luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

x509asn1: switch from malloc to dynbuf

Browse Source 
Closes #12808
This commit is contained in:
Daniel Stenberg 2024-01-26 15:02:19 +01:00
parent cd48e8f8a9
commit 623c3a8fa0
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 291 additions and 308 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

599
lib/vtls/x509asn1.c
View File

@ -260,61 +260,61 @@ static const struct Curl_OID *searchOID(const char *oid)
} }
/* /*
* Convert an ASN.1 Boolean value into its string representation. Return the * Convert an ASN.1 Boolean value into its string representation.
* dynamically allocated string, or NULL if source is not an ASN.1 Boolean *
* value. * Return error code.
*/ */
static const char *bool2str(const char *beg, const char *end) static CURLcode bool2str(struct dynbuf *store,
const char *beg, const char *end)
{ {
if(end - beg != 1) if(end - beg != 1)
return NULL; return CURLE_BAD_FUNCTION_ARGUMENT;
return strdup(*beg? "TRUE": "FALSE"); return Curl_dyn_add(store, *beg? "TRUE": "FALSE");
} }
/* /*
* Convert an ASN.1 octet string to a printable string. * Convert an ASN.1 octet string to a printable string.
* Return the dynamically allocated string, or NULL if an error occurs. *
* Return error code.
*/ */
static const char *octet2str(const char *beg, const char *end) static CURLcode octet2str(struct dynbuf *store,
const char *beg, const char *end)
{ {
struct dynbuf buf; CURLcode result = CURLE_OK;
CURLcode result;
Curl_dyn_init(&buf, 3 * CURL_ASN1_MAX + 1);
result = Curl_dyn_addn(&buf, "", 0);
while(!result && beg < end) while(!result && beg < end)
result = Curl_dyn_addf(&buf, "%02x:", (unsigned char) *beg++); result = Curl_dyn_addf(store, "%02x:", (unsigned char) *beg++);
return Curl_dyn_ptr(&buf); return result;
} }
static const char *bit2str(const char *beg, const char *end) static CURLcode bit2str(struct dynbuf *store,
const char *beg, const char *end)
{ {
/* Convert an ASN.1 bit string to a printable string. /* Convert an ASN.1 bit string to a printable string. */
Return the dynamically allocated string, or NULL if an error occurs. */
if(++beg > end) if(++beg > end)
return NULL; return CURLE_BAD_FUNCTION_ARGUMENT;
return octet2str(beg, end); return octet2str(store, beg, end);
} }
/* /*
* Convert an ASN.1 integer value into its string representation. * Convert an ASN.1 integer value into its string representation.
* Return the dynamically allocated string, or NULL if source is not an *
* ASN.1 integer value. * Returns error.
*/ */
static const char *int2str(const char *beg, const char *end) static CURLcode int2str(struct dynbuf *store,
const char *beg, const char *end)
{ {
unsigned int val = 0; unsigned int val = 0;
size_t n = end - beg; size_t n = end - beg;
if(!n) if(!n)
return NULL; return CURLE_BAD_FUNCTION_ARGUMENT;
if(n > 4) if(n > 4)
return octet2str(beg, end); return octet2str(store, beg, end);
/* Represent integers <= 32-bit as a single value. */ /* Represent integers <= 32-bit as a single value. */
if(*beg & 0x80) if(*beg & 0x80)
@ -323,7 +323,7 @@ static const char *int2str(const char *beg, const char *end)
do do
val = (val << 8) | *(const unsigned char *) beg++; val = (val << 8) | *(const unsigned char *) beg++;
while(beg < end); while(beg < end);
return curl_maprintf("%s%x", val >= 10? "0x": "", val); return Curl_dyn_addf(store, "%s%x", val >= 10? "0x": "", val);
} }
/* /*
@ -332,9 +332,9 @@ static const char *int2str(const char *beg, const char *end)
* The result is stored in a dynbuf that is inited by the user of this * The result is stored in a dynbuf that is inited by the user of this
* function. * function.
* *
* Return negative on error. * Returns error.
*/ */
static ssize_t static CURLcode
utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
{ {
size_t inlength = end - from; size_t inlength = end - from;
@ -356,11 +356,12 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
case CURL_ASN1_UTF8_STRING: case CURL_ASN1_UTF8_STRING:
break; break;
default: default:
return -1; /* Conversion not supported. */ return CURLE_BAD_FUNCTION_ARGUMENT; /* Conversion not supported. */
} }
if(inlength % size) if(inlength % size)
return -1; /* Length inconsistent with character size. */ /* Length inconsistent with character size. */
return CURLE_BAD_FUNCTION_ARGUMENT;
if(type == CURL_ASN1_UTF8_STRING) { if(type == CURL_ASN1_UTF8_STRING) {
/* Just copy. */ /* Just copy. */
@ -389,7 +390,8 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
if(wc >= 0x00010000) { if(wc >= 0x00010000) {
if(wc >= 0x00200000) { if(wc >= 0x00200000) {
free(buf); free(buf);
return -1; /* Invalid char. size for target encoding. */ /* Invalid char. size for target encoding. */
return CURLE_WEIRD_SERVER_REPLY;
} }
buf[3] = (char) (0x80 | (wc & 0x3F)); buf[3] = (char) (0x80 | (wc & 0x3F));
wc = (wc >> 6) | 0x00010000; wc = (wc >> 6) | 0x00010000;
@ -407,74 +409,32 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
result = Curl_dyn_addn(to, buf, charsize); result = Curl_dyn_addn(to, buf, charsize);
} }
} }
return result ? (ssize_t) -1 : (ssize_t)Curl_dyn_len(to); return result;
}
/*
* Convert an ASN.1 String into its UTF-8 string representation.
* Return the dynamically allocated string, or NULL if an error occurs.
*/
static const char *string2str(int type, const char *beg, const char *end)
{
struct dynbuf buf;
Curl_dyn_init(&buf, MAX_X509_STR);
if(utf8asn1str(&buf, type, beg, end) < 0)
return NULL;
return Curl_dyn_ptr(&buf);
}
/*
* Decimal ASCII encode unsigned integer `x' into the buflen sized buffer at
* buf. Return the total number of encoded digits, even if larger than
* `buflen'.
*/
static size_t encodeUint(char *buf, size_t buflen, unsigned int x)
{
size_t i = 0;
unsigned int y = x / 10;
if(y) {
i = encodeUint(buf, buflen, y);
x -= y * 10;
}
if(i < buflen)
buf[i] = (char) ('0' + x);
i++;
if(i < buflen)
buf[i] = '\0'; /* Store a terminator if possible. */
return i;
} }
/* /*
* Convert an ASN.1 OID into its dotted string representation. * Convert an ASN.1 OID into its dotted string representation.
* Store the result in th `n'-byte buffer at `buf'. *
* Return the converted string length, or 0 on errors. * Return error code.
*/ */
static size_t encodeOID(char *buf, size_t buflen, static CURLcode encodeOID(struct dynbuf *store,
const char *beg, const char *end) const char *beg, const char *end)
{ {
size_t i;
unsigned int x; unsigned int x;
unsigned int y; unsigned int y;
CURLcode result = CURLE_OK;
/* Process the first two numbers. */ /* Process the first two numbers. */
y = *(const unsigned char *) beg++; y = *(const unsigned char *) beg++;
x = y / 40; x = y / 40;
y -= x * 40; y -= x * 40;
i = encodeUint(buf, buflen, x);
if(i < buflen) result = Curl_dyn_addf(store, "%u.%u", x, y);
buf[i] = '.'; if(result)
i++; return result;
if(i >= buflen)
i += encodeUint(NULL, 0, y);
else
i += encodeUint(buf + i, buflen - i, y);
/* Process the trailing numbers. */ /* Process the trailing numbers. */
while(beg < end) { while(beg < end) {
if(i < buflen)
buf[i] = '.';
i++;
x = 0; x = 0;
do { do {
if(x & 0xFF000000) if(x & 0xFF000000)
@ -482,46 +442,42 @@ static size_t encodeOID(char *buf, size_t buflen,
y = *(const unsigned char *) beg++; y = *(const unsigned char *) beg++;
x = (x << 7) | (y & 0x7F); x = (x << 7) | (y & 0x7F);
} while(y & 0x80); } while(y & 0x80);
if(i >= buflen) result = Curl_dyn_addf(store, ".%u", x);
i += encodeUint(NULL, 0, x);
else
i += encodeUint(buf + i, buflen - i, x);
} }
if(i < buflen) return result;
buf[i] = '\0';
return i;
} }
/* /*
* Convert an ASN.1 OID into its dotted or symbolic string representation. * Convert an ASN.1 OID into its dotted or symbolic string representation.
* Return the dynamically allocated string, or NULL if an error occurs. *
* Return error code.
*/ */
static const char *OID2str(const char *beg, const char *end, bool symbolic) static CURLcode OID2str(struct dynbuf *store,
const char *beg, const char *end, bool symbolic)
{ {
char *buf = NULL; CURLcode result = CURLE_OK;
if(beg < end) { if(beg < end) {
size_t buflen = encodeOID(NULL, 0, beg, end); if(symbolic) {
if(buflen) { struct dynbuf buf;
buf = malloc(buflen + 1); /* one extra for the zero byte */ Curl_dyn_init(&buf, MAX_X509_STR);
if(buf) { result = encodeOID(&buf, beg, end);
encodeOID(buf, buflen, beg, end);
buf[buflen] = '\0';
if(symbolic) { if(!result) {
const struct Curl_OID *op = searchOID(buf); const struct Curl_OID *op = searchOID(Curl_dyn_ptr(&buf));
if(op) { if(op)
free(buf); result = Curl_dyn_add(store, op->textoid);
buf = strdup(op->textoid); Curl_dyn_free(&buf);
}
}
} }
} }
else
result = encodeOID(store, beg, end);
} }
return buf; return result;
} }
static const char *GTime2str(const char *beg, const char *end) static CURLcode GTime2str(struct dynbuf *store,
const char *beg, const char *end)
{ {
const char *tzp; const char *tzp;
const char *fracp; const char *fracp;
@ -549,7 +505,7 @@ static const char *GTime2str(const char *beg, const char *end)
sec2 = fracp[-1]; sec2 = fracp[-1];
break; break;
default: default:
return NULL; return CURLE_BAD_FUNCTION_ARGUMENT;
} }
/* Scan for timezone, measure fractional seconds. */ /* Scan for timezone, measure fractional seconds. */
@ -578,7 +534,8 @@ static const char *GTime2str(const char *beg, const char *end)
} }
tzl = end - tzp; tzl = end - tzp;
return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", return Curl_dyn_addf(store,
"%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s",
beg, beg + 4, beg + 6, beg, beg + 4, beg + 6,
beg + 8, beg + 10, sec1, sec2, beg + 8, beg + 10, sec1, sec2,
fracl? ".": "", (int)fracl, fracp, fracl? ".": "", (int)fracl, fracp,
@ -586,10 +543,12 @@ static const char *GTime2str(const char *beg, const char *end)
} }
/* /*
* Convert an ASN.1 UTC time to a printable string. * Convert an ASN.1 UTC time to a printable string.
* Return the dynamically allocated string, or NULL if an error occurs. *
* Return error code.
*/ */
static const char *UTime2str(const char *beg, const char *end) static CURLcode UTime2str(struct dynbuf *store,
const char *beg, const char *end)
{ {
const char *tzp; const char *tzp;
size_t tzl; size_t tzl;
@ -606,12 +565,12 @@ static const char *UTime2str(const char *beg, const char *end)
case 2: case 2:
break; break;
default: default:
return NULL; return CURLE_BAD_FUNCTION_ARGUMENT;
} }
/* Process timezone. */ /* Process timezone. */
if(tzp >= end) if(tzp >= end)
return NULL; return CURLE_BAD_FUNCTION_ARGUMENT;
if(*tzp == 'Z') { if(*tzp == 'Z') {
tzp = "GMT"; tzp = "GMT";
end = tzp + 3; end = tzp + 3;
@ -620,7 +579,7 @@ static const char *UTime2str(const char *beg, const char *end)
tzp++; tzp++;
tzl = end - tzp; tzl = end - tzp;
return curl_maprintf("%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s", return Curl_dyn_addf(store, "%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s",
20 - (*beg >= '5'), beg, beg + 2, beg + 4, 20 - (*beg >= '5'), beg, beg + 2, beg + 4,
beg + 6, beg + 8, sec, beg + 6, beg + 8, sec,
(int)tzl, tzp); (int)tzl, tzp);
@ -628,34 +587,45 @@ static const char *UTime2str(const char *beg, const char *end)
/* /*
* Convert an ASN.1 element to a printable string. * Convert an ASN.1 element to a printable string.
* Return the dynamically allocated string, or NULL if an error occurs. *
* Return error
*/ */
static const char *ASN1tostr(struct Curl_asn1Element *elem, int type) static CURLcode ASN1tostr(struct dynbuf *store,
struct Curl_asn1Element *elem, int type)
{ {
CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT;
if(elem->constructed) if(elem->constructed)
return NULL; /* No conversion of structured elements. */ return CURLE_OK; /* No conversion of structured elements. */
if(!type) if(!type)
type = elem->tag; /* Type not forced: use element tag as type. */ type = elem->tag; /* Type not forced: use element tag as type. */
switch(type) { switch(type) {
case CURL_ASN1_BOOLEAN: case CURL_ASN1_BOOLEAN:
return bool2str(elem->beg, elem->end); result = bool2str(store, elem->beg, elem->end);
break;
case CURL_ASN1_INTEGER: case CURL_ASN1_INTEGER:
case CURL_ASN1_ENUMERATED: case CURL_ASN1_ENUMERATED:
return int2str(elem->beg, elem->end); result = int2str(store, elem->beg, elem->end);
break;
case CURL_ASN1_BIT_STRING: case CURL_ASN1_BIT_STRING:
return bit2str(elem->beg, elem->end); result = bit2str(store, elem->beg, elem->end);
break;
case CURL_ASN1_OCTET_STRING: case CURL_ASN1_OCTET_STRING:
return octet2str(elem->beg, elem->end); result = octet2str(store, elem->beg, elem->end);
break;
case CURL_ASN1_NULL: case CURL_ASN1_NULL:
return strdup(""); result = Curl_dyn_addn(store, "", 1);
break;
case CURL_ASN1_OBJECT_IDENTIFIER: case CURL_ASN1_OBJECT_IDENTIFIER:
return OID2str(elem->beg, elem->end, TRUE); result = OID2str(store, elem->beg, elem->end, TRUE);
break;
case CURL_ASN1_UTC_TIME: case CURL_ASN1_UTC_TIME:
return UTime2str(elem->beg, elem->end); result = UTime2str(store, elem->beg, elem->end);
break;
case CURL_ASN1_GENERALIZED_TIME: case CURL_ASN1_GENERALIZED_TIME:
return GTime2str(elem->beg, elem->end); result = GTime2str(store, elem->beg, elem->end);
break;
case CURL_ASN1_UTF8_STRING: case CURL_ASN1_UTF8_STRING:
case CURL_ASN1_NUMERIC_STRING: case CURL_ASN1_NUMERIC_STRING:
case CURL_ASN1_PRINTABLE_STRING: case CURL_ASN1_PRINTABLE_STRING:
@ -664,87 +634,96 @@ static const char *ASN1tostr(struct Curl_asn1Element *elem, int type)
case CURL_ASN1_VISIBLE_STRING: case CURL_ASN1_VISIBLE_STRING:
case CURL_ASN1_UNIVERSAL_STRING: case CURL_ASN1_UNIVERSAL_STRING:
case CURL_ASN1_BMP_STRING: case CURL_ASN1_BMP_STRING:
return string2str(type, elem->beg, elem->end); result = utf8asn1str(store, type, elem->beg, elem->end);
break;
} }
return NULL; /* Unsupported. */ return result;
} }
/* /*
* ASCII encode distinguished name at `dn' into the `buflen'-sized buffer at * ASCII encode distinguished name at `dn' into the store dynbuf.
* `buf'.
* *
* Returns the total string length, even if larger than `buflen' or -1 on * Returns error.
* error.
*/ */
static ssize_t encodeDN(char *buf, size_t buflen, struct Curl_asn1Element *dn) static CURLcode encodeDN(struct dynbuf *store, struct Curl_asn1Element *dn)
{ {
struct Curl_asn1Element rdn; struct Curl_asn1Element rdn;
struct Curl_asn1Element atv; struct Curl_asn1Element atv;
struct Curl_asn1Element oid; struct Curl_asn1Element oid;
struct Curl_asn1Element value; struct Curl_asn1Element value;
size_t l = 0;
const char *p1; const char *p1;
const char *p2; const char *p2;
const char *p3; const char *p3;
const char *str; const char *str;
CURLcode result = CURLE_OK;
bool added = FALSE;
struct dynbuf temp;
Curl_dyn_init(&temp, MAX_X509_STR);
for(p1 = dn->beg; p1 < dn->end;) { for(p1 = dn->beg; p1 < dn->end;) {
p1 = getASN1Element(&rdn, p1, dn->end); p1 = getASN1Element(&rdn, p1, dn->end);
if(!p1) if(!p1) {
return -1; result = CURLE_BAD_FUNCTION_ARGUMENT;
goto error;
}
for(p2 = rdn.beg; p2 < rdn.end;) { for(p2 = rdn.beg; p2 < rdn.end;) {
p2 = getASN1Element(&atv, p2, rdn.end); p2 = getASN1Element(&atv, p2, rdn.end);
if(!p2) if(!p2) {
return -1; result = CURLE_BAD_FUNCTION_ARGUMENT;
goto error;
}
p3 = getASN1Element(&oid, atv.beg, atv.end); p3 = getASN1Element(&oid, atv.beg, atv.end);
if(!p3) if(!p3) {
return -1; result = CURLE_BAD_FUNCTION_ARGUMENT;
if(!getASN1Element(&value, p3, atv.end)) goto error;
return -1; }
str = ASN1tostr(&oid, 0); if(!getASN1Element(&value, p3, atv.end)) {
if(!str) result = CURLE_BAD_FUNCTION_ARGUMENT;
return -1; goto error;
}
Curl_dyn_reset(&temp);
result = ASN1tostr(&temp, &oid, 0);
if(result)
goto error;
str = Curl_dyn_ptr(&temp);
/* Encode delimiter. /* Encode delimiter.
If attribute has a short uppercase name, delimiter is ", ". */ If attribute has a short uppercase name, delimiter is ", ". */
if(l) { for(p3 = str; ISUPPER(*p3); p3++)
for(p3 = str; ISUPPER(*p3); p3++) ;
; if(added) {
for(p3 = (*p3 || p3 - str > 2)? "/": ", "; *p3; p3++) { if(p3 - str > 2)
if(l < buflen) result = Curl_dyn_addn(store, "/", 1);
buf[l] = *p3; else
l++; result = Curl_dyn_addn(store, ", ", 2);
} if(result)
goto error;
} }
/* Encode attribute name. */ /* Encode attribute name. */
for(p3 = str; *p3; p3++) { result = Curl_dyn_add(store, str);
if(l < buflen) if(result)
buf[l] = *p3; goto error;
l++;
}
free((char *) str);
/* Generate equal sign. */ /* Generate equal sign. */
if(l < buflen) result = Curl_dyn_addn(store, "=", 1);
buf[l] = '='; if(result)
l++; goto error;
/* Generate value. */ /* Generate value. */
str = ASN1tostr(&value, 0); result = ASN1tostr(store, &value, 0);
if(!str) if(result)
return -1; goto error;
for(p3 = str; *p3; p3++) { Curl_dyn_reset(&temp);
if(l < buflen) added = TRUE; /* use separator for next */
buf[l] = *p3;
l++;
}
free((char *) str);
} }
} }
error:
Curl_dyn_free(&temp);
return l; return result;
} }
#endif /* WANT_EXTRACT_CERTINFO */ #endif /* WANT_EXTRACT_CERTINFO */
@ -873,8 +852,9 @@ int Curl_parseX509(struct Curl_X509certificate *cert,
#ifdef WANT_EXTRACT_CERTINFO #ifdef WANT_EXTRACT_CERTINFO
static const char *dumpAlgo(struct Curl_asn1Element *param, static CURLcode dumpAlgo(struct dynbuf *store,
const char *beg, const char *end) struct Curl_asn1Element *param,
const char *beg, const char *end)
{ {
struct Curl_asn1Element oid; struct Curl_asn1Element oid;
@ -882,14 +862,16 @@ static const char *dumpAlgo(struct Curl_asn1Element *param,
beg = getASN1Element(&oid, beg, end); beg = getASN1Element(&oid, beg, end);
if(!beg) if(!beg)
return NULL; return CURLE_BAD_FUNCTION_ARGUMENT;
param->header = NULL; param->header = NULL;
param->tag = 0; param->tag = 0;
param->beg = param->end = end; param->beg = param->end = end;
if(beg < end) if(beg < end) {
if(!getASN1Element(param, beg, end)) const char *p = getASN1Element(param, beg, end);
return NULL; if(!p)
return OID2str(oid.beg, oid.end, TRUE); return CURLE_BAD_FUNCTION_ARGUMENT;
}
return OID2str(store, oid.beg, oid.end, TRUE);
} }
/* /*
@ -906,24 +888,47 @@ static CURLcode ssl_push_certinfo(struct Curl_easy *data,
return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen); return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen);
} }
/* return 0 on success, 1 on error */ /*
static int do_pubkey_field(struct Curl_easy *data, int certnum, * This is a convenience function for push_certinfo_len that takes a
const char *label, struct Curl_asn1Element *elem) * dynbuf value.
*
* It also does the verbose output if !certnum.
*/
static CURLcode ssl_push_certinfo_dyn(struct Curl_easy *data,
int certnum,
const char *label,
struct dynbuf *ptr)
{ {
const char *output; size_t valuelen = Curl_dyn_len(ptr);
CURLcode result = CURLE_OK; char *value = Curl_dyn_ptr(ptr);
CURLcode result = Curl_ssl_push_certinfo_len(data, certnum, label,
value, valuelen);
if(!certnum && !result)
infof(data, " %s: %s", label, value);
return result;
}
static CURLcode do_pubkey_field(struct Curl_easy *data, int certnum,
const char *label,
struct Curl_asn1Element *elem)
{
CURLcode result;
struct dynbuf out;
Curl_dyn_init(&out, MAX_X509_STR);
/* Generate a certificate information record for the public key. */ /* Generate a certificate information record for the public key. */
output = ASN1tostr(elem, 0); result = ASN1tostr(&out, elem, 0);
if(output) { if(!result) {
if(data->set.ssl.certinfo) if(data->set.ssl.certinfo)
result = ssl_push_certinfo(data, certnum, label, output); result = ssl_push_certinfo_dyn(data, certnum, label, &out);
if(!certnum && !result) Curl_dyn_free(&out);
infof(data, " %s: %s", label, output);
free((char *) output);
} }
return result ? 1 : 0; return result;
} }
/* return 0 on success, 1 on error */ /* return 0 on success, 1 on error */
@ -1029,24 +1034,12 @@ static int do_pubkey(struct Curl_easy *data, int certnum,
/* /*
* Convert an ASN.1 distinguished name into a printable string. * Convert an ASN.1 distinguished name into a printable string.
* Return the dynamically allocated string, or NULL if an error occurs. * Return error.
*/ */
static const char *DNtostr(struct Curl_asn1Element *dn) static CURLcode DNtostr(struct dynbuf *store,
struct Curl_asn1Element *dn)
{ {
char *buf = NULL; return encodeDN(store, dn);
ssize_t buflen = encodeDN(NULL, 0, dn);
if(buflen >= 0) {
buf = malloc(buflen + 1);
if(buf) {
if(encodeDN(buf, buflen + 1, dn) == -1) {
free(buf);
return NULL;
}
buf[buflen] = '\0';
}
}
return buf;
} }
CURLcode Curl_extract_certinfo(struct Curl_easy *data, CURLcode Curl_extract_certinfo(struct Curl_easy *data,
@ -1056,17 +1049,19 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
{ {
struct Curl_X509certificate cert; struct Curl_X509certificate cert;
struct Curl_asn1Element param; struct Curl_asn1Element param;
const char *ccp;
char *certptr; char *certptr;
size_t clen; size_t clen;
struct dynbuf out; struct dynbuf out;
CURLcode result = CURLE_OK; CURLcode result = CURLE_OK;
unsigned int version; unsigned int version;
const char *ptr;
int rc;
if(!data->set.ssl.certinfo) if(!data->set.ssl.certinfo)
if(certnum) if(certnum)
return CURLE_OK; return CURLE_OK;
Curl_dyn_init(&out, MAX_X509_STR);
/* Prepare the certificate information for curl_easy_getinfo(). */ /* Prepare the certificate information for curl_easy_getinfo(). */
/* Extract the certificate ASN.1 elements. */ /* Extract the certificate ASN.1 elements. */
@ -1074,134 +1069,124 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
return CURLE_PEER_FAILED_VERIFICATION; return CURLE_PEER_FAILED_VERIFICATION;
/* Subject. */ /* Subject. */
ccp = DNtostr(&cert.subject); result = DNtostr(&out, &cert.subject);
if(!ccp) if(result)
return CURLE_OUT_OF_MEMORY; goto done;
if(data->set.ssl.certinfo) { if(data->set.ssl.certinfo) {
result = ssl_push_certinfo(data, certnum, "Subject", ccp); result = ssl_push_certinfo_dyn(data, certnum, "Subject", &out);
if(result) if(result)
return result; goto done;
} }
if(!certnum) Curl_dyn_reset(&out);
infof(data, "%2d Subject: %s", certnum, ccp);
free((char *) ccp);
/* Issuer. */ /* Issuer. */
ccp = DNtostr(&cert.issuer); result = DNtostr(&out, &cert.issuer);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo(data, certnum, "Issuer", ccp);
}
if(!certnum)
infof(data, " Issuer: %s", ccp);
free((char *) ccp);
if(result) if(result)
return result; goto done;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo_dyn(data, certnum, "Issuer", &out);
if(result)
goto done;
}
Curl_dyn_reset(&out);
/* Version (always fits in less than 32 bits). */ /* Version (always fits in less than 32 bits). */
version = 0; version = 0;
for(ccp = cert.version.beg; ccp < cert.version.end; ccp++) for(ptr = cert.version.beg; ptr < cert.version.end; ptr++)
version = (version << 8) | *(const unsigned char *) ccp; version = (version << 8) | *(const unsigned char *) ptr;
if(data->set.ssl.certinfo) { if(data->set.ssl.certinfo) {
ccp = curl_maprintf("%x", version); result = Curl_dyn_addf(&out, "%x", version);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
result = ssl_push_certinfo(data, certnum, "Version", ccp);
free((char *) ccp);
if(result) if(result)
return result; goto done;
result = ssl_push_certinfo_dyn(data, certnum, "Version", &out);
if(result)
goto done;
Curl_dyn_reset(&out);
} }
if(!certnum)
infof(data, " Version: %u (0x%x)", version + 1, version);
/* Serial number. */ /* Serial number. */
ccp = ASN1tostr(&cert.serialNumber, 0); result = ASN1tostr(&out, &cert.serialNumber, 0);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
if(data->set.ssl.certinfo)
result = ssl_push_certinfo(data, certnum, "Serial Number", ccp);
if(!certnum)
infof(data, " Serial Number: %s", ccp);
free((char *) ccp);
if(result) if(result)
return result; goto done;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo_dyn(data, certnum, "Serial Number", &out);
if(result)
goto done;
}
Curl_dyn_reset(&out);
/* Signature algorithm .*/ /* Signature algorithm .*/
ccp = dumpAlgo(&param, cert.signatureAlgorithm.beg, result = dumpAlgo(&out, &param, cert.signatureAlgorithm.beg,
cert.signatureAlgorithm.end); cert.signatureAlgorithm.end);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
if(data->set.ssl.certinfo)
result = ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp);
if(!certnum)
infof(data, " Signature Algorithm: %s", ccp);
free((char *) ccp);
if(result) if(result)
return result; goto done;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo_dyn(data, certnum, "Signature Algorithm",
&out);
if(result)
goto done;
}
Curl_dyn_reset(&out);
/* Start Date. */ /* Start Date. */
ccp = ASN1tostr(&cert.notBefore, 0); result = ASN1tostr(&out, &cert.notBefore, 0);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
if(data->set.ssl.certinfo)
result = ssl_push_certinfo(data, certnum, "Start Date", ccp);
if(!certnum)
infof(data, " Start Date: %s", ccp);
free((char *) ccp);
if(result) if(result)
return result; goto done;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo_dyn(data, certnum, "Start Date", &out);
if(result)
goto done;
}
Curl_dyn_reset(&out);
/* Expire Date. */ /* Expire Date. */
ccp = ASN1tostr(&cert.notAfter, 0); result = ASN1tostr(&out, &cert.notAfter, 0);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
if(data->set.ssl.certinfo)
result = ssl_push_certinfo(data, certnum, "Expire Date", ccp);
if(!certnum)
infof(data, " Expire Date: %s", ccp);
free((char *) ccp);
if(result) if(result)
return result; goto done;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo_dyn(data, certnum, "Expire Date", &out);
if(result)
goto done;
}
Curl_dyn_reset(&out);
/* Public Key Algorithm. */ /* Public Key Algorithm. */
ccp = dumpAlgo(&param, cert.subjectPublicKeyAlgorithm.beg, result = dumpAlgo(&out, &param, cert.subjectPublicKeyAlgorithm.beg,
cert.subjectPublicKeyAlgorithm.end); cert.subjectPublicKeyAlgorithm.end);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
if(data->set.ssl.certinfo)
result = ssl_push_certinfo(data, certnum, "Public Key Algorithm",
ccp);
if(!result) {
int ret;
if(!certnum)
infof(data, " Public Key Algorithm: %s", ccp);
ret = do_pubkey(data, certnum, ccp, &param, &cert.subjectPublicKey);
if(ret)
result = CURLE_OUT_OF_MEMORY; /* the most likely error */
}
free((char *) ccp);
if(result) if(result)
return result; goto done;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo_dyn(data, certnum, "Public Key Algorithm",
&out);
if(result)
goto done;
}
rc = do_pubkey(data, certnum, Curl_dyn_ptr(&out),
&param, &cert.subjectPublicKey);
if(rc) {
result = CURLE_OUT_OF_MEMORY; /* the most likely error */
goto done;
}
Curl_dyn_reset(&out);
/* Signature. */ /* Signature. */
ccp = ASN1tostr(&cert.signature, 0); result = ASN1tostr(&out, &cert.signature, 0);
if(!ccp)
return CURLE_OUT_OF_MEMORY;
if(data->set.ssl.certinfo)
result = ssl_push_certinfo(data, certnum, "Signature", ccp);
if(!certnum)
infof(data, " Signature: %s", ccp);
free((char *) ccp);
if(result) if(result)
return result; goto done;
if(data->set.ssl.certinfo) {
result = ssl_push_certinfo_dyn(data, certnum, "Signature", &out);
if(result)
goto done;
}
Curl_dyn_reset(&out);
/* Generate PEM certificate. */ /* Generate PEM certificate. */
result = Curl_base64_encode(cert.certificate.beg, result = Curl_base64_encode(cert.certificate.beg,
cert.certificate.end - cert.certificate.beg, cert.certificate.end - cert.certificate.beg,
&certptr, &clen); &certptr, &clen);
if(result) if(result)
return result; goto done;
/* Generate the final output certificate string. Format is: /* Generate the final output certificate string. Format is:
-----BEGIN CERTIFICATE-----\n -----BEGIN CERTIFICATE-----\n
@ -1212,7 +1197,7 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
-----END CERTIFICATE-----\n -----END CERTIFICATE-----\n
*/ */
Curl_dyn_init(&out, MAX_X509_CERT); Curl_dyn_reset(&out);
/* Build the certificate string. */ /* Build the certificate string. */
result = Curl_dyn_add(&out, "-----BEGIN CERTIFICATE-----\n"); result = Curl_dyn_add(&out, "-----BEGIN CERTIFICATE-----\n");
@ -1230,13 +1215,11 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data,
result = Curl_dyn_add(&out, "-----END CERTIFICATE-----\n"); result = Curl_dyn_add(&out, "-----END CERTIFICATE-----\n");
} }
free(certptr); free(certptr);
if(!result) { if(!result)
if(data->set.ssl.certinfo) if(data->set.ssl.certinfo)
result = ssl_push_certinfo(data, certnum, "Cert", result = ssl_push_certinfo_dyn(data, certnum, "Cert", &out);
Curl_dyn_ptr(&out));
if(!certnum) done:
infof(data, "%s", Curl_dyn_ptr(&out));
}
Curl_dyn_free(&out); Curl_dyn_free(&out);
return result; return result;
} }