From d1532a80fa4c1ed5478d30349ec743a37d851a95 Mon Sep 17 00:00:00 2001 From: astralia Date: Fri, 18 Oct 2024 17:33:30 +0200 Subject: [PATCH] Check x509 APIs nullability for #23490 --- libr/util/x509.c | 498 +++++++++++++++++++++++------------------------ libr/util/x509.h | 2 + 2 files changed, 245 insertions(+), 255 deletions(-) diff --git a/libr/util/x509.c b/libr/util/x509.c index e706b8b713a7d..54bf9d8ac1e7e 100644 --- a/libr/util/x509.c +++ b/libr/util/x509.c @@ -1,18 +1,17 @@ -/* radare2 - LGPL - Copyright 2017-2022 - wargio */ +/* radare2 - LGPL - Copyright 2017-2024 - wargio */ -#include #include #include "x509.h" -static bool r_x509_parse_validity(RX509Validity *validity, RASN1Object *object) { - RASN1Object *o; - if (!validity || !object || object->list.length != 2) { +static bool parse_validity(RX509Validity *validity, RASN1Object *object) { + R_RETURN_VAL_IF_FAIL (validity && object, false); + if (object->list.length != 2) { return false; } if (object->klass == CLASS_UNIVERSAL && object->tag == TAG_SEQUENCE && object->form == FORM_CONSTRUCTED) { - o = object->list.objects[0]; + RASN1Object *o = object->list.objects[0]; if (o->klass == CLASS_UNIVERSAL && o->form == FORM_PRIMITIVE) { if (o->tag == TAG_UTCTIME) { validity->notBefore = r_asn1_stringify_utctime (o->sector, o->length); @@ -38,9 +37,32 @@ static inline bool is_oid_object(RASN1Object *object) { object->list.objects[0]->tag == TAG_OID; } +static void fini_validity(RX509Validity *validity) { + R_RETURN_IF_FAIL (validity); + r_asn1_string_free (validity->notAfter); + r_asn1_string_free (validity->notBefore); +} + +static void free_crlentry(R_NULLABLE RX509CRLEntry *entry) { + if (entry) { + r_asn1_binary_free (entry->userCertificate); + r_asn1_string_free (entry->revocationDate); + free (entry); + } +} + +static void validity_dump(RX509Validity *validity, const char *pad, RStrBuf *sb) { + R_RETURN_IF_FAIL (validity && sb); + if (!pad) { + pad = ""; + } + const char *b = validity->notBefore ? validity->notBefore->string : "Missing"; + const char *a = validity->notAfter ? validity->notAfter->string : "Missing"; + r_strbuf_appendf (sb, "%sNot Before: %s\n%sNot After: %s\n", pad, b, pad, a); +} + R_API bool r_x509_parse_algorithmidentifier(RX509AlgorithmIdentifier *ai, RASN1Object *object) { R_RETURN_VAL_IF_FAIL (ai && object, false); - if (object->list.length < 1 || !object->list.objects || !is_oid_object (object)) { return false; } @@ -51,21 +73,35 @@ R_API bool r_x509_parse_algorithmidentifier(RX509AlgorithmIdentifier *ai, RASN1O return true; } +// R2_600 this should be fini instead of free +R_API void r_x509_free_algorithmidentifier(RX509AlgorithmIdentifier *ai) { + R_RETURN_IF_FAIL (ai); + r_asn1_string_free (ai->algorithm); + r_asn1_string_free (ai->parameters); +} + R_API bool r_x509_parse_subjectpublickeyinfo(RX509SubjectPublicKeyInfo *spki, RASN1Object *object) { - RASN1Object *o; + R_RETURN_VAL_IF_FAIL (spki && object, false); if (!spki || !object || object->list.length != 2) { return false; } r_x509_parse_algorithmidentifier (&spki->algorithm, object->list.objects[0]); if (object->list.objects[1]) { - o = object->list.objects[1]; + RASN1Object *o = object->list.objects[1]; spki->subjectPublicKey = r_asn1_create_binary (o->sector, o->length); } return true; } +// R2_600 this should be fini +R_API void r_x509_free_subjectpublickeyinfo(RX509SubjectPublicKeyInfo *spki) { + R_RETURN_IF_FAIL (spki); + r_x509_free_algorithmidentifier (&spki->algorithm); + r_asn1_binary_free (spki->subjectPublicKey); +} + R_API bool r_x509_parse_name(RX509Name *name, RASN1Object *object) { - ut32 i; + R_RETURN_VAL_IF_FAIL (name && object, false); if (!name || !object || !object->list.length) { return false; } @@ -82,6 +118,7 @@ R_API bool r_x509_parse_name(RX509Name *name, RASN1Object *object) { R_FREE (name->names); return false; } + ut32 i; for (i = 0; i < object->list.length; i++) { RASN1Object *o = object->list.objects[i]; if (o && o->klass == CLASS_UNIVERSAL && @@ -94,7 +131,8 @@ R_API bool r_x509_parse_name(RX509Name *name, RASN1Object *object) { o->tag == TAG_SEQUENCE) { if (o->list.objects[0]->klass == CLASS_UNIVERSAL && o->list.objects[0]->tag == TAG_OID) { - name->oids[i] = r_asn1_stringify_oid (o->list.objects[0]->sector, o->list.objects[0]->length); + name->oids[i] = r_asn1_stringify_oid (o->list.objects[0]->sector, + o->list.objects[0]->length); } RASN1Object *obj1 = o->list.objects[1]; if (obj1 && obj1->klass == CLASS_UNIVERSAL) { @@ -107,6 +145,20 @@ R_API bool r_x509_parse_name(RX509Name *name, RASN1Object *object) { return true; } +// R2_600 this should be fini instead of free +R_API void r_x509_free_name(RX509Name *name) { + R_RETURN_IF_FAIL (name); + if (name->names) { + ut32 i; + for (i = 0; i < name->length; i++) { + r_asn1_string_free (name->oids[i]); + r_asn1_string_free (name->names[i]); + } + R_FREE (name->names); + R_FREE (name->oids); + } +} + R_API bool r_x509_parse_extension(RX509Extension *ext, RASN1Object *object) { R_RETURN_VAL_IF_FAIL (ext && object, false); if (object->list.length != 2) { @@ -128,8 +180,16 @@ R_API bool r_x509_parse_extension(RX509Extension *ext, RASN1Object *object) { return true; } +R_API void r_x509_free_extension(R_NULLABLE RX509Extension *ex) { + if (ex) { + r_asn1_string_free (ex->extnID); + r_asn1_binary_free (ex->extnValue); + free (ex); + } +} + R_API bool r_x509_parse_extensions(RX509Extensions *ext, RASN1Object *object) { - ut32 i; + R_RETURN_VAL_IF_FAIL (ext && object, false); if (!ext || !object || object->list.length != 1 || !object->list.objects[0]->length) { return false; } @@ -139,6 +199,7 @@ R_API bool r_x509_parse_extensions(RX509Extensions *ext, RASN1Object *object) { return false; } ext->length = object->list.length; + ut32 i; for (i = 0; i < object->list.length; i++) { ext->extensions[i] = R_NEW0 (RX509Extension); if (!r_x509_parse_extension (ext->extensions[i], object->list.objects[i])) { @@ -149,14 +210,25 @@ R_API bool r_x509_parse_extensions(RX509Extensions *ext, RASN1Object *object) { return true; } +// R2_600 this should be fini +R_API void r_x509_free_extensions(RX509Extensions *ex) { + R_RETURN_IF_FAIL (ex); + if (ex->extensions) { + ut32 i; + for (i = 0; i < ex->length; i++) { + r_x509_free_extension (ex->extensions[i]); + } + free (ex->extensions); + } +} + R_API bool r_x509_parse_tbscertificate(RX509TBSCertificate *tbsc, RASN1Object *object) { - RASN1Object **elems; - ut32 i; - ut32 shift = 0; - if (!tbsc || !object || object->list.length < 6) { + R_RETURN_VAL_IF_FAIL (tbsc && object, false); + if (object->list.length < 6) { return false; } - elems = object->list.objects; + RASN1Object **elems = object->list.objects; + ut32 shift = 0; //Following RFC if (elems[0]->list.length == 1 && elems[0]->klass == CLASS_CONTEXT && @@ -169,7 +241,8 @@ R_API bool r_x509_parse_tbscertificate(RX509TBSCertificate *tbsc, RASN1Object *o } else { tbsc->version = 0; } - if (shift < object->list.length && elems[shift]->klass == CLASS_UNIVERSAL && elems[shift]->tag == TAG_INTEGER) { + if (shift < object->list.length && elems[shift]->klass == CLASS_UNIVERSAL \ + && elems[shift]->tag == TAG_INTEGER) { tbsc->serialNumber = r_asn1_stringify_integer (elems[shift]->sector, elems[shift]->length); } if (object->list.length < shift + 6) { @@ -177,22 +250,25 @@ R_API bool r_x509_parse_tbscertificate(RX509TBSCertificate *tbsc, RASN1Object *o } r_x509_parse_algorithmidentifier (&tbsc->signature, elems[shift + 1]); r_x509_parse_name (&tbsc->issuer, elems[shift + 2]); - r_x509_parse_validity (&tbsc->validity, elems[shift + 3]); + parse_validity (&tbsc->validity, elems[shift + 3]); r_x509_parse_name (&tbsc->subject, elems[shift + 4]); r_x509_parse_subjectpublickeyinfo (&tbsc->subjectPublicKeyInfo, elems[shift + 5]); if (tbsc->version > 0) { + ut32 i; for (i = shift + 6; i < object->list.length; i++) { if (!elems[i] || elems[i]->klass != CLASS_CONTEXT) { continue; } if (elems[i]->tag == 1) { - tbsc->issuerUniqueID = r_asn1_create_binary (object->list.objects[i]->sector, object->list.objects[i]->length); + tbsc->issuerUniqueID = r_asn1_create_binary (object->list.objects[i]->sector, + object->list.objects[i]->length); } if (!elems[i]) { continue; } if (elems[i]->tag == 2) { - tbsc->subjectUniqueID = r_asn1_create_binary (object->list.objects[i]->sector, object->list.objects[i]->length); + tbsc->subjectUniqueID = r_asn1_create_binary (object->list.objects[i]->sector, + object->list.objects[i]->length); } if (!elems[i]) { continue; @@ -205,10 +281,63 @@ R_API bool r_x509_parse_tbscertificate(RX509TBSCertificate *tbsc, RASN1Object *o return true; } -R_API RX509Certificate *r_x509_parse_certificate(RASN1Object *object) { - if (!object) { +// R2_600 this should be fini +R_API void r_x509_free_tbscertificate(RX509TBSCertificate *tbsc) { + R_RETURN_IF_FAIL (tbsc); + r_asn1_string_free (tbsc->serialNumber); + r_x509_free_algorithmidentifier (&tbsc->signature); + r_x509_free_name (&tbsc->issuer); + fini_validity (&tbsc->validity); + r_x509_free_name (&tbsc->subject); + r_x509_free_subjectpublickeyinfo (&tbsc->subjectPublicKeyInfo); + r_asn1_binary_free (tbsc->subjectUniqueID); + r_asn1_binary_free (tbsc->issuerUniqueID); + r_x509_free_extensions (&tbsc->extensions); +} + +R_API RX509CRLEntry *r_x509_parse_crlentry(RASN1Object *object) { + R_RETURN_VAL_IF_FAIL (object, NULL); + if (object->list.length != 2) { + return NULL; + } + RX509CRLEntry *entry = R_NEW0 (RX509CRLEntry); + if (!entry) { + return NULL; + } + struct r_asn1_object_t *obj0 = object->list.objects[0]; + if (!obj0) { + free (entry); + return NULL; + } + entry->userCertificate = r_asn1_create_binary (obj0->sector, obj0->length); + struct r_asn1_object_t *obj1 = object->list.objects[1]; + if (!obj1) { + free (entry); return NULL; } + entry->revocationDate = r_asn1_stringify_utctime (obj1->sector, obj1->length); + return entry; +} + +R_API void r_x509_name_dump(RX509Name *name, const char *pad, RStrBuf *sb) { + R_RETURN_IF_FAIL (name && sb); + if (!pad) { + pad = ""; + } + ut32 i; + for (i = 0; i < name->length; i++) { + if (!name->oids[i] || !name->names[i]) { + continue; + } + r_strbuf_appendf (sb, "%s%s: %s\n", pad, name->oids[i]->string, name->names[i]->string); + } +} + +// R2_600 review the following as they are not defined at x509.h (some are at r_x509.h) + +// R2_600 defined at r_util/r_x509.h +R_API RX509Certificate *r_x509_parse_certificate(RASN1Object *object) { + R_RETURN_VAL_IF_FAIL (object, NULL); RX509Certificate *cert = R_NEW0 (RX509Certificate); if (!cert) { goto fail; @@ -237,31 +366,20 @@ R_API RX509Certificate *r_x509_parse_certificate(RASN1Object *object) { return cert; } -R_API RX509CRLEntry *r_x509_parse_crlentry(RASN1Object *object) { - if (!object || object->list.length != 2) { - return NULL; - } - RX509CRLEntry *entry = R_NEW0 (RX509CRLEntry); - if (!entry) { - return NULL; - } - struct r_asn1_object_t *obj0 = object->list.objects[0]; - if (!obj0) { - free (entry); - return NULL; - } - entry->userCertificate = r_asn1_create_binary (obj0->sector, obj0->length); - struct r_asn1_object_t *obj1 = object->list.objects[1]; - if (!obj1) { - free (entry); - return NULL; +// R2_600 defined at r_util/r_x509.h +R_API void r_x509_free_certificate(R_NULLABLE RX509Certificate *certificate) { + if (certificate) { + r_asn1_binary_free (certificate->signature); + r_x509_free_algorithmidentifier (&certificate->algorithmIdentifier); + r_x509_free_tbscertificate (&certificate->tbsCertificate); + free (certificate); } - entry->revocationDate = r_asn1_stringify_utctime (obj1->sector, obj1->length); - return entry; } +// R2_600 defined at r_util/r_x509.h R_API RX509CertificateRevocationList *r_x509_parse_crl(RASN1Object *object) { - if (!object || object->list.length < 4) { + R_RETURN_VAL_IF_FAIL (object, NULL); + if (object->list.length < 4) { return NULL; } RX509CertificateRevocationList *crl = R_NEW0 (RX509CertificateRevocationList); @@ -286,13 +404,13 @@ R_API RX509CertificateRevocationList *r_x509_parse_crl(RASN1Object *object) { crl->nextUpdate = r_asn1_stringify_utctime (elems[3]->sector, elems[3]->length); } if (object->list.length > 4 && object->list.objects[4]) { - ut32 i; crl->revokedCertificates = calloc (object->list.objects[4]->list.length, sizeof (RX509CRLEntry *)); if (!crl->revokedCertificates) { free (crl); return NULL; } crl->length = object->list.objects[4]->list.length; + ut32 i; for (i = 0; i < object->list.objects[4]->list.length; i++) { crl->revokedCertificates[i] = r_x509_parse_crlentry (object->list.objects[4]->list.objects[i]); } @@ -300,112 +418,17 @@ R_API RX509CertificateRevocationList *r_x509_parse_crl(RASN1Object *object) { return crl; } -R_API void r_x509_free_algorithmidentifier(RX509AlgorithmIdentifier *ai) { - if (ai) { - // no need to free ai, since this functions is used internally - r_asn1_string_free (ai->algorithm); - r_asn1_string_free (ai->parameters); - } -} - -static void r_x509_free_validity(RX509Validity *validity) { - if (validity) { - // not freeing validity since it's not allocated dinamically - r_asn1_string_free (validity->notAfter); - r_asn1_string_free (validity->notBefore); - } -} - -R_API void r_x509_free_name(RX509Name *name) { - ut32 i; - if (!name) { - return; - } - if (name->names) { - for (i = 0; i < name->length; i++) { - r_asn1_string_free (name->oids[i]); - r_asn1_string_free (name->names[i]); - } - R_FREE (name->names); - R_FREE (name->oids); - } - // not freeing name since it's not allocated dinamically -} - -void r_x509_free_extension(RX509Extension *ex) { - if (ex) { - r_asn1_string_free (ex->extnID); - r_asn1_binary_free (ex->extnValue); - //this is allocated dinamically so, i'll free - free (ex); - } -} - -void r_x509_free_extensions (RX509Extensions *ex) { - ut32 i; - if (!ex) { - return; - } - if (ex->extensions) { - for (i = 0; i < ex->length; i++) { - r_x509_free_extension (ex->extensions[i]); - } - free (ex->extensions); - } - //no need to free ex, since this functions is used internally -} - -void r_x509_free_subjectpublickeyinfo (RX509SubjectPublicKeyInfo *spki) { - if (spki) { - r_x509_free_algorithmidentifier (&spki->algorithm); - r_asn1_binary_free (spki->subjectPublicKey); - // No need to free spki, since it's a static variable. - } -} - -void r_x509_free_tbscertificate (RX509TBSCertificate *tbsc) { - if (tbsc) { - // version is ut32 - r_asn1_string_free (tbsc->serialNumber); - r_x509_free_algorithmidentifier (&tbsc->signature); - r_x509_free_name (&tbsc->issuer); - r_x509_free_validity (&tbsc->validity); - r_x509_free_name (&tbsc->subject); - r_x509_free_subjectpublickeyinfo (&tbsc->subjectPublicKeyInfo); - r_asn1_binary_free (tbsc->subjectUniqueID); - r_asn1_binary_free (tbsc->issuerUniqueID); - r_x509_free_extensions (&tbsc->extensions); - //no need to free tbsc, since this functions is used internally - } -} - -void r_x509_free_certificate (RX509Certificate *certificate) { - if (certificate) { - r_asn1_binary_free (certificate->signature); - r_x509_free_algorithmidentifier (&certificate->algorithmIdentifier); - r_x509_free_tbscertificate (&certificate->tbsCertificate); - free (certificate); - } -} - -static void r_x509_free_crlentry(RX509CRLEntry *entry) { - if (entry) { - r_asn1_binary_free (entry->userCertificate); - r_asn1_string_free (entry->revocationDate); - free (entry); - } -} - -void r_x509_free_crl (RX509CertificateRevocationList *crl) { - ut32 i; +// R2_600 defined at r_util/r_x509.h +void r_x509_free_crl(R_NULLABLE RX509CertificateRevocationList *crl) { if (crl) { r_x509_free_algorithmidentifier (&crl->signature); r_x509_free_name (&crl->issuer); r_asn1_string_free (crl->nextUpdate); r_asn1_string_free (crl->lastUpdate); if (crl->revokedCertificates) { + ut32 i; for (i = 0; i < crl->length; i++) { - r_x509_free_crlentry (crl->revokedCertificates[i]); + free_crlentry (crl->revokedCertificates[i]); crl->revokedCertificates[i] = NULL; } R_FREE (crl->revokedCertificates); @@ -414,59 +437,27 @@ void r_x509_free_crl (RX509CertificateRevocationList *crl) { } } -static void r_x509_validity_dump(RX509Validity *validity, const char *pad, RStrBuf *sb) { - if (!validity) { - return; - } +static void pubkey_dump(RX509SubjectPublicKeyInfo *spki, const char *pad, RStrBuf *sb) { + R_RETURN_IF_FAIL (spki && sb); if (!pad) { pad = ""; } - const char *b = validity->notBefore ? validity->notBefore->string : "Missing"; - const char *a = validity->notAfter ? validity->notAfter->string : "Missing"; - r_strbuf_appendf (sb, "%sNot Before: %s\n%sNot After: %s\n", pad, b, pad, a); -} - -R_API void r_x509_name_dump(RX509Name *name, const char *pad, RStrBuf *sb) { - ut32 i; - if (!name) { - return; - } - if (!pad) { - pad = ""; - } - for (i = 0; i < name->length; i++) { - if (!name->oids[i] || !name->names[i]) { - continue; - } - r_strbuf_appendf (sb, "%s%s: %s\n", pad, name->oids[i]->string, name->names[i]->string); - } -} - -static void r_x509_subjectpublickeyinfo_dump(RX509SubjectPublicKeyInfo *spki, const char *pad, RStrBuf *sb) { - const char *a; - if (!spki) { - return; - } - if (!pad) { - pad = ""; - } - a = spki->algorithm.algorithm? spki->algorithm.algorithm->string: "Missing"; + const char *a = spki->algorithm.algorithm? spki->algorithm.algorithm->string: "Missing"; RASN1String *pubkey = NULL; if (spki->subjectPublicKey) { pubkey = r_asn1_stringify_integer (spki->subjectPublicKey->binary, spki->subjectPublicKey->length); } - r_strbuf_appendf (sb, "%sAlgorithm: %s\n%sPublic key: %u bytes\n", pad, a, pad, pubkey? spki->subjectPublicKey->length: 0); + r_strbuf_appendf (sb, "%sAlgorithm: %s\n%sPublic key: %u bytes\n", pad, a, pad, + pubkey? spki->subjectPublicKey->length: 0); r_asn1_string_free (pubkey); } -static void r_x509_extensions_dump(RX509Extensions *exts, const char *pad, RStrBuf *sb) { - ut32 i; - if (!exts) { - return; - } +static void extensions_dump(RX509Extensions *exts, const char *pad, RStrBuf *sb) { + R_RETURN_IF_FAIL (exts && sb); if (!pad) { pad = ""; } + ut32 i; for (i = 0; i < exts->length; i++) { RX509Extension *e = exts->extensions[i]; if (!e) { @@ -482,11 +473,8 @@ static void r_x509_extensions_dump(RX509Extensions *exts, const char *pad, RStrB } } -static void r_x509_tbscertificate_dump(RX509TBSCertificate *tbsc, const char *pad, RStrBuf *sb) { - RASN1String *sid = NULL, *iid = NULL; - if (!tbsc) { - return; - } +static void tbscertificate_dump(RX509TBSCertificate *tbsc, const char *pad, RStrBuf *sb) { + R_RETURN_IF_FAIL (tbsc && sb); if (!pad) { pad = ""; } @@ -505,23 +493,23 @@ static void r_x509_tbscertificate_dump(RX509TBSCertificate *tbsc, const char *pa r_x509_name_dump (&tbsc->issuer, pad2, sb); r_strbuf_appendf (sb, "%sValidity:\n", pad); - r_x509_validity_dump (&tbsc->validity, pad2, sb); + validity_dump (&tbsc->validity, pad2, sb); r_strbuf_appendf (sb, "%sSubject:\n", pad); r_x509_name_dump (&tbsc->subject, pad2, sb); r_strbuf_appendf (sb, "%sSubject Public Key Info:\n", pad); - r_x509_subjectpublickeyinfo_dump (&tbsc->subjectPublicKeyInfo, pad2, sb); + pubkey_dump (&tbsc->subjectPublicKeyInfo, pad2, sb); if (tbsc->issuerUniqueID) { - iid = r_asn1_stringify_integer (tbsc->issuerUniqueID->binary, tbsc->issuerUniqueID->length); + RASN1String *iid = r_asn1_stringify_integer (tbsc->issuerUniqueID->binary, tbsc->issuerUniqueID->length); if (iid) { r_strbuf_appendf (sb, "%sIssuer Unique ID:\n%s %s", pad, pad, iid->string); r_asn1_string_free (iid); } } if (tbsc->subjectUniqueID) { - sid = r_asn1_stringify_integer (tbsc->subjectUniqueID->binary, tbsc->subjectUniqueID->length); + RASN1String *sid = r_asn1_stringify_integer (tbsc->subjectUniqueID->binary, tbsc->subjectUniqueID->length); if (sid) { r_strbuf_appendf (sb, "%sSubject Unique ID:\n%s %s", pad, pad, sid->string); r_asn1_string_free (sid); @@ -529,27 +517,24 @@ static void r_x509_tbscertificate_dump(RX509TBSCertificate *tbsc, const char *pa } r_strbuf_appendf (sb, "%sExtensions:\n", pad); - r_x509_extensions_dump (&tbsc->extensions, pad2, sb); + extensions_dump (&tbsc->extensions, pad2, sb); free (pad2); } +// R2_600 defined at r_util/r_x509.h R_API void r_x509_certificate_dump(RX509Certificate *cert, const char *pad, RStrBuf *sb) { - RASN1String *algo = NULL; - char *pad2; - if (!cert) { - return; - } + R_RETURN_IF_FAIL (cert && sb); if (!pad) { pad = ""; } - pad2 = r_str_newf ("%s ", pad); + char *pad2 = r_str_newf ("%s ", pad); if (!pad2) { return; } r_strbuf_appendf (sb, "%sTBSCertificate:\n", pad); - r_x509_tbscertificate_dump (&cert->tbsCertificate, pad2, sb); + tbscertificate_dump (&cert->tbsCertificate, pad2, sb); - algo = cert->algorithmIdentifier.algorithm; + RASN1String *algo = cert->algorithmIdentifier.algorithm; // signature = r_asn1_stringify_bytes (certificate->signature->binary, certificate->signature->length); // eprintf ("%sAlgorithm:\n%s%s\n%sSignature: %u bytes\n%s\n", // pad, pad2, algo ? algo->string : "", @@ -557,18 +542,15 @@ R_API void r_x509_certificate_dump(RX509Certificate *cert, const char *pad, RStr r_strbuf_appendf (sb, "%sAlgorithm:\n%s%s\n%sSignature: %u bytes\n", pad, pad2, algo ? algo->string : "", pad, cert->signature->length); free (pad2); - // r_asn1_string_free (signature); + // r_asn1_string_free (signature); } R_API void r_x509_crlentry_dump(RX509CRLEntry *crle, const char *pad, RStrBuf *sb) { - RASN1String *id = NULL, *utc = NULL; - if (!crle) { - return; - } + R_RETURN_IF_FAIL (crle && sb); if (!pad) { pad = ""; } - utc = crle->revocationDate; + RASN1String *id = NULL, *utc = crle->revocationDate; if (crle->userCertificate) { id = r_asn1_stringify_integer (crle->userCertificate->binary, crle->userCertificate->length); } @@ -579,24 +561,20 @@ R_API void r_x509_crlentry_dump(RX509CRLEntry *crle, const char *pad, RStrBuf *s r_asn1_string_free (id); } +// R2_600 defined at r_util/r_x509.h R_API char *r_x509_crl_tostring(RX509CertificateRevocationList *crl, const char *pad) { - RASN1String *algo = NULL, *last = NULL, *next = NULL; - ut32 i; - char *pad2, *pad3; - if (!crl) { - return NULL; - } + R_RETURN_VAL_IF_FAIL (crl, NULL); if (!pad) { pad = ""; } - pad3 = r_str_newf ("%s ", pad); + char *pad3 = r_str_newf ("%s ", pad); if (!pad3) { return NULL; } - pad2 = pad3 + 2; - algo = crl->signature.algorithm; - last = crl->lastUpdate; - next = crl->nextUpdate; + char *pad2 = pad3 + 2; + RASN1String *algo = crl->signature.algorithm; + RASN1String *last = crl->lastUpdate; + RASN1String *next = crl->nextUpdate; RStrBuf *sb = r_strbuf_new (""); r_strbuf_appendf (sb, "%sCRL:\n%sSignature:\n%s%s\n%sIssuer\n", pad, pad2, pad3, algo ? algo->string : "", pad2); @@ -606,6 +584,7 @@ R_API char *r_x509_crl_tostring(RX509CertificateRevocationList *crl, const char pad2, last ? last->string : "Missing", pad2, next ? next->string : "Missing", pad2); + ut32 i; for (i = 0; i < crl->length; i++) { r_x509_crlentry_dump (crl->revokedCertificates[i], pad3, sb); } @@ -614,7 +593,9 @@ R_API char *r_x509_crl_tostring(RX509CertificateRevocationList *crl, const char return r_strbuf_drain (sb); } +// R2_600 not used elsewhere. Make static? R_API void r_x509_validity_json(PJ *pj, RX509Validity *validity) { + R_RETURN_IF_FAIL (pj && validity); if (validity) { if (validity->notBefore) { pj_ks (pj, "NotBefore", validity->notBefore->string); @@ -626,6 +607,7 @@ R_API void r_x509_validity_json(PJ *pj, RX509Validity *validity) { } R_API void r_x509_name_json(PJ *pj, RX509Name *name) { + R_RETURN_IF_FAIL (pj && name); ut32 i; for (i = 0; i < name->length; i++) { if (!name->oids[i] || !name->names[i]) { @@ -635,14 +617,16 @@ R_API void r_x509_name_json(PJ *pj, RX509Name *name) { } } +// R2_600 not used elsewhere. Make static? R_API void r_x509_subjectpublickeyinfo_json(PJ *pj, RX509SubjectPublicKeyInfo *spki) { - RASN1String *m = NULL; + R_RETURN_IF_FAIL (pj && spki); if (spki) { if (spki->algorithm.algorithm) { pj_ks (pj, "Algorithm", spki->algorithm.algorithm->string); } if (spki->subjectPublicKey) { - m = r_asn1_stringify_integer (spki->subjectPublicKey->binary, spki->subjectPublicKey->length); + RASN1String *m = r_asn1_stringify_integer (spki->subjectPublicKey->binary, + spki->subjectPublicKey->length); if (m) { pj_ks (pj, "Public key", m->string); } @@ -651,43 +635,43 @@ R_API void r_x509_subjectpublickeyinfo_json(PJ *pj, RX509SubjectPublicKeyInfo *s } } +// R2_600 not used elsewhere. Make static? R_API void r_x509_extensions_json(PJ *pj, RX509Extensions *exts) { - if (exts) { - RASN1String *m = NULL; - ut32 i; - pj_a (pj); - for (i = 0; i < exts->length; i++) { - RX509Extension *e = exts->extensions[i]; - if (!e) { - continue; - } - pj_o (pj); - if (e->extnID) { - pj_ks (pj, "OID", e->extnID->string); - } - if (e->critical) { - pj_kb (pj, "Critical", e->critical); - } - //TODO handle extensions correctly.. - if (e->extnValue) { - m = r_asn1_stringify_integer (e->extnValue->binary, e->extnValue->length); - if (m) { - pj_ks (pj, "Value", m->string); - } - r_asn1_string_free (m); + R_RETURN_IF_FAIL (pj && exts); + pj_a (pj); + ut32 i; + for (i = 0; i < exts->length; i++) { + RX509Extension *e = exts->extensions[i]; + if (!e) { + continue; + } + pj_o (pj); + if (e->extnID) { + pj_ks (pj, "OID", e->extnID->string); + } + if (e->critical) { + pj_kb (pj, "Critical", e->critical); + } + //TODO handle extensions correctly.. + if (e->extnValue) { + RASN1String *m = r_asn1_stringify_integer (e->extnValue->binary, e->extnValue->length); + if (m) { + pj_ks (pj, "Value", m->string); } - pj_end (pj); + r_asn1_string_free (m); } pj_end (pj); - pj_end (pj); } + pj_end (pj); } +// R2_600 not used elsewhere. Make static? R_API void r_x509_crlentry_json(PJ *pj, RX509CRLEntry *crle) { - RASN1String *m = NULL; + R_RETURN_IF_FAIL (pj && crle); if (crle) { if (crle->userCertificate) { - m = r_asn1_stringify_integer (crle->userCertificate->binary, crle->userCertificate->length); + RASN1String *m = r_asn1_stringify_integer (crle->userCertificate->binary, + crle->userCertificate->length); if (m) { pj_ks (pj, "UserCertificate", m->string); } @@ -699,8 +683,9 @@ R_API void r_x509_crlentry_json(PJ *pj, RX509CRLEntry *crle) { } } +// R2_600 defined at r_util/r_x509.h R_API void r_x509_crl_json(PJ *pj, RX509CertificateRevocationList *crl) { - ut32 i; + R_RETURN_IF_FAIL (pj && crl); if (crl) { if (crl->signature.algorithm) { pj_ks (pj, "Signature", crl->signature.algorithm->string); @@ -717,6 +702,7 @@ R_API void r_x509_crl_json(PJ *pj, RX509CertificateRevocationList *crl) { } pj_k (pj, "RevokedCertificates"); pj_a (pj); + ut32 i; for (i = 0; i < crl->length; i++) { r_x509_crlentry_json (pj, crl->revokedCertificates[i]); } @@ -724,9 +710,10 @@ R_API void r_x509_crl_json(PJ *pj, RX509CertificateRevocationList *crl) { } } +// R2_600 not used elsewhere. Make static? R_API void r_x509_tbscertificate_json(PJ *pj, RX509TBSCertificate *tbsc) { + R_RETURN_IF_FAIL (pj && tbsc); pj_o (pj); - RASN1String *m = NULL; if (tbsc) { pj_ki (pj, "Version", tbsc->version + 1); if (tbsc->serialNumber) { @@ -751,6 +738,7 @@ R_API void r_x509_tbscertificate_json(PJ *pj, RX509TBSCertificate *tbsc) { pj_o (pj); r_x509_subjectpublickeyinfo_json (pj, &tbsc->subjectPublicKeyInfo); pj_end (pj); + RASN1String *m = NULL; if (tbsc->issuerUniqueID) { m = r_asn1_stringify_integer (tbsc->issuerUniqueID->binary, tbsc->issuerUniqueID->length); if (m) { @@ -768,13 +756,12 @@ R_API void r_x509_tbscertificate_json(PJ *pj, RX509TBSCertificate *tbsc) { pj_k (pj, "Extensions"); r_x509_extensions_json (pj, &tbsc->extensions); } + pj_end (pj); } +// R2_600 defined at r_util/r_x509.h R_API void r_x509_certificate_json(PJ *pj, RX509Certificate *certificate) { - if (!certificate) { - return; - } - RASN1String *m = NULL; + R_RETURN_IF_FAIL (pj && certificate); pj_o (pj); pj_k (pj, "TBSCertificate"); r_x509_tbscertificate_json (pj, &certificate->tbsCertificate); @@ -782,7 +769,8 @@ R_API void r_x509_certificate_json(PJ *pj, RX509Certificate *certificate) { pj_ks (pj, "Algorithm", certificate->algorithmIdentifier.algorithm->string); } if (certificate->signature) { - m = r_asn1_stringify_integer (certificate->signature->binary, certificate->signature->length); + RASN1String *m = r_asn1_stringify_integer (certificate->signature->binary, + certificate->signature->length); if (m) { pj_ks (pj, "Signature", m->string); } diff --git a/libr/util/x509.h b/libr/util/x509.h index f2cf8ea21db39..6763160488b1c 100644 --- a/libr/util/x509.h +++ b/libr/util/x509.h @@ -1,6 +1,8 @@ #ifndef R_X509_INTERNAL_H #define R_X509_INTERNAL_H +// R2_600 review this and r_x509.h + R_API bool r_x509_parse_algorithmidentifier(RX509AlgorithmIdentifier *ai, RASN1Object *object); R_API void r_x509_free_algorithmidentifier(RX509AlgorithmIdentifier *ai);