certtool: don't output textual information if --no-text was given

Change privkey/certificate/CRL/CSR handling to disable text output if
--no-text option was given.

Closes #487

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/NEWS b/NEWS
index eb09d3a831d78bda83cb7d79f01f4960b394c54d..30f6ffffc7db885c3eaa1a9645adf81955344c18 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,9 @@ See the end for copying conditions.
 ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
    keys parsing, as specified in R 50.1.112-2016.
 
+** certtool: Add parameter --no-text that prevents certtool from outputting
+   text before PEM-encoded private key, public key, certificate, CRL or CSR.
+
 ** API and ABI modifications:
 GNUTLS_AUTO_REAUTH: Added
 GNUTLS_CIPHER_AES_128_CFB8: Added

diff --git a/src/certtool-args.def b/src/certtool-args.def
index 84a40efb051b009273a699de12bd6c3229567880..d5336eda7b289a28103287783f98c4de9c10a545 100644 (file)
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -661,6 +661,14 @@ flag = {
     doc      = "This will override the default options in /etc/gnutls/pkcs11.conf";
 };
 
+flag = {
+    name      = text;
+    descrip   = "Output textual information before PEM-encoded certificates, private keys, etc";
+    enabled;
+    disable   = "no";
+    doc       = "Output textual information before PEM-encoded data";
+};
+
 doc-section = {
   ds-type = 'SEE ALSO';
   ds-format = 'texi';

diff --git a/src/certtool-common.c b/src/certtool-common.c
index 893e17f2765c536345d847859d6a1e8a0ba75608..ec149860b55391ea2897670a2f300de0ea72b881 100644 (file)
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -993,36 +993,40 @@ print_rsa_pkey(FILE * outfile, gnutls_datum_t * m, gnutls_datum_t * e,
        }
 }
 
-void _pubkey_info(FILE * outfile,
-                 gnutls_certificate_print_formats_t format,
-                 gnutls_pubkey_t pubkey)
+void print_pubkey_info(gnutls_pubkey_t pubkey,
+                      FILE *outfile,
+                      gnutls_certificate_print_formats_t format,
+                      gnutls_x509_crt_fmt_t outcert_format,
+                      unsigned int outtext)
 {
        gnutls_datum_t data;
        int ret;
        size_t size;
 
-       fix_lbuffer(0);
+       if (outtext) {
+               ret = gnutls_pubkey_print(pubkey, format, &data);
+               if (ret < 0) {
+                       fprintf(stderr, "pubkey_print error: %s\n",
+                               gnutls_strerror(ret));
+                       app_exit(1);
+               }
 
-       ret = gnutls_pubkey_print(pubkey, format, &data);
-       if (ret < 0) {
-               fprintf(stderr, "pubkey_print error: %s\n",
-                       gnutls_strerror(ret));
-               app_exit(1);
+               fprintf(outfile, "%s\n\n", data.data);
+               gnutls_free(data.data);
        }
 
-       fprintf(outfile, "%s\n", data.data);
-       gnutls_free(data.data);
+       fix_lbuffer(0);
 
        size = lbuffer_size;
        ret =
-           gnutls_pubkey_export(pubkey, GNUTLS_X509_FMT_PEM, lbuffer,
+           gnutls_pubkey_export(pubkey, outcert_format, lbuffer,
                                 &size);
        if (ret < 0) {
                fprintf(stderr, "export error: %s\n", gnutls_strerror(ret));
                app_exit(1);
        }
 
-       fprintf(outfile, "\n%s\n", lbuffer);
+       fwrite(lbuffer, 1, size, outfile);
 }
 
 static void
@@ -1114,7 +1118,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci)
                app_exit(1);
        }
 
-       if (ci->outcert_format == GNUTLS_X509_FMT_PEM)
+       if (ci->outtext)
                print_dh_info(outfile, &p, &g, q_bits, ci->cprint);
 
        if (!ci->cprint) {      /* generate a PKCS#3 structure */
@@ -1378,7 +1382,7 @@ print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t k
 
        /* Only print private key parameters when an unencrypted
         * format is used */
-       if (cinfo->outcert_format == GNUTLS_X509_FMT_PEM)
+       if (cinfo->outtext)
                privkey_info_int(outfile, cinfo, key);
 
        switch_to_pkcs8_when_needed(cinfo, key, gnutls_x509_privkey_get_pk_algorithm(key));
@@ -1568,7 +1572,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 #endif
        }
 
-       if (info->outcert_format == GNUTLS_X509_FMT_PEM)
+       if (info->outtext)
                print_dh_info(outfile, &p, &g, q_bits, info->cprint);
 
        if (!info->cprint) {    /* generate a PKCS#3 structure */

diff --git a/src/certtool-common.h b/src/certtool-common.h
index 3dac2ae3c14523e9fa2f82b291f9def9e094a873..ea7f43f2f1655784d2f66015d7f04de5b097a040 100644 (file)
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -43,6 +43,7 @@ typedef struct common_info {
        int pkcs8;
        int incert_format;
        int outcert_format;
+       int outtext;
        const char *cert;
 
        const char *request;
@@ -150,8 +151,11 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci);
 gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
                                         common_info_st * info);
 
-void _pubkey_info(FILE * outfile, gnutls_certificate_print_formats_t,
-                 gnutls_pubkey_t pubkey);
+void print_pubkey_info(gnutls_pubkey_t pubkey,
+                      FILE *outfile,
+                      gnutls_certificate_print_formats_t format,
+                      gnutls_x509_crt_fmt_t outcert_format,
+                      unsigned int outtext);
 void print_ecc_pkey(FILE * outfile, gnutls_ecc_curve_t curve,
                    gnutls_datum_t * k, gnutls_datum_t * x,
                    gnutls_datum_t * y, int cprint);

diff --git a/src/certtool.c b/src/certtool.c
index a755e1bca3419ac349f5472f25c0db9bfc7afa45..a45efdf7b755f572263bd38f24da74ab31c432fb 100644 (file)
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -57,14 +57,14 @@
 
 static FILE *stdlog = NULL;
 
-static void print_crl_info(gnutls_x509_crl_t crl, FILE * out);
+static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *cinfo);
 void pkcs7_info(common_info_st *cinfo, unsigned display_data);
 void pkcs7_sign(common_info_st *, unsigned embed);
 void pkcs7_generate(common_info_st *);
 void pkcs8_info(void);
 void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
                        unsigned ignore_err, FILE *out, const char *tab);
-void crq_info(void);
+void crq_info(common_info_st *cinfo);
 void smime_to_pkcs7(void);
 void pkcs12_info(common_info_st *);
 void generate_pkcs12(common_info_st *);
@@ -74,7 +74,7 @@ void verify_crl(common_info_st * cinfo);
 void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_data);
 void pubkey_info(gnutls_x509_crt_t crt, common_info_st *);
 void certificate_info(int, common_info_st *);
-void crl_info(void);
+void crl_info(common_info_st *cinfo);
 void privkey_info(common_info_st *);
 static void cmd_parser(int argc, char **argv);
 void generate_self_signed(common_info_st *);
@@ -1073,7 +1073,7 @@ static void generate_signed_crl(common_info_st * cinfo)
                app_exit(1);
        }
 
-       print_crl_info(crl, stdlog);
+       print_crl_info(crl, stdlog, cinfo);
 
        gnutls_privkey_deinit(ca_key);
        gnutls_x509_crl_deinit(crl);
@@ -1334,6 +1334,7 @@ static void cmd_parser(int argc, char **argv)
        cinfo.pkcs8 = HAVE_OPT(PKCS8);
        cinfo.incert_format = incert_format;
        cinfo.outcert_format = outcert_format;
+       cinfo.outtext = ENABLED_OPT(TEXT) && outcert_format == GNUTLS_X509_FMT_PEM;
 
        if (HAVE_OPT(LOAD_CERTIFICATE))
                cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
@@ -1432,7 +1433,7 @@ static void cmd_parser(int argc, char **argv)
        else if (HAVE_OPT(GET_DH_PARAMS))
                generate_prime(outfile, 0, &cinfo);
        else if (HAVE_OPT(CRL_INFO))
-               crl_info();
+               crl_info(&cinfo);
        else if (HAVE_OPT(P7_INFO))
                pkcs7_info(&cinfo, ENABLED_OPT(P7_SHOW_DATA));
        else if (HAVE_OPT(P7_GENERATE))
@@ -1450,7 +1451,7 @@ static void cmd_parser(int argc, char **argv)
        else if (HAVE_OPT(TO_P8))
                generate_pkcs8(&cinfo);
        else if (HAVE_OPT(CRQ_INFO))
-               crq_info();
+               crq_info(&cinfo);
        else
                USAGE(1);
 
@@ -1504,7 +1505,7 @@ void certificate_info(int pubkey, common_info_st * cinfo)
                if (i > 0)
                        fprintf(outfile, "\n");
 
-               if (outcert_format == GNUTLS_X509_FMT_PEM)
+               if (cinfo->outtext)
                        print_certificate_info(crts[i], outfile, 1);
 
                if (pubkey) {
@@ -1554,13 +1555,13 @@ print_certificate_info(gnutls_x509_crt_t crt, FILE * out, unsigned int all)
                }
 }
 
-static void print_crl_info(gnutls_x509_crl_t crl, FILE * out)
+static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *cinfo)
 {
        gnutls_datum_t data;
        gnutls_datum_t cout;
        int ret;
 
-       if (outcert_format == GNUTLS_X509_FMT_PEM) {
+       if (cinfo->outtext) {
                ret = gnutls_x509_crl_print(crl, full_format, &data);
                if (ret < 0) {
                        fprintf(stderr, "crl_print: %s\n", gnutls_strerror(ret));
@@ -1582,7 +1583,7 @@ static void print_crl_info(gnutls_x509_crl_t crl, FILE * out)
        gnutls_free(cout.data);
 }
 
-void crl_info(void)
+void crl_info(common_info_st *cinfo)
 {
        gnutls_x509_crl_t crl;
        int ret;
@@ -1611,18 +1612,18 @@ void crl_info(void)
                app_exit(1);
        }
 
-       print_crl_info(crl, outfile);
+       print_crl_info(crl, outfile, cinfo);
 
        gnutls_x509_crl_deinit(crl);
 }
 
-static void print_crq_info(gnutls_x509_crq_t crq, FILE * out)
+static void print_crq_info(gnutls_x509_crq_t crq, FILE * out, common_info_st *cinfo)
 {
        gnutls_datum_t data;
        int ret;
        size_t size;
 
-       if (outcert_format == GNUTLS_X509_FMT_PEM) {
+       if (cinfo->outtext) {
                ret = gnutls_x509_crq_print(crq, full_format, &data);
                if (ret < 0) {
                        fprintf(stderr, "crq_print: %s\n",
@@ -1637,10 +1638,10 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out)
 
        ret = gnutls_x509_crq_verify(crq, 0);
        if (ret < 0) {
-               fprintf(outcert_format == GNUTLS_X509_FMT_PEM ? out : stderr,
+               fprintf(cinfo->outtext ? out : stderr,
                        "Self signature: FAILED\n\n");
        } else {
-               fprintf(outcert_format == GNUTLS_X509_FMT_PEM ? out : stderr,
+               fprintf(cinfo->outtext ? out : stderr,
                        "Self signature: verified\n\n");
        }
 
@@ -1654,7 +1655,7 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out)
        fwrite(lbuffer, 1, size, outfile);
 }
 
-void crq_info(void)
+void crq_info(common_info_st *cinfo)
 {
        gnutls_x509_crq_t crq;
        int ret;
@@ -1683,7 +1684,7 @@ void crq_info(void)
                app_exit(1);
        }
 
-       print_crq_info(crq, outfile);
+       print_crq_info(crq, outfile, cinfo);
 
        gnutls_x509_crq_deinit(crq);
 }
@@ -2052,7 +2053,7 @@ void generate_request(common_info_st * cinfo)
                app_exit(1);
        }
 
-       print_crq_info(crq, outfile);
+       print_crq_info(crq, outfile, cinfo);
 
        gnutls_x509_crq_deinit(crq);
        gnutls_privkey_deinit(pkey);
@@ -2531,7 +2532,7 @@ void verify_crl(common_info_st * cinfo)
                app_exit(1);
        }
 
-       print_crl_info(crl, outfile);
+       print_crl_info(crl, outfile, cinfo);
 
        ret = gnutls_x509_crl_verify(crl, &issuer, 1, 0, &output);
        if (ret < 0) {
@@ -3864,8 +3865,6 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo)
 void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo)
 {
        gnutls_pubkey_t pubkey;
-       int ret;
-       size_t size;
 
        pubkey = find_pubkey(crt, cinfo);
        if (pubkey == 0) {
@@ -3873,27 +3872,7 @@ void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo)
                app_exit(1);
        }
 
-       if (outcert_format == GNUTLS_X509_FMT_DER) {
-               size = lbuffer_size;
-               ret =
-                   gnutls_pubkey_export(pubkey, outcert_format, lbuffer,
-                                        &size);
-               if (ret < 0) {
-                       fprintf(stderr, "export error: %s\n",
-                               gnutls_strerror(ret));
-                       app_exit(1);
-               }
-
-               fwrite(lbuffer, 1, size, outfile);
-
-               gnutls_pubkey_deinit(pubkey);
-
-               return;
-       }
-
-       /* PEM */
-
-       _pubkey_info(outfile, full_format, pubkey);
+       print_pubkey_info(pubkey, outfile, full_format, outcert_format, cinfo->outtext);
        gnutls_pubkey_deinit(pubkey);
 }
 

diff --git a/src/tpmtool.c b/src/tpmtool.c
index 23085b197656d49c045eb6a51f532f3b0ebfa05b..76568bb4289a665d84675d73012852e41da548cd 100644 (file)
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -373,7 +373,7 @@ static void tpm_pubkey(const char *url, FILE * out, unsigned int srk_well_known)
                exit(1);
        }
 
-       _pubkey_info(out, GNUTLS_CRT_PRINT_FULL, pubkey);
+       print_pubkey_info(pubkey, out, GNUTLS_CRT_PRINT_FULL, GNUTLS_X509_FMT_PEM, 1);
 
        gnutls_pubkey_deinit(pubkey);
 }