From 76e024246565d5369f9c9aebc0f22dbd0543a551 Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Thu, 14 May 2020 02:15:23 +0300 Subject: x509: generify oid to str conversions Make oid to name conversion functions generic enough by allowing caller to specify a pointer to OID table. Signed-off-by: Dmitry Baryshkov --- lib/x509/common.c | 58 ++++++++++++++----------------------------------------- lib/x509/common.h | 12 ++++++++++++ 2 files changed, 27 insertions(+), 43 deletions(-) diff --git a/lib/x509/common.c b/lib/x509/common.c index c8ea6657c7..a1f6d62e13 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -39,19 +39,9 @@ static int data2hex(const void *data, size_t data_size, gnutls_datum_t *out); -struct oid_to_string { - const char *oid; - unsigned oid_size; - const char *ldap_desc; - unsigned ldap_desc_size; - const char *asn_desc; /* description in the pkix file if complex type */ - unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID - * if cannot be simply parsed */ -}; - #define ENTRY(oid, ldap, asn, etype) {oid, sizeof(oid)-1, ldap, sizeof(ldap)-1, asn, etype} -/* when there is no ldap description */ +/* when there is no name description */ #define ENTRY_ND(oid, asn, etype) {oid, sizeof(oid)-1, NULL, 0, asn, etype} /* This list contains all the OIDs that may be @@ -144,18 +134,18 @@ static const struct oid_to_string _oid2str[] = { {NULL, 0, NULL, 0, NULL, 0} }; -static const struct oid_to_string *get_oid_entry(const char *oid) +const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string *ots, const char *oid) { unsigned int i = 0; unsigned len = strlen(oid); do { - if (len == _oid2str[i].oid_size && - strcmp(_oid2str[i].oid, oid) == 0) - return &_oid2str[i]; + if (len == ots[i].oid_size && + strcmp(ots[i].oid, oid) == 0) + return &ots[i]; i++; } - while (_oid2str[i].oid != NULL); + while (ots[i].oid != NULL); return NULL; } @@ -165,9 +155,9 @@ const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len) unsigned int i = 0; do { - if ((_oid2str[i].ldap_desc != NULL) && - (str_len == _oid2str[i].ldap_desc_size) && - (c_strncasecmp(_oid2str[i].ldap_desc, str, str_len) == + if ((_oid2str[i].name_desc != NULL) && + (str_len == _oid2str[i].name_desc_size) && + (c_strncasecmp(_oid2str[i].name_desc, str, str_len) == 0)) return _oid2str[i].oid; i++; @@ -242,18 +232,7 @@ static int str_escape(const gnutls_datum_t * str, gnutls_datum_t * escaped) **/ int gnutls_x509_dn_oid_known(const char *oid) { - unsigned int i = 0; - unsigned len = strlen(oid); - - do { - if (len == _oid2str[i].oid_size && - strcmp(_oid2str[i].oid, oid) == 0) - return 1; - i++; - } - while (_oid2str[i].oid != NULL); - - return 0; + return _gnutls_oid_get_entry(_oid2str, oid) != NULL; } /** @@ -272,17 +251,10 @@ int gnutls_x509_dn_oid_known(const char *oid) **/ const char *gnutls_x509_dn_oid_name(const char *oid, unsigned int flags) { - unsigned int i = 0; - unsigned len = strlen(oid); - - do { - if ((_oid2str[i].oid_size == len) && - strcmp(_oid2str[i].oid, oid) == 0 && _oid2str[i].ldap_desc != NULL) - return _oid2str[i].ldap_desc; - i++; - } - while (_oid2str[i].oid != NULL); + const struct oid_to_string *entry =_gnutls_oid_get_entry(_oid2str, oid); + if (entry && entry->name_desc) + return entry->name_desc; if (flags & GNUTLS_X509_DN_OID_RETURN_OID) return oid; else @@ -450,7 +422,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value, return GNUTLS_E_INVALID_REQUEST; } - oentry = get_oid_entry(oid); + oentry = _gnutls_oid_get_entry(_oid2str, oid); if (oentry == NULL) { /* unknown OID -> hex */ unknown_oid: ret = data2hex(value, value_size, str); @@ -1469,7 +1441,7 @@ _gnutls_x509_encode_and_write_attribute(const char *given_oid, int result; const struct oid_to_string *oentry; - oentry = get_oid_entry(given_oid); + oentry = _gnutls_oid_get_entry(_oid2str, given_oid); if (oentry == NULL) { gnutls_assert(); _gnutls_debug_log("Cannot find OID: %s\n", given_oid); diff --git a/lib/x509/common.h b/lib/x509/common.h index 54ded21188..483bd1de6c 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -114,6 +114,18 @@ #define ASN1_NULL "\x05\x00" #define ASN1_NULL_SIZE 2 +struct oid_to_string { + const char *oid; + unsigned oid_size; + const char *name_desc; + unsigned name_desc_size; + const char *asn_desc; /* description in the pkix file if complex type */ + unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID + * if cannot be simply parsed */ +}; + +const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string *ots, const char *oid); + int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim, int force_general); int -- cgit v1.2.1 From a4978e8884cfb97af0d0f95fdaaa59c1cfa7e2d1 Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Thu, 14 May 2020 02:22:20 +0300 Subject: pkcs7: decode attribute OIDs when printing Try printing symbolic names for well-known OIDs when printing PKCS7 signature info. Signed-off-by: Dmitry Baryshkov --- lib/x509/pkcs7-output.c | 34 +++++++++++++++++++++++++++-- tests/cert-tests/data/full.p7b.out | 8 +++---- tests/cert-tests/data/openssl-keyid.p7b.out | 8 +++---- tests/cert-tests/data/openssl.p7b.out | 8 +++---- tests/cert-tests/data/single-ca.p7b.out | 8 +++---- tests/cert-tests/pkcs7 | 2 +- tests/cert-tests/pkcs7-eddsa | 2 +- tests/data/test1.cat.out | 6 ++--- tests/data/test2.cat.out | 4 ++-- 9 files changed, 55 insertions(+), 25 deletions(-) diff --git a/lib/x509/pkcs7-output.c b/lib/x509/pkcs7-output.c index bf5dbac837..bcffbaafd5 100644 --- a/lib/x509/pkcs7-output.c +++ b/lib/x509/pkcs7-output.c @@ -64,6 +64,31 @@ static void print_dn(gnutls_buffer_st * str, const char *prefix, gnutls_free(output.data); } +/* Do not encode ASN1 and type for now */ +#define ENTRY(oid, name, type) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, type} +#define ENTRY2(oid, name) {oid, sizeof(oid)-1, name, sizeof(name)-1, NULL, ASN1_ETYPE_INVALID} + +static const struct oid_to_string pkcs7_attrs[] = { + ENTRY ("1.2.840.113549.1.9.3", "contentType", ASN1_ETYPE_OBJECT_ID), + ENTRY ("1.2.840.113549.1.9.4", "messageDigest", ASN1_ETYPE_OCTET_STRING), + ENTRY ("1.2.840.113549.1.9.5", "signingTime", ASN1_ETYPE_INVALID), + ENTRY2("1.2.840.113549.1.9.6", "countersignature"), + ENTRY2("1.2.840.113549.1.9.15", "smimeCapabilities"), + + ENTRY2("1.2.840.113549.1.9.16.2.1", "aa-receiptRequest"), + ENTRY2("1.2.840.113549.1.9.16.2.2", "aa-securityLabel"), + ENTRY2("1.2.840.113549.1.9.16.2.3", "aa-mlExpandHistory"), + ENTRY2("1.2.840.113549.1.9.16.2.4", "aa-contentHint"), + ENTRY2("1.2.840.113549.1.9.16.2.9", "aa-equivalentLabels"), + ENTRY2("1.2.840.113549.1.9.16.2.10", "aa-contentReference"), + ENTRY2("1.2.840.113549.1.9.16.2.11", "aa-encrypKeyPref"), + ENTRY2("1.2.840.113549.1.9.16.2.12", "aa-signingCertificate"), + ENTRY2("1.2.840.113549.1.9.16.2.19", "aa-ets-otherSigCert"), + ENTRY2("1.2.840.113549.1.9.16.2.47", "aa-signingCertificateV2"), + + {NULL, 0, NULL, 0, NULL, 0} +}; + static void print_raw(gnutls_buffer_st * str, const char *prefix, const gnutls_datum_t * raw) { @@ -94,6 +119,7 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, char s[42]; size_t max; int ret; + const struct oid_to_string * entry; if (info->issuer_dn.size > 0) print_dn(str, "\tSigner's issuer DN", &info->issuer_dn); @@ -130,7 +156,9 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, if (i == 0) addf(str, "\tSigned Attributes:\n"); - snprintf(prefix, sizeof(prefix), "\t\t%s", oid); + entry = _gnutls_oid_get_entry(pkcs7_attrs, oid); + snprintf(prefix, sizeof(prefix), "\t\t%s", + (entry && entry->name_desc) ? entry->name_desc : oid); print_raw(str, prefix, &data); gnutls_free(data.data); } @@ -145,7 +173,9 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, if (i == 0) addf(str, "\tUnsigned Attributes:\n"); - snprintf(prefix, sizeof(prefix), "\t\t%s", oid); + entry = _gnutls_oid_get_entry(pkcs7_attrs, oid); + snprintf(prefix, sizeof(prefix), "\t\t%s", + (entry && entry->name_desc) ? entry->name_desc : oid); print_raw(str, prefix, &data); gnutls_free(data.data); } diff --git a/tests/cert-tests/data/full.p7b.out b/tests/cert-tests/data/full.p7b.out index fc200f5e17..c4dd043e33 100644 --- a/tests/cert-tests/data/full.p7b.out +++ b/tests/cert-tests/data/full.p7b.out @@ -3,10 +3,10 @@ Signers: Signer's serial: 4de0b4ca Signature Algorithm: RSA-SHA256 Signed Attributes: - 1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 - 1.2.840.113549.1.9.4: 0420ca23e4b39a242dcece33fc776b6c9195595700f92201de19426d2d505576210f - 1.2.840.113549.1.9.5: 170d3135303630313139323232325a - 1.2.840.113549.1.9.3: 06092a864886f70d010701 + smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + messageDigest: 0420ca23e4b39a242dcece33fc776b6c9195595700f92201de19426d2d505576210f + signingTime: 170d3135303630313139323232325a + contentType: 06092a864886f70d010701 Number of certificates: 2 diff --git a/tests/cert-tests/data/openssl-keyid.p7b.out b/tests/cert-tests/data/openssl-keyid.p7b.out index 3eefda94c6..de622ea1fe 100644 --- a/tests/cert-tests/data/openssl-keyid.p7b.out +++ b/tests/cert-tests/data/openssl-keyid.p7b.out @@ -2,10 +2,10 @@ Signers: Signer's issuer key ID: 7607584ceab529f52d80068c834a820d09ec93de Signature Algorithm: RSA-SHA256 Signed Attributes: - 1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 - 1.2.840.113549.1.9.4: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4 - 1.2.840.113549.1.9.5: 170d3136313132343135353132375a - 1.2.840.113549.1.9.3: 06092a864886f70d010701 + smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + messageDigest: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4 + signingTime: 170d3136313132343135353132375a + contentType: 06092a864886f70d010701 Number of certificates: 2 diff --git a/tests/cert-tests/data/openssl.p7b.out b/tests/cert-tests/data/openssl.p7b.out index 6330451477..6d2e69d2ea 100644 --- a/tests/cert-tests/data/openssl.p7b.out +++ b/tests/cert-tests/data/openssl.p7b.out @@ -3,10 +3,10 @@ Signers: Signer's serial: 5838027a15510d5a Signature Algorithm: ECDSA-SHA256 Signed Attributes: - 1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 - 1.2.840.113549.1.9.4: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4 - 1.2.840.113549.1.9.5: 170d3136313132353039333233305a - 1.2.840.113549.1.9.3: 06092a864886f70d010701 + smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + messageDigest: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4 + signingTime: 170d3136313132353039333233305a + contentType: 06092a864886f70d010701 Number of certificates: 2 diff --git a/tests/cert-tests/data/single-ca.p7b.out b/tests/cert-tests/data/single-ca.p7b.out index 35744628b8..bb7425e285 100644 --- a/tests/cert-tests/data/single-ca.p7b.out +++ b/tests/cert-tests/data/single-ca.p7b.out @@ -3,10 +3,10 @@ Signers: Signer's serial: 00 Signature Algorithm: RSA-SHA256 Signed Attributes: - 1.2.840.113549.1.9.15: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 - 1.2.840.113549.1.9.4: 0420aadc1955c030f723e9d89ed9d486b4eef5b0d1c6945be0dd6b7b340d42928ec9 - 1.2.840.113549.1.9.5: 170d3135303533313036343633385a - 1.2.840.113549.1.9.3: 06092a864886f70d010701 + smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + messageDigest: 0420aadc1955c030f723e9d89ed9d486b4eef5b0d1c6945be0dd6b7b340d42928ec9 + signingTime: 170d3135303533313036343633385a + contentType: 06092a864886f70d010701 Number of certificates: 1 diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index eed9f068a2..35d438107e 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -265,7 +265,7 @@ if test "${rc}" != "0"; then fi ${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}" -grep '1.2.840.113549.1.9.3: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1 +grep 'contentType: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1 if test $? != 0;then echo "Content-Type was not set in attributes" exit 1 diff --git a/tests/cert-tests/pkcs7-eddsa b/tests/cert-tests/pkcs7-eddsa index 3ceee482b2..1fd767bd73 100755 --- a/tests/cert-tests/pkcs7-eddsa +++ b/tests/cert-tests/pkcs7-eddsa @@ -97,7 +97,7 @@ if test "${rc}" != "0"; then fi ${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}" -grep '1.2.840.113549.1.9.3: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1 +grep 'contentType: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1 if test $? != 0;then echo "Content-Type was not set in attributes" exit 1 diff --git a/tests/data/test1.cat.out b/tests/data/test1.cat.out index 1a0c955228..d5b20765b4 100644 --- a/tests/data/test1.cat.out +++ b/tests/data/test1.cat.out @@ -5,11 +5,11 @@ Signers: Signature Algorithm: RSA-SHA1 Signed Attributes: 1.3.6.1.4.1.311.2.1.12: 3064a030802e004800650077006c006500740074002d005000610063006b00610072006400200043006f006d00700061006e0079a130802e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f776864632f68636c2f64656661756c742e6d737078 - 1.2.840.113549.1.9.4: 04141c448883117564c1fe830b2833c0ef6b83030c0e + messageDigest: 04141c448883117564c1fe830b2833c0ef6b83030c0e 1.3.6.1.4.1.311.2.1.11: 300c060a2b060104018237020115 - 1.2.840.113549.1.9.3: 06092b0601040182370a01 + contentType: 06092b0601040182370a01 Unsigned Attributes: - 1.2.840.113549.1.9.6: 3082021102010130818e3077310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f66742054696d652d5374616d7020504341021333000000af5347776c1bf1a3020000000000af300906052b0e03021a0500a05d301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3136303931333231313930395a302306092a864886f70d01090431160414d488cf8097e0d20f170aa7cff5414d9dc2f28f7b300d06092a864886f70d01010505000482010016dcd01f53ac52f8f37898f02352716c9de8dcdee53a2dfb243d503b31f252878e54c5716cd2f2237b82a1269322c50ed304c00a85e50c47b3ce43b2dfff9d1d8032541e28216281e715407b8cbe565fee869aa0e6fb6f421c1c5516c7fead80c1c2117998b0a754bb0683971d78a864707349514121bf2158305d672f8800ea02bd266c198afc22449f4579d7f0db337919accd8f8093539e1d24e5c89c0c1f9734ea8f9bec2ce9ff9f22f9649069b759ba05967742615a3953645572eddb4c5006b6fd4c6226beded0038548ed82d3993b17b473ca75e9891d524be5c39ec422d7a78baaa475bf1aa0e196d7db1858edcacea1ef34b2655772ab8fca3c7766 + countersignature: 3082021102010130818e3077310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f66742054696d652d5374616d7020504341021333000000af5347776c1bf1a3020000000000af300906052b0e03021a0500a05d301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3136303931333231313930395a302306092a864886f70d01090431160414d488cf8097e0d20f170aa7cff5414d9dc2f28f7b300d06092a864886f70d01010505000482010016dcd01f53ac52f8f37898f02352716c9de8dcdee53a2dfb243d503b31f252878e54c5716cd2f2237b82a1269322c50ed304c00a85e50c47b3ce43b2dfff9d1d8032541e28216281e715407b8cbe565fee869aa0e6fb6f421c1c5516c7fead80c1c2117998b0a754bb0683971d78a864707349514121bf2158305d672f8800ea02bd266c198afc22449f4579d7f0db337919accd8f8093539e1d24e5c89c0c1f9734ea8f9bec2ce9ff9f22f9649069b759ba05967742615a3953645572eddb4c5006b6fd4c6226beded0038548ed82d3993b17b473ca75e9891d524be5c39ec422d7a78baaa475bf1aa0e196d7db1858edcacea1ef34b2655772ab8fca3c7766 Number of certificates: 4 diff --git a/tests/data/test2.cat.out b/tests/data/test2.cat.out index aead58067c..aec0af9ada 100644 --- a/tests/data/test2.cat.out +++ b/tests/data/test2.cat.out @@ -4,9 +4,9 @@ Signers: Signer's serial: 1656c8b2bf9bb3b24e6f3411cdcff0b5 Signature Algorithm: RSA-SHA1 Signed Attributes: - 1.2.840.113549.1.9.4: 041490608f08aab36bbeef8cb509bef6e60385058afa + messageDigest: 041490608f08aab36bbeef8cb509bef6e60385058afa 1.3.6.1.4.1.311.2.1.11: 300c060a2b060104018237020115 - 1.2.840.113549.1.9.3: 06092b0601040182370a01 + contentType: 06092b0601040182370a01 1.3.6.1.4.1.311.2.1.12: 3000 Number of certificates: 1 -- cgit v1.2.1 From a0e5770f50462de82afaf7743a88c33414cb32dc Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Thu, 14 May 2020 02:20:57 +0300 Subject: pkcs7: add function to display signature information Basically export print_pkcs7_info() in a way usable by external applications. Signed-off-by: Dmitry Baryshkov --- NEWS | 1 + devel/libgnutls-latest-x86_64.abi | 1 + devel/symbols.last | 1 + doc/Makefile.am | 2 ++ doc/manpages/Makefile.am | 1 + lib/includes/gnutls/pkcs7.h | 4 ++++ lib/libgnutls.map | 1 + lib/x509/pkcs7-output.c | 31 +++++++++++++++++++++++++++++++ 8 files changed, 42 insertions(+) diff --git a/NEWS b/NEWS index fe1c6035af..834cd629dd 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,7 @@ See the end for copying conditions. ** API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added GNUTLS_CIPHER_AES_256_SIV: Added +gnutls_pkcs7_print_signature_info: Added * Version 3.6.13 (released 2020-03-31) diff --git a/devel/libgnutls-latest-x86_64.abi b/devel/libgnutls-latest-x86_64.abi index cc44d1898e..8e5e787950 100644 --- a/devel/libgnutls-latest-x86_64.abi +++ b/devel/libgnutls-latest-x86_64.abi @@ -599,6 +599,7 @@ + diff --git a/devel/symbols.last b/devel/symbols.last index 080f7f2954..c5c279c42a 100644 --- a/devel/symbols.last +++ b/devel/symbols.last @@ -565,6 +565,7 @@ gnutls_pkcs7_get_signature_info@GNUTLS_3_4 gnutls_pkcs7_import@GNUTLS_3_4 gnutls_pkcs7_init@GNUTLS_3_4 gnutls_pkcs7_print@GNUTLS_3_4 +gnutls_pkcs7_print_signature_info@GNUTLS_3_6_14 gnutls_pkcs7_set_crl@GNUTLS_3_4 gnutls_pkcs7_set_crl_raw@GNUTLS_3_4 gnutls_pkcs7_set_crt@GNUTLS_3_4 diff --git a/doc/Makefile.am b/doc/Makefile.am index 83d851220c..01f7cd6fc1 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1539,6 +1539,8 @@ FUNCS += functions/gnutls_pkcs7_init FUNCS += functions/gnutls_pkcs7_init.short FUNCS += functions/gnutls_pkcs7_print FUNCS += functions/gnutls_pkcs7_print.short +FUNCS += functions/gnutls_pkcs7_print_signature_info +FUNCS += functions/gnutls_pkcs7_print_signature_info.short FUNCS += functions/gnutls_pkcs7_set_crl FUNCS += functions/gnutls_pkcs7_set_crl.short FUNCS += functions/gnutls_pkcs7_set_crl_raw diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index 18f382ee45..552130afa4 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -571,6 +571,7 @@ APIMANS += gnutls_pkcs7_get_signature_info.3 APIMANS += gnutls_pkcs7_import.3 APIMANS += gnutls_pkcs7_init.3 APIMANS += gnutls_pkcs7_print.3 +APIMANS += gnutls_pkcs7_print_signature_info.3 APIMANS += gnutls_pkcs7_set_crl.3 APIMANS += gnutls_pkcs7_set_crl_raw.3 APIMANS += gnutls_pkcs7_set_crt.3 diff --git a/lib/includes/gnutls/pkcs7.h b/lib/includes/gnutls/pkcs7.h index 8a6c2034f0..58ea4aaf81 100644 --- a/lib/includes/gnutls/pkcs7.h +++ b/lib/includes/gnutls/pkcs7.h @@ -144,6 +144,10 @@ int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7, gnutls_certificate_print_formats_t format, gnutls_datum_t * out); +int gnutls_pkcs7_print_signature_info(gnutls_pkcs7_signature_info_st * info, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 512e403bb6..ac6be479f1 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1328,6 +1328,7 @@ GNUTLS_3_6_14 { global: gnutls_ext_get_name2; + gnutls_pkcs7_print_signature_info; } GNUTLS_3_6_13; GNUTLS_FIPS140_3_4 { diff --git a/lib/x509/pkcs7-output.c b/lib/x509/pkcs7-output.c index bcffbaafd5..3d686df228 100644 --- a/lib/x509/pkcs7-output.c +++ b/lib/x509/pkcs7-output.c @@ -184,6 +184,37 @@ static void print_pkcs7_info(gnutls_pkcs7_signature_info_st * info, adds(str, "\n"); } +/** + * gnutls_pkcs7_print_signature_info: + * @info: The PKCS7 signature info struct to be printed + * @format: Indicate the format to use + * @out: Newly allocated datum with null terminated string. + * + * This function will pretty print a PKCS #7 signature info structure, suitable + * for display to a human. + * + * Currently the supported formats are %GNUTLS_CRT_PRINT_FULL and + * %GNUTLS_CRT_PRINT_COMPACT. + * + * The output @out needs to be deallocated using gnutls_free(). + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a + * negative error value. + * + * Since: 3.6.14 + **/ +int gnutls_pkcs7_print_signature_info(gnutls_pkcs7_signature_info_st * info, + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out) +{ + gnutls_buffer_st str; + + _gnutls_buffer_init(&str); + print_pkcs7_info(info, &str, format); + + return _gnutls_buffer_to_datum(&str, out, 1); +} + /** * gnutls_pkcs7_crt_print: * @pkcs7: The PKCS7 struct to be printed -- cgit v1.2.1 From 37cb916de5c8806b43bfbc859f27fe03624f297e Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Thu, 14 May 2020 02:22:05 +0300 Subject: certtool: use gnutls_pkcs7_print_signature_info Use new function to remove code duplication. Signed-off-by: Dmitry Baryshkov --- src/certtool.c | 88 +++++----------------------------------------------------- 1 file changed, 7 insertions(+), 81 deletions(-) diff --git a/src/certtool.c b/src/certtool.c index b65359c27c..a46f774114 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -2624,94 +2624,20 @@ void verify_crl(common_info_st * cinfo) app_exit(rc); } -static void print_dn(const char *prefix, const gnutls_datum_t *raw) -{ - gnutls_x509_dn_t dn = NULL; - gnutls_datum_t str = {NULL, 0}; - int ret; - - ret = gnutls_x509_dn_init(&dn); - if (ret < 0) - return; - - ret = gnutls_x509_dn_import(dn, raw); - if (ret < 0) - goto cleanup; - - ret = gnutls_x509_dn_get_str2(dn, &str, 0); - if (ret < 0) - goto cleanup; - - fprintf(outfile, "%s: %s\n", prefix, str.data); - - cleanup: - gnutls_x509_dn_deinit(dn); - gnutls_free(str.data); -} - -static void print_raw(const char *prefix, const gnutls_datum_t *raw) +static void print_pkcs7_sig_info(gnutls_pkcs7_signature_info_st *info, common_info_st *cinfo) { int ret; - gnutls_datum_t tmp; + gnutls_datum_t str; - if (raw->data == NULL || raw->size == 0) - return; - - ret = gnutls_hex_encode2(raw, &tmp); + ret = gnutls_pkcs7_print_signature_info(info, GNUTLS_CRT_PRINT_COMPACT, &str); if (ret < 0) { - fprintf(stderr, "gnutls_hex_encode2: %s\n", - gnutls_strerror(ret)); + fprintf(stderr, "printing error: %s\n", + gnutls_strerror(ret)); app_exit(1); } - fprintf(outfile, "%s: %s\n", prefix, tmp.data); - gnutls_free(tmp.data); -} - -static void print_pkcs7_sig_info(gnutls_pkcs7_signature_info_st *info, common_info_st *cinfo) -{ - unsigned i; - char *oid; - gnutls_datum_t data; - char prefix[128]; - int ret; - char timebuf[SIMPLE_CTIME_BUF_SIZE]; - - print_dn("\tSigner's issuer DN", &info->issuer_dn); - print_raw("\tSigner's serial", &info->signer_serial); - print_raw("\tSigner's issuer key ID", &info->issuer_keyid); - if (info->signing_time != -1) - fprintf(outfile, "\tSigning time: %s\n", simple_ctime(&info->signing_time, timebuf)); - - fprintf(outfile, "\tSignature Algorithm: %s\n", gnutls_sign_get_name(info->algo)); - - if (info->signed_attrs) { - for (i=0;;i++) { - ret = gnutls_pkcs7_get_attr(info->signed_attrs, i, &oid, &data, 0); - if (ret < 0) - break; - if (i==0) - fprintf(outfile, "\tSigned Attributes:\n"); - - snprintf(prefix, sizeof(prefix), "\t\t%s", oid); - print_raw(prefix, &data); - gnutls_free(data.data); - } - } - if (info->unsigned_attrs) { - for (i=0;;i++) { - ret = gnutls_pkcs7_get_attr(info->unsigned_attrs, i, &oid, &data, 0); - if (ret < 0) - break; - if (i==0) - fprintf(outfile, "\tUnsigned Attributes:\n"); - - snprintf(prefix, sizeof(prefix), "\t\t%s", oid); - print_raw(prefix, &data); - gnutls_free(data.data); - } - } - fprintf(outfile, "\n"); + fprintf(outfile, "%s", str.data); + gnutls_free(str.data); } void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_data) -- cgit v1.2.1