diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2022-02-04 11:06:39 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2022-02-05 00:11:34 +0100 |
| commit | 27614355bfe8e83bcab4ea21ad51c02bf29a5b43 (patch) | |
| tree | d7a3b4c08018fe41526f4a95c53d23645581f235 /lib/vtls/x509asn1.c | |
| parent | 9478a97035cc85d88bfba5e0ed0090edc727f4f5 (diff) | |
| download | curl-27614355bfe8e83bcab4ea21ad51c02bf29a5b43.tar.gz | |
x509asn1: toggle off functions not needed for diff tls backends
... and clean the header file from private defines/structs (move to C
file) and unused function prototypes.
Closes #8386
Diffstat (limited to 'lib/vtls/x509asn1.c')
| -rw-r--r-- | lib/vtls/x509asn1.c | 127 |
1 files changed, 102 insertions, 25 deletions
diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c index 64cf5f15d..d44bdbdec 100644 --- a/lib/vtls/x509asn1.c +++ b/lib/vtls/x509asn1.c @@ -22,8 +22,23 @@ #include "curl_setup.h" -#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ - defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) + +#if defined(USE_GSKIT) || defined(USE_WOLFSSL) || defined(USE_SCHANNEL) +#define WANT_PARSEX509 /* uses Curl_parseX509() */ +#endif + +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_SCHANNEL) || defined(USE_SECTRANSP) +#define WANT_EXTRACT_CERTINFO /* uses Curl_extract_certinfo() */ +#define WANT_PARSEX509 /* ... uses Curl_parseX509() */ +#endif + +#if defined(USE_GSKIT) +#define WANT_VERIFYHOST /* uses Curl_verifyhost () */ +#define WANT_PARSEX509 /* ... uses Curl_parseX509() */ +#endif #include <curl/curl.h> #include "urldata.h" @@ -41,6 +56,56 @@ #include "curl_memory.h" #include "memdebug.h" +/* + * Constants. + */ + +/* Largest supported ASN.1 structure. */ +#define CURL_ASN1_MAX ((size_t) 0x40000) /* 256K */ + +/* ASN.1 classes. */ +#define CURL_ASN1_UNIVERSAL 0 +#define CURL_ASN1_APPLICATION 1 +#define CURL_ASN1_CONTEXT_SPECIFIC 2 +#define CURL_ASN1_PRIVATE 3 + +/* ASN.1 types. */ +#define CURL_ASN1_BOOLEAN 1 +#define CURL_ASN1_INTEGER 2 +#define CURL_ASN1_BIT_STRING 3 +#define CURL_ASN1_OCTET_STRING 4 +#define CURL_ASN1_NULL 5 +#define CURL_ASN1_OBJECT_IDENTIFIER 6 +#define CURL_ASN1_OBJECT_DESCRIPTOR 7 +#define CURL_ASN1_INSTANCE_OF 8 +#define CURL_ASN1_REAL 9 +#define CURL_ASN1_ENUMERATED 10 +#define CURL_ASN1_EMBEDDED 11 +#define CURL_ASN1_UTF8_STRING 12 +#define CURL_ASN1_RELATIVE_OID 13 +#define CURL_ASN1_SEQUENCE 16 +#define CURL_ASN1_SET 17 +#define CURL_ASN1_NUMERIC_STRING 18 +#define CURL_ASN1_PRINTABLE_STRING 19 +#define CURL_ASN1_TELETEX_STRING 20 +#define CURL_ASN1_VIDEOTEX_STRING 21 +#define CURL_ASN1_IA5_STRING 22 +#define CURL_ASN1_UTC_TIME 23 +#define CURL_ASN1_GENERALIZED_TIME 24 +#define CURL_ASN1_GRAPHIC_STRING 25 +#define CURL_ASN1_VISIBLE_STRING 26 +#define CURL_ASN1_GENERAL_STRING 27 +#define CURL_ASN1_UNIVERSAL_STRING 28 +#define CURL_ASN1_CHARACTER_STRING 29 +#define CURL_ASN1_BMP_STRING 30 + +#ifdef WANT_EXTRACT_CERTINFO +/* ASN.1 OID table entry. */ +struct Curl_OID { + const char *numoid; /* Dotted-numeric OID. */ + const char *textoid; /* OID name. */ +}; + /* ASN.1 OIDs. */ static const char cnOID[] = "2.5.4.3"; /* Common name. */ static const char sanOID[] = "2.5.29.17"; /* Subject alternative name. */ @@ -95,6 +160,8 @@ static const struct Curl_OID OIDtable[] = { { (const char *) NULL, (const char *) NULL } }; +#endif /* WANT_EXTRACT_CERTINFO */ + /* * Lightweight ASN.1 parser. * In particular, it does not check for syntactic/lexical errors. @@ -173,6 +240,8 @@ static const char *getASN1Element(struct Curl_asn1Element *elem, return elem->end; } +#ifdef WANT_EXTRACT_CERTINFO + /* * Search the null terminated OID or OID identifier in local table. * Return the table entry pointer or NULL if not found. @@ -683,28 +752,9 @@ static ssize_t encodeDN(char *buf, size_t buflen, struct Curl_asn1Element *dn) return l; } -/* - * Convert an ASN.1 distinguished name into a printable string. - * Return the dynamically allocated string, or NULL if an error occurs. - */ -static const char *DNtostr(struct Curl_asn1Element *dn) -{ - char *buf = NULL; - ssize_t buflen = encodeDN(NULL, 0, dn); - - if(buflen >= 0) { - buf = malloc(buflen + 1); - if(buf) { - if(encodeDN(buf, buflen + 1, dn) == -1) { - free(buf); - return NULL; - } - buf[buflen] = '\0'; - } - } - return buf; -} +#endif /* WANT_EXTRACT_CERTINFO */ +#ifdef WANT_PARSEX509 /* * ASN.1 parse an X509 certificate into structure subfields. * Syntax is assumed to have already been checked by the SSL backend. @@ -824,6 +874,9 @@ int Curl_parseX509(struct Curl_X509certificate *cert, return 0; } +#endif /* WANT_PARSEX509 */ + +#ifdef WANT_EXTRACT_CERTINFO /* * Copy at most 64-characters, terminate with a newline and returns the @@ -969,6 +1022,28 @@ static int do_pubkey(struct Curl_easy *data, int certnum, return 0; } +/* + * Convert an ASN.1 distinguished name into a printable string. + * Return the dynamically allocated string, or NULL if an error occurs. + */ +static const char *DNtostr(struct Curl_asn1Element *dn) +{ + char *buf = NULL; + ssize_t buflen = encodeDN(NULL, 0, dn); + + if(buflen >= 0) { + buf = malloc(buflen + 1); + if(buf) { + if(encodeDN(buf, buflen + 1, dn) == -1) { + free(buf); + return NULL; + } + buf[buflen] = '\0'; + } + } + return buf; +} + CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, const char *beg, @@ -1153,10 +1228,12 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, return result; } +#endif /* WANT_EXTRACT_CERTINFO */ + #endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL * or USE_SECTRANSP */ -#if defined(USE_GSKIT) +#ifdef WANT_VERIFYHOST static const char *checkOID(const char *beg, const char *end, const char *oid) @@ -1326,4 +1403,4 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, return CURLE_PEER_FAILED_VERIFICATION; } -#endif /* USE_GSKIT */ +#endif /* WANT_VERIFYHOST */ |