From a0754ce52e28851fe6cef367ef0fbf45914ada49 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Fri, 16 Nov 2018 03:46:52 +0300 Subject: certtool: don't output textual information if --no-text was given Change privkey/certificate/CRL/CSR handling to disable text output if --no-text option was given. Closes #487 Signed-off-by: Dmitry Eremin-Solenikov --- src/certtool.c | 63 ++++++++++++++++++++-------------------------------------- 1 file changed, 21 insertions(+), 42 deletions(-) (limited to 'src/certtool.c') diff --git a/src/certtool.c b/src/certtool.c index a755e1bca3..a45efdf7b7 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -57,14 +57,14 @@ static FILE *stdlog = NULL; -static void print_crl_info(gnutls_x509_crl_t crl, FILE * out); +static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *cinfo); void pkcs7_info(common_info_st *cinfo, unsigned display_data); void pkcs7_sign(common_info_st *, unsigned embed); void pkcs7_generate(common_info_st *); void pkcs8_info(void); void pkcs8_info_int(gnutls_datum_t *data, unsigned format, unsigned ignore_err, FILE *out, const char *tab); -void crq_info(void); +void crq_info(common_info_st *cinfo); void smime_to_pkcs7(void); void pkcs12_info(common_info_st *); void generate_pkcs12(common_info_st *); @@ -74,7 +74,7 @@ void verify_crl(common_info_st * cinfo); void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_data); void pubkey_info(gnutls_x509_crt_t crt, common_info_st *); void certificate_info(int, common_info_st *); -void crl_info(void); +void crl_info(common_info_st *cinfo); void privkey_info(common_info_st *); static void cmd_parser(int argc, char **argv); void generate_self_signed(common_info_st *); @@ -1073,7 +1073,7 @@ static void generate_signed_crl(common_info_st * cinfo) app_exit(1); } - print_crl_info(crl, stdlog); + print_crl_info(crl, stdlog, cinfo); gnutls_privkey_deinit(ca_key); gnutls_x509_crl_deinit(crl); @@ -1334,6 +1334,7 @@ static void cmd_parser(int argc, char **argv) cinfo.pkcs8 = HAVE_OPT(PKCS8); cinfo.incert_format = incert_format; cinfo.outcert_format = outcert_format; + cinfo.outtext = ENABLED_OPT(TEXT) && outcert_format == GNUTLS_X509_FMT_PEM; if (HAVE_OPT(LOAD_CERTIFICATE)) cinfo.cert = OPT_ARG(LOAD_CERTIFICATE); @@ -1432,7 +1433,7 @@ static void cmd_parser(int argc, char **argv) else if (HAVE_OPT(GET_DH_PARAMS)) generate_prime(outfile, 0, &cinfo); else if (HAVE_OPT(CRL_INFO)) - crl_info(); + crl_info(&cinfo); else if (HAVE_OPT(P7_INFO)) pkcs7_info(&cinfo, ENABLED_OPT(P7_SHOW_DATA)); else if (HAVE_OPT(P7_GENERATE)) @@ -1450,7 +1451,7 @@ static void cmd_parser(int argc, char **argv) else if (HAVE_OPT(TO_P8)) generate_pkcs8(&cinfo); else if (HAVE_OPT(CRQ_INFO)) - crq_info(); + crq_info(&cinfo); else USAGE(1); @@ -1504,7 +1505,7 @@ void certificate_info(int pubkey, common_info_st * cinfo) if (i > 0) fprintf(outfile, "\n"); - if (outcert_format == GNUTLS_X509_FMT_PEM) + if (cinfo->outtext) print_certificate_info(crts[i], outfile, 1); if (pubkey) { @@ -1554,13 +1555,13 @@ print_certificate_info(gnutls_x509_crt_t crt, FILE * out, unsigned int all) } } -static void print_crl_info(gnutls_x509_crl_t crl, FILE * out) +static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *cinfo) { gnutls_datum_t data; gnutls_datum_t cout; int ret; - if (outcert_format == GNUTLS_X509_FMT_PEM) { + if (cinfo->outtext) { ret = gnutls_x509_crl_print(crl, full_format, &data); if (ret < 0) { fprintf(stderr, "crl_print: %s\n", gnutls_strerror(ret)); @@ -1582,7 +1583,7 @@ static void print_crl_info(gnutls_x509_crl_t crl, FILE * out) gnutls_free(cout.data); } -void crl_info(void) +void crl_info(common_info_st *cinfo) { gnutls_x509_crl_t crl; int ret; @@ -1611,18 +1612,18 @@ void crl_info(void) app_exit(1); } - print_crl_info(crl, outfile); + print_crl_info(crl, outfile, cinfo); gnutls_x509_crl_deinit(crl); } -static void print_crq_info(gnutls_x509_crq_t crq, FILE * out) +static void print_crq_info(gnutls_x509_crq_t crq, FILE * out, common_info_st *cinfo) { gnutls_datum_t data; int ret; size_t size; - if (outcert_format == GNUTLS_X509_FMT_PEM) { + if (cinfo->outtext) { ret = gnutls_x509_crq_print(crq, full_format, &data); if (ret < 0) { fprintf(stderr, "crq_print: %s\n", @@ -1637,10 +1638,10 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out) ret = gnutls_x509_crq_verify(crq, 0); if (ret < 0) { - fprintf(outcert_format == GNUTLS_X509_FMT_PEM ? out : stderr, + fprintf(cinfo->outtext ? out : stderr, "Self signature: FAILED\n\n"); } else { - fprintf(outcert_format == GNUTLS_X509_FMT_PEM ? out : stderr, + fprintf(cinfo->outtext ? out : stderr, "Self signature: verified\n\n"); } @@ -1654,7 +1655,7 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out) fwrite(lbuffer, 1, size, outfile); } -void crq_info(void) +void crq_info(common_info_st *cinfo) { gnutls_x509_crq_t crq; int ret; @@ -1683,7 +1684,7 @@ void crq_info(void) app_exit(1); } - print_crq_info(crq, outfile); + print_crq_info(crq, outfile, cinfo); gnutls_x509_crq_deinit(crq); } @@ -2052,7 +2053,7 @@ void generate_request(common_info_st * cinfo) app_exit(1); } - print_crq_info(crq, outfile); + print_crq_info(crq, outfile, cinfo); gnutls_x509_crq_deinit(crq); gnutls_privkey_deinit(pkey); @@ -2531,7 +2532,7 @@ void verify_crl(common_info_st * cinfo) app_exit(1); } - print_crl_info(crl, outfile); + print_crl_info(crl, outfile, cinfo); ret = gnutls_x509_crl_verify(crl, &issuer, 1, 0, &output); if (ret < 0) { @@ -3864,8 +3865,6 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo) { gnutls_pubkey_t pubkey; - int ret; - size_t size; pubkey = find_pubkey(crt, cinfo); if (pubkey == 0) { @@ -3873,27 +3872,7 @@ void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo) app_exit(1); } - if (outcert_format == GNUTLS_X509_FMT_DER) { - size = lbuffer_size; - ret = - gnutls_pubkey_export(pubkey, outcert_format, lbuffer, - &size); - if (ret < 0) { - fprintf(stderr, "export error: %s\n", - gnutls_strerror(ret)); - app_exit(1); - } - - fwrite(lbuffer, 1, size, outfile); - - gnutls_pubkey_deinit(pubkey); - - return; - } - - /* PEM */ - - _pubkey_info(outfile, full_format, pubkey); + print_pubkey_info(pubkey, outfile, full_format, outcert_format, cinfo->outtext); gnutls_pubkey_deinit(pubkey); } -- cgit v1.2.1