERROR_ENTRY(N_("PKCS #11 user error"), |
367 | | GNUTLS_E_PKCS11_USER_ERROR), |
368 | | ERROR_ENTRY(N_("The operation timed out"), |
369 | | GNUTLS_E_TIMEDOUT), |
370 | | ERROR_ENTRY(N_("The operation was cancelled due to user error"), |
371 | | GNUTLS_E_USER_ERROR), |
372 | | ERROR_ENTRY(N_("No supported ECC curves were found"), |
373 | | GNUTLS_E_ECC_NO_SUPPORTED_CURVES), |
374 | | ERROR_ENTRY(N_("The curve is unsupported"), |
375 | | GNUTLS_E_ECC_UNSUPPORTED_CURVE), |
376 | | ERROR_ENTRY(N_("The requested PKCS #11 object is not available"), |
377 | | GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE), |
378 | | ERROR_ENTRY(N_ |
379 | | ("The provided X.509 certificate list is not sorted (in subject to issuer order)"), |
380 | | GNUTLS_E_CERTIFICATE_LIST_UNSORTED), |
381 | | ERROR_ENTRY(N_("The OCSP response is invalid"), |
382 | | GNUTLS_E_OCSP_RESPONSE_ERROR), |
383 | | ERROR_ENTRY(N_ |
384 | | ("The OCSP response provided doesn't match the available certificates"), |
385 | | GNUTLS_E_OCSP_MISMATCH_WITH_CERTS), |
386 | | ERROR_ENTRY(N_("There is no certificate status (OCSP)."), |
387 | | GNUTLS_E_NO_CERTIFICATE_STATUS), |
388 | | ERROR_ENTRY(N_("Error in the system's randomness device."), |
389 | | GNUTLS_E_RANDOM_DEVICE_ERROR), |
390 | | ERROR_ENTRY(N_("No common application protocol could be negotiated."), |
391 | | GNUTLS_E_NO_APPLICATION_PROTOCOL), |
392 | | ERROR_ENTRY(N_("Error while performing self checks."), |
393 | | GNUTLS_E_SELF_TEST_ERROR), |
394 | | ERROR_ENTRY(N_("There is no self test for this algorithm."), |
395 | | GNUTLS_E_NO_SELF_TEST), |
396 | | ERROR_ENTRY(N_ |
397 | | ("An error has been detected in the library and cannot continue operations."), |
398 | | GNUTLS_E_LIB_IN_ERROR_STATE), |
399 | | ERROR_ENTRY(N_("Error in sockets initialization."), |
400 | | GNUTLS_E_SOCKETS_INIT_ERROR), |
401 | | ERROR_ENTRY(N_("Error in public key generation."), |
402 | | GNUTLS_E_PK_GENERATION_ERROR), |
403 | | ERROR_ENTRY(N_("Invalid TLS extensions length field."), |
404 | | GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH), |
405 | | ERROR_ENTRY(N_ |
406 | | ("Peer's certificate or username has changed during a rehandshake."), |
407 | | GNUTLS_E_SESSION_USER_ID_CHANGED), |
408 | | ERROR_ENTRY(N_("The provided string has an embedded null."), |
409 | | GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING), |
410 | | ERROR_ENTRY(N_("Attempted handshake during false start."), |
411 | | GNUTLS_E_HANDSHAKE_DURING_FALSE_START), |
412 | | ERROR_ENTRY(N_("The SNI host name not recognised."), |
413 | | GNUTLS_E_UNRECOGNIZED_NAME), |
414 | | ERROR_ENTRY(N_("There was an issue converting to or from UTF8."), |
415 | | GNUTLS_E_IDNA_ERROR), |
416 | | ERROR_ENTRY(N_ |
417 | | ("Cannot perform this action while handshake is in progress."), |
418 | | GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE), |
419 | | ERROR_ENTRY(N_("The public key is invalid."), |
420 | | GNUTLS_E_PK_INVALID_PUBKEY), |
421 | | ERROR_ENTRY(N_("There are no validation parameters present."), |
422 | | GNUTLS_E_PK_NO_VALIDATION_PARAMS), |
423 | | ERROR_ENTRY(N_("The public key parameters are invalid."), |
424 | | GNUTLS_E_PK_INVALID_PUBKEY_PARAMS), |
425 | | ERROR_ENTRY(N_("The private key is invalid."), |
426 | | GNUTLS_E_PK_INVALID_PRIVKEY), |
427 | | ERROR_ENTRY(N_("The DER time encoding is invalid."), |
428 | | GNUTLS_E_ASN1_TIME_ERROR), |
429 | | ERROR_ENTRY(N_("The signature is incompatible with the public key."), |
430 | | GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY), |
431 | | ERROR_ENTRY(N_ |
432 | | ("One of the involved algorithms has insufficient security level."), |
433 | | GNUTLS_E_INSUFFICIENT_SECURITY), |
434 | | ERROR_ENTRY(N_("No common key share with peer."), |
435 | | GNUTLS_E_NO_COMMON_KEY_SHARE), |
436 | | ERROR_ENTRY(N_("The early data were rejected."), |
437 | | GNUTLS_E_EARLY_DATA_REJECTED), |
438 | | {NULL, NULL, 0} |
439 | | }; |
440 | | |
441 | | static const gnutls_error_entry non_fatal_error_entries[] = { |
442 | | ERROR_ENTRY(N_("Success."), GNUTLS_E_SUCCESS), |
443 | | ERROR_ENTRY(N_("A TLS warning alert has been received."), |
444 | | GNUTLS_E_WARNING_ALERT_RECEIVED), |
445 | | ERROR_ENTRY(N_("A heartbeat pong message was received."), |
446 | | GNUTLS_E_HEARTBEAT_PONG_RECEIVED), |
447 | | ERROR_ENTRY(N_("A heartbeat ping message was received."), |
448 | | GNUTLS_E_HEARTBEAT_PING_RECEIVED), |
449 | | ERROR_ENTRY(N_("Resource temporarily unavailable, try again."), |
450 | | GNUTLS_E_AGAIN), |
451 | | ERROR_ENTRY(N_("The transmitted packet is too large (EMSGSIZE)."), |
452 | | GNUTLS_E_LARGE_PACKET), |
453 | | ERROR_ENTRY(N_("Function was interrupted."), GNUTLS_E_INTERRUPTED), |
454 | | ERROR_ENTRY(N_("Rehandshake was requested by the peer."), |
455 | | GNUTLS_E_REHANDSHAKE), |
456 | | ERROR_ENTRY(N_("Re-authentication was requested by the peer."), |
457 | | GNUTLS_E_REAUTH_REQUEST), |
458 | | /* Only non fatal (for handshake) errors here */ |
459 | | {NULL, NULL, 0} |
460 | | }; |
461 | | |
462 | | /** |
463 | | * gnutls_error_is_fatal: |
464 | | * @error: is a GnuTLS error code, a negative error code |
465 | | * |
466 | | * If a GnuTLS function returns a negative error code you may feed that |
467 | | * value to this function to see if the error condition is fatal to |
468 | | * a TLS session (i.e., must be terminated). |
469 | | * |
470 | | * Note that you may also want to check the error code manually, since some |
471 | | * non-fatal errors to the protocol (such as a warning alert or |
472 | | * a rehandshake request) may be fatal for your program. |
473 | | * |
474 | | * This function is only useful if you are dealing with errors from |
475 | | * functions that relate to a TLS session (e.g., record layer or handshake |
476 | | * layer handling functions). |
477 | | * |
478 | | * Returns: Non-zero value on fatal errors or zero on non-fatal. |
479 | | **/ |
480 | | int gnutls_error_is_fatal(int error) |
481 | 0 | { |
482 | 0 | int ret = 1; |
483 | 0 | const gnutls_error_entry *p; |
484 | | |
485 | | /* Input sanitzation. Positive values are not errors at all, and |
486 | | definitely not fatal. */ |
487 | 0 | if (error > 0) |
488 | 0 | return 0; |
489 | | |
490 | 0 | for (p = non_fatal_error_entries; p->desc != NULL; p++) { |
491 | 0 | if (p->number == error) { |
492 | 0 | ret = 0; |
493 | 0 | break; |
494 | 0 | } |
495 | 0 | } |
496 | |
|
497 | 0 | return ret; |
498 | 0 | } |
499 | | |
500 | | /** |
501 | | * gnutls_perror: |
502 | | * @error: is a GnuTLS error code, a negative error code |
503 | | * |
504 | | * This function is like perror(). The only difference is that it |
505 | | * accepts an error number returned by a gnutls function. |
506 | | **/ |
507 | | void gnutls_perror(int error) |
508 | 0 | { |
509 | 0 | fprintf(stderr, "GnuTLS error: %s\n", gnutls_strerror(error)); |
510 | 0 | } |
511 | | |
512 | | /** |
513 | | * gnutls_strerror: |
514 | | * @error: is a GnuTLS error code, a negative error code |
515 | | * |
516 | | * This function is similar to strerror. The difference is that it |
517 | | * accepts an error number returned by a gnutls function; In case of |
518 | | * an unknown error a descriptive string is sent instead of %NULL. |
519 | | * |
520 | | * Error codes are always a negative error code. |
521 | | * |
522 | | * Returns: A string explaining the GnuTLS error message. |
523 | | **/ |
524 | | const char *gnutls_strerror(int error) |
525 | 0 | { |
526 | 0 | const char *ret = NULL; |
527 | 0 | const gnutls_error_entry *p; |
528 | |
|
529 | 0 | for (p = error_entries; p->desc != NULL; p++) { |
530 | 0 | if (p->number == error) { |
531 | 0 | ret = p->desc; |
532 | 0 | break; |
533 | 0 | } |
534 | 0 | } |
535 | |
|
536 | 0 | if (ret == NULL) { |
537 | 0 | for (p = non_fatal_error_entries; p->desc != NULL; p++) { |
538 | 0 | if (p->number == error) { |
539 | 0 | ret = p->desc; |
540 | 0 | break; |
541 | 0 | } |
542 | 0 | } |
543 | 0 | } |
544 | | |
545 | | /* avoid prefix */ |
546 | 0 | if (ret == NULL) |
547 | 0 | return _("(unknown error code)"); |
548 | | |
549 | 0 | return _(ret); |
550 | 0 | } |
551 | | |
552 | | /** |
553 | | * gnutls_strerror_name: |
554 | | * @error: is an error returned by a gnutls function. |
555 | | * |
556 | | * Return the GnuTLS error code define as a string. For example, |
557 | | * gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return |
558 | | * the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE". |
559 | | * |
560 | | * Returns: A string corresponding to the symbol name of the error |
561 | | * code. |
562 | | * |
563 | | * Since: 2.6.0 |
564 | | **/ |
565 | | const char *gnutls_strerror_name(int error) |
566 | 0 | { |
567 | 0 | const char *ret = NULL; |
568 | 0 | const gnutls_error_entry *p; |
569 | |
|
570 | 0 | for (p = error_entries; p->desc != NULL; p++) { |
571 | 0 | if (p->number == error) { |
572 | 0 | ret = p->_name; |
573 | 0 | break; |
574 | 0 | } |
575 | 0 | } |
576 | |
|
577 | 0 | if (ret == NULL) { |
578 | 0 | for (p = non_fatal_error_entries; p->desc != NULL; p++) { |
579 | 0 | if (p->number == error) { |
580 | 0 | ret = p->_name; |
581 | 0 | break; |
582 | 0 | } |
583 | 0 | } |
584 | 0 | } |
585 | |
|
586 | 0 | return ret; |
587 | 0 | } |
588 | | |
589 | | void _gnutls_mpi_log(const char *prefix, bigint_t a) |
590 | 0 | { |
591 | 0 | size_t binlen = 0; |
592 | 0 | void *binbuf; |
593 | 0 | size_t hexlen; |
594 | 0 | char *hexbuf; |
595 | 0 | int res; |
596 | |
|
597 | 0 | if (_gnutls_log_level < 2) |
598 | 0 | return; |
599 | | |
600 | 0 | res = _gnutls_mpi_print(a, NULL, &binlen); |
601 | 0 | if (res < 0 && res != GNUTLS_E_SHORT_MEMORY_BUFFER) { |
602 | 0 | gnutls_assert(); |
603 | 0 | _gnutls_hard_log("MPI: %s can't print value (%d/%d)\n", |
604 | 0 | prefix, res, (int)binlen); |
605 | 0 | return; |
606 | 0 | } |
607 | | |
608 | 0 | if (binlen > 1024 * 1024) { |
609 | 0 | gnutls_assert(); |
610 | 0 | _gnutls_hard_log("MPI: %s too large mpi (%d)\n", prefix, |
611 | 0 | (int)binlen); |
612 | 0 | return; |
613 | 0 | } |
614 | | |
615 | 0 | binbuf = gnutls_malloc(binlen); |
616 | 0 | if (!binbuf) { |
617 | 0 | gnutls_assert(); |
618 | 0 | _gnutls_hard_log("MPI: %s out of memory (%d)\n", prefix, |
619 | 0 | (int)binlen); |
620 | 0 | return; |
621 | 0 | } |
622 | | |
623 | 0 | res = _gnutls_mpi_print(a, binbuf, &binlen); |
624 | 0 | if (res != 0) { |
625 | 0 | gnutls_assert(); |
626 | 0 | _gnutls_hard_log("MPI: %s can't print value (%d/%d)\n", |
627 | 0 | prefix, res, (int)binlen); |
628 | 0 | gnutls_free(binbuf); |
629 | 0 | return; |
630 | 0 | } |
631 | | |
632 | 0 | hexlen = 2 * binlen + 1; |
633 | 0 | hexbuf = gnutls_malloc(hexlen); |
634 | |
|
635 | 0 | if (!hexbuf) { |
636 | 0 | gnutls_assert(); |
637 | 0 | _gnutls_hard_log("MPI: %s out of memory (hex %d)\n", |
638 | 0 | prefix, (int)hexlen); |
639 | 0 | gnutls_free(binbuf); |
640 | 0 | return; |
641 | 0 | } |
642 | | |
643 | 0 | _gnutls_bin2hex(binbuf, binlen, hexbuf, hexlen, NULL); |
644 | |
|
645 | 0 | _gnutls_hard_log("MPI: length: %d\n\t%s%s\n", (int)binlen, prefix, |
646 | 0 | hexbuf); |
647 | |
|
648 | 0 | gnutls_free(hexbuf); |
649 | 0 | gnutls_free(binbuf); |
650 | 0 | } |
651 | | |
652 | | /* this function will output a message using the |
653 | | * caller provided function |
654 | | */ |
655 | | void _gnutls_log(int level, const char *fmt, ...) |
656 | 0 | { |
657 | 0 | va_list args; |
658 | 0 | char *str; |
659 | 0 | int ret; |
660 | |
|
661 | 0 | if (_gnutls_log_func == NULL) |
662 | 0 | return; |
663 | | |
664 | 0 | va_start(args, fmt); |
665 | 0 | ret = vasprintf(&str, fmt, args); |
666 | 0 | va_end(args); |
667 | |
|
668 | 0 | if (ret >= 0) { |
669 | 0 | _gnutls_log_func(level, str); |
670 | 0 | free(str); |
671 | 0 | } |
672 | 0 | } |
673 | | |
674 | | void _gnutls_audit_log(gnutls_session_t session, const char *fmt, ...) |
675 | 0 | { |
676 | 0 | va_list args; |
677 | 0 | char *str; |
678 | 0 | int ret; |
679 | |
|
680 | 0 | if (_gnutls_audit_log_func == NULL && _gnutls_log_func == NULL) |
681 | 0 | return; |
682 | | |
683 | 0 | va_start(args, fmt); |
684 | 0 | ret = vasprintf(&str, fmt, args); |
685 | 0 | va_end(args); |
686 | |
|
687 | 0 | if (ret >= 0) { |
688 | 0 | if (_gnutls_audit_log_func) |
689 | 0 | _gnutls_audit_log_func(session, str); |
690 | 0 | else |
691 | 0 | _gnutls_log_func(1, str); |
692 | 0 | free(str); |
693 | 0 | } |
694 | 0 | } |
695 | | |
696 | | #ifndef DEBUG |
697 | | # ifndef C99_MACROS |
698 | | |
699 | | /* Without C99 macros these functions have to |
700 | | * be called. This may affect performance. |
701 | | */ |
702 | | void _gnutls_null_log(void *x, ...) |
703 | | { |
704 | | return; |
705 | | } |
706 | | |
707 | | # endif /* C99_MACROS */ |
708 | | #endif /* DEBUG */ |