1 /* $OpenBSD: x509_err.c,v 1.17 2022/07/12 14:42:50 kn Exp $ */
2 /* ====================================================================
3  * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. All advertising materials mentioning features or use of this
18  *    software must display the following acknowledgment:
19  *    "This product includes software developed by the OpenSSL Project
20  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21  *
22  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23  *    endorse or promote products derived from this software without
24  *    prior written permission. For written permission, please contact
25  *    openssl-core@OpenSSL.org.
26  *
27  * 5. Products derived from this software may not be called "OpenSSL"
28  *    nor may "OpenSSL" appear in their names without prior written
29  *    permission of the OpenSSL Project.
30  *
31  * 6. Redistributions of any form whatsoever must retain the following
32  *    acknowledgment:
33  *    "This product includes software developed by the OpenSSL Project
34  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35  *
36  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47  * OF THE POSSIBILITY OF SUCH DAMAGE.
48  * ====================================================================
49  *
50  * This product includes cryptographic software written by Eric Young
51  * (eay@cryptsoft.com).  This product includes software written by Tim
52  * Hudson (tjh@cryptsoft.com).
53  *
54  */
55 
56 #include <stdio.h>
57 
58 #include <openssl/opensslconf.h>
59 
60 #include <openssl/err.h>
61 #include <openssl/x509.h>
62 #include <openssl/x509v3.h>
63 
64 #ifndef OPENSSL_NO_ERR
65 
66 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
67 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
68 
69 static ERR_STRING_DATA X509_str_functs[] = {
70 	{ERR_FUNC(0xfff), "CRYPTO_internal"},
71 	{0, NULL}
72 };
73 
74 static ERR_STRING_DATA X509V3_str_functs[] = {
75 	{ERR_FUNC(0xfff), "CRYPTO_internal"},
76 	{0, NULL}
77 };
78 
79 static ERR_STRING_DATA X509_str_reasons[] = {
80 	{ERR_REASON(X509_R_BAD_X509_FILETYPE)    , "bad x509 filetype"},
81 	{ERR_REASON(X509_R_BASE64_DECODE_ERROR)  , "base64 decode error"},
82 	{ERR_REASON(X509_R_CANT_CHECK_DH_KEY)    , "cant check dh key"},
83 	{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), "cert already in hash table"},
84 	{ERR_REASON(X509_R_ERR_ASN1_LIB)         , "err asn1 lib"},
85 	{ERR_REASON(X509_R_INVALID_DIRECTORY)    , "invalid directory"},
86 	{ERR_REASON(X509_R_INVALID_FIELD_NAME)   , "invalid field name"},
87 	{ERR_REASON(X509_R_INVALID_TRUST)        , "invalid trust"},
88 	{ERR_REASON(X509_R_KEY_TYPE_MISMATCH)    , "key type mismatch"},
89 	{ERR_REASON(X509_R_KEY_VALUES_MISMATCH)  , "key values mismatch"},
90 	{ERR_REASON(X509_R_LOADING_CERT_DIR)     , "loading cert dir"},
91 	{ERR_REASON(X509_R_LOADING_DEFAULTS)     , "loading defaults"},
92 	{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"},
93 	{ERR_REASON(X509_R_NO_CERTIFICATE_OR_CRL_FOUND), "no certificate or crl found"},
94 	{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"},
95 	{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},
96 	{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"},
97 	{ERR_REASON(X509_R_SHOULD_RETRY)         , "should retry"},
98 	{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), "unable to find parameters in chain"},
99 	{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), "unable to get certs public key"},
100 	{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE)     , "unknown key type"},
101 	{ERR_REASON(X509_R_UNKNOWN_NID)          , "unknown nid"},
102 	{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID)   , "unknown purpose id"},
103 	{ERR_REASON(X509_R_UNKNOWN_TRUST_ID)     , "unknown trust id"},
104 	{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
105 	{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE)    , "wrong lookup type"},
106 	{ERR_REASON(X509_R_WRONG_TYPE)           , "wrong type"},
107 	{0, NULL}
108 };
109 
110 static ERR_STRING_DATA X509V3_str_reasons[] = {
111 	{ERR_REASON(X509V3_R_BAD_IP_ADDRESS)     , "bad ip address"},
112 	{ERR_REASON(X509V3_R_BAD_OBJECT)         , "bad object"},
113 	{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    , "bn dec2bn error"},
114 	{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), "bn to asn1 integer error"},
115 	{ERR_REASON(X509V3_R_DIRNAME_ERROR)      , "dirname error"},
116 	{ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"},
117 	{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID)  , "duplicate zone id"},
118 	{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"},
119 	{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION), "error creating extension"},
120 	{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) , "error in extension"},
121 	{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"},
122 	{ERR_REASON(X509V3_R_EXTENSION_EXISTS)   , "extension exists"},
123 	{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"},
124 	{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"},
125 	{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), "extension setting not supported"},
126 	{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"},
127 	{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"},
128 	{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  , "illegal hex digit"},
129 	{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), "incorrect policy syntax tag"},
130 	{ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"},
131 	{ERR_REASON(X509V3_R_INVALID_ASNUMBER)   , "invalid asnumber"},
132 	{ERR_REASON(X509V3_R_INVALID_ASRANGE)    , "invalid asrange"},
133 	{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"},
134 	{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING), "invalid extension string"},
135 	{ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"},
136 	{ERR_REASON(X509V3_R_INVALID_IPADDRESS)  , "invalid ipaddress"},
137 	{ERR_REASON(X509V3_R_INVALID_NAME)       , "invalid name"},
138 	{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
139 	{ERR_REASON(X509V3_R_INVALID_NULL_NAME)  , "invalid null name"},
140 	{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) , "invalid null value"},
141 	{ERR_REASON(X509V3_R_INVALID_NUMBER)     , "invalid number"},
142 	{ERR_REASON(X509V3_R_INVALID_NUMBERS)    , "invalid numbers"},
143 	{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER), "invalid object identifier"},
144 	{ERR_REASON(X509V3_R_INVALID_OPTION)     , "invalid option"},
145 	{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER), "invalid policy identifier"},
146 	{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING), "invalid proxy policy setting"},
147 	{ERR_REASON(X509V3_R_INVALID_PURPOSE)    , "invalid purpose"},
148 	{ERR_REASON(X509V3_R_INVALID_SAFI)       , "invalid safi"},
149 	{ERR_REASON(X509V3_R_INVALID_SECTION)    , "invalid section"},
150 	{ERR_REASON(X509V3_R_INVALID_SYNTAX)     , "invalid syntax"},
151 	{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"},
152 	{ERR_REASON(X509V3_R_MISSING_VALUE)      , "missing value"},
153 	{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), "need organization and numbers"},
154 	{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) , "no config database"},
155 	{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"},
156 	{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS)  , "no issuer details"},
157 	{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"},
158 	{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), "no proxy cert policy language defined"},
159 	{ERR_REASON(X509V3_R_NO_PUBLIC_KEY)      , "no public key"},
160 	{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) , "no subject details"},
161 	{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"},
162 	{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"},
163 	{ERR_REASON(X509V3_R_OTHERNAME_ERROR)    , "othername error"},
164 	{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), "policy language already defined"},
165 	{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) , "policy path length"},
166 	{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), "policy path length already defined"},
167 	{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), "policy syntax not currently supported"},
168 	{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), "policy when proxy language requires no policy"},
169 	{ERR_REASON(X509V3_R_SECTION_NOT_FOUND)  , "section not found"},
170 	{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), "unable to get issuer details"},
171 	{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), "unable to get issuer keyid"},
172 	{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), "unknown bit string argument"},
173 	{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION)  , "unknown extension"},
174 	{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"},
175 	{ERR_REASON(X509V3_R_UNKNOWN_OPTION)     , "unknown option"},
176 	{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) , "unsupported option"},
177 	{ERR_REASON(X509V3_R_UNSUPPORTED_TYPE)   , "unsupported type"},
178 	{ERR_REASON(X509V3_R_USER_TOO_LONG)      , "user too long"},
179 	{0, NULL}
180 };
181 
182 #endif
183 
184 void
185 ERR_load_X509_strings(void)
186 {
187 #ifndef OPENSSL_NO_ERR
188 	if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
189 		ERR_load_strings(0, X509_str_functs);
190 		ERR_load_strings(0, X509_str_reasons);
191 	}
192 #endif
193 }
194 
195 
196 void
197 ERR_load_X509V3_strings(void)
198 {
199 #ifndef OPENSSL_NO_ERR
200 	if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
201 		ERR_load_strings(0, X509V3_str_functs);
202 		ERR_load_strings(0, X509V3_str_reasons);
203 	}
204 #endif
205 }
206