Technical Q&A QA1499

Security Framework Error Codes

Q:  When calling various Security Framework routines I have noticed return values that are not explicitly documented by the Security API. What do these error values mean?

A: When calling various Security Framework routines I have noticed return values that are not explicitly documented by the Security API. What do these error values mean?

The Security framework can return an error from three distinct categories:

General OSStatus-style error codes can be found in MacErrors.h. Security related OSStatus-style error codes are defined in various headers within the Security framework: SecBase.h, AuthSession.h, SecureTransport.h, and Authorization.h.

All errno-style error codes are listed in /usr/include/sys/errno.h.

CSSM errors are listed in cssmerr.h. In addition, you can get a human readable form of CSSM errors using cssmPerror, provided by the Security framework, in order to translate a received CSSM error value into its canonical name. Below is an example call within a gdb session:

(gdb) call (void)cssmPerror(0, 0x8001011c) error: CSSM_ADDIN_AUTHENTICATE_FAILED (gdb) call (void)cssmPerror(0, 2147549468) error: CSSM_ADDIN_AUTHENTICATE_FAILED


Document Revision History


DateNotes
2006-11-16

New document that explains how to interpret errors returned by the Security Framework with an overview of Security error handling.