diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/certtool-args.def | 8 | ||||
-rw-r--r-- | src/certtool-common.c | 36 | ||||
-rw-r--r-- | src/certtool-common.h | 8 | ||||
-rw-r--r-- | src/certtool.c | 63 | ||||
-rw-r--r-- | src/tpmtool.c | 2 |
5 files changed, 56 insertions, 61 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index 84a40efb05..d5336eda7b 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -661,6 +661,14 @@ flag = { doc = "This will override the default options in /etc/gnutls/pkcs11.conf"; }; +flag = { + name = text; + descrip = "Output textual information before PEM-encoded certificates, private keys, etc"; + enabled; + disable = "no"; + doc = "Output textual information before PEM-encoded data"; +}; + doc-section = { ds-type = 'SEE ALSO'; ds-format = 'texi'; diff --git a/src/certtool-common.c b/src/certtool-common.c index 893e17f276..ec149860b5 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -993,36 +993,40 @@ print_rsa_pkey(FILE * outfile, gnutls_datum_t * m, gnutls_datum_t * e, } } -void _pubkey_info(FILE * outfile, - gnutls_certificate_print_formats_t format, - gnutls_pubkey_t pubkey) +void print_pubkey_info(gnutls_pubkey_t pubkey, + FILE *outfile, + gnutls_certificate_print_formats_t format, + gnutls_x509_crt_fmt_t outcert_format, + unsigned int outtext) { gnutls_datum_t data; int ret; size_t size; - fix_lbuffer(0); + if (outtext) { + ret = gnutls_pubkey_print(pubkey, format, &data); + if (ret < 0) { + fprintf(stderr, "pubkey_print error: %s\n", + gnutls_strerror(ret)); + app_exit(1); + } - ret = gnutls_pubkey_print(pubkey, format, &data); - if (ret < 0) { - fprintf(stderr, "pubkey_print error: %s\n", - gnutls_strerror(ret)); - app_exit(1); + fprintf(outfile, "%s\n\n", data.data); + gnutls_free(data.data); } - fprintf(outfile, "%s\n", data.data); - gnutls_free(data.data); + fix_lbuffer(0); size = lbuffer_size; ret = - gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_PEM, lbuffer, + gnutls_pubkey_export(pubkey, outcert_format, lbuffer, &size); if (ret < 0) { fprintf(stderr, "export error: %s\n", gnutls_strerror(ret)); app_exit(1); } - fprintf(outfile, "\n%s\n", lbuffer); + fwrite(lbuffer, 1, size, outfile); } static void @@ -1114,7 +1118,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci) app_exit(1); } - if (ci->outcert_format == GNUTLS_X509_FMT_PEM) + if (ci->outtext) print_dh_info(outfile, &p, &g, q_bits, ci->cprint); if (!ci->cprint) { /* generate a PKCS#3 structure */ @@ -1378,7 +1382,7 @@ print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t k /* Only print private key parameters when an unencrypted * format is used */ - if (cinfo->outcert_format == GNUTLS_X509_FMT_PEM) + if (cinfo->outtext) privkey_info_int(outfile, cinfo, key); switch_to_pkcs8_when_needed(cinfo, key, gnutls_x509_privkey_get_pk_algorithm(key)); @@ -1568,7 +1572,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) #endif } - if (info->outcert_format == GNUTLS_X509_FMT_PEM) + if (info->outtext) print_dh_info(outfile, &p, &g, q_bits, info->cprint); if (!info->cprint) { /* generate a PKCS#3 structure */ diff --git a/src/certtool-common.h b/src/certtool-common.h index 3dac2ae3c1..ea7f43f2f1 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -43,6 +43,7 @@ typedef struct common_info { int pkcs8; int incert_format; int outcert_format; + int outtext; const char *cert; const char *request; @@ -150,8 +151,11 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci); gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size, common_info_st * info); -void _pubkey_info(FILE * outfile, gnutls_certificate_print_formats_t, - gnutls_pubkey_t pubkey); +void print_pubkey_info(gnutls_pubkey_t pubkey, + FILE *outfile, + gnutls_certificate_print_formats_t format, + gnutls_x509_crt_fmt_t outcert_format, + unsigned int outtext); void print_ecc_pkey(FILE * outfile, gnutls_ecc_curve_t curve, gnutls_datum_t * k, gnutls_datum_t * x, gnutls_datum_t * y, int cprint); diff --git a/src/certtool.c b/src/certtool.c index a755e1bca3..a45efdf7b7 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -57,14 +57,14 @@ static FILE *stdlog = NULL; -static void print_crl_info(gnutls_x509_crl_t crl, FILE * out); +static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *cinfo); void pkcs7_info(common_info_st *cinfo, unsigned display_data); void pkcs7_sign(common_info_st *, unsigned embed); void pkcs7_generate(common_info_st *); void pkcs8_info(void); void pkcs8_info_int(gnutls_datum_t *data, unsigned format, unsigned ignore_err, FILE *out, const char *tab); -void crq_info(void); +void crq_info(common_info_st *cinfo); void smime_to_pkcs7(void); void pkcs12_info(common_info_st *); void generate_pkcs12(common_info_st *); @@ -74,7 +74,7 @@ void verify_crl(common_info_st * cinfo); void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_data); void pubkey_info(gnutls_x509_crt_t crt, common_info_st *); void certificate_info(int, common_info_st *); -void crl_info(void); +void crl_info(common_info_st *cinfo); void privkey_info(common_info_st *); static void cmd_parser(int argc, char **argv); void generate_self_signed(common_info_st *); @@ -1073,7 +1073,7 @@ static void generate_signed_crl(common_info_st * cinfo) app_exit(1); } - print_crl_info(crl, stdlog); + print_crl_info(crl, stdlog, cinfo); gnutls_privkey_deinit(ca_key); gnutls_x509_crl_deinit(crl); @@ -1334,6 +1334,7 @@ static void cmd_parser(int argc, char **argv) cinfo.pkcs8 = HAVE_OPT(PKCS8); cinfo.incert_format = incert_format; cinfo.outcert_format = outcert_format; + cinfo.outtext = ENABLED_OPT(TEXT) && outcert_format == GNUTLS_X509_FMT_PEM; if (HAVE_OPT(LOAD_CERTIFICATE)) cinfo.cert = OPT_ARG(LOAD_CERTIFICATE); @@ -1432,7 +1433,7 @@ static void cmd_parser(int argc, char **argv) else if (HAVE_OPT(GET_DH_PARAMS)) generate_prime(outfile, 0, &cinfo); else if (HAVE_OPT(CRL_INFO)) - crl_info(); + crl_info(&cinfo); else if (HAVE_OPT(P7_INFO)) pkcs7_info(&cinfo, ENABLED_OPT(P7_SHOW_DATA)); else if (HAVE_OPT(P7_GENERATE)) @@ -1450,7 +1451,7 @@ static void cmd_parser(int argc, char **argv) else if (HAVE_OPT(TO_P8)) generate_pkcs8(&cinfo); else if (HAVE_OPT(CRQ_INFO)) - crq_info(); + crq_info(&cinfo); else USAGE(1); @@ -1504,7 +1505,7 @@ void certificate_info(int pubkey, common_info_st * cinfo) if (i > 0) fprintf(outfile, "\n"); - if (outcert_format == GNUTLS_X509_FMT_PEM) + if (cinfo->outtext) print_certificate_info(crts[i], outfile, 1); if (pubkey) { @@ -1554,13 +1555,13 @@ print_certificate_info(gnutls_x509_crt_t crt, FILE * out, unsigned int all) } } -static void print_crl_info(gnutls_x509_crl_t crl, FILE * out) +static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *cinfo) { gnutls_datum_t data; gnutls_datum_t cout; int ret; - if (outcert_format == GNUTLS_X509_FMT_PEM) { + if (cinfo->outtext) { ret = gnutls_x509_crl_print(crl, full_format, &data); if (ret < 0) { fprintf(stderr, "crl_print: %s\n", gnutls_strerror(ret)); @@ -1582,7 +1583,7 @@ static void print_crl_info(gnutls_x509_crl_t crl, FILE * out) gnutls_free(cout.data); } -void crl_info(void) +void crl_info(common_info_st *cinfo) { gnutls_x509_crl_t crl; int ret; @@ -1611,18 +1612,18 @@ void crl_info(void) app_exit(1); } - print_crl_info(crl, outfile); + print_crl_info(crl, outfile, cinfo); gnutls_x509_crl_deinit(crl); } -static void print_crq_info(gnutls_x509_crq_t crq, FILE * out) +static void print_crq_info(gnutls_x509_crq_t crq, FILE * out, common_info_st *cinfo) { gnutls_datum_t data; int ret; size_t size; - if (outcert_format == GNUTLS_X509_FMT_PEM) { + if (cinfo->outtext) { ret = gnutls_x509_crq_print(crq, full_format, &data); if (ret < 0) { fprintf(stderr, "crq_print: %s\n", @@ -1637,10 +1638,10 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out) ret = gnutls_x509_crq_verify(crq, 0); if (ret < 0) { - fprintf(outcert_format == GNUTLS_X509_FMT_PEM ? out : stderr, + fprintf(cinfo->outtext ? out : stderr, "Self signature: FAILED\n\n"); } else { - fprintf(outcert_format == GNUTLS_X509_FMT_PEM ? out : stderr, + fprintf(cinfo->outtext ? out : stderr, "Self signature: verified\n\n"); } @@ -1654,7 +1655,7 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out) fwrite(lbuffer, 1, size, outfile); } -void crq_info(void) +void crq_info(common_info_st *cinfo) { gnutls_x509_crq_t crq; int ret; @@ -1683,7 +1684,7 @@ void crq_info(void) app_exit(1); } - print_crq_info(crq, outfile); + print_crq_info(crq, outfile, cinfo); gnutls_x509_crq_deinit(crq); } @@ -2052,7 +2053,7 @@ void generate_request(common_info_st * cinfo) app_exit(1); } - print_crq_info(crq, outfile); + print_crq_info(crq, outfile, cinfo); gnutls_x509_crq_deinit(crq); gnutls_privkey_deinit(pkey); @@ -2531,7 +2532,7 @@ void verify_crl(common_info_st * cinfo) app_exit(1); } - print_crl_info(crl, outfile); + print_crl_info(crl, outfile, cinfo); ret = gnutls_x509_crl_verify(crl, &issuer, 1, 0, &output); if (ret < 0) { @@ -3864,8 +3865,6 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo) { gnutls_pubkey_t pubkey; - int ret; - size_t size; pubkey = find_pubkey(crt, cinfo); if (pubkey == 0) { @@ -3873,27 +3872,7 @@ void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo) app_exit(1); } - if (outcert_format == GNUTLS_X509_FMT_DER) { - size = lbuffer_size; - ret = - gnutls_pubkey_export(pubkey, outcert_format, lbuffer, - &size); - if (ret < 0) { - fprintf(stderr, "export error: %s\n", - gnutls_strerror(ret)); - app_exit(1); - } - - fwrite(lbuffer, 1, size, outfile); - - gnutls_pubkey_deinit(pubkey); - - return; - } - - /* PEM */ - - _pubkey_info(outfile, full_format, pubkey); + print_pubkey_info(pubkey, outfile, full_format, outcert_format, cinfo->outtext); gnutls_pubkey_deinit(pubkey); } diff --git a/src/tpmtool.c b/src/tpmtool.c index 23085b1976..76568bb428 100644 --- a/src/tpmtool.c +++ b/src/tpmtool.c @@ -373,7 +373,7 @@ static void tpm_pubkey(const char *url, FILE * out, unsigned int srk_well_known) exit(1); } - _pubkey_info(out, GNUTLS_CRT_PRINT_FULL, pubkey); + print_pubkey_info(pubkey, out, GNUTLS_CRT_PRINT_FULL, GNUTLS_X509_FMT_PEM, 1); gnutls_pubkey_deinit(pubkey); } |