diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-07-14 09:43:28 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-07-14 10:43:05 +0200 |
commit | 5a2bb75ece9ae3303b074852cfb82881b3426243 (patch) | |
tree | 76c6bd239cd9ff50f4917c2145c369ff0b3c2c37 | |
parent | 650230b4c7ab86a9d4f2f3c7bbe4e3a05fe031f6 (diff) | |
download | gnutls-5a2bb75ece9ae3303b074852cfb82881b3426243.tar.gz |
certtool: added the ability to encode arbitrary extensions
That is, added the ability to encode as an octet string any
specified extension data.
-rw-r--r-- | src/Makefile.am | 25 | ||||
-rw-r--r-- | src/certtool-args.def | 5 | ||||
-rw-r--r-- | src/certtool-cfg.c | 75 |
3 files changed, 84 insertions, 21 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 6ae280936c..37a9bea71e 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -144,6 +144,13 @@ noinst_LTLIBRARIES += libcmd-cli-debug.la libcmd_cli_debug_la_SOURCES = cli-debug-args.def cli-debug-args.c cli-debug-args.h #certtool +COMMON_LIBS = $(LIBOPTS) $(LTLIBINTL) +if ENABLE_MINITASN1 +COMMON_LIBS += ../lib/minitasn1/libminitasn1.la ../gl/libgnu.la +else +COMMON_LIBS += $(LIBTASN1_LIBS) +endif + certtool_SOURCES = certtool.c certtool-common.c certtool-extras.c common.c certtool_LDADD = ../lib/libgnutls.la @@ -153,10 +160,11 @@ noinst_LTLIBRARIES += libcmd-certtool.la libcmd_certtool_la_SOURCES = certtool-args.c certtool-args.def certtool-args.h \ certtool-cfg.h certtool-cfg.c libcmd_certtool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la -libcmd_certtool_la_LIBADD += $(LIBOPTS) $(LTLIBINTL) +libcmd_certtool_la_LIBADD += $(COMMON_LIBS) libcmd_certtool_la_LIBADD += $(LTLIBREADLINE) gl/libgnu_gpl.la libcmd_certtool_la_LIBADD += $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME) + danetool_SOURCES = danetool.c certtool-common.c certtool-extras.c common.c socket.c danetool_LDADD = ../lib/libgnutls.la $(LIBIDN_LIBS) danetool_LDADD += libcmd-danetool.la ../gl/libgnu.la gl/libgnu_gpl.la @@ -168,8 +176,7 @@ noinst_LTLIBRARIES += libcmd-danetool.la libcmd_danetool_la_SOURCES = danetool-args.c danetool-args.def danetool-args.h \ certtool-cfg.h certtool-cfg.c libcmd_danetool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la -libcmd_danetool_la_LIBADD += $(LIBOPTS) -libcmd_danetool_la_LIBADD += $(LTLIBINTL) +libcmd_danetool_la_LIBADD += $(COMMON_LIBS) libcmd_danetool_la_LIBADD += $(LTLIBREADLINE) libcmd_danetool_la_LIBADD += $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME) @@ -179,8 +186,8 @@ if ENABLE_PKCS11 p11tool_SOURCES = p11tool-args.def p11tool.c pkcs11.c certtool-common.c \ certtool-extras.c p11tool.h common.c p11tool_LDADD = ../lib/libgnutls.la -p11tool_LDADD += libcmd-p11tool.la $(LIBOPTS) ../gl/libgnu.la gl/libgnu_gpl.la -p11tool_LDADD += $(LTLIBINTL) +p11tool_LDADD += libcmd-p11tool.la ../gl/libgnu.la gl/libgnu_gpl.la +p11tool_LDADD += $(COMMON_LIBS) noinst_LTLIBRARIES += libcmd-p11tool.la libcmd_p11tool_la_SOURCES = p11tool-args.def p11tool-args.c p11tool-args.h \ @@ -194,8 +201,8 @@ if ENABLE_TROUSERS tpmtool_SOURCES = tpmtool-args.def tpmtool.c certtool-common.c certtool-extras.c common.c tpmtool_LDADD = ../lib/libgnutls.la -tpmtool_LDADD += libcmd-tpmtool.la $(LIBOPTS) ../gl/libgnu.la gl/libgnu_gpl.la -tpmtool_LDADD += $(LTLIBINTL) +tpmtool_LDADD += libcmd-tpmtool.la ../gl/libgnu.la gl/libgnu_gpl.la +tpmtool_LDADD += $(COMMON_LIBS) noinst_LTLIBRARIES += libcmd-tpmtool.la libcmd_tpmtool_la_SOURCES = tpmtool-args.def tpmtool-args.c tpmtool-args.h \ @@ -207,8 +214,8 @@ endif # ENABLE_TROUSERS systemkey_SOURCES = systemkey.c certtool-common.c common.c systemkey_LDADD = ../lib/libgnutls.la -systemkey_LDADD += libcmd-systemkey.la $(LIBOPTS) ../gl/libgnu.la gl/libgnu_gpl.la -systemkey_LDADD += $(LTLIBINTL) +systemkey_LDADD += libcmd-systemkey.la ../gl/libgnu.la gl/libgnu_gpl.la +systemkey_LDADD += $(COMMON_LIBS) noinst_LTLIBRARIES += libcmd-systemkey.la libcmd_systemkey_la_SOURCES = systemkey-args.def systemkey-args.c systemkey-args.h \ diff --git a/src/certtool-args.def b/src/certtool-args.def index e0325b00f2..29835f8fe4 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -905,9 +905,12 @@ encryption_key ### Adding arbitrary extensions # This requires to provide the extension OIDs, as well as the extension data in -# hex format. +# hex format. The following two options are available since GnuTLS 3.5.3. #add_extension = "1.2.3.4 0x0AAB01ACFE" +# As above but encode the data as an octet string +#add_extension = "1.2.3.4 octet_string(0x0AAB01ACFE)" + # For portability critical extensions shouldn't be set to certificates. #add_critical_extension = "5.6.7.8 0x1AAB01ACFE" diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index bd9ff4336b..3162a87b30 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -38,6 +38,7 @@ #include <autoopts/options.h> #include <intprops.h> #include <gnutls/crypto.h> +#include <libtasn1.h> /* for inet_pton */ #include <sys/types.h> @@ -1229,12 +1230,72 @@ void get_oid_crt_set(gnutls_x509_crt_t crt) } } +#define ACTION_NONE 0 +#define ENCODE_OCTET_STRING 1 +static unsigned char *decode_ext_string(char *str, unsigned int *ret_size) +{ + char *p, *p2; + unsigned char *tmp; + unsigned char *raw; + unsigned int raw_size; + unsigned action = ACTION_NONE; + unsigned char tag[ASN1_MAX_TL_SIZE]; + unsigned int tag_len; + int ret, res; + + p = strchr(str, '('); + if (p != 0) { + if (strncmp(str, "octet_string", 12) == 0) { + action = ENCODE_OCTET_STRING; + } else { + fprintf(stderr, "cannot parse: %s\n", str); + exit(1); + } + p++; + p2 = strchr(p, ')'); + if (p2 == NULL) { + fprintf(stderr, "there is no terminating parenthesis in: %s\n", str); + exit(1); + } + *p2 = 0; + } else { + p = str; + } + + if (strncmp(p, "0x", 2) == 0) + p+=2; + HEX_DECODE(p, raw, raw_size); + + switch(action) { + case ENCODE_OCTET_STRING: + tag_len = sizeof(tag); + res = asn1_encode_simple_der(ASN1_ETYPE_OCTET_STRING, raw, raw_size, tag, &tag_len); + if (res != ASN1_SUCCESS) { + fprintf(stderr, "error in DER encoding: %s\n", asn1_strerror(res)); + exit(1); + } + tmp = gnutls_malloc(raw_size+tag_len); + if (tmp == NULL) { + fprintf(stderr, "error in allocation\n"); + exit(1); + } + memcpy(tmp, tag, tag_len); + memcpy(tmp+tag_len, raw, raw_size); + gnutls_free(raw); + raw = tmp; + raw_size += tag_len; + break; + } + + *ret_size = raw_size; + return raw; +} + void get_extensions_crt_set(int type, void *crt) { int ret, i; unsigned char *raw = NULL; unsigned raw_size; - char *p; if (batch) { if (!cfg.extensions) @@ -1248,11 +1309,7 @@ void get_extensions_crt_set(int type, void *crt) } /* convert hex to bin */ - if (strncmp(cfg.extensions[i+1], "0x", 2) == 0) - p = cfg.extensions[i+1]+2; - else - p = cfg.extensions[i+1]; - HEX_DECODE(p, raw, raw_size); + raw = decode_ext_string(cfg.extensions[i+1], &raw_size); if (type == TYPE_CRT) ret = @@ -1283,11 +1340,7 @@ void get_extensions_crt_set(int type, void *crt) exit(1); } /* convert hex to bin */ - if (strncmp(cfg.crit_extensions[i+1], "0x", 2) == 0) - p = cfg.crit_extensions[i+1]+2; - else - p = cfg.crit_extensions[i+1]; - HEX_DECODE(p, raw, raw_size); + raw = decode_ext_string(cfg.crit_extensions[i+1], &raw_size); if (type == TYPE_CRT) ret = |