LCOV - code coverage report
Current view: top level - builds/gnutls/coverage/gnutls-git/lib/x509 - common.h (source / functions) Hit Total Coverage
Test: GnuTLS-3.6.14 Code Coverage Lines: 4 4 100.0 %
Date: 2020-10-30 04:50:48 Functions: 0 0 -
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :  * Copyright (C) 2003-2012 Free Software Foundation, Inc.
       3             :  * Copyright (C) 2017 Red Hat, Inc.
       4             :  *
       5             :  * Author: Nikos Mavrogiannopoulos
       6             :  *
       7             :  * This file is part of GnuTLS.
       8             :  *
       9             :  * The GnuTLS is free software; you can redistribute it and/or
      10             :  * modify it under the terms of the GNU Lesser General Public License
      11             :  * as published by the Free Software Foundation; either version 2.1 of
      12             :  * the License, or (at your option) any later version.
      13             :  *
      14             :  * This library is distributed in the hope that it will be useful, but
      15             :  * WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      17             :  * Lesser General Public License for more details.
      18             :  *
      19             :  * You should have received a copy of the GNU Lesser General Public License
      20             :  * along with this program.  If not, see <https://www.gnu.org/licenses/>
      21             :  *
      22             :  */
      23             : 
      24             : #ifndef GNUTLS_LIB_X509_COMMON_H
      25             : #define GNUTLS_LIB_X509_COMMON_H
      26             : 
      27             : #include <algorithms.h>
      28             : #include <abstract_int.h>
      29             : #include <x509/x509_int.h>
      30             : #include <fips.h>
      31             : 
      32             : #define MAX_STRING_LEN 512
      33             : 
      34             : #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
      35             : # define MAX_ITER_COUNT 10*1024
      36             : #else
      37             : /* Set a maximum iteration count over which we refuse to
      38             :  * decode a file. That is to prevent DoS. */
      39             : # define MAX_ITER_COUNT (10*1024*1024)
      40             : #endif
      41             : 
      42             : #define GNUTLS_XML_SHOW_ALL 1
      43             : 
      44             : #define PEM_CRL "X509 CRL"
      45             : #define PEM_X509_CERT "X509 CERTIFICATE"
      46             : #define PEM_X509_CERT2 "CERTIFICATE"
      47             : #define PEM_PKCS7 "PKCS7"
      48             : #define PEM_PKCS12 "PKCS12"
      49             : #define PEM_PK "PUBLIC KEY"
      50             : 
      51             : /* public key algorithm's OIDs
      52             :  */
      53             : #define PK_PKIX1_RSA_OID "1.2.840.113549.1.1.1"
      54             : #define PK_PKIX1_RSA_PSS_OID "1.2.840.113549.1.1.10"
      55             : #define PK_X509_RSA_OID "2.5.8.1.1"
      56             : #define PK_DSA_OID "1.2.840.10040.4.1"
      57             : #define PK_GOST_R3410_94_OID "1.2.643.2.2.20"
      58             : #define PK_GOST_R3410_2001_OID "1.2.643.2.2.19"
      59             : #define PK_GOST_R3410_2012_256_OID "1.2.643.7.1.1.1.1"
      60             : #define PK_GOST_R3410_2012_512_OID "1.2.643.7.1.1.1.2"
      61             : 
      62             : /* signature OIDs
      63             :  */
      64             : #define SIG_DSA_SHA1_OID "1.2.840.10040.4.3"
      65             : /* those two from draft-ietf-pkix-sha2-dsa-ecdsa-06 */
      66             : #define SIG_DSA_SHA224_OID "2.16.840.1.101.3.4.3.1"
      67             : #define SIG_DSA_SHA256_OID "2.16.840.1.101.3.4.3.2"
      68             : #define SIG_DSA_SHA384_OID "2.16.840.1.101.3.4.3.3"
      69             : #define SIG_DSA_SHA512_OID "2.16.840.1.101.3.4.3.4"
      70             : 
      71             : #define SIG_RSA_MD5_OID "1.2.840.113549.1.1.4"
      72             : #define SIG_RSA_MD2_OID "1.2.840.113549.1.1.2"
      73             : #define SIG_RSA_SHA1_OID "1.2.840.113549.1.1.5"
      74             : #define SIG_RSA_SHA224_OID "1.2.840.113549.1.1.14"
      75             : #define SIG_RSA_SHA256_OID "1.2.840.113549.1.1.11"
      76             : #define SIG_RSA_SHA384_OID "1.2.840.113549.1.1.12"
      77             : #define SIG_RSA_SHA512_OID "1.2.840.113549.1.1.13"
      78             : #define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2"
      79             : #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
      80             : #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
      81             : #define SIG_GOST_R3410_2012_256_OID "1.2.643.7.1.1.3.2"
      82             : #define SIG_GOST_R3410_2012_512_OID "1.2.643.7.1.1.3.3"
      83             : #define ISO_SIG_RSA_SHA1_OID "1.3.14.3.2.29"
      84             : 
      85             : #define SIG_DSA_SHA3_224_OID "2.16.840.1.101.3.4.3.5"
      86             : #define SIG_DSA_SHA3_256_OID "2.16.840.1.101.3.4.3.6"
      87             : #define SIG_DSA_SHA3_384_OID "2.16.840.1.101.3.4.3.7"
      88             : #define SIG_DSA_SHA3_512_OID "2.16.840.1.101.3.4.3.8"
      89             : 
      90             : #define SIG_ECDSA_SHA3_224_OID "2.16.840.1.101.3.4.3.9"
      91             : #define SIG_ECDSA_SHA3_256_OID "2.16.840.1.101.3.4.3.10"
      92             : #define SIG_ECDSA_SHA3_384_OID "2.16.840.1.101.3.4.3.11"
      93             : #define SIG_ECDSA_SHA3_512_OID "2.16.840.1.101.3.4.3.12"
      94             : 
      95             : #define SIG_RSA_SHA3_224_OID "2.16.840.1.101.3.4.3.13"
      96             : #define SIG_RSA_SHA3_256_OID "2.16.840.1.101.3.4.3.14"
      97             : #define SIG_RSA_SHA3_384_OID "2.16.840.1.101.3.4.3.15"
      98             : #define SIG_RSA_SHA3_512_OID "2.16.840.1.101.3.4.3.16"
      99             : 
     100             : #define SIG_EDDSA_SHA512_OID "1.3.101.112"
     101             : #define SIG_ED448_OID "1.3.101.113"
     102             : 
     103             : #define XMPP_OID "1.3.6.1.5.5.7.8.5"
     104             : #define KRB5_PRINCIPAL_OID "1.3.6.1.5.2.2"
     105             : #define PKIX1_RSA_PSS_MGF1_OID "1.2.840.113549.1.1.8"
     106             : 
     107             : #define GOST28147_89_OID "1.2.643.2.2.21"
     108             : #define GOST28147_89_TC26Z_OID "1.2.643.7.1.2.5.1.1"
     109             : #define GOST28147_89_CPA_OID "1.2.643.2.2.31.1"
     110             : #define GOST28147_89_CPB_OID "1.2.643.2.2.31.2"
     111             : #define GOST28147_89_CPC_OID "1.2.643.2.2.31.3"
     112             : #define GOST28147_89_CPD_OID "1.2.643.2.2.31.4"
     113             : 
     114             : #define ASN1_NULL "\x05\x00"
     115             : #define ASN1_NULL_SIZE 2
     116             : 
     117             : struct oid_to_string {
     118             :         const char *oid;
     119             :         unsigned oid_size;
     120             :         const char *name_desc;
     121             :         unsigned name_desc_size;
     122             :         const char *asn_desc;   /* description in the pkix file if complex type */
     123             :         unsigned int etype;     /* the libtasn1 ASN1_ETYPE or INVALID
     124             :                                  * if cannot be simply parsed */
     125             : };
     126             : 
     127             : const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string *ots, const char *oid);
     128             : 
     129             : int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim,
     130             :                           int force_general);
     131             : int
     132             : _gnutls_x509_set_raw_time(ASN1_TYPE c2, const char *where, time_t tim);
     133             : 
     134             : int _gnutls_x509_decode_string(unsigned int etype,
     135             :                                const uint8_t * der, size_t der_size,
     136             :                                gnutls_datum_t * output,
     137             :                                unsigned allow_ber);
     138             : 
     139             : int _gnutls_x509_encode_string(unsigned int etype,
     140             :                                const void *input_data, size_t input_size,
     141             :                                gnutls_datum_t * output);
     142             : 
     143             : int _gnutls_x509_dn_to_string(const char *OID, void *value,
     144             :                               int value_size, gnutls_datum_t * out);
     145             : const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len);
     146             : 
     147             : time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when, int general);
     148             : 
     149             : gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type);
     150             : 
     151             : int _gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name,
     152             :                                      ASN1_TYPE dest, const char *dest_name,
     153             :                                      int str);
     154             : int _gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name,
     155             :                             gnutls_datum_t * res, int str);
     156             : 
     157             : #define _gnutls_x509_export_int(asn1, format, header, out, out_size) \
     158             :   _gnutls_x509_export_int_named(asn1, "", format, header, out, out_size)
     159             : 
     160             : int _gnutls_x509_export_int_named(ASN1_TYPE asn1_data, const char *name,
     161             :                                   gnutls_x509_crt_fmt_t format,
     162             :                                   const char *pem_header,
     163             :                                   unsigned char *output_data,
     164             :                                   size_t * output_data_size);
     165             : 
     166             : #define _gnutls_x509_export_int2(asn1, format, header, out) \
     167             :   _gnutls_x509_export_int_named2(asn1, "", format, header, out)
     168             : int _gnutls_x509_export_int_named2(ASN1_TYPE asn1_data, const char *name,
     169             :                                    gnutls_x509_crt_fmt_t format,
     170             :                                    const char *pem_header,
     171             :                                    gnutls_datum_t * out);
     172             : 
     173             : int _gnutls_x509_read_value(ASN1_TYPE c, const char *root,
     174             :                             gnutls_datum_t * ret);
     175             : int _gnutls_x509_read_null_value(ASN1_TYPE c, const char *root,
     176             :                             gnutls_datum_t * ret);
     177             : int _gnutls_x509_read_string(ASN1_TYPE c, const char *root,
     178             :                              gnutls_datum_t * ret, unsigned int etype,
     179             :                              unsigned allow_ber);
     180             : int _gnutls_x509_write_value(ASN1_TYPE c, const char *root,
     181             :                              const gnutls_datum_t * data);
     182             : 
     183             : int _gnutls_x509_write_string(ASN1_TYPE c, const char *root,
     184             :                               const gnutls_datum_t * data,
     185             :                               unsigned int etype);
     186             : 
     187             : int _gnutls_x509_encode_and_write_attribute(const char *given_oid,
     188             :                                             ASN1_TYPE asn1_struct,
     189             :                                             const char *where,
     190             :                                             const void *data,
     191             :                                             int sizeof_data, int multi);
     192             : int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct,
     193             :                                            const char *where, char *oid,
     194             :                                            int oid_size,
     195             :                                            gnutls_datum_t * value,
     196             :                                            int multi, int octet);
     197             : 
     198             : int _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name,
     199             :                                   gnutls_ecc_curve_t *curve,
     200             :                                   unsigned int *bits);
     201             : 
     202             : int
     203             : _gnutls_x509_get_signature_algorithm(ASN1_TYPE src, const char *src_name);
     204             : 
     205             : int _gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst,
     206             :                                             const char *dst_name,
     207             :                                             const gnutls_pk_params_st * params);
     208             : int _gnutls_x509_encode_PKI_params(gnutls_datum_t * der,
     209             :                                    const gnutls_pk_params_st * params);
     210             : int _gnutls_asn1_copy_node(ASN1_TYPE * dst, const char *dst_name,
     211             :                            ASN1_TYPE src, const char *src_name);
     212             : 
     213             : int _gnutls_x509_get_signed_data(ASN1_TYPE src, const gnutls_datum_t *der,
     214             :                                  const char *src_name,
     215             :                                  gnutls_datum_t * signed_data);
     216             : int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name,
     217             :                                gnutls_datum_t * signature);
     218             : 
     219             : 
     220             : int _gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root,
     221             :                          gnutls_pk_params_st * params);
     222             : 
     223             : int _gnutls_get_key_id(gnutls_pk_params_st *,
     224             :                        unsigned char *output_data,
     225             :                        size_t * output_data_size, unsigned flags);
     226             : 
     227             : void _asnstr_append_name(char *name, size_t name_size, const char *part1,
     228             :                          const char *part2);
     229             : 
     230             : /* Given a @c2 which it returns an allocated DER encoding of @whom in @out */
     231             : inline static int
     232        1680 : _gnutls_x509_get_raw_field(ASN1_TYPE c2, const char *whom, gnutls_datum_t *out)
     233             : {
     234        1680 :         return _gnutls_x509_der_encode(c2, whom, out, 0);
     235             : }
     236             : 
     237             : int
     238             : _gnutls_x509_get_raw_field2(ASN1_TYPE c2, const gnutls_datum_t * raw,
     239             :                          const char *whom, gnutls_datum_t * dn);
     240             : 
     241             : unsigned
     242             : _gnutls_check_if_same_key(gnutls_x509_crt_t cert1,
     243             :                           gnutls_x509_crt_t cert2,
     244             :                           unsigned is_ca);
     245             : 
     246             : unsigned
     247             : _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1,
     248             :                            gnutls_datum_t *cert2bin);
     249             : 
     250             : unsigned
     251             : _gnutls_check_valid_key_id(const gnutls_datum_t *key_id,
     252             :                            gnutls_x509_crt_t cert, time_t now,
     253             :                            unsigned *has_ski);
     254             : 
     255             : unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any);
     256             : 
     257             : time_t _gnutls_x509_generalTime2gtime(const char *ttime);
     258             : 
     259             : int _gnutls_get_extension(ASN1_TYPE asn, const char *root,
     260             :                   const char *extension_id, int indx,
     261             :                   gnutls_datum_t * ret, unsigned int *_critical);
     262             : 
     263             : int _gnutls_set_extension(ASN1_TYPE asn, const char *root,
     264             :                   const char *ext_id,
     265             :                   const gnutls_datum_t * ext_data, unsigned int critical);
     266             : 
     267             : int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf,
     268             :                             size_t * sizeof_buf);
     269             : 
     270             : unsigned _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
     271             : 
     272             : int _gnutls_copy_string(const gnutls_datum_t* str, uint8_t *out, size_t *out_size);
     273             : int _gnutls_copy_data(const gnutls_datum_t* str, uint8_t *out, size_t *out_size);
     274             : 
     275             : int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out);
     276             : int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert,
     277             :                            gnutls_datum_t * rpubkey);
     278             : 
     279             : int _gnutls_x509_get_version(ASN1_TYPE root, const char *name);
     280             : 
     281             : int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt,
     282             :                            gnutls_datum_t * rpubkey);
     283             : 
     284             : typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t);
     285             : 
     286             : gnutls_x509_crt_t *_gnutls_sort_clist(gnutls_x509_crt_t
     287             :                                      sorted[DEFAULT_MAX_VERIFY_DEPTH],
     288             :                                      gnutls_x509_crt_t * clist,
     289             :                                      unsigned int *clist_size,
     290             :                                      gnutls_cert_vfunc func);
     291             : 
     292             : int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr);
     293             : 
     294      178691 : inline static int _asn1_strict_der_decode (asn1_node * element, const void *ider,
     295             :                        int len, char *errorDescription)
     296             : {
     297             : #if defined(STRICT_DER_TIME) || !defined(ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME)
     298             : # define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER
     299             : #else
     300             : # define _ASN1_DER_FLAGS (ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME|ASN1_DECODE_FLAG_STRICT_DER)
     301             : #endif
     302      178691 :         return asn1_der_decoding2(element, ider, &len, _ASN1_DER_FLAGS, errorDescription);
     303             : }
     304             : 
     305             : #endif /* GNUTLS_LIB_X509_COMMON_H */

Generated by: LCOV version 1.14