The branch master has been updated via dbcc7b45670483cc89428afe1d3c363ef83d76df (commit) from 8c95977fbf401df72c9a236348130ba4483d7691 (commit)
- Log ----------------------------------------------------------------- commit dbcc7b45670483cc89428afe1d3c363ef83d76df Author: Jon Spillett <jon.spill...@oracle.com> Date: Mon Sep 2 10:06:29 2019 +1000 apps/pkcs12: print multiple PKCS#12 safeBag attribute values if present Currently the pkcs12 app will only ever print the first value of a multi-value attribute. This is OK for some attributes (e.g. friendlyName, localKeyId) but may miss values for other attributes. Reviewed-by: Matt Caswell <m...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matthias St. Pierre <matthias.st.pie...@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9751) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++++ apps/pkcs12.c | 64 +++++++++++++++++++++++++++++++++++------------------------ 2 files changed, 42 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 65b344efe4..c32f768fc8 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just + the first value. + [Jon Spillett] + *) Deprecated the public definition of ERR_STATE as well as the function ERR_get_state(). This is done in preparation of making ERR_STATE an opaque type. diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 407340b388..902b75029c 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, const char *pass, int passlen, int options, char *pempass, const EVP_CIPHER *enc); +void print_attribute(BIO *out, const ASN1_TYPE *av); int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); @@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk) return ret; } +/* Generalised x509 attribute value print */ + +void print_attribute(BIO *out, const ASN1_TYPE *av) +{ + char *value; + + switch (av->type) { + case V_ASN1_BMPSTRING: + value = OPENSSL_uni2asc(av->value.bmpstring->data, + av->value.bmpstring->length); + BIO_printf(out, "%s\n", value); + OPENSSL_free(value); + break; + + case V_ASN1_OCTET_STRING: + hex_prin(out, av->value.octet_string->data, + av->value.octet_string->length); + BIO_printf(out, "\n"); + break; + + case V_ASN1_BIT_STRING: + hex_prin(out, av->value.bit_string->data, + av->value.bit_string->length); + BIO_printf(out, "\n"); + break; + + default: + BIO_printf(out, "<Unsupported tag %d>\n", av->type); + break; + } +} + /* Generalised attribute print: handle PKCS#8 and bag attributes */ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, @@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, { X509_ATTRIBUTE *attr; ASN1_TYPE *av; - char *value; - int i, attr_nid; + int i, j, attr_nid; if (!attrlst) { BIO_printf(out, "%s: <No Attributes>\n", name); return 1; @@ -910,30 +942,10 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, } if (X509_ATTRIBUTE_count(attr)) { - av = X509_ATTRIBUTE_get0_type(attr, 0); - switch (av->type) { - case V_ASN1_BMPSTRING: - value = OPENSSL_uni2asc(av->value.bmpstring->data, - av->value.bmpstring->length); - BIO_printf(out, "%s\n", value); - OPENSSL_free(value); - break; - - case V_ASN1_OCTET_STRING: - hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); - BIO_printf(out, "\n"); - break; - - case V_ASN1_BIT_STRING: - hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); - BIO_printf(out, "\n"); - break; - - default: - BIO_printf(out, "<Unsupported tag %d>\n", av->type); - break; + for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) + { + av = X509_ATTRIBUTE_get0_type(attr, j); + print_attribute(out, av); } } else { BIO_printf(out, "<No Values>\n");