error.c (38651B)
1 /* 2 * Error message information 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 */ 7 8 #include "common.h" 9 10 #include "mbedtls/error.h" 11 12 #if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) 13 14 #if defined(MBEDTLS_ERROR_C) 15 16 #include "mbedtls/platform.h" 17 18 #include <stdio.h> 19 #include <string.h> 20 21 #if defined(MBEDTLS_AES_C) 22 #include "mbedtls/aes.h" 23 #endif 24 25 #if defined(MBEDTLS_ARIA_C) 26 #include "mbedtls/aria.h" 27 #endif 28 29 #if defined(MBEDTLS_ASN1_PARSE_C) 30 #include "mbedtls/asn1.h" 31 #endif 32 33 #if defined(MBEDTLS_BASE64_C) 34 #include "mbedtls/base64.h" 35 #endif 36 37 #if defined(MBEDTLS_BIGNUM_C) 38 #include "mbedtls/bignum.h" 39 #endif 40 41 #if defined(MBEDTLS_CAMELLIA_C) 42 #include "mbedtls/camellia.h" 43 #endif 44 45 #if defined(MBEDTLS_CCM_C) 46 #include "mbedtls/ccm.h" 47 #endif 48 49 #if defined(MBEDTLS_CHACHA20_C) 50 #include "mbedtls/chacha20.h" 51 #endif 52 53 #if defined(MBEDTLS_CHACHAPOLY_C) 54 #include "mbedtls/chachapoly.h" 55 #endif 56 57 #if defined(MBEDTLS_CIPHER_C) 58 #include "mbedtls/cipher.h" 59 #endif 60 61 #if defined(MBEDTLS_CTR_DRBG_C) 62 #include "mbedtls/ctr_drbg.h" 63 #endif 64 65 #if defined(MBEDTLS_DES_C) 66 #include "mbedtls/des.h" 67 #endif 68 69 #if defined(MBEDTLS_DHM_C) 70 #include "mbedtls/dhm.h" 71 #endif 72 73 #if defined(MBEDTLS_ECP_C) 74 #include "mbedtls/ecp.h" 75 #endif 76 77 #if defined(MBEDTLS_ENTROPY_C) 78 #include "mbedtls/entropy.h" 79 #endif 80 81 #if defined(MBEDTLS_ERROR_C) 82 #include "mbedtls/error.h" 83 #endif 84 85 #if defined(MBEDTLS_PLATFORM_C) 86 #include "mbedtls/platform.h" 87 #endif 88 89 #if defined(MBEDTLS_GCM_C) 90 #include "mbedtls/gcm.h" 91 #endif 92 93 #if defined(MBEDTLS_HKDF_C) 94 #include "mbedtls/hkdf.h" 95 #endif 96 97 #if defined(MBEDTLS_HMAC_DRBG_C) 98 #include "mbedtls/hmac_drbg.h" 99 #endif 100 101 #if defined(MBEDTLS_LMS_C) 102 #include "mbedtls/lms.h" 103 #endif 104 105 #if defined(MBEDTLS_MD_C) 106 #include "mbedtls/md.h" 107 #endif 108 109 #if defined(MBEDTLS_NET_C) 110 #include "mbedtls/net_sockets.h" 111 #endif 112 113 #if defined(MBEDTLS_OID_C) 114 #include "mbedtls/oid.h" 115 #endif 116 117 #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) 118 #include "mbedtls/pem.h" 119 #endif 120 121 #if defined(MBEDTLS_PK_C) 122 #include "mbedtls/pk.h" 123 #endif 124 125 #if defined(MBEDTLS_PKCS12_C) 126 #include "mbedtls/pkcs12.h" 127 #endif 128 129 #if defined(MBEDTLS_PKCS5_C) 130 #include "mbedtls/pkcs5.h" 131 #endif 132 133 #if defined(MBEDTLS_PKCS7_C) 134 #include "mbedtls/pkcs7.h" 135 #endif 136 137 #if defined(MBEDTLS_POLY1305_C) 138 #include "mbedtls/poly1305.h" 139 #endif 140 141 #if defined(MBEDTLS_RSA_C) 142 #include "mbedtls/rsa.h" 143 #endif 144 145 #if defined(MBEDTLS_SHA1_C) 146 #include "mbedtls/sha1.h" 147 #endif 148 149 #if defined(MBEDTLS_SHA256_C) 150 #include "mbedtls/sha256.h" 151 #endif 152 153 #if defined(MBEDTLS_SHA3_C) 154 #include "mbedtls/sha3.h" 155 #endif 156 157 #if defined(MBEDTLS_SHA512_C) 158 #include "mbedtls/sha512.h" 159 #endif 160 161 #if defined(MBEDTLS_SSL_TLS_C) 162 #include "mbedtls/ssl.h" 163 #endif 164 165 #if defined(MBEDTLS_THREADING_C) 166 #include "mbedtls/threading.h" 167 #endif 168 169 #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) 170 #include "mbedtls/x509.h" 171 #endif 172 173 174 const char *mbedtls_high_level_strerr(int error_code) 175 { 176 int high_level_error_code; 177 178 if (error_code < 0) { 179 error_code = -error_code; 180 } 181 182 /* Extract the high-level part from the error code. */ 183 high_level_error_code = error_code & 0xFF80; 184 185 switch (high_level_error_code) { 186 /* Begin Auto-Generated Code. */ 187 #if defined(MBEDTLS_CIPHER_C) 188 case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE): 189 return( "CIPHER - The selected feature is not available" ); 190 case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA): 191 return( "CIPHER - Bad input parameters" ); 192 case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED): 193 return( "CIPHER - Failed to allocate memory" ); 194 case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING): 195 return( "CIPHER - Input data contains invalid padding and is rejected" ); 196 case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED): 197 return( "CIPHER - Decryption of block requires a full block" ); 198 case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED): 199 return( "CIPHER - Authentication failed (for AEAD modes)" ); 200 case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT): 201 return( "CIPHER - The context is invalid. For example, because it was freed" ); 202 #endif /* MBEDTLS_CIPHER_C */ 203 204 #if defined(MBEDTLS_DHM_C) 205 case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA): 206 return( "DHM - Bad input parameters" ); 207 case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED): 208 return( "DHM - Reading of the DHM parameters failed" ); 209 case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED): 210 return( "DHM - Making of the DHM parameters failed" ); 211 case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED): 212 return( "DHM - Reading of the public values failed" ); 213 case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED): 214 return( "DHM - Making of the public value failed" ); 215 case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED): 216 return( "DHM - Calculation of the DHM secret failed" ); 217 case -(MBEDTLS_ERR_DHM_INVALID_FORMAT): 218 return( "DHM - The ASN.1 data is not formatted correctly" ); 219 case -(MBEDTLS_ERR_DHM_ALLOC_FAILED): 220 return( "DHM - Allocation of memory failed" ); 221 case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR): 222 return( "DHM - Read or write of file failed" ); 223 case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED): 224 return( "DHM - Setting the modulus and generator failed" ); 225 #endif /* MBEDTLS_DHM_C */ 226 227 #if defined(MBEDTLS_ECP_C) 228 case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA): 229 return( "ECP - Bad input parameters to function" ); 230 case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL): 231 return( "ECP - The buffer is too small to write to" ); 232 case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE): 233 return( "ECP - The requested feature is not available, for example, the requested curve is not supported" ); 234 case -(MBEDTLS_ERR_ECP_VERIFY_FAILED): 235 return( "ECP - The signature is not valid" ); 236 case -(MBEDTLS_ERR_ECP_ALLOC_FAILED): 237 return( "ECP - Memory allocation failed" ); 238 case -(MBEDTLS_ERR_ECP_RANDOM_FAILED): 239 return( "ECP - Generation of random value, such as ephemeral key, failed" ); 240 case -(MBEDTLS_ERR_ECP_INVALID_KEY): 241 return( "ECP - Invalid private or public key" ); 242 case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH): 243 return( "ECP - The buffer contains a valid signature followed by more data" ); 244 case -(MBEDTLS_ERR_ECP_IN_PROGRESS): 245 return( "ECP - Operation in progress, call again with the same parameters to continue" ); 246 #endif /* MBEDTLS_ECP_C */ 247 248 #if defined(MBEDTLS_MD_C) 249 case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE): 250 return( "MD - The selected feature is not available" ); 251 case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA): 252 return( "MD - Bad input parameters to function" ); 253 case -(MBEDTLS_ERR_MD_ALLOC_FAILED): 254 return( "MD - Failed to allocate memory" ); 255 case -(MBEDTLS_ERR_MD_FILE_IO_ERROR): 256 return( "MD - Opening or reading of file failed" ); 257 #endif /* MBEDTLS_MD_C */ 258 259 #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) 260 case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT): 261 return( "PEM - No PEM header or footer found" ); 262 case -(MBEDTLS_ERR_PEM_INVALID_DATA): 263 return( "PEM - PEM string is not as expected" ); 264 case -(MBEDTLS_ERR_PEM_ALLOC_FAILED): 265 return( "PEM - Failed to allocate memory" ); 266 case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV): 267 return( "PEM - RSA IV is not in hex-format" ); 268 case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG): 269 return( "PEM - Unsupported key encryption algorithm" ); 270 case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED): 271 return( "PEM - Private key password can't be empty" ); 272 case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH): 273 return( "PEM - Given private key password does not allow for correct decryption" ); 274 case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE): 275 return( "PEM - Unavailable feature, e.g. hashing/encryption combination" ); 276 case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA): 277 return( "PEM - Bad input parameters to function" ); 278 #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ 279 280 #if defined(MBEDTLS_PK_C) 281 case -(MBEDTLS_ERR_PK_ALLOC_FAILED): 282 return( "PK - Memory allocation failed" ); 283 case -(MBEDTLS_ERR_PK_TYPE_MISMATCH): 284 return( "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); 285 case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA): 286 return( "PK - Bad input parameters to function" ); 287 case -(MBEDTLS_ERR_PK_FILE_IO_ERROR): 288 return( "PK - Read/write of file failed" ); 289 case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION): 290 return( "PK - Unsupported key version" ); 291 case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT): 292 return( "PK - Invalid key tag or value" ); 293 case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG): 294 return( "PK - Key algorithm is unsupported (only RSA and EC are supported)" ); 295 case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED): 296 return( "PK - Private key password can't be empty" ); 297 case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH): 298 return( "PK - Given private key password does not allow for correct decryption" ); 299 case -(MBEDTLS_ERR_PK_INVALID_PUBKEY): 300 return( "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" ); 301 case -(MBEDTLS_ERR_PK_INVALID_ALG): 302 return( "PK - The algorithm tag or value is invalid" ); 303 case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE): 304 return( "PK - Elliptic curve is unsupported (only NIST curves are supported)" ); 305 case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE): 306 return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); 307 case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH): 308 return( "PK - The buffer contains a valid signature followed by more data" ); 309 case -(MBEDTLS_ERR_PK_BUFFER_TOO_SMALL): 310 return( "PK - The output buffer is too small" ); 311 #endif /* MBEDTLS_PK_C */ 312 313 #if defined(MBEDTLS_PKCS12_C) 314 case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA): 315 return( "PKCS12 - Bad input parameters to function" ); 316 case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE): 317 return( "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); 318 case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT): 319 return( "PKCS12 - PBE ASN.1 data not as expected" ); 320 case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH): 321 return( "PKCS12 - Given private key password does not allow for correct decryption" ); 322 #endif /* MBEDTLS_PKCS12_C */ 323 324 #if defined(MBEDTLS_PKCS5_C) 325 case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA): 326 return( "PKCS5 - Bad input parameters to function" ); 327 case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT): 328 return( "PKCS5 - Unexpected ASN.1 data" ); 329 case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE): 330 return( "PKCS5 - Requested encryption or digest alg not available" ); 331 case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH): 332 return( "PKCS5 - Given private key password does not allow for correct decryption" ); 333 #endif /* MBEDTLS_PKCS5_C */ 334 335 #if defined(MBEDTLS_PKCS7_C) 336 case -(MBEDTLS_ERR_PKCS7_INVALID_FORMAT): 337 return( "PKCS7 - The format is invalid, e.g. different type expected" ); 338 case -(MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE): 339 return( "PKCS7 - Unavailable feature, e.g. anything other than signed data" ); 340 case -(MBEDTLS_ERR_PKCS7_INVALID_VERSION): 341 return( "PKCS7 - The PKCS #7 version element is invalid or cannot be parsed" ); 342 case -(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO): 343 return( "PKCS7 - The PKCS #7 content info is invalid or cannot be parsed" ); 344 case -(MBEDTLS_ERR_PKCS7_INVALID_ALG): 345 return( "PKCS7 - The algorithm tag or value is invalid or cannot be parsed" ); 346 case -(MBEDTLS_ERR_PKCS7_INVALID_CERT): 347 return( "PKCS7 - The certificate tag or value is invalid or cannot be parsed" ); 348 case -(MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE): 349 return( "PKCS7 - Error parsing the signature" ); 350 case -(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO): 351 return( "PKCS7 - Error parsing the signer's info" ); 352 case -(MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA): 353 return( "PKCS7 - Input invalid" ); 354 case -(MBEDTLS_ERR_PKCS7_ALLOC_FAILED): 355 return( "PKCS7 - Allocation of memory failed" ); 356 case -(MBEDTLS_ERR_PKCS7_VERIFY_FAIL): 357 return( "PKCS7 - Verification Failed" ); 358 case -(MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID): 359 return( "PKCS7 - The PKCS #7 date issued/expired dates are invalid" ); 360 #endif /* MBEDTLS_PKCS7_C */ 361 362 #if defined(MBEDTLS_RSA_C) 363 case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA): 364 return( "RSA - Bad input parameters to function" ); 365 case -(MBEDTLS_ERR_RSA_INVALID_PADDING): 366 return( "RSA - Input data contains invalid padding and is rejected" ); 367 case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED): 368 return( "RSA - Something failed during generation of a key" ); 369 case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED): 370 return( "RSA - Key failed to pass the validity check of the library" ); 371 case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED): 372 return( "RSA - The public key operation failed" ); 373 case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED): 374 return( "RSA - The private key operation failed" ); 375 case -(MBEDTLS_ERR_RSA_VERIFY_FAILED): 376 return( "RSA - The PKCS#1 verification failed" ); 377 case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE): 378 return( "RSA - The output buffer for decryption is not large enough" ); 379 case -(MBEDTLS_ERR_RSA_RNG_FAILED): 380 return( "RSA - The random generator failed to generate non-zeros" ); 381 #endif /* MBEDTLS_RSA_C */ 382 383 #if defined(MBEDTLS_SSL_TLS_C) 384 case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS): 385 return( "SSL - A cryptographic operation is in progress. Try again later" ); 386 case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE): 387 return( "SSL - The requested feature is not available" ); 388 case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA): 389 return( "SSL - Bad input parameters to function" ); 390 case -(MBEDTLS_ERR_SSL_INVALID_MAC): 391 return( "SSL - Verification of the message MAC failed" ); 392 case -(MBEDTLS_ERR_SSL_INVALID_RECORD): 393 return( "SSL - An invalid SSL record was received" ); 394 case -(MBEDTLS_ERR_SSL_CONN_EOF): 395 return( "SSL - The connection indicated an EOF" ); 396 case -(MBEDTLS_ERR_SSL_DECODE_ERROR): 397 return( "SSL - A message could not be parsed due to a syntactic error" ); 398 case -(MBEDTLS_ERR_SSL_NO_RNG): 399 return( "SSL - No RNG was provided to the SSL module" ); 400 case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE): 401 return( "SSL - No client certification received from the client, but required by the authentication mode" ); 402 case -(MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION): 403 return( "SSL - Client received an extended server hello containing an unsupported extension" ); 404 case -(MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL): 405 return( "SSL - No ALPN protocols supported that the client advertises" ); 406 case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED): 407 return( "SSL - The own private key or pre-shared key is not set, but needed" ); 408 case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED): 409 return( "SSL - No CA Chain is set, but required to operate" ); 410 case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE): 411 return( "SSL - An unexpected message was received from our peer" ); 412 case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE): 413 return( "SSL - A fatal alert message was received from our peer" ); 414 case -(MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME): 415 return( "SSL - No server could be identified matching the client's SNI" ); 416 case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY): 417 return( "SSL - The peer notified us that the connection is going to be closed" ); 418 case -(MBEDTLS_ERR_SSL_BAD_CERTIFICATE): 419 return( "SSL - Processing of the Certificate handshake message failed" ); 420 case -(MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET): 421 return( "SSL - A TLS 1.3 NewSessionTicket message has been received" ); 422 case -(MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA): 423 return( "SSL - Not possible to read early data" ); 424 case -(MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA): 425 return( "SSL - * Early data has been received as part of an on-going handshake. This error code can be returned only on server side if and only if early data has been enabled by means of the mbedtls_ssl_conf_early_data() API. This error code can then be returned by mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if early data has been received as part of the handshake sequence they triggered. To read the early data, call mbedtls_ssl_read_early_data()" ); 426 case -(MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA): 427 return( "SSL - Not possible to write early data" ); 428 case -(MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND): 429 return( "SSL - Cache entry not found" ); 430 case -(MBEDTLS_ERR_SSL_ALLOC_FAILED): 431 return( "SSL - Memory allocation failed" ); 432 case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED): 433 return( "SSL - Hardware acceleration function returned with error" ); 434 case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH): 435 return( "SSL - Hardware acceleration function skipped / left alone data" ); 436 case -(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION): 437 return( "SSL - Handshake protocol not within min/max boundaries" ); 438 case -(MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE): 439 return( "SSL - The handshake negotiation failed" ); 440 case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED): 441 return( "SSL - Session ticket has expired" ); 442 case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH): 443 return( "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); 444 case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY): 445 return( "SSL - Unknown identity received (eg, PSK identity)" ); 446 case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR): 447 return( "SSL - Internal error (eg, unexpected failure in lower-level module)" ); 448 case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING): 449 return( "SSL - A counter would wrap (eg, too many messages exchanged)" ); 450 case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO): 451 return( "SSL - Unexpected message at ServerHello in renegotiation" ); 452 case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED): 453 return( "SSL - DTLS client must retry for hello verification" ); 454 case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL): 455 return( "SSL - A buffer is too small to receive or write a message" ); 456 case -(MBEDTLS_ERR_SSL_WANT_READ): 457 return( "SSL - No data of requested type currently available on underlying transport" ); 458 case -(MBEDTLS_ERR_SSL_WANT_WRITE): 459 return( "SSL - Connection requires a write call" ); 460 case -(MBEDTLS_ERR_SSL_TIMEOUT): 461 return( "SSL - The operation timed out" ); 462 case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT): 463 return( "SSL - The client initiated a reconnect from the same port" ); 464 case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD): 465 return( "SSL - Record header looks valid but is not expected" ); 466 case -(MBEDTLS_ERR_SSL_NON_FATAL): 467 return( "SSL - The alert message received indicates a non-fatal error" ); 468 case -(MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER): 469 return( "SSL - A field in a message was incorrect or inconsistent with other fields" ); 470 case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING): 471 return( "SSL - Internal-only message signaling that further message-processing should be done" ); 472 case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS): 473 return( "SSL - The asynchronous operation is not completed yet" ); 474 case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE): 475 return( "SSL - Internal-only message signaling that a message arrived early" ); 476 case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID): 477 return( "SSL - An encrypted DTLS-frame with an unexpected CID was received" ); 478 case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH): 479 return( "SSL - An operation failed due to an unexpected version or configuration" ); 480 case -(MBEDTLS_ERR_SSL_BAD_CONFIG): 481 return( "SSL - Invalid value in SSL config" ); 482 case -(MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME): 483 return( "SSL - Attempt to verify a certificate without an expected hostname. This is usually insecure. In TLS clients, when a client authenticates a server through its certificate, the client normally checks three things: - the certificate chain must be valid; - the chain must start from a trusted CA; - the certificate must cover the server name that is expected by the client. Omitting any of these checks is generally insecure, and can allow a malicious server to impersonate a legitimate server. The third check may be safely skipped in some unusual scenarios, such as networks where eavesdropping is a risk but not active attacks, or a private PKI where the client equally trusts all servers that are accredited by the root CA. You should call mbedtls_ssl_set_hostname() with the expected server name before starting a TLS handshake on a client (unless the client is set up to only use PSK-based authentication, which does not rely on the host name). If you have determined that server name verification is not required for security in your scenario, call mbedtls_ssl_set_hostname() with \\p NULL as the server name. This error is raised if all of the following conditions are met: - A TLS client is configured with the authentication mode #MBEDTLS_SSL_VERIFY_REQUIRED (default). - Certificate authentication is enabled. - The client does not call mbedtls_ssl_set_hostname(). - The configuration option #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is not enabled" ); 484 #endif /* MBEDTLS_SSL_TLS_C */ 485 486 #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) 487 case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE): 488 return( "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" ); 489 case -(MBEDTLS_ERR_X509_UNKNOWN_OID): 490 return( "X509 - Requested OID is unknown" ); 491 case -(MBEDTLS_ERR_X509_INVALID_FORMAT): 492 return( "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" ); 493 case -(MBEDTLS_ERR_X509_INVALID_VERSION): 494 return( "X509 - The CRT/CRL/CSR version element is invalid" ); 495 case -(MBEDTLS_ERR_X509_INVALID_SERIAL): 496 return( "X509 - The serial tag or value is invalid" ); 497 case -(MBEDTLS_ERR_X509_INVALID_ALG): 498 return( "X509 - The algorithm tag or value is invalid" ); 499 case -(MBEDTLS_ERR_X509_INVALID_NAME): 500 return( "X509 - The name tag or value is invalid" ); 501 case -(MBEDTLS_ERR_X509_INVALID_DATE): 502 return( "X509 - The date tag or value is invalid" ); 503 case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE): 504 return( "X509 - The signature tag or value invalid" ); 505 case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS): 506 return( "X509 - The extension tag or value is invalid" ); 507 case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION): 508 return( "X509 - CRT/CRL/CSR has an unsupported version number" ); 509 case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG): 510 return( "X509 - Signature algorithm (oid) is unsupported" ); 511 case -(MBEDTLS_ERR_X509_SIG_MISMATCH): 512 return( "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" ); 513 case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED): 514 return( "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" ); 515 case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT): 516 return( "X509 - Format not recognized as DER or PEM" ); 517 case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA): 518 return( "X509 - Input invalid" ); 519 case -(MBEDTLS_ERR_X509_ALLOC_FAILED): 520 return( "X509 - Allocation of memory failed" ); 521 case -(MBEDTLS_ERR_X509_FILE_IO_ERROR): 522 return( "X509 - Read/write of file failed" ); 523 case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL): 524 return( "X509 - Destination buffer is too small" ); 525 case -(MBEDTLS_ERR_X509_FATAL_ERROR): 526 return( "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" ); 527 #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ 528 /* End Auto-Generated Code. */ 529 530 default: 531 break; 532 } 533 534 return NULL; 535 } 536 537 const char *mbedtls_low_level_strerr(int error_code) 538 { 539 int low_level_error_code; 540 541 if (error_code < 0) { 542 error_code = -error_code; 543 } 544 545 /* Extract the low-level part from the error code. */ 546 low_level_error_code = error_code & ~0xFF80; 547 548 switch (low_level_error_code) { 549 /* Begin Auto-Generated Code. */ 550 #if defined(MBEDTLS_AES_C) 551 case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH): 552 return( "AES - Invalid key length" ); 553 case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH): 554 return( "AES - Invalid data input length" ); 555 case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA): 556 return( "AES - Invalid input data" ); 557 #endif /* MBEDTLS_AES_C */ 558 559 #if defined(MBEDTLS_ARIA_C) 560 case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA): 561 return( "ARIA - Bad input data" ); 562 case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH): 563 return( "ARIA - Invalid data input length" ); 564 #endif /* MBEDTLS_ARIA_C */ 565 566 #if defined(MBEDTLS_ASN1_PARSE_C) 567 case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA): 568 return( "ASN1 - Out of data when parsing an ASN1 data structure" ); 569 case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG): 570 return( "ASN1 - ASN1 tag was of an unexpected value" ); 571 case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH): 572 return( "ASN1 - Error when trying to determine the length or invalid length" ); 573 case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH): 574 return( "ASN1 - Actual length differs from expected length" ); 575 case -(MBEDTLS_ERR_ASN1_INVALID_DATA): 576 return( "ASN1 - Data is invalid" ); 577 case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED): 578 return( "ASN1 - Memory allocation failed" ); 579 case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL): 580 return( "ASN1 - Buffer too small when writing ASN.1 data structure" ); 581 #endif /* MBEDTLS_ASN1_PARSE_C */ 582 583 #if defined(MBEDTLS_BASE64_C) 584 case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL): 585 return( "BASE64 - Output buffer too small" ); 586 case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER): 587 return( "BASE64 - Invalid character in input" ); 588 #endif /* MBEDTLS_BASE64_C */ 589 590 #if defined(MBEDTLS_BIGNUM_C) 591 case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR): 592 return( "BIGNUM - An error occurred while reading from or writing to a file" ); 593 case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA): 594 return( "BIGNUM - Bad input parameters to function" ); 595 case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER): 596 return( "BIGNUM - There is an invalid character in the digit string" ); 597 case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL): 598 return( "BIGNUM - The buffer is too small to write to" ); 599 case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE): 600 return( "BIGNUM - The input arguments are negative or result in illegal output" ); 601 case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO): 602 return( "BIGNUM - The input argument for division is zero, which is not allowed" ); 603 case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE): 604 return( "BIGNUM - The input arguments are not acceptable" ); 605 case -(MBEDTLS_ERR_MPI_ALLOC_FAILED): 606 return( "BIGNUM - Memory allocation failed" ); 607 #endif /* MBEDTLS_BIGNUM_C */ 608 609 #if defined(MBEDTLS_CAMELLIA_C) 610 case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA): 611 return( "CAMELLIA - Bad input data" ); 612 case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH): 613 return( "CAMELLIA - Invalid data input length" ); 614 #endif /* MBEDTLS_CAMELLIA_C */ 615 616 #if defined(MBEDTLS_CCM_C) 617 case -(MBEDTLS_ERR_CCM_BAD_INPUT): 618 return( "CCM - Bad input parameters to the function" ); 619 case -(MBEDTLS_ERR_CCM_AUTH_FAILED): 620 return( "CCM - Authenticated decryption failed" ); 621 #endif /* MBEDTLS_CCM_C */ 622 623 #if defined(MBEDTLS_CHACHA20_C) 624 case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA): 625 return( "CHACHA20 - Invalid input parameter(s)" ); 626 #endif /* MBEDTLS_CHACHA20_C */ 627 628 #if defined(MBEDTLS_CHACHAPOLY_C) 629 case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE): 630 return( "CHACHAPOLY - The requested operation is not permitted in the current state" ); 631 case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED): 632 return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" ); 633 #endif /* MBEDTLS_CHACHAPOLY_C */ 634 635 #if defined(MBEDTLS_CTR_DRBG_C) 636 case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED): 637 return( "CTR_DRBG - The entropy source failed" ); 638 case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG): 639 return( "CTR_DRBG - The requested random buffer length is too big" ); 640 case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG): 641 return( "CTR_DRBG - The input (entropy + additional data) is too large" ); 642 case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR): 643 return( "CTR_DRBG - Read or write error in file" ); 644 #endif /* MBEDTLS_CTR_DRBG_C */ 645 646 #if defined(MBEDTLS_DES_C) 647 case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH): 648 return( "DES - The data input has an invalid length" ); 649 #endif /* MBEDTLS_DES_C */ 650 651 #if defined(MBEDTLS_ENTROPY_C) 652 case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED): 653 return( "ENTROPY - Critical entropy source failure" ); 654 case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES): 655 return( "ENTROPY - No more sources can be added" ); 656 case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED): 657 return( "ENTROPY - No sources have been added to poll" ); 658 case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE): 659 return( "ENTROPY - No strong sources have been added to poll" ); 660 case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR): 661 return( "ENTROPY - Read/write error in file" ); 662 #endif /* MBEDTLS_ENTROPY_C */ 663 664 #if defined(MBEDTLS_ERROR_C) 665 case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR): 666 return( "ERROR - Generic error" ); 667 case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED): 668 return( "ERROR - This is a bug in the library" ); 669 #endif /* MBEDTLS_ERROR_C */ 670 671 #if defined(MBEDTLS_PLATFORM_C) 672 case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED): 673 return( "PLATFORM - Hardware accelerator failed" ); 674 case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED): 675 return( "PLATFORM - The requested feature is not supported by the platform" ); 676 #endif /* MBEDTLS_PLATFORM_C */ 677 678 #if defined(MBEDTLS_GCM_C) 679 case -(MBEDTLS_ERR_GCM_AUTH_FAILED): 680 return( "GCM - Authenticated decryption failed" ); 681 case -(MBEDTLS_ERR_GCM_BAD_INPUT): 682 return( "GCM - Bad input parameters to function" ); 683 case -(MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL): 684 return( "GCM - An output buffer is too small" ); 685 #endif /* MBEDTLS_GCM_C */ 686 687 #if defined(MBEDTLS_HKDF_C) 688 case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA): 689 return( "HKDF - Bad input parameters to function" ); 690 #endif /* MBEDTLS_HKDF_C */ 691 692 #if defined(MBEDTLS_HMAC_DRBG_C) 693 case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG): 694 return( "HMAC_DRBG - Too many random requested in single call" ); 695 case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG): 696 return( "HMAC_DRBG - Input too large (Entropy + additional)" ); 697 case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR): 698 return( "HMAC_DRBG - Read/write error in file" ); 699 case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED): 700 return( "HMAC_DRBG - The entropy source failed" ); 701 #endif /* MBEDTLS_HMAC_DRBG_C */ 702 703 #if defined(MBEDTLS_LMS_C) 704 case -(MBEDTLS_ERR_LMS_BAD_INPUT_DATA): 705 return( "LMS - Bad data has been input to an LMS function" ); 706 case -(MBEDTLS_ERR_LMS_OUT_OF_PRIVATE_KEYS): 707 return( "LMS - Specified LMS key has utilised all of its private keys" ); 708 case -(MBEDTLS_ERR_LMS_VERIFY_FAILED): 709 return( "LMS - LMS signature verification failed" ); 710 case -(MBEDTLS_ERR_LMS_ALLOC_FAILED): 711 return( "LMS - LMS failed to allocate space for a private key" ); 712 case -(MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL): 713 return( "LMS - Input/output buffer is too small to contain requited data" ); 714 #endif /* MBEDTLS_LMS_C */ 715 716 #if defined(MBEDTLS_NET_C) 717 case -(MBEDTLS_ERR_NET_SOCKET_FAILED): 718 return( "NET - Failed to open a socket" ); 719 case -(MBEDTLS_ERR_NET_CONNECT_FAILED): 720 return( "NET - The connection to the given server / port failed" ); 721 case -(MBEDTLS_ERR_NET_BIND_FAILED): 722 return( "NET - Binding of the socket failed" ); 723 case -(MBEDTLS_ERR_NET_LISTEN_FAILED): 724 return( "NET - Could not listen on the socket" ); 725 case -(MBEDTLS_ERR_NET_ACCEPT_FAILED): 726 return( "NET - Could not accept the incoming connection" ); 727 case -(MBEDTLS_ERR_NET_RECV_FAILED): 728 return( "NET - Reading information from the socket failed" ); 729 case -(MBEDTLS_ERR_NET_SEND_FAILED): 730 return( "NET - Sending information through the socket failed" ); 731 case -(MBEDTLS_ERR_NET_CONN_RESET): 732 return( "NET - Connection was reset by peer" ); 733 case -(MBEDTLS_ERR_NET_UNKNOWN_HOST): 734 return( "NET - Failed to get an IP address for the given hostname" ); 735 case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL): 736 return( "NET - Buffer is too small to hold the data" ); 737 case -(MBEDTLS_ERR_NET_INVALID_CONTEXT): 738 return( "NET - The context is invalid, eg because it was free()ed" ); 739 case -(MBEDTLS_ERR_NET_POLL_FAILED): 740 return( "NET - Polling the net context failed" ); 741 case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA): 742 return( "NET - Input invalid" ); 743 #endif /* MBEDTLS_NET_C */ 744 745 #if defined(MBEDTLS_OID_C) 746 case -(MBEDTLS_ERR_OID_NOT_FOUND): 747 return( "OID - OID is not found" ); 748 case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL): 749 return( "OID - output buffer is too small" ); 750 #endif /* MBEDTLS_OID_C */ 751 752 #if defined(MBEDTLS_POLY1305_C) 753 case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA): 754 return( "POLY1305 - Invalid input parameter(s)" ); 755 #endif /* MBEDTLS_POLY1305_C */ 756 757 #if defined(MBEDTLS_SHA1_C) 758 case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA): 759 return( "SHA1 - SHA-1 input data was malformed" ); 760 #endif /* MBEDTLS_SHA1_C */ 761 762 #if defined(MBEDTLS_SHA256_C) 763 case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA): 764 return( "SHA256 - SHA-256 input data was malformed" ); 765 #endif /* MBEDTLS_SHA256_C */ 766 767 #if defined(MBEDTLS_SHA3_C) 768 case -(MBEDTLS_ERR_SHA3_BAD_INPUT_DATA): 769 return( "SHA3 - SHA-3 input data was malformed" ); 770 #endif /* MBEDTLS_SHA3_C */ 771 772 #if defined(MBEDTLS_SHA512_C) 773 case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA): 774 return( "SHA512 - SHA-512 input data was malformed" ); 775 #endif /* MBEDTLS_SHA512_C */ 776 777 #if defined(MBEDTLS_THREADING_C) 778 case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA): 779 return( "THREADING - Bad input parameters to function" ); 780 case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR): 781 return( "THREADING - Locking / unlocking / free failed with error code" ); 782 #endif /* MBEDTLS_THREADING_C */ 783 /* End Auto-Generated Code. */ 784 785 default: 786 break; 787 } 788 789 return NULL; 790 } 791 792 void mbedtls_strerror(int ret, char *buf, size_t buflen) 793 { 794 size_t len; 795 int use_ret; 796 const char *high_level_error_description = NULL; 797 const char *low_level_error_description = NULL; 798 799 if (buflen == 0) { 800 return; 801 } 802 803 memset(buf, 0x00, buflen); 804 805 if (ret < 0) { 806 ret = -ret; 807 } 808 809 if (ret & 0xFF80) { 810 use_ret = ret & 0xFF80; 811 812 // Translate high level error code. 813 high_level_error_description = mbedtls_high_level_strerr(ret); 814 815 if (high_level_error_description == NULL) { 816 mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); 817 } else { 818 mbedtls_snprintf(buf, buflen, "%s", high_level_error_description); 819 } 820 821 #if defined(MBEDTLS_SSL_TLS_C) 822 // Early return in case of a fatal error - do not try to translate low 823 // level code. 824 if (use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) { 825 return; 826 } 827 #endif /* MBEDTLS_SSL_TLS_C */ 828 } 829 830 use_ret = ret & ~0xFF80; 831 832 if (use_ret == 0) { 833 return; 834 } 835 836 // If high level code is present, make a concatenation between both 837 // error strings. 838 // 839 len = strlen(buf); 840 841 if (len > 0) { 842 if (buflen - len < 5) { 843 return; 844 } 845 846 mbedtls_snprintf(buf + len, buflen - len, " : "); 847 848 buf += len + 3; 849 buflen -= len + 3; 850 } 851 852 // Translate low level error code. 853 low_level_error_description = mbedtls_low_level_strerr(ret); 854 855 if (low_level_error_description == NULL) { 856 mbedtls_snprintf(buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret); 857 } else { 858 mbedtls_snprintf(buf, buflen, "%s", low_level_error_description); 859 } 860 } 861 862 #else /* MBEDTLS_ERROR_C */ 863 864 /* 865 * Provide a dummy implementation when MBEDTLS_ERROR_C is not defined 866 */ 867 void mbedtls_strerror(int ret, char *buf, size_t buflen) 868 { 869 ((void) ret); 870 871 if (buflen > 0) { 872 buf[0] = '\0'; 873 } 874 } 875 876 #endif /* MBEDTLS_ERROR_C */ 877 878 #endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */