Security Framework Error Codes
Q: When calling various Security Framework routines I have noticed return values that are not explicitly documented by the Security API. What do these error values mean?
A: When calling various Security Framework routines I have noticed return values that are not explicitly documented by the Security API. What do these error values mean?
The Security framework can return an error from three distinct categories:
An
OSStatuserror, e.g.,errSecNoSuchKeychain(-25294).A UNIX errno-style error code +
100000, e.g.,EINVAL(22) +100000.An error from Common Security Services Manager (CSSM), one of the technologies that underlies the Security framework, e.g.,
CSSM_ADDIN_AUTHENTICATE_FAILED(0x8001011c).
General OSStatus-style error codes can be found in MacErrors.h. Security related OSStatus-style error codes are defined in various headers within the Security framework: SecBase.h, AuthSession.h, SecureTransport.h, and Authorization.h.
All errno-style error codes are listed in /usr/include/sys/errno.h.
CSSM errors are listed in cssmerr.h. In addition, you can get a human readable form of CSSM errors using cssmPerror, provided by the Security framework, in order to translate a received CSSM error value into its canonical name. Below is an example call within a gdb session:
(gdb) call (void)cssmPerror(0, 0x8001011c) error: CSSM_ADDIN_AUTHENTICATE_FAILED (gdb) call (void)cssmPerror(0, 2147549468) error: CSSM_ADDIN_AUTHENTICATE_FAILED |
Document Revision History
| Date | Notes |
|---|---|
| 2006-11-16 | New document that explains how to interpret errors returned by the Security Framework with an overview of Security error handling. |
Copyright © 2006 Apple Computer, Inc. All Rights Reserved. Terms of Use | Privacy Policy | Updated: 2006-11-16