From: Jeremy Harris Date: Mon, 15 Aug 2022 17:42:28 +0000 (+0100) Subject: OpenSSL: strip spaces & newlines from cert signature expansion X-Git-Tag: exim-4.97-RC0~251 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/9b5fdee115fdd09588bd03f3ebdc85cfe7357fc5 OpenSSL: strip spaces & newlines from cert signature expansion --- diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index 168e35b7f..ac353b25f 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -261,11 +261,19 @@ if (X509_print_ex(bp, (X509 *)cert, 0, X509_FLAG_NO_AUX) == 1) { long len = BIO_get_mem_data(bp, &cp); + gstring * g = NULL; /* Strip leading "Signature Algorithm" line */ while (*cp && *cp != '\n') { cp++; len--; } + if (*cp) { cp++; len--; } - cp = string_copyn(cp+1, len-1); + /* Strip possible leading " Signature Value:\n" (seen with OpenSSL 3.0.5) */ + if (Ustrncmp(cp, " Signature Value:\n", 21) == 0) { cp += 21; len -= 21; } + + /* Copy only hexchars and colon (different OpenSSL versions do different spacing) */ + for ( ; len-- && *cp; cp++) + if (Ustrchr("0123456789abcdef:", *cp)) g = string_catn(g, cp, 1); + cp = string_from_gstring(g); } BIO_free(bp); return cp; diff --git a/test/log/2102 b/test/log/2102 index b4e643121..4702a6c7e 100644 --- a/test/log/2102 +++ b/test/log/2102 @@ -31,7 +31,7 @@ 1999-03-02 09:44:33 NA/i <2143283670> 1999-03-02 09:44:33 NA 1999-03-02 09:44:33 SA -1999-03-02 09:44:33 SG < 5d:2c:8d:dc:bf:45:79:5d:60:8e:57:08:fe:10:da:9d:34:eb:\n e6:b0:b0:5b:88:16:70:97:0b:ab:b4:1c:a8:04:99:40:84:1b:\n ed:45:6c:fc:30:9c:f2:f2:44:28:f3:76:28:a0:14:49:9f:a1:\n 00:ac:2b:cf:88:68:ea:bc:21:d2:4b:29:fa:5e:38:d8:78:52:\n ae:0e:d8:ef:20:84:f3:43:8a:05:ea:17:f7:37:89:a8:9b:3a:\n ba:41:26:d2:e4:0f:a5:21:f6:c1:e7:15:90:b0:c4:5b:2b:d0:\n 05:23:e7:84:45:77:24:b1:34:8f:24:a0:9b:69:39:52:0a:ec:\n b3:38:1e:70:47:60:23:ea:f7:3d:c7:0c:20:de:dd:d5:6f:56:\n 76:db:74:24:c4:4e:13:e1:ee:0a:b5:c1:72:95:38:08:11:bc:\n e4:fe:d5:be:5f:80:1d:5d:c9:48:b8:40:43:5a:3e:2a:fa:bb:\n e7:df:29:79:d2:c2:3a:2d:f4:4b:02:f1:c3:05:88:84:9a:b4:\n af:03:c0:55:2b:72:b0:ba:f4:3b:5d:09:8f:6e:06:2a:52:0d:\n a4:4a:38:06:2c:c3:4c:83:a9:91:d9:6a:ed:a5:a1:fe:67:44:\n 97:2c:f1:f9:4f:36:1f:92:57:0c:76:7a:d3:e0:6f:04:72:11:\n db:ae:4b:42\n> +1999-03-02 09:44:33 SG <5d:2c:8d:dc:bf:45:79:5d:60:8e:57:08:fe:10:da:9d:34:eb:e6:b0:b0:5b:88:16:70:97:0b:ab:b4:1c:a8:04:99:40:84:1b:ed:45:6c:fc:30:9c:f2:f2:44:28:f3:76:28:a0:14:49:9f:a1:00:ac:2b:cf:88:68:ea:bc:21:d2:4b:29:fa:5e:38:d8:78:52:ae:0e:d8:ef:20:84:f3:43:8a:05:ea:17:f7:37:89:a8:9b:3a:ba:41:26:d2:e4:0f:a5:21:f6:c1:e7:15:90:b0:c4:5b:2b:d0:05:23:e7:84:45:77:24:b1:34:8f:24:a0:9b:69:39:52:0a:ec:b3:38:1e:70:47:60:23:ea:f7:3d:c7:0c:20:de:dd:d5:6f:56:76:db:74:24:c4:4e:13:e1:ee:0a:b5:c1:72:95:38:08:11:bc:e4:fe:d5:be:5f:80:1d:5d:c9:48:b8:40:43:5a:3e:2a:fa:bb:e7:df:29:79:d2:c2:3a:2d:f4:4b:02:f1:c3:05:88:84:9a:b4:af:03:c0:55:2b:72:b0:ba:f4:3b:5d:09:8f:6e:06:2a:52:0d:a4:4a:38:06:2c:c3:4c:83:a9:91:d9:6a:ed:a5:a1:fe:67:44:97:2c:f1:f9:4f:36:1f:92:57:0c:76:7a:d3:e0:6f:04:72:11:db:ae:4b:42> 1999-03-02 09:44:33 SAN 1999-03-02 09:44:33 OCU 1999-03-02 09:44:33 (no CRU) diff --git a/test/log/2102.openssl_1_1_1 b/test/log/2102.openssl_1_1_1 index 5d709daa6..5cfa953d1 100644 --- a/test/log/2102.openssl_1_1_1 +++ b/test/log/2102.openssl_1_1_1 @@ -31,7 +31,7 @@ 1999-03-02 09:44:33 NA/i <2143283670> 1999-03-02 09:44:33 NA 1999-03-02 09:44:33 SA -1999-03-02 09:44:33 SG < 5d:2c:8d:dc:bf:45:79:5d:60:8e:57:08:fe:10:da:9d:34:eb:\n e6:b0:b0:5b:88:16:70:97:0b:ab:b4:1c:a8:04:99:40:84:1b:\n ed:45:6c:fc:30:9c:f2:f2:44:28:f3:76:28:a0:14:49:9f:a1:\n 00:ac:2b:cf:88:68:ea:bc:21:d2:4b:29:fa:5e:38:d8:78:52:\n ae:0e:d8:ef:20:84:f3:43:8a:05:ea:17:f7:37:89:a8:9b:3a:\n ba:41:26:d2:e4:0f:a5:21:f6:c1:e7:15:90:b0:c4:5b:2b:d0:\n 05:23:e7:84:45:77:24:b1:34:8f:24:a0:9b:69:39:52:0a:ec:\n b3:38:1e:70:47:60:23:ea:f7:3d:c7:0c:20:de:dd:d5:6f:56:\n 76:db:74:24:c4:4e:13:e1:ee:0a:b5:c1:72:95:38:08:11:bc:\n e4:fe:d5:be:5f:80:1d:5d:c9:48:b8:40:43:5a:3e:2a:fa:bb:\n e7:df:29:79:d2:c2:3a:2d:f4:4b:02:f1:c3:05:88:84:9a:b4:\n af:03:c0:55:2b:72:b0:ba:f4:3b:5d:09:8f:6e:06:2a:52:0d:\n a4:4a:38:06:2c:c3:4c:83:a9:91:d9:6a:ed:a5:a1:fe:67:44:\n 97:2c:f1:f9:4f:36:1f:92:57:0c:76:7a:d3:e0:6f:04:72:11:\n db:ae:4b:42\n> +1999-03-02 09:44:33 SG <5d:2c:8d:dc:bf:45:79:5d:60:8e:57:08:fe:10:da:9d:34:eb:e6:b0:b0:5b:88:16:70:97:0b:ab:b4:1c:a8:04:99:40:84:1b:ed:45:6c:fc:30:9c:f2:f2:44:28:f3:76:28:a0:14:49:9f:a1:00:ac:2b:cf:88:68:ea:bc:21:d2:4b:29:fa:5e:38:d8:78:52:ae:0e:d8:ef:20:84:f3:43:8a:05:ea:17:f7:37:89:a8:9b:3a:ba:41:26:d2:e4:0f:a5:21:f6:c1:e7:15:90:b0:c4:5b:2b:d0:05:23:e7:84:45:77:24:b1:34:8f:24:a0:9b:69:39:52:0a:ec:b3:38:1e:70:47:60:23:ea:f7:3d:c7:0c:20:de:dd:d5:6f:56:76:db:74:24:c4:4e:13:e1:ee:0a:b5:c1:72:95:38:08:11:bc:e4:fe:d5:be:5f:80:1d:5d:c9:48:b8:40:43:5a:3e:2a:fa:bb:e7:df:29:79:d2:c2:3a:2d:f4:4b:02:f1:c3:05:88:84:9a:b4:af:03:c0:55:2b:72:b0:ba:f4:3b:5d:09:8f:6e:06:2a:52:0d:a4:4a:38:06:2c:c3:4c:83:a9:91:d9:6a:ed:a5:a1:fe:67:44:97:2c:f1:f9:4f:36:1f:92:57:0c:76:7a:d3:e0:6f:04:72:11:db:ae:4b:42> 1999-03-02 09:44:33 SAN 1999-03-02 09:44:33 OCU 1999-03-02 09:44:33 (no CRU) diff --git a/test/log/5720 b/test/log/5720 index a3d144e76..19e625efc 100644 --- a/test/log/5720 +++ b/test/log/5720 @@ -16,7 +16,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 NB 1999-03-02 09:44:33 10HmaX-0005vi-00 NA 1999-03-02 09:44:33 10HmaX-0005vi-00 SA -1999-03-02 09:44:33 10HmaX-0005vi-00 SG < 2f:9e:ed:c8:45:94:91:a3:97:5b:4f:a5:60:96:c7:be:40:28:\n 0c:19:25:a8:ec:29:2e:09:1c:e6:95:00:1d:8e:96:bb:80:7b:\n d7:61:3e:37:8b:d5:1d:37:26:f8:3e:c5:0b:07:fb:79:9c:0f:\n ed:95:58:90:1a:42:49:97:9b:c5:9e:f3:f2:3b:ff:41:b0:74:\n ff:8e:24:04:95:9f:85:93:b3:75:f4:38:80:1c:25:7d:2e:e1:\n e4:f4:a7:ba:6d:89:6c:6c:30:c1:19:96:47:a2:9d:e7:c7:8a:\n 0b:54:eb:f1:1d:af:0a:84:87:7e:c5:74:19:b0:ce:e3:f7:ef:\n 8f:5e:2a:bd:b6:d7:49:b9:ac:31:2a:30:8a:c0:5b:f8:a8:b4:\n 9d:ca:b7:e2:e7:14:09:15:54:9c:0a:09:16:38:3c:32:97:32:\n 51:66:d2:c2:fb:5c:d8:b8:8b:28:23:d7:e5:4c:78:91:55:0b:\n 15:2b:10:87:04:f4:d0:55:3f:fe:c8:f4:27:ca:4d:5b:75:79:\n c5:df:ef:b2:e9:1c:be:af:0b:13:7b:da:7f:a2:76:34:7f:d0:\n 34:42:be:94:6c:ce:f7:36:c1:ee:f3:4f:61:aa:ba:54:d7:3b:\n 67:f7:47:5f:a2:ce:aa:fd:8d:92:09:46:21:de:bf:7f:1e:b8:\n 4b:00:c8:a6\n> +1999-03-02 09:44:33 10HmaX-0005vi-00 SG <2f:9e:ed:c8:45:94:91:a3:97:5b:4f:a5:60:96:c7:be:40:28:0c:19:25:a8:ec:29:2e:09:1c:e6:95:00:1d:8e:96:bb:80:7b:d7:61:3e:37:8b:d5:1d:37:26:f8:3e:c5:0b:07:fb:79:9c:0f:ed:95:58:90:1a:42:49:97:9b:c5:9e:f3:f2:3b:ff:41:b0:74:ff:8e:24:04:95:9f:85:93:b3:75:f4:38:80:1c:25:7d:2e:e1:e4:f4:a7:ba:6d:89:6c:6c:30:c1:19:96:47:a2:9d:e7:c7:8a:0b:54:eb:f1:1d:af:0a:84:87:7e:c5:74:19:b0:ce:e3:f7:ef:8f:5e:2a:bd:b6:d7:49:b9:ac:31:2a:30:8a:c0:5b:f8:a8:b4:9d:ca:b7:e2:e7:14:09:15:54:9c:0a:09:16:38:3c:32:97:32:51:66:d2:c2:fb:5c:d8:b8:8b:28:23:d7:e5:4c:78:91:55:0b:15:2b:10:87:04:f4:d0:55:3f:fe:c8:f4:27:ca:4d:5b:75:79:c5:df:ef:b2:e9:1c:be:af:0b:13:7b:da:7f:a2:76:34:7f:d0:34:42:be:94:6c:ce:f7:36:c1:ee:f3:4f:61:aa:ba:54:d7:3b:67:f7:47:5f:a2:ce:aa:fd:8d:92:09:46:21:de:bf:7f:1e:b8:4b:00:c8:a6> 1999-03-02 09:44:33 10HmaX-0005vi-00 (no SAN) 1999-03-02 09:44:33 10HmaX-0005vi-00 (no OCU) 1999-03-02 09:44:33 10HmaX-0005vi-00 (no CRU) @@ -52,7 +52,7 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 NB 1999-03-02 09:44:33 10HmaY-0005vi-00 NA 1999-03-02 09:44:33 10HmaY-0005vi-00 SA -1999-03-02 09:44:33 10HmaY-0005vi-00 SG < 96:29:b8:21:7e:2e:40:8f:4c:c0:a3:e4:08:cc:d0:06:80:cd:\n 02:cc:06:3e:48:09:f8:58:83:b7:8e:f5:82:ca:da:c7:f9:9f:\n 02:9b:68:47:d1:69:72:08:e6:d1:7e:2b:1c:be:26:66:e1:04:\n 05:47:e4:5d:48:bd:2a:65:58:80:a3:5c:f1:85:1b:3f:fe:09:\n 7e:aa:e2:a8:a6:23:8e:69:76:41:56:8b:61:70:40:ff:ea:e2:\n 7f:1e:07:18:18:43:5f:fc:31:8f:ad:93:f4:d6:af:19:36:dc:\n f5:e9:ae:76:87:90:85:0d:8b:f5:76:70:b2:1c:48:ce:41:22:\n d4:35:e9:74:6b:65:06:04:c7:cf:86:16:81:6e:54:6f:3b:d3:\n df:7c:55:36:bd:04:5c:a3:1d:42:cc:23:1a:f5:b2:3d:30:22:\n 19:0e:a0:10:e5:8f:eb:a5:a0:29:9b:34:de:3c:86:5c:09:77:\n 26:f1:38:46:06:52:79:bf:7f:35:70:15:d0:06:1f:5a:54:16:\n d2:a3:df:38:a1:43:da:03:9e:f9:90:10:dc:35:04:ea:ca:dc:\n 94:f0:6a:60:3e:d2:c5:53:a2:0a:a6:62:bd:95:21:22:f2:24:\n b9:66:10:08:7b:16:88:75:8c:6c:e2:ed:92:c1:c8:ba:ac:6d:\n 76:61:fe:c3\n> +1999-03-02 09:44:33 10HmaY-0005vi-00 SG <96:29:b8:21:7e:2e:40:8f:4c:c0:a3:e4:08:cc:d0:06:80:cd:02:cc:06:3e:48:09:f8:58:83:b7:8e:f5:82:ca:da:c7:f9:9f:02:9b:68:47:d1:69:72:08:e6:d1:7e:2b:1c:be:26:66:e1:04:05:47:e4:5d:48:bd:2a:65:58:80:a3:5c:f1:85:1b:3f:fe:09:7e:aa:e2:a8:a6:23:8e:69:76:41:56:8b:61:70:40:ff:ea:e2:7f:1e:07:18:18:43:5f:fc:31:8f:ad:93:f4:d6:af:19:36:dc:f5:e9:ae:76:87:90:85:0d:8b:f5:76:70:b2:1c:48:ce:41:22:d4:35:e9:74:6b:65:06:04:c7:cf:86:16:81:6e:54:6f:3b:d3:df:7c:55:36:bd:04:5c:a3:1d:42:cc:23:1a:f5:b2:3d:30:22:19:0e:a0:10:e5:8f:eb:a5:a0:29:9b:34:de:3c:86:5c:09:77:26:f1:38:46:06:52:79:bf:7f:35:70:15:d0:06:1f:5a:54:16:d2:a3:df:38:a1:43:da:03:9e:f9:90:10:dc:35:04:ea:ca:dc:94:f0:6a:60:3e:d2:c5:53:a2:0a:a6:62:bd:95:21:22:f2:24:b9:66:10:08:7b:16:88:75:8c:6c:e2:ed:92:c1:c8:ba:ac:6d:76:61:fe:c3> 1999-03-02 09:44:33 10HmaY-0005vi-00 SAN 1999-03-02 09:44:33 10HmaY-0005vi-00 OCU 1999-03-02 09:44:33 10HmaY-0005vi-00 CRU