1 1.1 christos /* 2 1.1.1.2 christos * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1.1.2 christos * Licensed under the OpenSSL license (the "License"). You may not use 5 1.1.1.2 christos * this file except in compliance with the License. You can obtain a copy 6 1.1.1.2 christos * in the file LICENSE in the source distribution or at 7 1.1.1.2 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos /* CMS utility function */ 11 1.1 christos 12 1.1 christos #include <stdio.h> 13 1.1 christos #include <string.h> 14 1.1 christos #include "apps.h" 15 1.1.1.2 christos #include "progs.h" 16 1.1 christos 17 1.1 christos #ifndef OPENSSL_NO_CMS 18 1.1 christos 19 1.1 christos # include <openssl/crypto.h> 20 1.1 christos # include <openssl/pem.h> 21 1.1 christos # include <openssl/err.h> 22 1.1 christos # include <openssl/x509_vfy.h> 23 1.1 christos # include <openssl/x509v3.h> 24 1.1 christos # include <openssl/cms.h> 25 1.1 christos 26 1.1 christos static int save_certs(char *signerfile, STACK_OF(X509) *signers); 27 1.1 christos static int cms_cb(int ok, X509_STORE_CTX *ctx); 28 1.1.1.2 christos static void receipt_request_print(CMS_ContentInfo *cms); 29 1.1 christos static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) 30 1.1 christos *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING) 31 1.1 christos *rr_from); 32 1.1 christos static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, 33 1.1 christos STACK_OF(OPENSSL_STRING) *param); 34 1.1 christos 35 1.1 christos # define SMIME_OP 0x10 36 1.1 christos # define SMIME_IP 0x20 37 1.1 christos # define SMIME_SIGNERS 0x40 38 1.1 christos # define SMIME_ENCRYPT (1 | SMIME_OP) 39 1.1 christos # define SMIME_DECRYPT (2 | SMIME_IP) 40 1.1 christos # define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) 41 1.1 christos # define SMIME_VERIFY (4 | SMIME_IP) 42 1.1 christos # define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP) 43 1.1 christos # define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) 44 1.1 christos # define SMIME_DATAOUT (7 | SMIME_IP) 45 1.1 christos # define SMIME_DATA_CREATE (8 | SMIME_OP) 46 1.1 christos # define SMIME_DIGEST_VERIFY (9 | SMIME_IP) 47 1.1 christos # define SMIME_DIGEST_CREATE (10 | SMIME_OP) 48 1.1 christos # define SMIME_UNCOMPRESS (11 | SMIME_IP) 49 1.1 christos # define SMIME_COMPRESS (12 | SMIME_OP) 50 1.1 christos # define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) 51 1.1 christos # define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) 52 1.1 christos # define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) 53 1.1 christos # define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) 54 1.1 christos 55 1.1.1.2 christos static int verify_err = 0; 56 1.1 christos 57 1.1 christos typedef struct cms_key_param_st cms_key_param; 58 1.1 christos 59 1.1 christos struct cms_key_param_st { 60 1.1 christos int idx; 61 1.1 christos STACK_OF(OPENSSL_STRING) *param; 62 1.1 christos cms_key_param *next; 63 1.1 christos }; 64 1.1 christos 65 1.1.1.2 christos typedef enum OPTION_choice { 66 1.1.1.2 christos OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, 67 1.1.1.2 christos OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT, 68 1.1.1.2 christos OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN, 69 1.1.1.2 christos OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT, 70 1.1.1.2 christos OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY, 71 1.1.1.2 christos OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS, 72 1.1.1.2 christos OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT, 73 1.1.1.2 christos OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS, 74 1.1.1.2 christos OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID, 75 1.1.1.2 christos OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF, 76 1.1.1.2 christos OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, 77 1.1.1.2 christos OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, 78 1.1.1.2 christos OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT, 79 1.1.1.2 christos OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, 80 1.1.1.2 christos OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, 81 1.1.1.2 christos OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM, 82 1.1.1.2 christos OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP, 83 1.1.1.2 christos OPT_3DES_WRAP, OPT_ENGINE, 84 1.1.1.2 christos OPT_R_ENUM, 85 1.1.1.2 christos OPT_V_ENUM, 86 1.1.1.2 christos OPT_CIPHER 87 1.1.1.2 christos } OPTION_CHOICE; 88 1.1.1.2 christos 89 1.1.1.2 christos const OPTIONS cms_options[] = { 90 1.1.1.2 christos {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"}, 91 1.1.1.2 christos {OPT_HELP_STR, 1, '-', 92 1.1.1.2 christos " cert.pem... recipient certs for encryption\n"}, 93 1.1.1.2 christos {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, 94 1.1.1.2 christos {"help", OPT_HELP, '-', "Display this summary"}, 95 1.1.1.2 christos {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"}, 96 1.1.1.2 christos {"outform", OPT_OUTFORM, 'c', 97 1.1.1.2 christos "Output format SMIME (default), PEM or DER"}, 98 1.1.1.2 christos {"in", OPT_IN, '<', "Input file"}, 99 1.1.1.2 christos {"out", OPT_OUT, '>', "Output file"}, 100 1.1.1.2 christos {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"}, 101 1.1.1.2 christos {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, 102 1.1.1.2 christos {"sign", OPT_SIGN, '-', "Sign message"}, 103 1.1.1.2 christos {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"}, 104 1.1.1.2 christos {"resign", OPT_RESIGN, '-', "Resign a signed message"}, 105 1.1.1.2 christos {"verify", OPT_VERIFY, '-', "Verify signed message"}, 106 1.1.1.2 christos {"verify_retcode", OPT_VERIFY_RETCODE, '-'}, 107 1.1.1.2 christos {"verify_receipt", OPT_VERIFY_RECEIPT, '<'}, 108 1.1.1.2 christos {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"}, 109 1.1.1.2 christos {"data_out", OPT_DATA_OUT, '-'}, 110 1.1.1.2 christos {"data_create", OPT_DATA_CREATE, '-'}, 111 1.1.1.2 christos {"digest_verify", OPT_DIGEST_VERIFY, '-'}, 112 1.1.1.2 christos {"digest_create", OPT_DIGEST_CREATE, '-'}, 113 1.1.1.2 christos {"compress", OPT_COMPRESS, '-'}, 114 1.1.1.2 christos {"uncompress", OPT_UNCOMPRESS, '-'}, 115 1.1.1.2 christos {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'}, 116 1.1.1.2 christos {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'}, 117 1.1.1.2 christos {"debug_decrypt", OPT_DEBUG_DECRYPT, '-'}, 118 1.1.1.2 christos {"text", OPT_TEXT, '-', "Include or delete text MIME headers"}, 119 1.1.1.2 christos {"asciicrlf", OPT_ASCIICRLF, '-'}, 120 1.1.1.2 christos {"nointern", OPT_NOINTERN, '-', 121 1.1.1.2 christos "Don't search certificates in message for signer"}, 122 1.1.1.2 christos {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"}, 123 1.1.1.2 christos {"nocerts", OPT_NOCERTS, '-', 124 1.1.1.2 christos "Don't include signers certificate when signing"}, 125 1.1.1.2 christos {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, 126 1.1.1.2 christos {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, 127 1.1.1.2 christos {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, 128 1.1.1.2 christos {"binary", OPT_BINARY, '-', "Don't translate message to text"}, 129 1.1.1.2 christos {"keyid", OPT_KEYID, '-', "Use subject key identifier"}, 130 1.1.1.2 christos {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, 131 1.1.1.2 christos {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'}, 132 1.1.1.2 christos {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'}, 133 1.1.1.2 christos {"stream", OPT_INDEF, '-', "Enable CMS streaming"}, 134 1.1.1.2 christos {"indef", OPT_INDEF, '-', "Same as -stream"}, 135 1.1.1.2 christos {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, 136 1.1.1.2 christos {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" }, 137 1.1.1.2 christos {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"}, 138 1.1.1.2 christos {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, 139 1.1.1.2 christos {"receipt_request_all", OPT_RR_ALL, '-'}, 140 1.1.1.2 christos {"receipt_request_first", OPT_RR_FIRST, '-'}, 141 1.1.1.2 christos {"rctform", OPT_RCTFORM, 'F', "Receipt file format"}, 142 1.1.1.2 christos {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, 143 1.1.1.2 christos {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, 144 1.1.1.2 christos {"CApath", OPT_CAPATH, '/', "trusted certificates directory"}, 145 1.1.1.2 christos {"no-CAfile", OPT_NOCAFILE, '-', 146 1.1.1.2 christos "Do not load the default certificates file"}, 147 1.1.1.2 christos {"no-CApath", OPT_NOCAPATH, '-', 148 1.1.1.2 christos "Do not load certificates from the default certificates directory"}, 149 1.1.1.2 christos {"content", OPT_CONTENT, '<', 150 1.1.1.2 christos "Supply or override content for detached signature"}, 151 1.1.1.2 christos {"print", OPT_PRINT, '-', 152 1.1.1.2 christos "For the -cmsout operation print out all fields of the CMS structure"}, 153 1.1.1.2 christos {"secretkey", OPT_SECRETKEY, 's'}, 154 1.1.1.2 christos {"secretkeyid", OPT_SECRETKEYID, 's'}, 155 1.1.1.2 christos {"pwri_password", OPT_PWRI_PASSWORD, 's'}, 156 1.1.1.2 christos {"econtent_type", OPT_ECONTENT_TYPE, 's'}, 157 1.1.1.2 christos {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, 158 1.1.1.2 christos {"to", OPT_TO, 's', "To address"}, 159 1.1.1.2 christos {"from", OPT_FROM, 's', "From address"}, 160 1.1.1.2 christos {"subject", OPT_SUBJECT, 's', "Subject"}, 161 1.1.1.2 christos {"signer", OPT_SIGNER, 's', "Signer certificate file"}, 162 1.1.1.2 christos {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"}, 163 1.1.1.2 christos {"certsout", OPT_CERTSOUT, '>', "Certificate output file"}, 164 1.1.1.2 christos {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"}, 165 1.1.1.2 christos {"inkey", OPT_INKEY, 's', 166 1.1.1.2 christos "Input private key (if not signer or recipient)"}, 167 1.1.1.2 christos {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"}, 168 1.1.1.2 christos {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, 169 1.1.1.2 christos {"receipt_request_from", OPT_RR_FROM, 's'}, 170 1.1.1.2 christos {"receipt_request_to", OPT_RR_TO, 's'}, 171 1.1.1.2 christos {"", OPT_CIPHER, '-', "Any supported cipher"}, 172 1.1.1.2 christos OPT_R_OPTIONS, 173 1.1.1.2 christos OPT_V_OPTIONS, 174 1.1.1.2 christos {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, 175 1.1.1.2 christos {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, 176 1.1.1.2 christos {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"}, 177 1.1.1.2 christos # ifndef OPENSSL_NO_DES 178 1.1.1.2 christos {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"}, 179 1.1.1.2 christos # endif 180 1.1.1.2 christos # ifndef OPENSSL_NO_ENGINE 181 1.1.1.2 christos {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, 182 1.1.1.2 christos # endif 183 1.1.1.2 christos {NULL} 184 1.1.1.2 christos }; 185 1.1 christos 186 1.1.1.2 christos int cms_main(int argc, char **argv) 187 1.1 christos { 188 1.1.1.2 christos ASN1_OBJECT *econtent_type = NULL; 189 1.1.1.2 christos BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; 190 1.1.1.2 christos CMS_ContentInfo *cms = NULL, *rcms = NULL; 191 1.1.1.2 christos CMS_ReceiptRequest *rr = NULL; 192 1.1 christos ENGINE *e = NULL; 193 1.1.1.2 christos EVP_PKEY *key = NULL; 194 1.1.1.2 christos const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL; 195 1.1.1.2 christos const EVP_MD *sign_md = NULL; 196 1.1.1.2 christos STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; 197 1.1 christos STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; 198 1.1.1.2 christos STACK_OF(X509) *encerts = NULL, *other = NULL; 199 1.1.1.2 christos X509 *cert = NULL, *recip = NULL, *signer = NULL; 200 1.1.1.2 christos X509_STORE *store = NULL; 201 1.1.1.2 christos X509_VERIFY_PARAM *vpm = NULL; 202 1.1 christos char *certfile = NULL, *keyfile = NULL, *contfile = NULL; 203 1.1.1.2 christos const char *CAfile = NULL, *CApath = NULL; 204 1.1 christos char *certsoutfile = NULL; 205 1.1.1.2 christos int noCAfile = 0, noCApath = 0; 206 1.1.1.2 christos char *infile = NULL, *outfile = NULL, *rctfile = NULL; 207 1.1.1.2 christos char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL; 208 1.1.1.2 christos char *to = NULL, *from = NULL, *subject = NULL, *prog; 209 1.1.1.2 christos cms_key_param *key_first = NULL, *key_param = NULL; 210 1.1.1.2 christos int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0; 211 1.1 christos int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 212 1.1.1.2 christos int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1; 213 1.1.1.2 christos int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; 214 1.1 christos size_t secret_keylen = 0, secret_keyidlen = 0; 215 1.1.1.2 christos unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; 216 1.1.1.2 christos unsigned char *secret_key = NULL, *secret_keyid = NULL; 217 1.1.1.2 christos long ltmp; 218 1.1.1.2 christos const char *mime_eol = "\n"; 219 1.1.1.2 christos OPTION_CHOICE o; 220 1.1 christos 221 1.1.1.2 christos if ((vpm = X509_VERIFY_PARAM_new()) == NULL) 222 1.1.1.2 christos return 1; 223 1.1 christos 224 1.1.1.2 christos prog = opt_init(argc, argv, cms_options); 225 1.1.1.2 christos while ((o = opt_next()) != OPT_EOF) { 226 1.1.1.2 christos switch (o) { 227 1.1.1.2 christos case OPT_EOF: 228 1.1.1.2 christos case OPT_ERR: 229 1.1.1.2 christos opthelp: 230 1.1.1.2 christos BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 231 1.1.1.2 christos goto end; 232 1.1.1.2 christos case OPT_HELP: 233 1.1.1.2 christos opt_help(cms_options); 234 1.1.1.2 christos ret = 0; 235 1.1.1.2 christos goto end; 236 1.1.1.2 christos case OPT_INFORM: 237 1.1.1.2 christos if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat)) 238 1.1.1.2 christos goto opthelp; 239 1.1.1.2 christos break; 240 1.1.1.2 christos case OPT_OUTFORM: 241 1.1.1.2 christos if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat)) 242 1.1.1.2 christos goto opthelp; 243 1.1.1.2 christos break; 244 1.1.1.2 christos case OPT_OUT: 245 1.1.1.2 christos outfile = opt_arg(); 246 1.1.1.2 christos break; 247 1.1.1.2 christos case OPT_ENCRYPT: 248 1.1 christos operation = SMIME_ENCRYPT; 249 1.1.1.2 christos break; 250 1.1.1.2 christos case OPT_DECRYPT: 251 1.1 christos operation = SMIME_DECRYPT; 252 1.1.1.2 christos break; 253 1.1.1.2 christos case OPT_SIGN: 254 1.1 christos operation = SMIME_SIGN; 255 1.1.1.2 christos break; 256 1.1.1.2 christos case OPT_SIGN_RECEIPT: 257 1.1 christos operation = SMIME_SIGN_RECEIPT; 258 1.1.1.2 christos break; 259 1.1.1.2 christos case OPT_RESIGN: 260 1.1 christos operation = SMIME_RESIGN; 261 1.1.1.2 christos break; 262 1.1.1.2 christos case OPT_VERIFY: 263 1.1 christos operation = SMIME_VERIFY; 264 1.1.1.2 christos break; 265 1.1.1.2 christos case OPT_VERIFY_RETCODE: 266 1.1 christos verify_retcode = 1; 267 1.1.1.2 christos break; 268 1.1.1.2 christos case OPT_VERIFY_RECEIPT: 269 1.1 christos operation = SMIME_VERIFY_RECEIPT; 270 1.1.1.2 christos rctfile = opt_arg(); 271 1.1.1.2 christos break; 272 1.1.1.2 christos case OPT_CMSOUT: 273 1.1 christos operation = SMIME_CMSOUT; 274 1.1.1.2 christos break; 275 1.1.1.2 christos case OPT_DATA_OUT: 276 1.1 christos operation = SMIME_DATAOUT; 277 1.1.1.2 christos break; 278 1.1.1.2 christos case OPT_DATA_CREATE: 279 1.1 christos operation = SMIME_DATA_CREATE; 280 1.1.1.2 christos break; 281 1.1.1.2 christos case OPT_DIGEST_VERIFY: 282 1.1 christos operation = SMIME_DIGEST_VERIFY; 283 1.1.1.2 christos break; 284 1.1.1.2 christos case OPT_DIGEST_CREATE: 285 1.1 christos operation = SMIME_DIGEST_CREATE; 286 1.1.1.2 christos break; 287 1.1.1.2 christos case OPT_COMPRESS: 288 1.1 christos operation = SMIME_COMPRESS; 289 1.1.1.2 christos break; 290 1.1.1.2 christos case OPT_UNCOMPRESS: 291 1.1 christos operation = SMIME_UNCOMPRESS; 292 1.1.1.2 christos break; 293 1.1.1.2 christos case OPT_ED_DECRYPT: 294 1.1 christos operation = SMIME_ENCRYPTED_DECRYPT; 295 1.1.1.2 christos break; 296 1.1.1.2 christos case OPT_ED_ENCRYPT: 297 1.1 christos operation = SMIME_ENCRYPTED_ENCRYPT; 298 1.1.1.2 christos break; 299 1.1.1.2 christos case OPT_DEBUG_DECRYPT: 300 1.1 christos flags |= CMS_DEBUG_DECRYPT; 301 1.1.1.2 christos break; 302 1.1.1.2 christos case OPT_TEXT: 303 1.1 christos flags |= CMS_TEXT; 304 1.1.1.2 christos break; 305 1.1.1.2 christos case OPT_ASCIICRLF: 306 1.1.1.2 christos flags |= CMS_ASCIICRLF; 307 1.1.1.2 christos break; 308 1.1.1.2 christos case OPT_NOINTERN: 309 1.1 christos flags |= CMS_NOINTERN; 310 1.1.1.2 christos break; 311 1.1.1.2 christos case OPT_NOVERIFY: 312 1.1 christos flags |= CMS_NO_SIGNER_CERT_VERIFY; 313 1.1.1.2 christos break; 314 1.1.1.2 christos case OPT_NOCERTS: 315 1.1 christos flags |= CMS_NOCERTS; 316 1.1.1.2 christos break; 317 1.1.1.2 christos case OPT_NOATTR: 318 1.1 christos flags |= CMS_NOATTR; 319 1.1.1.2 christos break; 320 1.1.1.2 christos case OPT_NODETACH: 321 1.1 christos flags &= ~CMS_DETACHED; 322 1.1.1.2 christos break; 323 1.1.1.2 christos case OPT_NOSMIMECAP: 324 1.1 christos flags |= CMS_NOSMIMECAP; 325 1.1.1.2 christos break; 326 1.1.1.2 christos case OPT_BINARY: 327 1.1 christos flags |= CMS_BINARY; 328 1.1.1.2 christos break; 329 1.1.1.2 christos case OPT_KEYID: 330 1.1 christos flags |= CMS_USE_KEYID; 331 1.1.1.2 christos break; 332 1.1.1.2 christos case OPT_NOSIGS: 333 1.1 christos flags |= CMS_NOSIGS; 334 1.1.1.2 christos break; 335 1.1.1.2 christos case OPT_NO_CONTENT_VERIFY: 336 1.1 christos flags |= CMS_NO_CONTENT_VERIFY; 337 1.1.1.2 christos break; 338 1.1.1.2 christos case OPT_NO_ATTR_VERIFY: 339 1.1 christos flags |= CMS_NO_ATTR_VERIFY; 340 1.1.1.2 christos break; 341 1.1.1.2 christos case OPT_INDEF: 342 1.1 christos flags |= CMS_STREAM; 343 1.1.1.2 christos break; 344 1.1.1.2 christos case OPT_NOINDEF: 345 1.1 christos flags &= ~CMS_STREAM; 346 1.1.1.2 christos break; 347 1.1.1.2 christos case OPT_CRLFEOL: 348 1.1.1.2 christos mime_eol = "\r\n"; 349 1.1 christos flags |= CMS_CRLFEOL; 350 1.1.1.2 christos break; 351 1.1.1.2 christos case OPT_NOOUT: 352 1.1 christos noout = 1; 353 1.1.1.2 christos break; 354 1.1.1.2 christos case OPT_RR_PRINT: 355 1.1 christos rr_print = 1; 356 1.1.1.2 christos break; 357 1.1.1.2 christos case OPT_RR_ALL: 358 1.1 christos rr_allorfirst = 0; 359 1.1.1.2 christos break; 360 1.1.1.2 christos case OPT_RR_FIRST: 361 1.1 christos rr_allorfirst = 1; 362 1.1.1.2 christos break; 363 1.1.1.2 christos case OPT_RCTFORM: 364 1.1.1.2 christos if (rctformat == FORMAT_SMIME) 365 1.1.1.2 christos rcms = SMIME_read_CMS(rctin, NULL); 366 1.1.1.2 christos else if (rctformat == FORMAT_PEM) 367 1.1.1.2 christos rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); 368 1.1.1.2 christos else if (rctformat == FORMAT_ASN1) 369 1.1.1.2 christos if (!opt_format(opt_arg(), 370 1.1.1.2 christos OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat)) 371 1.1.1.2 christos goto opthelp; 372 1.1.1.2 christos break; 373 1.1.1.2 christos case OPT_CERTFILE: 374 1.1.1.2 christos certfile = opt_arg(); 375 1.1.1.2 christos break; 376 1.1.1.2 christos case OPT_CAFILE: 377 1.1.1.2 christos CAfile = opt_arg(); 378 1.1.1.2 christos break; 379 1.1.1.2 christos case OPT_CAPATH: 380 1.1.1.2 christos CApath = opt_arg(); 381 1.1.1.2 christos break; 382 1.1.1.2 christos case OPT_NOCAFILE: 383 1.1.1.2 christos noCAfile = 1; 384 1.1.1.2 christos break; 385 1.1.1.2 christos case OPT_NOCAPATH: 386 1.1.1.2 christos noCApath = 1; 387 1.1.1.2 christos break; 388 1.1.1.2 christos case OPT_IN: 389 1.1.1.2 christos infile = opt_arg(); 390 1.1.1.2 christos break; 391 1.1.1.2 christos case OPT_CONTENT: 392 1.1.1.2 christos contfile = opt_arg(); 393 1.1.1.2 christos break; 394 1.1.1.2 christos case OPT_RR_FROM: 395 1.1.1.2 christos if (rr_from == NULL 396 1.1.1.2 christos && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) 397 1.1.1.2 christos goto end; 398 1.1.1.2 christos sk_OPENSSL_STRING_push(rr_from, opt_arg()); 399 1.1.1.2 christos break; 400 1.1.1.2 christos case OPT_RR_TO: 401 1.1.1.2 christos if (rr_to == NULL 402 1.1.1.2 christos && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) 403 1.1.1.2 christos goto end; 404 1.1.1.2 christos sk_OPENSSL_STRING_push(rr_to, opt_arg()); 405 1.1.1.2 christos break; 406 1.1.1.2 christos case OPT_PRINT: 407 1.1.1.2 christos noout = print = 1; 408 1.1.1.2 christos break; 409 1.1.1.2 christos case OPT_SECRETKEY: 410 1.1.1.2 christos if (secret_key != NULL) { 411 1.1.1.2 christos BIO_printf(bio_err, "Invalid key (supplied twice) %s\n", 412 1.1.1.2 christos opt_arg()); 413 1.1.1.2 christos goto opthelp; 414 1.1.1.2 christos } 415 1.1.1.2 christos secret_key = OPENSSL_hexstr2buf(opt_arg(), <mp); 416 1.1.1.2 christos if (secret_key == NULL) { 417 1.1.1.2 christos BIO_printf(bio_err, "Invalid key %s\n", opt_arg()); 418 1.1.1.2 christos goto end; 419 1.1 christos } 420 1.1 christos secret_keylen = (size_t)ltmp; 421 1.1.1.2 christos break; 422 1.1.1.2 christos case OPT_SECRETKEYID: 423 1.1.1.2 christos if (secret_keyid != NULL) { 424 1.1.1.2 christos BIO_printf(bio_err, "Invalid id (supplied twice) %s\n", 425 1.1.1.2 christos opt_arg()); 426 1.1.1.2 christos goto opthelp; 427 1.1.1.2 christos } 428 1.1.1.2 christos secret_keyid = OPENSSL_hexstr2buf(opt_arg(), <mp); 429 1.1.1.2 christos if (secret_keyid == NULL) { 430 1.1.1.2 christos BIO_printf(bio_err, "Invalid id %s\n", opt_arg()); 431 1.1.1.2 christos goto opthelp; 432 1.1 christos } 433 1.1 christos secret_keyidlen = (size_t)ltmp; 434 1.1.1.2 christos break; 435 1.1.1.2 christos case OPT_PWRI_PASSWORD: 436 1.1.1.2 christos pwri_pass = (unsigned char *)opt_arg(); 437 1.1.1.2 christos break; 438 1.1.1.2 christos case OPT_ECONTENT_TYPE: 439 1.1.1.2 christos if (econtent_type != NULL) { 440 1.1.1.2 christos BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n", 441 1.1.1.2 christos opt_arg()); 442 1.1.1.2 christos goto opthelp; 443 1.1.1.2 christos } 444 1.1.1.2 christos econtent_type = OBJ_txt2obj(opt_arg(), 0); 445 1.1.1.2 christos if (econtent_type == NULL) { 446 1.1.1.2 christos BIO_printf(bio_err, "Invalid OID %s\n", opt_arg()); 447 1.1.1.2 christos goto opthelp; 448 1.1.1.2 christos } 449 1.1.1.2 christos break; 450 1.1.1.2 christos case OPT_ENGINE: 451 1.1.1.2 christos e = setup_engine(opt_arg(), 0); 452 1.1.1.2 christos break; 453 1.1.1.2 christos case OPT_PASSIN: 454 1.1.1.2 christos passinarg = opt_arg(); 455 1.1.1.2 christos break; 456 1.1.1.2 christos case OPT_TO: 457 1.1.1.2 christos to = opt_arg(); 458 1.1.1.2 christos break; 459 1.1.1.2 christos case OPT_FROM: 460 1.1.1.2 christos from = opt_arg(); 461 1.1.1.2 christos break; 462 1.1.1.2 christos case OPT_SUBJECT: 463 1.1.1.2 christos subject = opt_arg(); 464 1.1.1.2 christos break; 465 1.1.1.2 christos case OPT_CERTSOUT: 466 1.1.1.2 christos certsoutfile = opt_arg(); 467 1.1.1.2 christos break; 468 1.1.1.2 christos case OPT_MD: 469 1.1.1.2 christos if (!opt_md(opt_arg(), &sign_md)) 470 1.1.1.2 christos goto end; 471 1.1.1.2 christos break; 472 1.1.1.2 christos case OPT_SIGNER: 473 1.1 christos /* If previous -signer argument add signer to list */ 474 1.1.1.2 christos if (signerfile != NULL) { 475 1.1.1.2 christos if (sksigners == NULL 476 1.1.1.2 christos && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) 477 1.1.1.2 christos goto end; 478 1.1 christos sk_OPENSSL_STRING_push(sksigners, signerfile); 479 1.1.1.2 christos if (keyfile == NULL) 480 1.1 christos keyfile = signerfile; 481 1.1.1.2 christos if (skkeys == NULL 482 1.1.1.2 christos && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) 483 1.1.1.2 christos goto end; 484 1.1 christos sk_OPENSSL_STRING_push(skkeys, keyfile); 485 1.1 christos keyfile = NULL; 486 1.1 christos } 487 1.1.1.2 christos signerfile = opt_arg(); 488 1.1.1.2 christos break; 489 1.1.1.2 christos case OPT_INKEY: 490 1.1.1.2 christos /* If previous -inkey argument add signer to list */ 491 1.1.1.2 christos if (keyfile != NULL) { 492 1.1.1.2 christos if (signerfile == NULL) { 493 1.1 christos BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 494 1.1.1.2 christos goto end; 495 1.1 christos } 496 1.1.1.2 christos if (sksigners == NULL 497 1.1.1.2 christos && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) 498 1.1.1.2 christos goto end; 499 1.1 christos sk_OPENSSL_STRING_push(sksigners, signerfile); 500 1.1 christos signerfile = NULL; 501 1.1.1.2 christos if (skkeys == NULL 502 1.1.1.2 christos && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) 503 1.1.1.2 christos goto end; 504 1.1 christos sk_OPENSSL_STRING_push(skkeys, keyfile); 505 1.1 christos } 506 1.1.1.2 christos keyfile = opt_arg(); 507 1.1.1.2 christos break; 508 1.1.1.2 christos case OPT_KEYFORM: 509 1.1.1.2 christos if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) 510 1.1.1.2 christos goto opthelp; 511 1.1.1.2 christos break; 512 1.1.1.2 christos case OPT_RECIP: 513 1.1.1.2 christos if (operation == SMIME_ENCRYPT) { 514 1.1.1.2 christos if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL) 515 1.1.1.2 christos goto end; 516 1.1.1.2 christos cert = load_cert(opt_arg(), FORMAT_PEM, 517 1.1.1.2 christos "recipient certificate file"); 518 1.1.1.2 christos if (cert == NULL) 519 1.1.1.2 christos goto end; 520 1.1.1.2 christos sk_X509_push(encerts, cert); 521 1.1.1.2 christos cert = NULL; 522 1.1.1.2 christos } else { 523 1.1.1.2 christos recipfile = opt_arg(); 524 1.1.1.2 christos } 525 1.1.1.2 christos break; 526 1.1.1.2 christos case OPT_CIPHER: 527 1.1.1.2 christos if (!opt_cipher(opt_unknown(), &cipher)) 528 1.1.1.2 christos goto end; 529 1.1.1.2 christos break; 530 1.1.1.2 christos case OPT_KEYOPT: 531 1.1.1.2 christos keyidx = -1; 532 1.1 christos if (operation == SMIME_ENCRYPT) { 533 1.1.1.2 christos if (encerts != NULL) 534 1.1 christos keyidx += sk_X509_num(encerts); 535 1.1 christos } else { 536 1.1.1.2 christos if (keyfile != NULL || signerfile != NULL) 537 1.1 christos keyidx++; 538 1.1.1.2 christos if (skkeys != NULL) 539 1.1 christos keyidx += sk_OPENSSL_STRING_num(skkeys); 540 1.1 christos } 541 1.1 christos if (keyidx < 0) { 542 1.1 christos BIO_printf(bio_err, "No key specified\n"); 543 1.1.1.2 christos goto opthelp; 544 1.1 christos } 545 1.1 christos if (key_param == NULL || key_param->idx != keyidx) { 546 1.1 christos cms_key_param *nparam; 547 1.1.1.2 christos nparam = app_malloc(sizeof(*nparam), "key param buffer"); 548 1.1.1.2 christos if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) { 549 1.1.1.2 christos OPENSSL_free(nparam); 550 1.1.1.2 christos goto end; 551 1.1 christos } 552 1.1 christos nparam->idx = keyidx; 553 1.1 christos nparam->next = NULL; 554 1.1 christos if (key_first == NULL) 555 1.1 christos key_first = nparam; 556 1.1 christos else 557 1.1 christos key_param->next = nparam; 558 1.1 christos key_param = nparam; 559 1.1 christos } 560 1.1.1.2 christos sk_OPENSSL_STRING_push(key_param->param, opt_arg()); 561 1.1.1.2 christos break; 562 1.1.1.2 christos case OPT_V_CASES: 563 1.1.1.2 christos if (!opt_verify(o, vpm)) 564 1.1.1.2 christos goto end; 565 1.1.1.2 christos vpmtouched++; 566 1.1.1.2 christos break; 567 1.1.1.2 christos case OPT_R_CASES: 568 1.1.1.2 christos if (!opt_rand(o)) 569 1.1.1.2 christos goto end; 570 1.1.1.2 christos break; 571 1.1.1.2 christos case OPT_3DES_WRAP: 572 1.1.1.2 christos # ifndef OPENSSL_NO_DES 573 1.1.1.2 christos wrap_cipher = EVP_des_ede3_wrap(); 574 1.1.1.2 christos # endif 575 1.1.1.2 christos break; 576 1.1.1.2 christos case OPT_AES128_WRAP: 577 1.1.1.2 christos wrap_cipher = EVP_aes_128_wrap(); 578 1.1.1.2 christos break; 579 1.1.1.2 christos case OPT_AES192_WRAP: 580 1.1.1.2 christos wrap_cipher = EVP_aes_192_wrap(); 581 1.1.1.2 christos break; 582 1.1.1.2 christos case OPT_AES256_WRAP: 583 1.1.1.2 christos wrap_cipher = EVP_aes_256_wrap(); 584 1.1.1.2 christos break; 585 1.1.1.2 christos } 586 1.1 christos } 587 1.1.1.2 christos argc = opt_num_rest(); 588 1.1.1.2 christos argv = opt_rest(); 589 1.1 christos 590 1.1.1.2 christos if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) { 591 1.1 christos BIO_puts(bio_err, "No Signed Receipts Recipients\n"); 592 1.1.1.2 christos goto opthelp; 593 1.1 christos } 594 1.1 christos 595 1.1.1.2 christos if (!(operation & SMIME_SIGNERS) && (rr_to != NULL || rr_from != NULL)) { 596 1.1 christos BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); 597 1.1.1.2 christos goto opthelp; 598 1.1 christos } 599 1.1.1.2 christos if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) { 600 1.1 christos BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 601 1.1.1.2 christos goto opthelp; 602 1.1 christos } 603 1.1 christos 604 1.1 christos if (operation & SMIME_SIGNERS) { 605 1.1.1.2 christos if (keyfile != NULL && signerfile == NULL) { 606 1.1 christos BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 607 1.1.1.2 christos goto opthelp; 608 1.1 christos } 609 1.1 christos /* Check to see if any final signer needs to be appended */ 610 1.1.1.2 christos if (signerfile != NULL) { 611 1.1.1.2 christos if (sksigners == NULL 612 1.1.1.2 christos && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) 613 1.1.1.2 christos goto end; 614 1.1 christos sk_OPENSSL_STRING_push(sksigners, signerfile); 615 1.1.1.2 christos if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) 616 1.1.1.2 christos goto end; 617 1.1.1.2 christos if (keyfile == NULL) 618 1.1 christos keyfile = signerfile; 619 1.1 christos sk_OPENSSL_STRING_push(skkeys, keyfile); 620 1.1 christos } 621 1.1.1.2 christos if (sksigners == NULL) { 622 1.1 christos BIO_printf(bio_err, "No signer certificate specified\n"); 623 1.1.1.2 christos goto opthelp; 624 1.1 christos } 625 1.1 christos signerfile = NULL; 626 1.1 christos keyfile = NULL; 627 1.1.1.2 christos } else if (operation == SMIME_DECRYPT) { 628 1.1.1.2 christos if (recipfile == NULL && keyfile == NULL 629 1.1.1.2 christos && secret_key == NULL && pwri_pass == NULL) { 630 1.1 christos BIO_printf(bio_err, 631 1.1 christos "No recipient certificate or key specified\n"); 632 1.1.1.2 christos goto opthelp; 633 1.1 christos } 634 1.1 christos } else if (operation == SMIME_ENCRYPT) { 635 1.1.1.2 christos if (*argv == NULL && secret_key == NULL 636 1.1.1.2 christos && pwri_pass == NULL && encerts == NULL) { 637 1.1 christos BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 638 1.1.1.2 christos goto opthelp; 639 1.1 christos } 640 1.1.1.2 christos } else if (!operation) { 641 1.1.1.2 christos BIO_printf(bio_err, "No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.\n"); 642 1.1.1.2 christos goto opthelp; 643 1.1 christos } 644 1.1 christos 645 1.1.1.2 christos if (!app_passwd(passinarg, NULL, &passin, NULL)) { 646 1.1 christos BIO_printf(bio_err, "Error getting password\n"); 647 1.1 christos goto end; 648 1.1 christos } 649 1.1 christos 650 1.1 christos ret = 2; 651 1.1 christos 652 1.1 christos if (!(operation & SMIME_SIGNERS)) 653 1.1 christos flags &= ~CMS_DETACHED; 654 1.1 christos 655 1.1.1.2 christos if (!(operation & SMIME_OP)) 656 1.1 christos if (flags & CMS_BINARY) 657 1.1.1.2 christos outformat = FORMAT_BINARY; 658 1.1 christos 659 1.1.1.2 christos if (!(operation & SMIME_IP)) 660 1.1 christos if (flags & CMS_BINARY) 661 1.1.1.2 christos informat = FORMAT_BINARY; 662 1.1 christos 663 1.1 christos if (operation == SMIME_ENCRYPT) { 664 1.1 christos if (!cipher) { 665 1.1 christos # ifndef OPENSSL_NO_DES 666 1.1 christos cipher = EVP_des_ede3_cbc(); 667 1.1 christos # else 668 1.1 christos BIO_printf(bio_err, "No cipher selected\n"); 669 1.1 christos goto end; 670 1.1 christos # endif 671 1.1 christos } 672 1.1 christos 673 1.1 christos if (secret_key && !secret_keyid) { 674 1.1 christos BIO_printf(bio_err, "No secret key id\n"); 675 1.1 christos goto end; 676 1.1 christos } 677 1.1 christos 678 1.1.1.2 christos if (*argv && encerts == NULL) 679 1.1.1.2 christos if ((encerts = sk_X509_new_null()) == NULL) 680 1.1.1.2 christos goto end; 681 1.1.1.2 christos while (*argv) { 682 1.1.1.2 christos if ((cert = load_cert(*argv, FORMAT_PEM, 683 1.1.1.2 christos "recipient certificate file")) == NULL) 684 1.1 christos goto end; 685 1.1 christos sk_X509_push(encerts, cert); 686 1.1 christos cert = NULL; 687 1.1.1.2 christos argv++; 688 1.1 christos } 689 1.1 christos } 690 1.1 christos 691 1.1.1.2 christos if (certfile != NULL) { 692 1.1.1.2 christos if (!load_certs(certfile, &other, FORMAT_PEM, NULL, 693 1.1.1.2 christos "certificate file")) { 694 1.1 christos ERR_print_errors(bio_err); 695 1.1 christos goto end; 696 1.1 christos } 697 1.1 christos } 698 1.1 christos 699 1.1.1.2 christos if (recipfile != NULL && (operation == SMIME_DECRYPT)) { 700 1.1.1.2 christos if ((recip = load_cert(recipfile, FORMAT_PEM, 701 1.1.1.2 christos "recipient certificate file")) == NULL) { 702 1.1 christos ERR_print_errors(bio_err); 703 1.1 christos goto end; 704 1.1 christos } 705 1.1 christos } 706 1.1 christos 707 1.1 christos if (operation == SMIME_SIGN_RECEIPT) { 708 1.1.1.2 christos if ((signer = load_cert(signerfile, FORMAT_PEM, 709 1.1.1.2 christos "receipt signer certificate file")) == NULL) { 710 1.1 christos ERR_print_errors(bio_err); 711 1.1 christos goto end; 712 1.1 christos } 713 1.1 christos } 714 1.1 christos 715 1.1 christos if (operation == SMIME_DECRYPT) { 716 1.1.1.2 christos if (keyfile == NULL) 717 1.1 christos keyfile = recipfile; 718 1.1 christos } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) { 719 1.1.1.2 christos if (keyfile == NULL) 720 1.1 christos keyfile = signerfile; 721 1.1.1.2 christos } else { 722 1.1 christos keyfile = NULL; 723 1.1.1.2 christos } 724 1.1 christos 725 1.1.1.2 christos if (keyfile != NULL) { 726 1.1.1.2 christos key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); 727 1.1.1.2 christos if (key == NULL) 728 1.1 christos goto end; 729 1.1 christos } 730 1.1 christos 731 1.1.1.2 christos in = bio_open_default(infile, 'r', informat); 732 1.1.1.2 christos if (in == NULL) 733 1.1.1.2 christos goto end; 734 1.1 christos 735 1.1 christos if (operation & SMIME_IP) { 736 1.1.1.2 christos if (informat == FORMAT_SMIME) { 737 1.1 christos cms = SMIME_read_CMS(in, &indata); 738 1.1.1.2 christos } else if (informat == FORMAT_PEM) { 739 1.1 christos cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); 740 1.1.1.2 christos } else if (informat == FORMAT_ASN1) { 741 1.1 christos cms = d2i_CMS_bio(in, NULL); 742 1.1.1.2 christos } else { 743 1.1 christos BIO_printf(bio_err, "Bad input format for CMS file\n"); 744 1.1 christos goto end; 745 1.1 christos } 746 1.1 christos 747 1.1.1.2 christos if (cms == NULL) { 748 1.1 christos BIO_printf(bio_err, "Error reading S/MIME message\n"); 749 1.1 christos goto end; 750 1.1 christos } 751 1.1.1.2 christos if (contfile != NULL) { 752 1.1 christos BIO_free(indata); 753 1.1.1.2 christos if ((indata = BIO_new_file(contfile, "rb")) == NULL) { 754 1.1 christos BIO_printf(bio_err, "Can't read content file %s\n", contfile); 755 1.1 christos goto end; 756 1.1 christos } 757 1.1 christos } 758 1.1.1.2 christos if (certsoutfile != NULL) { 759 1.1 christos STACK_OF(X509) *allcerts; 760 1.1 christos allcerts = CMS_get1_certs(cms); 761 1.1 christos if (!save_certs(certsoutfile, allcerts)) { 762 1.1 christos BIO_printf(bio_err, 763 1.1 christos "Error writing certs to %s\n", certsoutfile); 764 1.1 christos ret = 5; 765 1.1 christos goto end; 766 1.1 christos } 767 1.1 christos sk_X509_pop_free(allcerts, X509_free); 768 1.1 christos } 769 1.1 christos } 770 1.1 christos 771 1.1.1.2 christos if (rctfile != NULL) { 772 1.1 christos char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; 773 1.1.1.2 christos if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) { 774 1.1 christos BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile); 775 1.1 christos goto end; 776 1.1 christos } 777 1.1 christos 778 1.1.1.2 christos if (rctformat == FORMAT_SMIME) { 779 1.1 christos rcms = SMIME_read_CMS(rctin, NULL); 780 1.1.1.2 christos } else if (rctformat == FORMAT_PEM) { 781 1.1 christos rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); 782 1.1.1.2 christos } else if (rctformat == FORMAT_ASN1) { 783 1.1 christos rcms = d2i_CMS_bio(rctin, NULL); 784 1.1.1.2 christos } else { 785 1.1 christos BIO_printf(bio_err, "Bad input format for receipt\n"); 786 1.1 christos goto end; 787 1.1 christos } 788 1.1 christos 789 1.1.1.2 christos if (rcms == NULL) { 790 1.1 christos BIO_printf(bio_err, "Error reading receipt\n"); 791 1.1 christos goto end; 792 1.1 christos } 793 1.1 christos } 794 1.1 christos 795 1.1.1.2 christos out = bio_open_default(outfile, 'w', outformat); 796 1.1.1.2 christos if (out == NULL) 797 1.1.1.2 christos goto end; 798 1.1 christos 799 1.1 christos if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) { 800 1.1.1.2 christos if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL) 801 1.1 christos goto end; 802 1.1 christos X509_STORE_set_verify_cb(store, cms_cb); 803 1.1.1.2 christos if (vpmtouched) 804 1.1 christos X509_STORE_set1_param(store, vpm); 805 1.1 christos } 806 1.1 christos 807 1.1 christos ret = 3; 808 1.1 christos 809 1.1 christos if (operation == SMIME_DATA_CREATE) { 810 1.1 christos cms = CMS_data_create(in, flags); 811 1.1 christos } else if (operation == SMIME_DIGEST_CREATE) { 812 1.1 christos cms = CMS_digest_create(in, sign_md, flags); 813 1.1 christos } else if (operation == SMIME_COMPRESS) { 814 1.1 christos cms = CMS_compress(in, -1, flags); 815 1.1 christos } else if (operation == SMIME_ENCRYPT) { 816 1.1 christos int i; 817 1.1 christos flags |= CMS_PARTIAL; 818 1.1 christos cms = CMS_encrypt(NULL, in, cipher, flags); 819 1.1.1.2 christos if (cms == NULL) 820 1.1 christos goto end; 821 1.1 christos for (i = 0; i < sk_X509_num(encerts); i++) { 822 1.1 christos CMS_RecipientInfo *ri; 823 1.1 christos cms_key_param *kparam; 824 1.1 christos int tflags = flags; 825 1.1 christos X509 *x = sk_X509_value(encerts, i); 826 1.1 christos for (kparam = key_first; kparam; kparam = kparam->next) { 827 1.1 christos if (kparam->idx == i) { 828 1.1 christos tflags |= CMS_KEY_PARAM; 829 1.1 christos break; 830 1.1 christos } 831 1.1 christos } 832 1.1 christos ri = CMS_add1_recipient_cert(cms, x, tflags); 833 1.1.1.2 christos if (ri == NULL) 834 1.1 christos goto end; 835 1.1.1.2 christos if (kparam != NULL) { 836 1.1 christos EVP_PKEY_CTX *pctx; 837 1.1 christos pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); 838 1.1 christos if (!cms_set_pkey_param(pctx, kparam->param)) 839 1.1 christos goto end; 840 1.1 christos } 841 1.1 christos if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE 842 1.1 christos && wrap_cipher) { 843 1.1 christos EVP_CIPHER_CTX *wctx; 844 1.1 christos wctx = CMS_RecipientInfo_kari_get0_ctx(ri); 845 1.1 christos EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL); 846 1.1 christos } 847 1.1 christos } 848 1.1 christos 849 1.1.1.2 christos if (secret_key != NULL) { 850 1.1 christos if (!CMS_add0_recipient_key(cms, NID_undef, 851 1.1 christos secret_key, secret_keylen, 852 1.1 christos secret_keyid, secret_keyidlen, 853 1.1 christos NULL, NULL, NULL)) 854 1.1 christos goto end; 855 1.1 christos /* NULL these because call absorbs them */ 856 1.1 christos secret_key = NULL; 857 1.1 christos secret_keyid = NULL; 858 1.1 christos } 859 1.1.1.2 christos if (pwri_pass != NULL) { 860 1.1.1.2 christos pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass); 861 1.1.1.2 christos if (pwri_tmp == NULL) 862 1.1.1.2 christos goto end; 863 1.1.1.2 christos if (CMS_add0_recipient_password(cms, 864 1.1.1.2 christos -1, NID_undef, NID_undef, 865 1.1.1.2 christos pwri_tmp, -1, NULL) == NULL) 866 1.1 christos goto end; 867 1.1 christos pwri_tmp = NULL; 868 1.1 christos } 869 1.1 christos if (!(flags & CMS_STREAM)) { 870 1.1 christos if (!CMS_final(cms, in, NULL, flags)) 871 1.1 christos goto end; 872 1.1 christos } 873 1.1 christos } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { 874 1.1 christos cms = CMS_EncryptedData_encrypt(in, cipher, 875 1.1 christos secret_key, secret_keylen, flags); 876 1.1 christos 877 1.1 christos } else if (operation == SMIME_SIGN_RECEIPT) { 878 1.1 christos CMS_ContentInfo *srcms = NULL; 879 1.1 christos STACK_OF(CMS_SignerInfo) *sis; 880 1.1 christos CMS_SignerInfo *si; 881 1.1 christos sis = CMS_get0_SignerInfos(cms); 882 1.1.1.2 christos if (sis == NULL) 883 1.1 christos goto end; 884 1.1 christos si = sk_CMS_SignerInfo_value(sis, 0); 885 1.1 christos srcms = CMS_sign_receipt(si, signer, key, other, flags); 886 1.1.1.2 christos if (srcms == NULL) 887 1.1 christos goto end; 888 1.1 christos CMS_ContentInfo_free(cms); 889 1.1 christos cms = srcms; 890 1.1 christos } else if (operation & SMIME_SIGNERS) { 891 1.1 christos int i; 892 1.1 christos /* 893 1.1 christos * If detached data content we enable streaming if S/MIME output 894 1.1 christos * format. 895 1.1 christos */ 896 1.1 christos if (operation == SMIME_SIGN) { 897 1.1 christos 898 1.1 christos if (flags & CMS_DETACHED) { 899 1.1 christos if (outformat == FORMAT_SMIME) 900 1.1 christos flags |= CMS_STREAM; 901 1.1 christos } 902 1.1 christos flags |= CMS_PARTIAL; 903 1.1 christos cms = CMS_sign(NULL, NULL, other, in, flags); 904 1.1.1.2 christos if (cms == NULL) 905 1.1 christos goto end; 906 1.1.1.2 christos if (econtent_type != NULL) 907 1.1 christos CMS_set1_eContentType(cms, econtent_type); 908 1.1 christos 909 1.1.1.2 christos if (rr_to != NULL) { 910 1.1 christos rr = make_receipt_request(rr_to, rr_allorfirst, rr_from); 911 1.1.1.2 christos if (rr == NULL) { 912 1.1 christos BIO_puts(bio_err, 913 1.1 christos "Signed Receipt Request Creation Error\n"); 914 1.1 christos goto end; 915 1.1 christos } 916 1.1 christos } 917 1.1.1.2 christos } else { 918 1.1 christos flags |= CMS_REUSE_DIGEST; 919 1.1.1.2 christos } 920 1.1 christos for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { 921 1.1 christos CMS_SignerInfo *si; 922 1.1 christos cms_key_param *kparam; 923 1.1 christos int tflags = flags; 924 1.1 christos signerfile = sk_OPENSSL_STRING_value(sksigners, i); 925 1.1 christos keyfile = sk_OPENSSL_STRING_value(skkeys, i); 926 1.1 christos 927 1.1.1.2 christos signer = load_cert(signerfile, FORMAT_PEM, "signer certificate"); 928 1.1.1.2 christos if (signer == NULL) { 929 1.1.1.2 christos ret = 2; 930 1.1 christos goto end; 931 1.1.1.2 christos } 932 1.1.1.2 christos key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); 933 1.1.1.2 christos if (key == NULL) { 934 1.1.1.2 christos ret = 2; 935 1.1.1.2 christos goto end; 936 1.1.1.2 christos } 937 1.1 christos for (kparam = key_first; kparam; kparam = kparam->next) { 938 1.1 christos if (kparam->idx == i) { 939 1.1 christos tflags |= CMS_KEY_PARAM; 940 1.1 christos break; 941 1.1 christos } 942 1.1 christos } 943 1.1 christos si = CMS_add1_signer(cms, signer, key, sign_md, tflags); 944 1.1.1.2 christos if (si == NULL) 945 1.1 christos goto end; 946 1.1.1.2 christos if (kparam != NULL) { 947 1.1 christos EVP_PKEY_CTX *pctx; 948 1.1 christos pctx = CMS_SignerInfo_get0_pkey_ctx(si); 949 1.1 christos if (!cms_set_pkey_param(pctx, kparam->param)) 950 1.1 christos goto end; 951 1.1 christos } 952 1.1.1.2 christos if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr)) 953 1.1 christos goto end; 954 1.1 christos X509_free(signer); 955 1.1 christos signer = NULL; 956 1.1 christos EVP_PKEY_free(key); 957 1.1 christos key = NULL; 958 1.1 christos } 959 1.1 christos /* If not streaming or resigning finalize structure */ 960 1.1 christos if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) { 961 1.1 christos if (!CMS_final(cms, in, NULL, flags)) 962 1.1 christos goto end; 963 1.1 christos } 964 1.1 christos } 965 1.1 christos 966 1.1.1.2 christos if (cms == NULL) { 967 1.1 christos BIO_printf(bio_err, "Error creating CMS structure\n"); 968 1.1 christos goto end; 969 1.1 christos } 970 1.1 christos 971 1.1 christos ret = 4; 972 1.1 christos if (operation == SMIME_DECRYPT) { 973 1.1 christos if (flags & CMS_DEBUG_DECRYPT) 974 1.1 christos CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); 975 1.1 christos 976 1.1.1.2 christos if (secret_key != NULL) { 977 1.1 christos if (!CMS_decrypt_set1_key(cms, 978 1.1 christos secret_key, secret_keylen, 979 1.1 christos secret_keyid, secret_keyidlen)) { 980 1.1 christos BIO_puts(bio_err, "Error decrypting CMS using secret key\n"); 981 1.1 christos goto end; 982 1.1 christos } 983 1.1 christos } 984 1.1 christos 985 1.1.1.2 christos if (key != NULL) { 986 1.1 christos if (!CMS_decrypt_set1_pkey(cms, key, recip)) { 987 1.1 christos BIO_puts(bio_err, "Error decrypting CMS using private key\n"); 988 1.1 christos goto end; 989 1.1 christos } 990 1.1 christos } 991 1.1 christos 992 1.1.1.2 christos if (pwri_pass != NULL) { 993 1.1 christos if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { 994 1.1 christos BIO_puts(bio_err, "Error decrypting CMS using password\n"); 995 1.1 christos goto end; 996 1.1 christos } 997 1.1 christos } 998 1.1 christos 999 1.1 christos if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) { 1000 1.1 christos BIO_printf(bio_err, "Error decrypting CMS structure\n"); 1001 1.1 christos goto end; 1002 1.1 christos } 1003 1.1 christos } else if (operation == SMIME_DATAOUT) { 1004 1.1 christos if (!CMS_data(cms, out, flags)) 1005 1.1 christos goto end; 1006 1.1 christos } else if (operation == SMIME_UNCOMPRESS) { 1007 1.1 christos if (!CMS_uncompress(cms, indata, out, flags)) 1008 1.1 christos goto end; 1009 1.1 christos } else if (operation == SMIME_DIGEST_VERIFY) { 1010 1.1.1.2 christos if (CMS_digest_verify(cms, indata, out, flags) > 0) { 1011 1.1 christos BIO_printf(bio_err, "Verification successful\n"); 1012 1.1.1.2 christos } else { 1013 1.1 christos BIO_printf(bio_err, "Verification failure\n"); 1014 1.1 christos goto end; 1015 1.1 christos } 1016 1.1 christos } else if (operation == SMIME_ENCRYPTED_DECRYPT) { 1017 1.1 christos if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, 1018 1.1 christos indata, out, flags)) 1019 1.1 christos goto end; 1020 1.1 christos } else if (operation == SMIME_VERIFY) { 1021 1.1.1.2 christos if (CMS_verify(cms, other, store, indata, out, flags) > 0) { 1022 1.1 christos BIO_printf(bio_err, "Verification successful\n"); 1023 1.1.1.2 christos } else { 1024 1.1 christos BIO_printf(bio_err, "Verification failure\n"); 1025 1.1 christos if (verify_retcode) 1026 1.1 christos ret = verify_err + 32; 1027 1.1 christos goto end; 1028 1.1 christos } 1029 1.1.1.2 christos if (signerfile != NULL) { 1030 1.1 christos STACK_OF(X509) *signers; 1031 1.1 christos signers = CMS_get0_signers(cms); 1032 1.1 christos if (!save_certs(signerfile, signers)) { 1033 1.1 christos BIO_printf(bio_err, 1034 1.1 christos "Error writing signers to %s\n", signerfile); 1035 1.1 christos ret = 5; 1036 1.1 christos goto end; 1037 1.1 christos } 1038 1.1 christos sk_X509_free(signers); 1039 1.1 christos } 1040 1.1 christos if (rr_print) 1041 1.1.1.2 christos receipt_request_print(cms); 1042 1.1 christos 1043 1.1 christos } else if (operation == SMIME_VERIFY_RECEIPT) { 1044 1.1.1.2 christos if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) { 1045 1.1 christos BIO_printf(bio_err, "Verification successful\n"); 1046 1.1.1.2 christos } else { 1047 1.1 christos BIO_printf(bio_err, "Verification failure\n"); 1048 1.1 christos goto end; 1049 1.1 christos } 1050 1.1 christos } else { 1051 1.1 christos if (noout) { 1052 1.1 christos if (print) 1053 1.1 christos CMS_ContentInfo_print_ctx(out, cms, 0, NULL); 1054 1.1 christos } else if (outformat == FORMAT_SMIME) { 1055 1.1 christos if (to) 1056 1.1.1.2 christos BIO_printf(out, "To: %s%s", to, mime_eol); 1057 1.1 christos if (from) 1058 1.1.1.2 christos BIO_printf(out, "From: %s%s", from, mime_eol); 1059 1.1 christos if (subject) 1060 1.1.1.2 christos BIO_printf(out, "Subject: %s%s", subject, mime_eol); 1061 1.1 christos if (operation == SMIME_RESIGN) 1062 1.1 christos ret = SMIME_write_CMS(out, cms, indata, flags); 1063 1.1 christos else 1064 1.1 christos ret = SMIME_write_CMS(out, cms, in, flags); 1065 1.1.1.2 christos } else if (outformat == FORMAT_PEM) { 1066 1.1 christos ret = PEM_write_bio_CMS_stream(out, cms, in, flags); 1067 1.1.1.2 christos } else if (outformat == FORMAT_ASN1) { 1068 1.1 christos ret = i2d_CMS_bio_stream(out, cms, in, flags); 1069 1.1.1.2 christos } else { 1070 1.1 christos BIO_printf(bio_err, "Bad output format for CMS file\n"); 1071 1.1 christos goto end; 1072 1.1 christos } 1073 1.1 christos if (ret <= 0) { 1074 1.1 christos ret = 6; 1075 1.1 christos goto end; 1076 1.1 christos } 1077 1.1 christos } 1078 1.1 christos ret = 0; 1079 1.1 christos end: 1080 1.1 christos if (ret) 1081 1.1 christos ERR_print_errors(bio_err); 1082 1.1 christos sk_X509_pop_free(encerts, X509_free); 1083 1.1 christos sk_X509_pop_free(other, X509_free); 1084 1.1.1.2 christos X509_VERIFY_PARAM_free(vpm); 1085 1.1.1.2 christos sk_OPENSSL_STRING_free(sksigners); 1086 1.1.1.2 christos sk_OPENSSL_STRING_free(skkeys); 1087 1.1.1.2 christos OPENSSL_free(secret_key); 1088 1.1.1.2 christos OPENSSL_free(secret_keyid); 1089 1.1.1.2 christos OPENSSL_free(pwri_tmp); 1090 1.1.1.2 christos ASN1_OBJECT_free(econtent_type); 1091 1.1.1.2 christos CMS_ReceiptRequest_free(rr); 1092 1.1.1.2 christos sk_OPENSSL_STRING_free(rr_to); 1093 1.1.1.2 christos sk_OPENSSL_STRING_free(rr_from); 1094 1.1 christos for (key_param = key_first; key_param;) { 1095 1.1 christos cms_key_param *tparam; 1096 1.1 christos sk_OPENSSL_STRING_free(key_param->param); 1097 1.1 christos tparam = key_param->next; 1098 1.1 christos OPENSSL_free(key_param); 1099 1.1 christos key_param = tparam; 1100 1.1 christos } 1101 1.1 christos X509_STORE_free(store); 1102 1.1 christos X509_free(cert); 1103 1.1 christos X509_free(recip); 1104 1.1 christos X509_free(signer); 1105 1.1 christos EVP_PKEY_free(key); 1106 1.1 christos CMS_ContentInfo_free(cms); 1107 1.1 christos CMS_ContentInfo_free(rcms); 1108 1.1 christos release_engine(e); 1109 1.1 christos BIO_free(rctin); 1110 1.1 christos BIO_free(in); 1111 1.1 christos BIO_free(indata); 1112 1.1 christos BIO_free_all(out); 1113 1.1.1.2 christos OPENSSL_free(passin); 1114 1.1.1.2 christos return ret; 1115 1.1 christos } 1116 1.1 christos 1117 1.1 christos static int save_certs(char *signerfile, STACK_OF(X509) *signers) 1118 1.1 christos { 1119 1.1 christos int i; 1120 1.1 christos BIO *tmp; 1121 1.1.1.2 christos if (signerfile == NULL) 1122 1.1 christos return 1; 1123 1.1 christos tmp = BIO_new_file(signerfile, "w"); 1124 1.1.1.2 christos if (tmp == NULL) 1125 1.1 christos return 0; 1126 1.1 christos for (i = 0; i < sk_X509_num(signers); i++) 1127 1.1 christos PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); 1128 1.1 christos BIO_free(tmp); 1129 1.1 christos return 1; 1130 1.1 christos } 1131 1.1 christos 1132 1.1 christos /* Minimal callback just to output policy info (if any) */ 1133 1.1 christos 1134 1.1 christos static int cms_cb(int ok, X509_STORE_CTX *ctx) 1135 1.1 christos { 1136 1.1 christos int error; 1137 1.1 christos 1138 1.1 christos error = X509_STORE_CTX_get_error(ctx); 1139 1.1 christos 1140 1.1 christos verify_err = error; 1141 1.1 christos 1142 1.1 christos if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) 1143 1.1 christos && ((error != X509_V_OK) || (ok != 2))) 1144 1.1 christos return ok; 1145 1.1 christos 1146 1.1.1.2 christos policies_print(ctx); 1147 1.1 christos 1148 1.1 christos return ok; 1149 1.1 christos 1150 1.1 christos } 1151 1.1 christos 1152 1.1.1.2 christos static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns) 1153 1.1 christos { 1154 1.1 christos STACK_OF(GENERAL_NAME) *gens; 1155 1.1 christos GENERAL_NAME *gen; 1156 1.1 christos int i, j; 1157 1.1.1.2 christos 1158 1.1 christos for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) { 1159 1.1 christos gens = sk_GENERAL_NAMES_value(gns, i); 1160 1.1 christos for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { 1161 1.1 christos gen = sk_GENERAL_NAME_value(gens, j); 1162 1.1.1.2 christos BIO_puts(bio_err, " "); 1163 1.1.1.2 christos GENERAL_NAME_print(bio_err, gen); 1164 1.1.1.2 christos BIO_puts(bio_err, "\n"); 1165 1.1 christos } 1166 1.1 christos } 1167 1.1 christos return; 1168 1.1 christos } 1169 1.1 christos 1170 1.1.1.2 christos static void receipt_request_print(CMS_ContentInfo *cms) 1171 1.1 christos { 1172 1.1 christos STACK_OF(CMS_SignerInfo) *sis; 1173 1.1 christos CMS_SignerInfo *si; 1174 1.1 christos CMS_ReceiptRequest *rr; 1175 1.1 christos int allorfirst; 1176 1.1 christos STACK_OF(GENERAL_NAMES) *rto, *rlist; 1177 1.1 christos ASN1_STRING *scid; 1178 1.1 christos int i, rv; 1179 1.1 christos sis = CMS_get0_SignerInfos(cms); 1180 1.1 christos for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) { 1181 1.1 christos si = sk_CMS_SignerInfo_value(sis, i); 1182 1.1 christos rv = CMS_get1_ReceiptRequest(si, &rr); 1183 1.1 christos BIO_printf(bio_err, "Signer %d:\n", i + 1); 1184 1.1.1.2 christos if (rv == 0) { 1185 1.1 christos BIO_puts(bio_err, " No Receipt Request\n"); 1186 1.1.1.2 christos } else if (rv < 0) { 1187 1.1 christos BIO_puts(bio_err, " Receipt Request Parse Error\n"); 1188 1.1 christos ERR_print_errors(bio_err); 1189 1.1 christos } else { 1190 1.1.1.2 christos const char *id; 1191 1.1 christos int idlen; 1192 1.1 christos CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, 1193 1.1 christos &rlist, &rto); 1194 1.1.1.2 christos BIO_puts(bio_err, " Signed Content ID:\n"); 1195 1.1 christos idlen = ASN1_STRING_length(scid); 1196 1.1.1.2 christos id = (const char *)ASN1_STRING_get0_data(scid); 1197 1.1.1.2 christos BIO_dump_indent(bio_err, id, idlen, 4); 1198 1.1.1.2 christos BIO_puts(bio_err, " Receipts From"); 1199 1.1.1.2 christos if (rlist != NULL) { 1200 1.1.1.2 christos BIO_puts(bio_err, " List:\n"); 1201 1.1.1.2 christos gnames_stack_print(rlist); 1202 1.1.1.2 christos } else if (allorfirst == 1) { 1203 1.1.1.2 christos BIO_puts(bio_err, ": First Tier\n"); 1204 1.1.1.2 christos } else if (allorfirst == 0) { 1205 1.1.1.2 christos BIO_puts(bio_err, ": All\n"); 1206 1.1.1.2 christos } else { 1207 1.1.1.2 christos BIO_printf(bio_err, " Unknown (%d)\n", allorfirst); 1208 1.1.1.2 christos } 1209 1.1.1.2 christos BIO_puts(bio_err, " Receipts To:\n"); 1210 1.1.1.2 christos gnames_stack_print(rto); 1211 1.1 christos } 1212 1.1.1.2 christos CMS_ReceiptRequest_free(rr); 1213 1.1 christos } 1214 1.1 christos } 1215 1.1 christos 1216 1.1 christos static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) 1217 1.1 christos { 1218 1.1 christos int i; 1219 1.1 christos STACK_OF(GENERAL_NAMES) *ret; 1220 1.1 christos GENERAL_NAMES *gens = NULL; 1221 1.1 christos GENERAL_NAME *gen = NULL; 1222 1.1 christos ret = sk_GENERAL_NAMES_new_null(); 1223 1.1.1.2 christos if (ret == NULL) 1224 1.1 christos goto err; 1225 1.1 christos for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) { 1226 1.1 christos char *str = sk_OPENSSL_STRING_value(ns, i); 1227 1.1 christos gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); 1228 1.1.1.2 christos if (gen == NULL) 1229 1.1 christos goto err; 1230 1.1 christos gens = GENERAL_NAMES_new(); 1231 1.1.1.2 christos if (gens == NULL) 1232 1.1 christos goto err; 1233 1.1 christos if (!sk_GENERAL_NAME_push(gens, gen)) 1234 1.1 christos goto err; 1235 1.1 christos gen = NULL; 1236 1.1 christos if (!sk_GENERAL_NAMES_push(ret, gens)) 1237 1.1 christos goto err; 1238 1.1 christos gens = NULL; 1239 1.1 christos } 1240 1.1 christos 1241 1.1 christos return ret; 1242 1.1 christos 1243 1.1 christos err: 1244 1.1.1.2 christos sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); 1245 1.1.1.2 christos GENERAL_NAMES_free(gens); 1246 1.1.1.2 christos GENERAL_NAME_free(gen); 1247 1.1 christos return NULL; 1248 1.1 christos } 1249 1.1 christos 1250 1.1 christos static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) 1251 1.1 christos *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING) 1252 1.1 christos *rr_from) 1253 1.1 christos { 1254 1.1.1.2 christos STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL; 1255 1.1 christos CMS_ReceiptRequest *rr; 1256 1.1 christos rct_to = make_names_stack(rr_to); 1257 1.1.1.2 christos if (rct_to == NULL) 1258 1.1 christos goto err; 1259 1.1.1.2 christos if (rr_from != NULL) { 1260 1.1 christos rct_from = make_names_stack(rr_from); 1261 1.1.1.2 christos if (rct_from == NULL) 1262 1.1 christos goto err; 1263 1.1.1.2 christos } else { 1264 1.1 christos rct_from = NULL; 1265 1.1.1.2 christos } 1266 1.1 christos rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, 1267 1.1 christos rct_to); 1268 1.1 christos return rr; 1269 1.1 christos err: 1270 1.1.1.2 christos sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free); 1271 1.1 christos return NULL; 1272 1.1 christos } 1273 1.1 christos 1274 1.1 christos static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, 1275 1.1 christos STACK_OF(OPENSSL_STRING) *param) 1276 1.1 christos { 1277 1.1 christos char *keyopt; 1278 1.1 christos int i; 1279 1.1 christos if (sk_OPENSSL_STRING_num(param) <= 0) 1280 1.1 christos return 1; 1281 1.1 christos for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) { 1282 1.1 christos keyopt = sk_OPENSSL_STRING_value(param, i); 1283 1.1 christos if (pkey_ctrl_string(pctx, keyopt) <= 0) { 1284 1.1 christos BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt); 1285 1.1 christos ERR_print_errors(bio_err); 1286 1.1 christos return 0; 1287 1.1 christos } 1288 1.1 christos } 1289 1.1 christos return 1; 1290 1.1 christos } 1291 1.1 christos 1292 1.1 christos #endif 1293
Indexes created Wed Mar 04 05:31:52 UTC 2026