File: | src/usr.bin/openssl/cms.c |
Warning: | line 291, column 31 Access to field 'next' results in a dereference of a null pointer (loaded from field 'key_param') |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: cms.c,v 1.28 2022/01/08 06:05:39 inoguchi Exp $ */ | |||
2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |||
3 | * project. | |||
4 | */ | |||
5 | /* ==================================================================== | |||
6 | * Copyright (c) 2008 The OpenSSL Project. All rights reserved. | |||
7 | * | |||
8 | * Redistribution and use in source and binary forms, with or without | |||
9 | * modification, are permitted provided that the following conditions | |||
10 | * are met: | |||
11 | * | |||
12 | * 1. Redistributions of source code must retain the above copyright | |||
13 | * notice, this list of conditions and the following disclaimer. | |||
14 | * | |||
15 | * 2. Redistributions in binary form must reproduce the above copyright | |||
16 | * notice, this list of conditions and the following disclaimer in | |||
17 | * the documentation and/or other materials provided with the | |||
18 | * distribution. | |||
19 | * | |||
20 | * 3. All advertising materials mentioning features or use of this | |||
21 | * software must display the following acknowledgment: | |||
22 | * "This product includes software developed by the OpenSSL Project | |||
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |||
24 | * | |||
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |||
26 | * endorse or promote products derived from this software without | |||
27 | * prior written permission. For written permission, please contact | |||
28 | * licensing@OpenSSL.org. | |||
29 | * | |||
30 | * 5. Products derived from this software may not be called "OpenSSL" | |||
31 | * nor may "OpenSSL" appear in their names without prior written | |||
32 | * permission of the OpenSSL Project. | |||
33 | * | |||
34 | * 6. Redistributions of any form whatsoever must retain the following | |||
35 | * acknowledgment: | |||
36 | * "This product includes software developed by the OpenSSL Project | |||
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |||
38 | * | |||
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |||
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |||
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |||
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |||
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |||
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |||
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |||
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |||
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |||
51 | * ==================================================================== | |||
52 | */ | |||
53 | ||||
54 | /* CMS utility function */ | |||
55 | ||||
56 | #include <stdio.h> | |||
57 | #include <string.h> | |||
58 | ||||
59 | #include "apps.h" | |||
60 | ||||
61 | #ifndef OPENSSL_NO_CMS | |||
62 | ||||
63 | #include <openssl/crypto.h> | |||
64 | #include <openssl/err.h> | |||
65 | #include <openssl/pem.h> | |||
66 | #include <openssl/x509_vfy.h> | |||
67 | #include <openssl/x509v3.h> | |||
68 | ||||
69 | #include <openssl/cms.h> | |||
70 | ||||
71 | static int save_certs(char *signerfile, STACK_OF(X509)struct stack_st_X509 *signers); | |||
72 | static int cms_cb(int ok, X509_STORE_CTX *ctx); | |||
73 | static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); | |||
74 | static CMS_ReceiptRequest *make_receipt_request( | |||
75 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *rr_to, int rr_allorfirst, | |||
76 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *rr_from); | |||
77 | static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, | |||
78 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *param); | |||
79 | ||||
80 | #define SMIME_OP0x10 0x10 | |||
81 | #define SMIME_IP0x20 0x20 | |||
82 | #define SMIME_SIGNERS0x40 0x40 | |||
83 | #define SMIME_ENCRYPT(1 | 0x10) (1 | SMIME_OP0x10) | |||
84 | #define SMIME_DECRYPT(2 | 0x20) (2 | SMIME_IP0x20) | |||
85 | #define SMIME_SIGN(3 | 0x10 | 0x40) (3 | SMIME_OP0x10 | SMIME_SIGNERS0x40) | |||
86 | #define SMIME_VERIFY(4 | 0x20) (4 | SMIME_IP0x20) | |||
87 | #define SMIME_CMSOUT(5 | 0x20 | 0x10) (5 | SMIME_IP0x20 | SMIME_OP0x10) | |||
88 | #define SMIME_RESIGN(6 | 0x20 | 0x10 | 0x40) (6 | SMIME_IP0x20 | SMIME_OP0x10 | SMIME_SIGNERS0x40) | |||
89 | #define SMIME_DATAOUT(7 | 0x20) (7 | SMIME_IP0x20) | |||
90 | #define SMIME_DATA_CREATE(8 | 0x10) (8 | SMIME_OP0x10) | |||
91 | #define SMIME_DIGEST_VERIFY(9 | 0x20) (9 | SMIME_IP0x20) | |||
92 | #define SMIME_DIGEST_CREATE(10 | 0x10) (10 | SMIME_OP0x10) | |||
93 | #define SMIME_UNCOMPRESS(11 | 0x20) (11 | SMIME_IP0x20) | |||
94 | #define SMIME_COMPRESS(12 | 0x10) (12 | SMIME_OP0x10) | |||
95 | #define SMIME_ENCRYPTED_DECRYPT(13 | 0x20) (13 | SMIME_IP0x20) | |||
96 | #define SMIME_ENCRYPTED_ENCRYPT(14 | 0x10) (14 | SMIME_OP0x10) | |||
97 | #define SMIME_SIGN_RECEIPT(15 | 0x20 | 0x10) (15 | SMIME_IP0x20 | SMIME_OP0x10) | |||
98 | #define SMIME_VERIFY_RECEIPT(16 | 0x20) (16 | SMIME_IP0x20) | |||
99 | ||||
100 | int verify_err = 0; | |||
101 | ||||
102 | struct cms_key_param { | |||
103 | int idx; | |||
104 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *param; | |||
105 | struct cms_key_param *next; | |||
106 | }; | |||
107 | ||||
108 | static struct { | |||
109 | char *CAfile; | |||
110 | char *CApath; | |||
111 | X509 *cert; | |||
112 | char *certfile; | |||
113 | char *certsoutfile; | |||
114 | const EVP_CIPHER *cipher; | |||
115 | char *contfile; | |||
116 | ASN1_OBJECT *econtent_type; | |||
117 | STACK_OF(X509)struct stack_st_X509 *encerts; | |||
118 | int flags; | |||
119 | char *from; | |||
120 | char *infile; | |||
121 | int informat; | |||
122 | struct cms_key_param *key_first; | |||
123 | struct cms_key_param *key_param; | |||
124 | char *keyfile; | |||
125 | int keyform; | |||
126 | int noout; | |||
127 | int operation; | |||
128 | char *outfile; | |||
129 | int outformat; | |||
130 | char *passargin; | |||
131 | int print; | |||
132 | unsigned char *pwri_pass; | |||
133 | int rr_allorfirst; | |||
134 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *rr_from; | |||
135 | int rr_print; | |||
136 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *rr_to; | |||
137 | char *rctfile; | |||
138 | int rctformat; | |||
139 | char *recipfile; | |||
140 | unsigned char *secret_key; | |||
141 | unsigned char *secret_keyid; | |||
142 | size_t secret_keyidlen; | |||
143 | size_t secret_keylen; | |||
144 | const EVP_MD *sign_md; | |||
145 | char *signerfile; | |||
146 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *skkeys; | |||
147 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *sksigners; | |||
148 | char *subject; | |||
149 | char *to; | |||
150 | int verify_retcode; | |||
151 | X509_VERIFY_PARAM *vpm; | |||
152 | } cms_config; | |||
153 | ||||
154 | static const EVP_CIPHER * | |||
155 | get_cipher_by_name(char *name) | |||
156 | { | |||
157 | if (name == NULL((void*)0) || strcmp(name, "") == 0) | |||
158 | return (NULL((void*)0)); | |||
159 | #ifndef OPENSSL_NO_AES | |||
160 | else if (strcmp(name, "aes128") == 0) | |||
161 | return EVP_aes_128_cbc(); | |||
162 | else if (strcmp(name, "aes192") == 0) | |||
163 | return EVP_aes_192_cbc(); | |||
164 | else if (strcmp(name, "aes256") == 0) | |||
165 | return EVP_aes_256_cbc(); | |||
166 | #endif | |||
167 | #ifndef OPENSSL_NO_CAMELLIA | |||
168 | else if (strcmp(name, "camellia128") == 0) | |||
169 | return EVP_camellia_128_cbc(); | |||
170 | else if (strcmp(name, "camellia192") == 0) | |||
171 | return EVP_camellia_192_cbc(); | |||
172 | else if (strcmp(name, "camellia256") == 0) | |||
173 | return EVP_camellia_256_cbc(); | |||
174 | #endif | |||
175 | #ifndef OPENSSL_NO_DES | |||
176 | else if (strcmp(name, "des") == 0) | |||
177 | return EVP_des_cbc(); | |||
178 | else if (strcmp(name, "des3") == 0) | |||
179 | return EVP_des_ede3_cbc(); | |||
180 | #endif | |||
181 | #ifndef OPENSSL_NO_RC2 | |||
182 | else if (!strcmp(name, "rc2-40")) | |||
183 | return EVP_rc2_40_cbc(); | |||
184 | else if (!strcmp(name, "rc2-64")) | |||
185 | return EVP_rc2_64_cbc(); | |||
186 | else if (!strcmp(name, "rc2-128")) | |||
187 | return EVP_rc2_cbc(); | |||
188 | #endif | |||
189 | else | |||
190 | return (NULL((void*)0)); | |||
191 | } | |||
192 | ||||
193 | static int | |||
194 | cms_opt_cipher(int argc, char **argv, int *argsused) | |||
195 | { | |||
196 | char *name = argv[0]; | |||
197 | ||||
198 | if (*name++ != '-') | |||
199 | return (1); | |||
200 | ||||
201 | if ((cms_config.cipher = get_cipher_by_name(name)) == NULL((void*)0)) | |||
202 | if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL((void*)0)) | |||
203 | return (1); | |||
204 | ||||
205 | *argsused = 1; | |||
206 | return (0); | |||
207 | } | |||
208 | ||||
209 | static int | |||
210 | cms_opt_econtent_type(char *arg) | |||
211 | { | |||
212 | ASN1_OBJECT_free(cms_config.econtent_type); | |||
213 | ||||
214 | if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL((void*)0)) { | |||
215 | BIO_printf(bio_err, "Invalid OID %s\n", arg); | |||
216 | return (1); | |||
217 | } | |||
218 | return (0); | |||
219 | } | |||
220 | ||||
221 | static int | |||
222 | cms_opt_inkey(char *arg) | |||
223 | { | |||
224 | if (cms_config.keyfile == NULL((void*)0)) { | |||
225 | cms_config.keyfile = arg; | |||
226 | return (0); | |||
227 | } | |||
228 | ||||
229 | if (cms_config.signerfile == NULL((void*)0)) { | |||
230 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | |||
231 | return (1); | |||
232 | } | |||
233 | ||||
234 | if (cms_config.sksigners == NULL((void*)0)) | |||
235 | cms_config.sksigners = sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null()); | |||
236 | if (cms_config.sksigners == NULL((void*)0)) | |||
237 | return (1); | |||
238 | if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)sk_push(((_STACK*) (1 ? cms_config.sksigners : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? cms_config.signerfile : (char*)0)))) | |||
239 | return (1); | |||
240 | ||||
241 | cms_config.signerfile = NULL((void*)0); | |||
242 | ||||
243 | if (cms_config.skkeys == NULL((void*)0)) | |||
244 | cms_config.skkeys = sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null()); | |||
245 | if (cms_config.skkeys == NULL((void*)0)) | |||
246 | return (1); | |||
247 | if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)sk_push(((_STACK*) (1 ? cms_config.skkeys : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? cms_config.keyfile : (char*)0)))) | |||
248 | return (1); | |||
249 | ||||
250 | cms_config.keyfile = arg; | |||
251 | return (0); | |||
252 | } | |||
253 | ||||
254 | static int | |||
255 | cms_opt_keyopt(char *arg) | |||
256 | { | |||
257 | int keyidx = -1; | |||
258 | ||||
259 | if (cms_config.operation == SMIME_ENCRYPT(1 | 0x10)) { | |||
| ||||
260 | if (cms_config.encerts != NULL((void*)0)) | |||
261 | keyidx += sk_X509_num(cms_config.encerts)sk_num(((_STACK*) (1 ? (cms_config.encerts) : (struct stack_st_X509 *)0))); | |||
262 | } else { | |||
263 | if (cms_config.keyfile != NULL((void*)0) || cms_config.signerfile != NULL((void*)0)) | |||
264 | keyidx++; | |||
265 | if (cms_config.skkeys != NULL((void*)0)) | |||
266 | keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys)sk_num(((_STACK*) (1 ? cms_config.skkeys : (struct stack_st_OPENSSL_STRING *)0))); | |||
267 | } | |||
268 | ||||
269 | if (keyidx < 0) { | |||
270 | BIO_printf(bio_err, "No key specified\n"); | |||
271 | return (1); | |||
272 | } | |||
273 | ||||
274 | if (cms_config.key_param == NULL((void*)0) || | |||
275 | cms_config.key_param->idx != keyidx) { | |||
276 | struct cms_key_param *nparam; | |||
277 | ||||
278 | if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL((void*)0)) | |||
279 | return (1); | |||
280 | ||||
281 | nparam->idx = keyidx; | |||
282 | if ((nparam->param = sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null())) == NULL((void*)0)) { | |||
283 | free(nparam); | |||
284 | return (1); | |||
285 | } | |||
286 | ||||
287 | nparam->next = NULL((void*)0); | |||
288 | if (cms_config.key_first == NULL((void*)0)) | |||
289 | cms_config.key_first = nparam; | |||
290 | else | |||
291 | cms_config.key_param->next = nparam; | |||
| ||||
292 | ||||
293 | cms_config.key_param = nparam; | |||
294 | } | |||
295 | ||||
296 | if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg)sk_push(((_STACK*) (1 ? cms_config.key_param->param : (struct stack_st_OPENSSL_STRING*)0)), ((void*) (1 ? arg : (char*)0)) )) | |||
297 | return (1); | |||
298 | ||||
299 | return (0); | |||
300 | } | |||
301 | ||||
302 | static int | |||
303 | cms_opt_md(char *arg) | |||
304 | { | |||
305 | if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL((void*)0)) { | |||
306 | BIO_printf(bio_err, "Unknown digest %s\n", arg); | |||
307 | return (1); | |||
308 | } | |||
309 | return (0); | |||
310 | } | |||
311 | ||||
312 | static int | |||
313 | cms_opt_print(void) | |||
314 | { | |||
315 | cms_config.noout = 1; | |||
316 | cms_config.print = 1; | |||
317 | return (0); | |||
318 | } | |||
319 | ||||
320 | static int | |||
321 | cms_opt_pwri_pass(char *arg) | |||
322 | { | |||
323 | cms_config.pwri_pass = (unsigned char *)arg; | |||
324 | return (0); | |||
325 | } | |||
326 | ||||
327 | static int | |||
328 | cms_opt_recip(char *arg) | |||
329 | { | |||
330 | if (cms_config.operation == SMIME_ENCRYPT(1 | 0x10)) { | |||
331 | if (cms_config.encerts == NULL((void*)0)) { | |||
332 | if ((cms_config.encerts = sk_X509_new_null()((struct stack_st_X509 *)sk_new_null())) == NULL((void*)0)) | |||
333 | return (1); | |||
334 | } | |||
335 | ||||
336 | cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM3, | |||
337 | NULL((void*)0), "recipient certificate file"); | |||
338 | if (cms_config.cert == NULL((void*)0)) | |||
339 | return (1); | |||
340 | ||||
341 | if (!sk_X509_push(cms_config.encerts, cms_config.cert)sk_push(((_STACK*) (1 ? (cms_config.encerts) : (struct stack_st_X509 *)0)), ((void*) (1 ? (cms_config.cert) : (X509*)0)))) | |||
342 | return (1); | |||
343 | ||||
344 | cms_config.cert = NULL((void*)0); | |||
345 | } else { | |||
346 | cms_config.recipfile = arg; | |||
347 | } | |||
348 | return (0); | |||
349 | } | |||
350 | ||||
351 | static int | |||
352 | cms_opt_receipt_request_from(char *arg) | |||
353 | { | |||
354 | if (cms_config.rr_from == NULL((void*)0)) | |||
355 | cms_config.rr_from = sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null()); | |||
356 | if (cms_config.rr_from == NULL((void*)0)) | |||
357 | return (1); | |||
358 | if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg)sk_push(((_STACK*) (1 ? cms_config.rr_from : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? arg : (char*)0)))) | |||
359 | return (1); | |||
360 | ||||
361 | return (0); | |||
362 | } | |||
363 | ||||
364 | static int | |||
365 | cms_opt_receipt_request_to(char *arg) | |||
366 | { | |||
367 | if (cms_config.rr_to == NULL((void*)0)) | |||
368 | cms_config.rr_to = sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null()); | |||
369 | if (cms_config.rr_to == NULL((void*)0)) | |||
370 | return (1); | |||
371 | if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg)sk_push(((_STACK*) (1 ? cms_config.rr_to : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? arg : (char*)0)))) | |||
372 | return (1); | |||
373 | ||||
374 | return (0); | |||
375 | } | |||
376 | ||||
377 | static int | |||
378 | cms_opt_secretkey(char *arg) | |||
379 | { | |||
380 | long ltmp; | |||
381 | ||||
382 | free(cms_config.secret_key); | |||
383 | ||||
384 | if ((cms_config.secret_key = string_to_hex(arg, <mp)) == NULL((void*)0)) { | |||
385 | BIO_printf(bio_err, "Invalid key %s\n", arg); | |||
386 | return (1); | |||
387 | } | |||
388 | cms_config.secret_keylen = (size_t)ltmp; | |||
389 | return (0); | |||
390 | } | |||
391 | ||||
392 | static int | |||
393 | cms_opt_secretkeyid(char *arg) | |||
394 | { | |||
395 | long ltmp; | |||
396 | ||||
397 | free(cms_config.secret_keyid); | |||
398 | ||||
399 | if ((cms_config.secret_keyid = string_to_hex(arg, <mp)) == NULL((void*)0)) { | |||
400 | BIO_printf(bio_err, "Invalid id %s\n", arg); | |||
401 | return (1); | |||
402 | } | |||
403 | cms_config.secret_keyidlen = (size_t)ltmp; | |||
404 | return (0); | |||
405 | } | |||
406 | ||||
407 | static int | |||
408 | cms_opt_signer(char *arg) | |||
409 | { | |||
410 | if (cms_config.signerfile == NULL((void*)0)) { | |||
411 | cms_config.signerfile = arg; | |||
412 | return (0); | |||
413 | } | |||
414 | ||||
415 | if (cms_config.sksigners == NULL((void*)0)) | |||
416 | cms_config.sksigners = sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null()); | |||
417 | if (cms_config.sksigners == NULL((void*)0)) | |||
418 | return (1); | |||
419 | if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)sk_push(((_STACK*) (1 ? cms_config.sksigners : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? cms_config.signerfile : (char*)0)))) | |||
420 | return (1); | |||
421 | ||||
422 | if (cms_config.keyfile == NULL((void*)0)) | |||
423 | cms_config.keyfile = cms_config.signerfile; | |||
424 | ||||
425 | if (cms_config.skkeys == NULL((void*)0)) | |||
426 | cms_config.skkeys = sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null()); | |||
427 | if (cms_config.skkeys == NULL((void*)0)) | |||
428 | return (1); | |||
429 | if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)sk_push(((_STACK*) (1 ? cms_config.skkeys : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? cms_config.keyfile : (char*)0)))) | |||
430 | return (1); | |||
431 | ||||
432 | cms_config.keyfile = NULL((void*)0); | |||
433 | ||||
434 | cms_config.signerfile = arg; | |||
435 | return (0); | |||
436 | } | |||
437 | ||||
438 | static int | |||
439 | cms_opt_verify_param(int argc, char **argv, int *argsused) | |||
440 | { | |||
441 | int oargc = argc; | |||
442 | int badarg = 0; | |||
443 | ||||
444 | if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm)) | |||
445 | return (1); | |||
446 | if (badarg) | |||
447 | return (1); | |||
448 | ||||
449 | *argsused = oargc - argc; | |||
450 | ||||
451 | return (0); | |||
452 | } | |||
453 | ||||
454 | static int | |||
455 | cms_opt_verify_receipt(char *arg) | |||
456 | { | |||
457 | cms_config.operation = SMIME_VERIFY_RECEIPT(16 | 0x20); | |||
458 | cms_config.rctfile = arg; | |||
459 | return (0); | |||
460 | } | |||
461 | ||||
462 | static const struct option cms_options[] = { | |||
463 | #ifndef OPENSSL_NO_AES | |||
464 | { | |||
465 | .name = "aes128", | |||
466 | .desc = "Encrypt PEM output with CBC AES", | |||
467 | .type = OPTION_ARGV_FUNC, | |||
468 | .opt.argvfunc = cms_opt_cipher, | |||
469 | }, | |||
470 | { | |||
471 | .name = "aes192", | |||
472 | .desc = "Encrypt PEM output with CBC AES", | |||
473 | .type = OPTION_ARGV_FUNC, | |||
474 | .opt.argvfunc = cms_opt_cipher, | |||
475 | }, | |||
476 | { | |||
477 | .name = "aes256", | |||
478 | .desc = "Encrypt PEM output with CBC AES", | |||
479 | .type = OPTION_ARGV_FUNC, | |||
480 | .opt.argvfunc = cms_opt_cipher, | |||
481 | }, | |||
482 | #endif | |||
483 | #ifndef OPENSSL_NO_CAMELLIA | |||
484 | { | |||
485 | .name = "camellia128", | |||
486 | .desc = "Encrypt PEM output with CBC Camellia", | |||
487 | .type = OPTION_ARGV_FUNC, | |||
488 | .opt.argvfunc = cms_opt_cipher, | |||
489 | }, | |||
490 | { | |||
491 | .name = "camellia192", | |||
492 | .desc = "Encrypt PEM output with CBC Camellia", | |||
493 | .type = OPTION_ARGV_FUNC, | |||
494 | .opt.argvfunc = cms_opt_cipher, | |||
495 | }, | |||
496 | { | |||
497 | .name = "camellia256", | |||
498 | .desc = "Encrypt PEM output with CBC Camellia", | |||
499 | .type = OPTION_ARGV_FUNC, | |||
500 | .opt.argvfunc = cms_opt_cipher, | |||
501 | }, | |||
502 | #endif | |||
503 | #ifndef OPENSSL_NO_DES | |||
504 | { | |||
505 | .name = "des", | |||
506 | .desc = "Encrypt with DES", | |||
507 | .type = OPTION_ARGV_FUNC, | |||
508 | .opt.argvfunc = cms_opt_cipher, | |||
509 | }, | |||
510 | { | |||
511 | .name = "des3", | |||
512 | .desc = "Encrypt with triple DES (default)", | |||
513 | .type = OPTION_ARGV_FUNC, | |||
514 | .opt.argvfunc = cms_opt_cipher, | |||
515 | }, | |||
516 | #endif | |||
517 | #ifndef OPENSSL_NO_RC2 | |||
518 | { | |||
519 | .name = "rc2-40", | |||
520 | .desc = "Encrypt with RC2-40", | |||
521 | .type = OPTION_ARGV_FUNC, | |||
522 | .opt.argvfunc = cms_opt_cipher, | |||
523 | }, | |||
524 | { | |||
525 | .name = "rc2-64", | |||
526 | .desc = "Encrypt with RC2-64", | |||
527 | .type = OPTION_ARGV_FUNC, | |||
528 | .opt.argvfunc = cms_opt_cipher, | |||
529 | }, | |||
530 | { | |||
531 | .name = "rc2-128", | |||
532 | .desc = "Encrypt with RC2-128", | |||
533 | .type = OPTION_ARGV_FUNC, | |||
534 | .opt.argvfunc = cms_opt_cipher, | |||
535 | }, | |||
536 | #endif | |||
537 | { | |||
538 | .name = "CAfile", | |||
539 | .argname = "file", | |||
540 | .desc = "Certificate Authority file", | |||
541 | .type = OPTION_ARG, | |||
542 | .opt.arg = &cms_config.CAfile, | |||
543 | }, | |||
544 | { | |||
545 | .name = "CApath", | |||
546 | .argname = "path", | |||
547 | .desc = "Certificate Authority path", | |||
548 | .type = OPTION_ARG, | |||
549 | .opt.arg = &cms_config.CApath, | |||
550 | }, | |||
551 | { | |||
552 | .name = "binary", | |||
553 | .desc = "Do not translate message to text", | |||
554 | .type = OPTION_VALUE_OR, | |||
555 | .opt.value = &cms_config.flags, | |||
556 | .value = CMS_BINARY0x80, | |||
557 | }, | |||
558 | { | |||
559 | .name = "certfile", | |||
560 | .argname = "file", | |||
561 | .desc = "Other certificates file", | |||
562 | .type = OPTION_ARG, | |||
563 | .opt.arg = &cms_config.certfile, | |||
564 | }, | |||
565 | { | |||
566 | .name = "certsout", | |||
567 | .argname = "file", | |||
568 | .desc = "Certificate output file", | |||
569 | .type = OPTION_ARG, | |||
570 | .opt.arg = &cms_config.certsoutfile, | |||
571 | }, | |||
572 | { | |||
573 | .name = "cmsout", | |||
574 | .desc = "Output CMS structure", | |||
575 | .type = OPTION_VALUE, | |||
576 | .opt.value = &cms_config.operation, | |||
577 | .value = SMIME_CMSOUT(5 | 0x20 | 0x10), | |||
578 | }, | |||
579 | { | |||
580 | .name = "compress", | |||
581 | .desc = "Create CMS CompressedData type", | |||
582 | .type = OPTION_VALUE, | |||
583 | .opt.value = &cms_config.operation, | |||
584 | .value = SMIME_COMPRESS(12 | 0x10), | |||
585 | }, | |||
586 | { | |||
587 | .name = "content", | |||
588 | .argname = "file", | |||
589 | .desc = "Supply or override content for detached signature", | |||
590 | .type = OPTION_ARG, | |||
591 | .opt.arg = &cms_config.contfile, | |||
592 | }, | |||
593 | { | |||
594 | .name = "crlfeol", | |||
595 | .desc = "Use CRLF as EOL termination instead of CR only", | |||
596 | .type = OPTION_VALUE_OR, | |||
597 | .opt.value = &cms_config.flags, | |||
598 | .value = CMS_CRLFEOL0x800, | |||
599 | }, | |||
600 | { | |||
601 | .name = "data_create", | |||
602 | .desc = "Create CMS Data type", | |||
603 | .type = OPTION_VALUE, | |||
604 | .opt.value = &cms_config.operation, | |||
605 | .value = SMIME_DATA_CREATE(8 | 0x10), | |||
606 | }, | |||
607 | { | |||
608 | .name = "data_out", | |||
609 | .desc = "Output content from the input CMS Data type", | |||
610 | .type = OPTION_VALUE, | |||
611 | .opt.value = &cms_config.operation, | |||
612 | .value = SMIME_DATAOUT(7 | 0x20), | |||
613 | }, | |||
614 | { | |||
615 | .name = "debug_decrypt", | |||
616 | .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", | |||
617 | .type = OPTION_VALUE_OR, | |||
618 | .opt.value = &cms_config.flags, | |||
619 | .value = CMS_DEBUG_DECRYPT0x20000, | |||
620 | }, | |||
621 | { | |||
622 | .name = "decrypt", | |||
623 | .desc = "Decrypt encrypted message", | |||
624 | .type = OPTION_VALUE, | |||
625 | .opt.value = &cms_config.operation, | |||
626 | .value = SMIME_DECRYPT(2 | 0x20), | |||
627 | }, | |||
628 | { | |||
629 | .name = "digest_create", | |||
630 | .desc = "Create CMS DigestedData type", | |||
631 | .type = OPTION_VALUE, | |||
632 | .opt.value = &cms_config.operation, | |||
633 | .value = SMIME_DIGEST_CREATE(10 | 0x10), | |||
634 | }, | |||
635 | { | |||
636 | .name = "digest_verify", | |||
637 | .desc = "Verify CMS DigestedData type and output the content", | |||
638 | .type = OPTION_VALUE, | |||
639 | .opt.value = &cms_config.operation, | |||
640 | .value = SMIME_DIGEST_VERIFY(9 | 0x20), | |||
641 | }, | |||
642 | { | |||
643 | .name = "econtent_type", | |||
644 | .argname = "type", | |||
645 | .desc = "Set the encapsulated content type", | |||
646 | .type = OPTION_ARG_FUNC, | |||
647 | .opt.argfunc = cms_opt_econtent_type, | |||
648 | }, | |||
649 | { | |||
650 | .name = "encrypt", | |||
651 | .desc = "Encrypt message", | |||
652 | .type = OPTION_VALUE, | |||
653 | .opt.value = &cms_config.operation, | |||
654 | .value = SMIME_ENCRYPT(1 | 0x10), | |||
655 | }, | |||
656 | { | |||
657 | .name = "EncryptedData_decrypt", | |||
658 | .desc = "Decrypt CMS EncryptedData", | |||
659 | .type = OPTION_VALUE, | |||
660 | .opt.value = &cms_config.operation, | |||
661 | .value = SMIME_ENCRYPTED_DECRYPT(13 | 0x20), | |||
662 | }, | |||
663 | { | |||
664 | .name = "EncryptedData_encrypt", | |||
665 | .desc = "Encrypt content using supplied symmetric key and algorithm", | |||
666 | .type = OPTION_VALUE, | |||
667 | .opt.value = &cms_config.operation, | |||
668 | .value = SMIME_ENCRYPTED_ENCRYPT(14 | 0x10), | |||
669 | }, | |||
670 | { | |||
671 | .name = "from", | |||
672 | .argname = "addr", | |||
673 | .desc = "From address", | |||
674 | .type = OPTION_ARG, | |||
675 | .opt.arg = &cms_config.from, | |||
676 | }, | |||
677 | { | |||
678 | .name = "in", | |||
679 | .argname = "file", | |||
680 | .desc = "Input file", | |||
681 | .type = OPTION_ARG, | |||
682 | .opt.arg = &cms_config.infile, | |||
683 | }, | |||
684 | { | |||
685 | .name = "indef", | |||
686 | .desc = "Same as -stream", | |||
687 | .type = OPTION_VALUE_OR, | |||
688 | .opt.value = &cms_config.flags, | |||
689 | .value = CMS_STREAM0x1000, | |||
690 | }, | |||
691 | { | |||
692 | .name = "inform", | |||
693 | .argname = "fmt", | |||
694 | .desc = "Input format (DER, PEM or SMIME (default))", | |||
695 | .type = OPTION_ARG_FORMAT, | |||
696 | .opt.value = &cms_config.informat, | |||
697 | }, | |||
698 | { | |||
699 | .name = "inkey", | |||
700 | .argname = "file", | |||
701 | .desc = "Input key file", | |||
702 | .type = OPTION_ARG_FUNC, | |||
703 | .opt.argfunc = cms_opt_inkey, | |||
704 | }, | |||
705 | { | |||
706 | .name = "keyform", | |||
707 | .argname = "fmt", | |||
708 | .desc = "Input key format (DER or PEM (default))", | |||
709 | .type = OPTION_ARG_FORMAT, | |||
710 | .opt.value = &cms_config.keyform, | |||
711 | }, | |||
712 | { | |||
713 | .name = "keyid", | |||
714 | .desc = "Use subject key identifier", | |||
715 | .type = OPTION_VALUE_OR, | |||
716 | .opt.value = &cms_config.flags, | |||
717 | .value = CMS_USE_KEYID0x10000, | |||
718 | }, | |||
719 | { | |||
720 | .name = "keyopt", | |||
721 | .argname = "nm:v", | |||
722 | .desc = "Set public key parameters", | |||
723 | .type = OPTION_ARG_FUNC, | |||
724 | .opt.argfunc = cms_opt_keyopt, | |||
725 | }, | |||
726 | { | |||
727 | .name = "md", | |||
728 | .argname = "digest", | |||
729 | .desc = "Digest to use when signing or resigning", | |||
730 | .type = OPTION_ARG_FUNC, | |||
731 | .opt.argfunc = cms_opt_md, | |||
732 | }, | |||
733 | { | |||
734 | .name = "no_attr_verify", | |||
735 | .desc = "Do not verify the signer's attribute of a signature", | |||
736 | .type = OPTION_VALUE_OR, | |||
737 | .opt.value = &cms_config.flags, | |||
738 | .value = CMS_NO_ATTR_VERIFY0x8, | |||
739 | }, | |||
740 | { | |||
741 | .name = "no_content_verify", | |||
742 | .desc = "Do not verify the content of a signed message", | |||
743 | .type = OPTION_VALUE_OR, | |||
744 | .opt.value = &cms_config.flags, | |||
745 | .value = CMS_NO_CONTENT_VERIFY0x4, | |||
746 | }, | |||
747 | { | |||
748 | .name = "no_signer_cert_verify", | |||
749 | .desc = "Do not verify the signer's certificate", | |||
750 | .type = OPTION_VALUE_OR, | |||
751 | .opt.value = &cms_config.flags, | |||
752 | .value = CMS_NO_SIGNER_CERT_VERIFY0x20, | |||
753 | }, | |||
754 | { | |||
755 | .name = "noattr", | |||
756 | .desc = "Do not include any signed attributes", | |||
757 | .type = OPTION_VALUE_OR, | |||
758 | .opt.value = &cms_config.flags, | |||
759 | .value = CMS_NOATTR0x100, | |||
760 | }, | |||
761 | { | |||
762 | .name = "nocerts", | |||
763 | .desc = "Do not include signer's certificate when signing", | |||
764 | .type = OPTION_VALUE_OR, | |||
765 | .opt.value = &cms_config.flags, | |||
766 | .value = CMS_NOCERTS0x2, | |||
767 | }, | |||
768 | { | |||
769 | .name = "nodetach", | |||
770 | .desc = "Use opaque signing", | |||
771 | .type = OPTION_VALUE_AND, | |||
772 | .value = ~CMS_DETACHED0x40, | |||
773 | }, | |||
774 | { | |||
775 | .name = "noindef", | |||
776 | .desc = "Disable CMS streaming", | |||
777 | .type = OPTION_VALUE_AND, | |||
778 | .value = ~CMS_STREAM0x1000, | |||
779 | }, | |||
780 | { | |||
781 | .name = "nointern", | |||
782 | .desc = "Do not search certificates in message for signer", | |||
783 | .type = OPTION_VALUE_OR, | |||
784 | .opt.value = &cms_config.flags, | |||
785 | .value = CMS_NOINTERN0x10, | |||
786 | }, | |||
787 | { | |||
788 | .name = "nooldmime", | |||
789 | .desc = "Output old S/MIME content type", | |||
790 | .type = OPTION_VALUE_OR, | |||
791 | .opt.value = &cms_config.flags, | |||
792 | .value = CMS_NOOLDMIMETYPE0x400, | |||
793 | }, | |||
794 | { | |||
795 | .name = "noout", | |||
796 | .desc = "Do not output the parsed CMS structure", | |||
797 | .type = OPTION_FLAG, | |||
798 | .opt.flag = &cms_config.noout, | |||
799 | }, | |||
800 | { | |||
801 | .name = "nosigs", | |||
802 | .desc = "Do not verify message signature", | |||
803 | .type = OPTION_VALUE_OR, | |||
804 | .opt.value = &cms_config.flags, | |||
805 | .value = CMS_NOSIGS(0x4|0x8), | |||
806 | }, | |||
807 | { | |||
808 | .name = "nosmimecap", | |||
809 | .desc = "Omit the SMIMECapabilities attribute", | |||
810 | .type = OPTION_VALUE_OR, | |||
811 | .opt.value = &cms_config.flags, | |||
812 | .value = CMS_NOSMIMECAP0x200, | |||
813 | }, | |||
814 | { | |||
815 | .name = "noverify", | |||
816 | .desc = "Do not verify signer's certificate", | |||
817 | .type = OPTION_VALUE_OR, | |||
818 | .opt.value = &cms_config.flags, | |||
819 | .value = CMS_NO_SIGNER_CERT_VERIFY0x20, | |||
820 | }, | |||
821 | { | |||
822 | .name = "out", | |||
823 | .argname = "file", | |||
824 | .desc = "Output file", | |||
825 | .type = OPTION_ARG, | |||
826 | .opt.arg = &cms_config.outfile, | |||
827 | }, | |||
828 | { | |||
829 | .name = "outform", | |||
830 | .argname = "fmt", | |||
831 | .desc = "Output format (DER, PEM or SMIME (default))", | |||
832 | .type = OPTION_ARG_FORMAT, | |||
833 | .opt.value = &cms_config.outformat, | |||
834 | }, | |||
835 | { | |||
836 | .name = "passin", | |||
837 | .argname = "src", | |||
838 | .desc = "Private key password source", | |||
839 | .type = OPTION_ARG, | |||
840 | .opt.arg = &cms_config.passargin, | |||
841 | }, | |||
842 | { | |||
843 | .name = "print", | |||
844 | .desc = "Print out all fields of the CMS structure for the -cmsout", | |||
845 | .type = OPTION_FUNC, | |||
846 | .opt.func = cms_opt_print, | |||
847 | }, | |||
848 | { | |||
849 | .name = "pwri_password", | |||
850 | .argname = "arg", | |||
851 | .desc = "Specify PasswordRecipientInfo (PWRI) password to use", | |||
852 | .type = OPTION_ARG_FUNC, | |||
853 | .opt.argfunc = cms_opt_pwri_pass, | |||
854 | }, | |||
855 | { | |||
856 | .name = "rctform", | |||
857 | .argname = "fmt", | |||
858 | .desc = "Receipt file format (DER, PEM or SMIME (default))", | |||
859 | .type = OPTION_ARG_FORMAT, | |||
860 | .opt.value = &cms_config.rctformat, | |||
861 | }, | |||
862 | { | |||
863 | .name = "receipt_request_all", | |||
864 | .desc = "Indicate requests should be provided by all recipients", | |||
865 | .type = OPTION_VALUE, | |||
866 | .opt.value = &cms_config.rr_allorfirst, | |||
867 | .value = 0, | |||
868 | }, | |||
869 | { | |||
870 | .name = "receipt_request_first", | |||
871 | .desc = "Indicate requests should be provided by first tier recipient", | |||
872 | .type = OPTION_VALUE, | |||
873 | .opt.value = &cms_config.rr_allorfirst, | |||
874 | .value = 1, | |||
875 | }, | |||
876 | { | |||
877 | .name = "receipt_request_from", | |||
878 | .argname = "addr", | |||
879 | .desc = "Add explicit email address where receipts should be supplied", | |||
880 | .type = OPTION_ARG_FUNC, | |||
881 | .opt.argfunc = cms_opt_receipt_request_from, | |||
882 | }, | |||
883 | { | |||
884 | .name = "receipt_request_print", | |||
885 | .desc = "Print out the contents of any signed receipt requests", | |||
886 | .type = OPTION_FLAG, | |||
887 | .opt.flag = &cms_config.rr_print, | |||
888 | }, | |||
889 | { | |||
890 | .name = "receipt_request_to", | |||
891 | .argname = "addr", | |||
892 | .desc = "Add explicit email address where receipts should be sent to", | |||
893 | .type = OPTION_ARG_FUNC, | |||
894 | .opt.argfunc = cms_opt_receipt_request_to, | |||
895 | }, | |||
896 | { | |||
897 | .name = "recip", | |||
898 | .argname = "file", | |||
899 | .desc = "Recipient certificate file for decryption", | |||
900 | .type = OPTION_ARG_FUNC, | |||
901 | .opt.argfunc = cms_opt_recip, | |||
902 | }, | |||
903 | { | |||
904 | .name = "resign", | |||
905 | .desc = "Resign a signed message", | |||
906 | .type = OPTION_VALUE, | |||
907 | .opt.value = &cms_config.operation, | |||
908 | .value = SMIME_RESIGN(6 | 0x20 | 0x10 | 0x40), | |||
909 | }, | |||
910 | { | |||
911 | .name = "secretkey", | |||
912 | .argname = "key", | |||
913 | .desc = "Specify symmetric key to use", | |||
914 | .type = OPTION_ARG_FUNC, | |||
915 | .opt.argfunc = cms_opt_secretkey, | |||
916 | }, | |||
917 | { | |||
918 | .name = "secretkeyid", | |||
919 | .argname = "id", | |||
920 | .desc = "The key identifier for the supplied symmetric key", | |||
921 | .type = OPTION_ARG_FUNC, | |||
922 | .opt.argfunc = cms_opt_secretkeyid, | |||
923 | }, | |||
924 | { | |||
925 | .name = "sign", | |||
926 | .desc = "Sign message", | |||
927 | .type = OPTION_VALUE, | |||
928 | .opt.value = &cms_config.operation, | |||
929 | .value = SMIME_SIGN(3 | 0x10 | 0x40), | |||
930 | }, | |||
931 | { | |||
932 | .name = "sign_receipt", | |||
933 | .desc = "Generate a signed receipt for the message", | |||
934 | .type = OPTION_VALUE, | |||
935 | .opt.value = &cms_config.operation, | |||
936 | .value = SMIME_SIGN_RECEIPT(15 | 0x20 | 0x10), | |||
937 | }, | |||
938 | { | |||
939 | .name = "signer", | |||
940 | .argname = "file", | |||
941 | .desc = "Signer certificate file", | |||
942 | .type = OPTION_ARG_FUNC, | |||
943 | .opt.argfunc = cms_opt_signer, | |||
944 | }, | |||
945 | { | |||
946 | .name = "stream", | |||
947 | .desc = "Enable CMS streaming", | |||
948 | .type = OPTION_VALUE_OR, | |||
949 | .opt.value = &cms_config.flags, | |||
950 | .value = CMS_STREAM0x1000, | |||
951 | }, | |||
952 | { | |||
953 | .name = "subject", | |||
954 | .argname = "s", | |||
955 | .desc = "Subject", | |||
956 | .type = OPTION_ARG, | |||
957 | .opt.arg = &cms_config.subject, | |||
958 | }, | |||
959 | { | |||
960 | .name = "text", | |||
961 | .desc = "Include or delete text MIME headers", | |||
962 | .type = OPTION_VALUE_OR, | |||
963 | .opt.value = &cms_config.flags, | |||
964 | .value = CMS_TEXT0x1, | |||
965 | }, | |||
966 | { | |||
967 | .name = "to", | |||
968 | .argname = "addr", | |||
969 | .desc = "To address", | |||
970 | .type = OPTION_ARG, | |||
971 | .opt.arg = &cms_config.to, | |||
972 | }, | |||
973 | { | |||
974 | .name = "uncompress", | |||
975 | .desc = "Uncompress CMS CompressedData type", | |||
976 | .type = OPTION_VALUE, | |||
977 | .opt.value = &cms_config.operation, | |||
978 | .value = SMIME_UNCOMPRESS(11 | 0x20), | |||
979 | }, | |||
980 | { | |||
981 | .name = "verify", | |||
982 | .desc = "Verify signed message", | |||
983 | .type = OPTION_VALUE, | |||
984 | .opt.value = &cms_config.operation, | |||
985 | .value = SMIME_VERIFY(4 | 0x20), | |||
986 | }, | |||
987 | { | |||
988 | .name = "verify_receipt", | |||
989 | .argname = "file", | |||
990 | .desc = "Verify a signed receipt in file", | |||
991 | .type = OPTION_ARG_FUNC, | |||
992 | .opt.argfunc = cms_opt_verify_receipt, | |||
993 | }, | |||
994 | { | |||
995 | .name = "verify_retcode", | |||
996 | .desc = "Set verification error code to exit code", | |||
997 | .type = OPTION_FLAG, | |||
998 | .opt.flag = &cms_config.verify_retcode, | |||
999 | }, | |||
1000 | { | |||
1001 | .name = "check_ss_sig", | |||
1002 | .type = OPTION_ARGV_FUNC, | |||
1003 | .opt.argvfunc = cms_opt_verify_param, | |||
1004 | }, | |||
1005 | { | |||
1006 | .name = "crl_check", | |||
1007 | .type = OPTION_ARGV_FUNC, | |||
1008 | .opt.argvfunc = cms_opt_verify_param, | |||
1009 | }, | |||
1010 | { | |||
1011 | .name = "crl_check_all", | |||
1012 | .type = OPTION_ARGV_FUNC, | |||
1013 | .opt.argvfunc = cms_opt_verify_param, | |||
1014 | }, | |||
1015 | { | |||
1016 | .name = "extended_crl", | |||
1017 | .type = OPTION_ARGV_FUNC, | |||
1018 | .opt.argvfunc = cms_opt_verify_param, | |||
1019 | }, | |||
1020 | { | |||
1021 | .name = "ignore_critical", | |||
1022 | .type = OPTION_ARGV_FUNC, | |||
1023 | .opt.argvfunc = cms_opt_verify_param, | |||
1024 | }, | |||
1025 | { | |||
1026 | .name = "issuer_checks", | |||
1027 | .type = OPTION_ARGV_FUNC, | |||
1028 | .opt.argvfunc = cms_opt_verify_param, | |||
1029 | }, | |||
1030 | { | |||
1031 | .name = "policy", | |||
1032 | .type = OPTION_ARGV_FUNC, | |||
1033 | .opt.argvfunc = cms_opt_verify_param, | |||
1034 | }, | |||
1035 | { | |||
1036 | .name = "policy_check", | |||
1037 | .type = OPTION_ARGV_FUNC, | |||
1038 | .opt.argvfunc = cms_opt_verify_param, | |||
1039 | }, | |||
1040 | { | |||
1041 | .name = "purpose", | |||
1042 | .type = OPTION_ARGV_FUNC, | |||
1043 | .opt.argvfunc = cms_opt_verify_param, | |||
1044 | }, | |||
1045 | { | |||
1046 | .name = "x509_strict", | |||
1047 | .type = OPTION_ARGV_FUNC, | |||
1048 | .opt.argvfunc = cms_opt_verify_param, | |||
1049 | }, | |||
1050 | { | |||
1051 | .name = NULL((void*)0), | |||
1052 | .type = OPTION_ARGV_FUNC, | |||
1053 | .opt.argvfunc = cms_opt_cipher, | |||
1054 | }, | |||
1055 | { NULL((void*)0) }, | |||
1056 | }; | |||
1057 | ||||
1058 | static const struct option verify_shared_options[] = { | |||
1059 | { | |||
1060 | .name = "check_ss_sig", | |||
1061 | .desc = "Check the root CA self-signed certificate signature", | |||
1062 | }, | |||
1063 | { | |||
1064 | .name = "crl_check", | |||
1065 | .desc = "Enable CRL checking for the leaf certificate", | |||
1066 | }, | |||
1067 | { | |||
1068 | .name = "crl_check_all", | |||
1069 | .desc = "Enable CRL checking for the entire certificate chain", | |||
1070 | }, | |||
1071 | { | |||
1072 | .name = "extended_crl", | |||
1073 | .desc = "Enable extended CRL support", | |||
1074 | }, | |||
1075 | { | |||
1076 | .name = "ignore_critical", | |||
1077 | .desc = "Disable critical extension checking", | |||
1078 | }, | |||
1079 | { | |||
1080 | .name = "issuer_checks", | |||
1081 | .desc = "Enable debugging of certificate issuer checks", | |||
1082 | }, | |||
1083 | { | |||
1084 | .name = "policy", | |||
1085 | .argname = "name", | |||
1086 | .desc = "Add given policy to the acceptable set", | |||
1087 | }, | |||
1088 | { | |||
1089 | .name = "policy_check", | |||
1090 | .desc = "Enable certificate policy checking", | |||
1091 | }, | |||
1092 | { | |||
1093 | .name = "purpose", | |||
1094 | .argname = "name", | |||
1095 | .desc = "Verify for the given purpose", | |||
1096 | }, | |||
1097 | { | |||
1098 | .name = "x509_strict", | |||
1099 | .desc = "Use strict X.509 rules (disables workarounds)", | |||
1100 | }, | |||
1101 | { NULL((void*)0) }, | |||
1102 | }; | |||
1103 | ||||
1104 | static void | |||
1105 | cms_usage(void) | |||
1106 | { | |||
1107 | int i; | |||
1108 | ||||
1109 | fprintf(stderr(&__sF[2]), "usage: cms " | |||
1110 | "[-aes128 | -aes192 | -aes256 | -camellia128 |\n" | |||
1111 | " -camellia192 | -camellia256 | -des | -des3 |\n" | |||
1112 | " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n" | |||
1113 | " [-CApath directory] [-binary] [-certfile file]\n" | |||
1114 | " [-certsout file] [-cmsout] [-compress] [-content file]\n" | |||
1115 | " [-crlfeol] [-data_create] [-data_out] [-debug_decrypt]\n" | |||
1116 | " [-decrypt] [-digest_create] [-digest_verify]\n" | |||
1117 | " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n" | |||
1118 | " [-EncryptedData_encrypt] [-from addr] [-in file]\n" | |||
1119 | " [-inform der | pem | smime] [-inkey file]\n" | |||
1120 | " [-keyform der | pem] [-keyid] [-keyopt nm:v] [-md digest]\n" | |||
1121 | " [-no_attr_verify] [-no_content_verify]\n" | |||
1122 | " [-no_signer_cert_verify] [-noattr] [-nocerts] [-nodetach]\n" | |||
1123 | " [-nointern] [-nooldmime] [-noout] [-nosigs] [-nosmimecap]\n" | |||
1124 | " [-noverify] [-out file] [-outform der | pem | smime]\n" | |||
1125 | " [-passin src] [-print] [-pwri_password arg]\n" | |||
1126 | " [-rctform der | pem | smime]\n" | |||
1127 | " [-receipt_request_all | -receipt_request_first]\n" | |||
1128 | " [-receipt_request_from addr] [-receipt_request_print]\n" | |||
1129 | " [-receipt_request_to addr] [-recip file] [-resign]\n" | |||
1130 | " [-secretkey key] [-secretkeyid id] [-sign] [-sign_receipt]\n" | |||
1131 | " [-signer file] [-stream | -indef | -noindef] [-subject s]\n" | |||
1132 | " [-text] [-to addr] [-uncompress] [-verify]\n" | |||
1133 | " [-verify_receipt file] [-verify_retcode] [cert.pem ...]\n\n"); | |||
1134 | ||||
1135 | options_usage(cms_options); | |||
1136 | ||||
1137 | fprintf(stderr(&__sF[2]), "\nVerification options:\n\n"); | |||
1138 | options_usage(verify_shared_options); | |||
1139 | ||||
1140 | fprintf(stderr(&__sF[2]), "\nValid purposes:\n\n"); | |||
1141 | for (i = 0; i < X509_PURPOSE_get_count(); i++) { | |||
1142 | X509_PURPOSE *ptmp = X509_PURPOSE_get0(i); | |||
1143 | fprintf(stderr(&__sF[2]), " %-18s%s\n", X509_PURPOSE_get0_sname(ptmp), | |||
1144 | X509_PURPOSE_get0_name(ptmp)); | |||
1145 | } | |||
1146 | } | |||
1147 | ||||
1148 | int | |||
1149 | cms_main(int argc, char **argv) | |||
1150 | { | |||
1151 | int ret = 0; | |||
1152 | char **args; | |||
1153 | int argsused = 0; | |||
1154 | const char *inmode = "r", *outmode = "w"; | |||
1155 | CMS_ContentInfo *cms = NULL((void*)0), *rcms = NULL((void*)0); | |||
1156 | X509_STORE *store = NULL((void*)0); | |||
1157 | X509 *recip = NULL((void*)0), *signer = NULL((void*)0); | |||
1158 | EVP_PKEY *key = NULL((void*)0); | |||
1159 | STACK_OF(X509)struct stack_st_X509 *other = NULL((void*)0); | |||
1160 | BIO *in = NULL((void*)0), *out = NULL((void*)0), *indata = NULL((void*)0), *rctin = NULL((void*)0); | |||
1161 | int badarg = 0; | |||
1162 | CMS_ReceiptRequest *rr = NULL((void*)0); | |||
1163 | char *passin = NULL((void*)0); | |||
1164 | unsigned char *pwri_tmp = NULL((void*)0); | |||
1165 | ||||
1166 | if (single_execution) { | |||
1167 | if (pledge("stdio rpath wpath cpath tty", NULL((void*)0)) == -1) { | |||
1168 | perror("pledge"); | |||
1169 | exit(1); | |||
1170 | } | |||
1171 | } | |||
1172 | ||||
1173 | memset(&cms_config, 0, sizeof(cms_config)); | |||
1174 | cms_config.flags = CMS_DETACHED0x40; | |||
1175 | cms_config.rr_allorfirst = -1; | |||
1176 | cms_config.informat = FORMAT_SMIME6; | |||
1177 | cms_config.outformat = FORMAT_SMIME6; | |||
1178 | cms_config.rctformat = FORMAT_SMIME6; | |||
1179 | cms_config.keyform = FORMAT_PEM3; | |||
1180 | if (options_parse(argc, argv, cms_options, NULL((void*)0), &argsused) != 0) { | |||
1181 | goto argerr; | |||
1182 | } | |||
1183 | args = argv + argsused; | |||
1184 | ret = 1; | |||
1185 | ||||
1186 | if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL((void*)0)) && | |||
1187 | cms_config.rr_to == NULL((void*)0)) { | |||
1188 | BIO_puts(bio_err, "No Signed Receipts Recipients\n"); | |||
1189 | goto argerr; | |||
1190 | } | |||
1191 | if (!(cms_config.operation & SMIME_SIGNERS0x40) && | |||
1192 | (cms_config.rr_to != NULL((void*)0) || cms_config.rr_from != NULL((void*)0))) { | |||
1193 | BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); | |||
1194 | goto argerr; | |||
1195 | } | |||
1196 | if (!(cms_config.operation & SMIME_SIGNERS0x40) && | |||
1197 | (cms_config.skkeys != NULL((void*)0) || cms_config.sksigners != NULL((void*)0))) { | |||
1198 | BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); | |||
1199 | goto argerr; | |||
1200 | } | |||
1201 | if (cms_config.operation & SMIME_SIGNERS0x40) { | |||
1202 | if (cms_config.keyfile != NULL((void*)0) && | |||
1203 | cms_config.signerfile == NULL((void*)0)) { | |||
1204 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | |||
1205 | goto argerr; | |||
1206 | } | |||
1207 | /* Check to see if any final signer needs to be appended */ | |||
1208 | if (cms_config.signerfile != NULL((void*)0)) { | |||
1209 | if (cms_config.sksigners == NULL((void*)0) && | |||
1210 | (cms_config.sksigners = | |||
1211 | sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null())) == NULL((void*)0)) | |||
1212 | goto end; | |||
1213 | if (!sk_OPENSSL_STRING_push(cms_config.sksigners,sk_push(((_STACK*) (1 ? cms_config.sksigners : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? cms_config.signerfile : (char*)0))) | |||
1214 | cms_config.signerfile)sk_push(((_STACK*) (1 ? cms_config.sksigners : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? cms_config.signerfile : (char*)0)))) | |||
1215 | goto end; | |||
1216 | if (cms_config.skkeys == NULL((void*)0) && | |||
1217 | (cms_config.skkeys = | |||
1218 | sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)sk_new_null())) == NULL((void*)0)) | |||
1219 | goto end; | |||
1220 | if (cms_config.keyfile == NULL((void*)0)) | |||
1221 | cms_config.keyfile = cms_config.signerfile; | |||
1222 | if (!sk_OPENSSL_STRING_push(cms_config.skkeys,sk_push(((_STACK*) (1 ? cms_config.skkeys : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? cms_config.keyfile : (char*)0))) | |||
1223 | cms_config.keyfile)sk_push(((_STACK*) (1 ? cms_config.skkeys : (struct stack_st_OPENSSL_STRING *)0)), ((void*) (1 ? cms_config.keyfile : (char*)0)))) | |||
1224 | goto end; | |||
1225 | } | |||
1226 | if (cms_config.sksigners == NULL((void*)0)) { | |||
1227 | BIO_printf(bio_err, | |||
1228 | "No signer certificate specified\n"); | |||
1229 | badarg = 1; | |||
1230 | } | |||
1231 | cms_config.signerfile = NULL((void*)0); | |||
1232 | cms_config.keyfile = NULL((void*)0); | |||
1233 | } else if (cms_config.operation == SMIME_DECRYPT(2 | 0x20)) { | |||
1234 | if (cms_config.recipfile == NULL((void*)0) && | |||
1235 | cms_config.keyfile == NULL((void*)0) && | |||
1236 | cms_config.secret_key == NULL((void*)0) && | |||
1237 | cms_config.pwri_pass == NULL((void*)0)) { | |||
1238 | BIO_printf(bio_err, | |||
1239 | "No recipient certificate or key specified\n"); | |||
1240 | badarg = 1; | |||
1241 | } | |||
1242 | } else if (cms_config.operation == SMIME_ENCRYPT(1 | 0x10)) { | |||
1243 | if (*args == NULL((void*)0) && cms_config.secret_key == NULL((void*)0) && | |||
1244 | cms_config.pwri_pass == NULL((void*)0) && | |||
1245 | cms_config.encerts == NULL((void*)0)) { | |||
1246 | BIO_printf(bio_err, | |||
1247 | "No recipient(s) certificate(s) specified\n"); | |||
1248 | badarg = 1; | |||
1249 | } | |||
1250 | } else if (!cms_config.operation) { | |||
1251 | badarg = 1; | |||
1252 | } | |||
1253 | ||||
1254 | if (badarg) { | |||
1255 | argerr: | |||
1256 | cms_usage(); | |||
1257 | goto end; | |||
1258 | } | |||
1259 | ||||
1260 | if (!app_passwd(bio_err, cms_config.passargin, NULL((void*)0), &passin, NULL((void*)0))) { | |||
1261 | BIO_printf(bio_err, "Error getting password\n"); | |||
1262 | goto end; | |||
1263 | } | |||
1264 | ret = 2; | |||
1265 | ||||
1266 | if (!(cms_config.operation & SMIME_SIGNERS0x40)) | |||
1267 | cms_config.flags &= ~CMS_DETACHED0x40; | |||
1268 | ||||
1269 | if (cms_config.operation & SMIME_OP0x10) { | |||
1270 | if (cms_config.outformat == FORMAT_ASN11) | |||
1271 | outmode = "wb"; | |||
1272 | } else { | |||
1273 | if (cms_config.flags & CMS_BINARY0x80) | |||
1274 | outmode = "wb"; | |||
1275 | } | |||
1276 | ||||
1277 | if (cms_config.operation & SMIME_IP0x20) { | |||
1278 | if (cms_config.informat == FORMAT_ASN11) | |||
1279 | inmode = "rb"; | |||
1280 | } else { | |||
1281 | if (cms_config.flags & CMS_BINARY0x80) | |||
1282 | inmode = "rb"; | |||
1283 | } | |||
1284 | ||||
1285 | if (cms_config.operation == SMIME_ENCRYPT(1 | 0x10)) { | |||
1286 | if (cms_config.cipher == NULL((void*)0)) { | |||
1287 | #ifndef OPENSSL_NO_DES | |||
1288 | cms_config.cipher = EVP_des_ede3_cbc(); | |||
1289 | #else | |||
1290 | BIO_printf(bio_err, "No cipher selected\n"); | |||
1291 | goto end; | |||
1292 | #endif | |||
1293 | } | |||
1294 | if (cms_config.secret_key != NULL((void*)0) && | |||
1295 | cms_config.secret_keyid == NULL((void*)0)) { | |||
1296 | BIO_printf(bio_err, "No secret key id\n"); | |||
1297 | goto end; | |||
1298 | } | |||
1299 | if (*args != NULL((void*)0) && cms_config.encerts == NULL((void*)0)) | |||
1300 | if ((cms_config.encerts = sk_X509_new_null()((struct stack_st_X509 *)sk_new_null())) == NULL((void*)0)) | |||
1301 | goto end; | |||
1302 | while (*args) { | |||
1303 | if ((cms_config.cert = load_cert(bio_err, *args, | |||
1304 | FORMAT_PEM3, NULL((void*)0), | |||
1305 | "recipient certificate file")) == NULL((void*)0)) | |||
1306 | goto end; | |||
1307 | if (!sk_X509_push(cms_config.encerts, cms_config.cert)sk_push(((_STACK*) (1 ? (cms_config.encerts) : (struct stack_st_X509 *)0)), ((void*) (1 ? (cms_config.cert) : (X509*)0)))) | |||
1308 | goto end; | |||
1309 | cms_config.cert = NULL((void*)0); | |||
1310 | args++; | |||
1311 | } | |||
1312 | } | |||
1313 | if (cms_config.certfile != NULL((void*)0)) { | |||
1314 | if ((other = load_certs(bio_err, cms_config.certfile, | |||
1315 | FORMAT_PEM3, NULL((void*)0), "certificate file")) == NULL((void*)0)) { | |||
1316 | ERR_print_errors(bio_err); | |||
1317 | goto end; | |||
1318 | } | |||
1319 | } | |||
1320 | if (cms_config.recipfile != NULL((void*)0) && | |||
1321 | (cms_config.operation == SMIME_DECRYPT(2 | 0x20))) { | |||
1322 | if ((recip = load_cert(bio_err, cms_config.recipfile, | |||
1323 | FORMAT_PEM3, NULL((void*)0), "recipient certificate file")) == NULL((void*)0)) { | |||
1324 | ERR_print_errors(bio_err); | |||
1325 | goto end; | |||
1326 | } | |||
1327 | } | |||
1328 | if (cms_config.operation == SMIME_SIGN_RECEIPT(15 | 0x20 | 0x10)) { | |||
1329 | if ((signer = load_cert(bio_err, cms_config.signerfile, | |||
1330 | FORMAT_PEM3, NULL((void*)0), | |||
1331 | "receipt signer certificate file")) == NULL((void*)0)) { | |||
1332 | ERR_print_errors(bio_err); | |||
1333 | goto end; | |||
1334 | } | |||
1335 | } | |||
1336 | if (cms_config.operation == SMIME_DECRYPT(2 | 0x20)) { | |||
1337 | if (cms_config.keyfile == NULL((void*)0)) | |||
1338 | cms_config.keyfile = cms_config.recipfile; | |||
1339 | } else if ((cms_config.operation == SMIME_SIGN(3 | 0x10 | 0x40)) || | |||
1340 | (cms_config.operation == SMIME_SIGN_RECEIPT(15 | 0x20 | 0x10))) { | |||
1341 | if (cms_config.keyfile == NULL((void*)0)) | |||
1342 | cms_config.keyfile = cms_config.signerfile; | |||
1343 | } else { | |||
1344 | cms_config.keyfile = NULL((void*)0); | |||
1345 | } | |||
1346 | ||||
1347 | if (cms_config.keyfile != NULL((void*)0)) { | |||
1348 | key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, | |||
1349 | 0, passin, "signing key file"); | |||
1350 | if (key == NULL((void*)0)) | |||
1351 | goto end; | |||
1352 | } | |||
1353 | if (cms_config.infile != NULL((void*)0)) { | |||
1354 | if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL((void*)0)) { | |||
1355 | BIO_printf(bio_err, | |||
1356 | "Can't open input file %s\n", cms_config.infile); | |||
1357 | goto end; | |||
1358 | } | |||
1359 | } else { | |||
1360 | if ((in = BIO_new_fp(stdin(&__sF[0]), BIO_NOCLOSE0x00)) == NULL((void*)0)) | |||
1361 | goto end; | |||
1362 | } | |||
1363 | ||||
1364 | if (cms_config.operation & SMIME_IP0x20) { | |||
1365 | if (cms_config.informat == FORMAT_SMIME6) | |||
1366 | cms = SMIME_read_CMS(in, &indata); | |||
1367 | else if (cms_config.informat == FORMAT_PEM3) | |||
1368 | cms = PEM_read_bio_CMS(in, NULL((void*)0), NULL((void*)0), NULL((void*)0)); | |||
1369 | else if (cms_config.informat == FORMAT_ASN11) | |||
1370 | cms = d2i_CMS_bio(in, NULL((void*)0)); | |||
1371 | else { | |||
1372 | BIO_printf(bio_err, "Bad input format for CMS file\n"); | |||
1373 | goto end; | |||
1374 | } | |||
1375 | ||||
1376 | if (cms == NULL((void*)0)) { | |||
1377 | BIO_printf(bio_err, "Error reading S/MIME message\n"); | |||
1378 | goto end; | |||
1379 | } | |||
1380 | if (cms_config.contfile != NULL((void*)0)) { | |||
1381 | BIO_free(indata); | |||
1382 | if ((indata = BIO_new_file(cms_config.contfile, | |||
1383 | "rb")) == NULL((void*)0)) { | |||
1384 | BIO_printf(bio_err, | |||
1385 | "Can't read content file %s\n", | |||
1386 | cms_config.contfile); | |||
1387 | goto end; | |||
1388 | } | |||
1389 | } | |||
1390 | if (cms_config.certsoutfile != NULL((void*)0)) { | |||
1391 | STACK_OF(X509)struct stack_st_X509 *allcerts; | |||
1392 | if ((allcerts = CMS_get1_certs(cms)) == NULL((void*)0)) | |||
1393 | goto end; | |||
1394 | if (!save_certs(cms_config.certsoutfile, allcerts)) { | |||
1395 | BIO_printf(bio_err, | |||
1396 | "Error writing certs to %s\n", | |||
1397 | cms_config.certsoutfile); | |||
1398 | ret = 5; | |||
1399 | goto end; | |||
1400 | } | |||
1401 | sk_X509_pop_free(allcerts, X509_free)sk_pop_free(((_STACK*) (1 ? (allcerts) : (struct stack_st_X509 *)0)), ((void (*)(void *)) ((1 ? (X509_free) : (void (*)(X509 *))0)))); | |||
1402 | } | |||
1403 | } | |||
1404 | if (cms_config.rctfile != NULL((void*)0)) { | |||
1405 | char *rctmode = (cms_config.rctformat == FORMAT_ASN11) ? | |||
1406 | "rb" : "r"; | |||
1407 | if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL((void*)0)) { | |||
1408 | BIO_printf(bio_err, | |||
1409 | "Can't open receipt file %s\n", cms_config.rctfile); | |||
1410 | goto end; | |||
1411 | } | |||
1412 | if (cms_config.rctformat == FORMAT_SMIME6) | |||
1413 | rcms = SMIME_read_CMS(rctin, NULL((void*)0)); | |||
1414 | else if (cms_config.rctformat == FORMAT_PEM3) | |||
1415 | rcms = PEM_read_bio_CMS(rctin, NULL((void*)0), NULL((void*)0), NULL((void*)0)); | |||
1416 | else if (cms_config.rctformat == FORMAT_ASN11) | |||
1417 | rcms = d2i_CMS_bio(rctin, NULL((void*)0)); | |||
1418 | else { | |||
1419 | BIO_printf(bio_err, "Bad input format for receipt\n"); | |||
1420 | goto end; | |||
1421 | } | |||
1422 | ||||
1423 | if (rcms == NULL((void*)0)) { | |||
1424 | BIO_printf(bio_err, "Error reading receipt\n"); | |||
1425 | goto end; | |||
1426 | } | |||
1427 | } | |||
1428 | if (cms_config.outfile != NULL((void*)0)) { | |||
1429 | if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL((void*)0)) { | |||
1430 | BIO_printf(bio_err, | |||
1431 | "Can't open output file %s\n", cms_config.outfile); | |||
1432 | goto end; | |||
1433 | } | |||
1434 | } else { | |||
1435 | if ((out = BIO_new_fp(stdout(&__sF[1]), BIO_NOCLOSE0x00)) == NULL((void*)0)) | |||
1436 | goto end; | |||
1437 | } | |||
1438 | ||||
1439 | if ((cms_config.operation == SMIME_VERIFY(4 | 0x20)) || | |||
1440 | (cms_config.operation == SMIME_VERIFY_RECEIPT(16 | 0x20))) { | |||
1441 | if ((store = setup_verify(bio_err, cms_config.CAfile, | |||
1442 | cms_config.CApath)) == NULL((void*)0)) | |||
1443 | goto end; | |||
1444 | X509_STORE_set_verify_cb(store, cms_cb); | |||
1445 | if (cms_config.vpm != NULL((void*)0)) { | |||
1446 | if (!X509_STORE_set1_param(store, cms_config.vpm)) | |||
1447 | goto end; | |||
1448 | } | |||
1449 | } | |||
1450 | ret = 3; | |||
1451 | ||||
1452 | if (cms_config.operation == SMIME_DATA_CREATE(8 | 0x10)) { | |||
1453 | cms = CMS_data_create(in, cms_config.flags); | |||
1454 | } else if (cms_config.operation == SMIME_DIGEST_CREATE(10 | 0x10)) { | |||
1455 | cms = CMS_digest_create(in, cms_config.sign_md, | |||
1456 | cms_config.flags); | |||
1457 | } else if (cms_config.operation == SMIME_COMPRESS(12 | 0x10)) { | |||
1458 | cms = CMS_compress(in, -1, cms_config.flags); | |||
1459 | } else if (cms_config.operation == SMIME_ENCRYPT(1 | 0x10)) { | |||
1460 | int i; | |||
1461 | cms_config.flags |= CMS_PARTIAL0x4000; | |||
1462 | cms = CMS_encrypt(NULL((void*)0), in, cms_config.cipher, | |||
1463 | cms_config.flags); | |||
1464 | if (cms == NULL((void*)0)) | |||
1465 | goto end; | |||
1466 | for (i = 0; i < sk_X509_num(cms_config.encerts)sk_num(((_STACK*) (1 ? (cms_config.encerts) : (struct stack_st_X509 *)0))); i++) { | |||
1467 | CMS_RecipientInfo *ri; | |||
1468 | struct cms_key_param *kparam; | |||
1469 | int tflags = cms_config.flags; | |||
1470 | X509 *x; | |||
1471 | ||||
1472 | if ((x = sk_X509_value(cms_config.encerts, i)((X509 *)sk_value(((_STACK*) (1 ? (cms_config.encerts) : (struct stack_st_X509*)0)), (i)))) == NULL((void*)0)) | |||
1473 | goto end; | |||
1474 | for (kparam = cms_config.key_first; kparam != NULL((void*)0); | |||
1475 | kparam = kparam->next) { | |||
1476 | if (kparam->idx == i) { | |||
1477 | tflags |= CMS_KEY_PARAM0x40000; | |||
1478 | break; | |||
1479 | } | |||
1480 | } | |||
1481 | ri = CMS_add1_recipient_cert(cms, x, tflags); | |||
1482 | if (ri == NULL((void*)0)) | |||
1483 | goto end; | |||
1484 | if (kparam != NULL((void*)0)) { | |||
1485 | EVP_PKEY_CTX *pctx; | |||
1486 | if ((pctx = CMS_RecipientInfo_get0_pkey_ctx( | |||
1487 | ri)) == NULL((void*)0)) | |||
1488 | goto end; | |||
1489 | if (!cms_set_pkey_param(pctx, kparam->param)) | |||
1490 | goto end; | |||
1491 | } | |||
1492 | } | |||
1493 | ||||
1494 | if (cms_config.secret_key != NULL((void*)0)) { | |||
1495 | if (CMS_add0_recipient_key(cms, NID_undef0, | |||
1496 | cms_config.secret_key, cms_config.secret_keylen, | |||
1497 | cms_config.secret_keyid, cms_config.secret_keyidlen, | |||
1498 | NULL((void*)0), NULL((void*)0), NULL((void*)0)) == NULL((void*)0)) | |||
1499 | goto end; | |||
1500 | /* NULL these because call absorbs them */ | |||
1501 | cms_config.secret_key = NULL((void*)0); | |||
1502 | cms_config.secret_keyid = NULL((void*)0); | |||
1503 | } | |||
1504 | if (cms_config.pwri_pass != NULL((void*)0)) { | |||
1505 | pwri_tmp = strdup(cms_config.pwri_pass); | |||
1506 | if (pwri_tmp == NULL((void*)0)) | |||
1507 | goto end; | |||
1508 | if (CMS_add0_recipient_password(cms, -1, NID_undef0, | |||
1509 | NID_undef0, pwri_tmp, -1, NULL((void*)0)) == NULL((void*)0)) | |||
1510 | goto end; | |||
1511 | pwri_tmp = NULL((void*)0); | |||
1512 | } | |||
1513 | if (!(cms_config.flags & CMS_STREAM0x1000)) { | |||
1514 | if (!CMS_final(cms, in, NULL((void*)0), cms_config.flags)) | |||
1515 | goto end; | |||
1516 | } | |||
1517 | } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT(14 | 0x10)) { | |||
1518 | cms = CMS_EncryptedData_encrypt(in, cms_config.cipher, | |||
1519 | cms_config.secret_key, cms_config.secret_keylen, | |||
1520 | cms_config.flags); | |||
1521 | ||||
1522 | } else if (cms_config.operation == SMIME_SIGN_RECEIPT(15 | 0x20 | 0x10)) { | |||
1523 | CMS_ContentInfo *srcms = NULL((void*)0); | |||
1524 | STACK_OF(CMS_SignerInfo)struct stack_st_CMS_SignerInfo *sis; | |||
1525 | CMS_SignerInfo *si; | |||
1526 | sis = CMS_get0_SignerInfos(cms); | |||
1527 | if (sis == NULL((void*)0)) | |||
1528 | goto end; | |||
1529 | si = sk_CMS_SignerInfo_value(sis, 0)((CMS_SignerInfo *)sk_value(((_STACK*) (1 ? (sis) : (struct stack_st_CMS_SignerInfo *)0)), (0))); | |||
1530 | if (si == NULL((void*)0)) | |||
1531 | goto end; | |||
1532 | srcms = CMS_sign_receipt(si, signer, key, other, | |||
1533 | cms_config.flags); | |||
1534 | if (srcms == NULL((void*)0)) | |||
1535 | goto end; | |||
1536 | CMS_ContentInfo_free(cms); | |||
1537 | cms = srcms; | |||
1538 | } else if (cms_config.operation & SMIME_SIGNERS0x40) { | |||
1539 | int i; | |||
1540 | /* | |||
1541 | * If detached data content we enable streaming if S/MIME | |||
1542 | * output format. | |||
1543 | */ | |||
1544 | if (cms_config.operation == SMIME_SIGN(3 | 0x10 | 0x40)) { | |||
1545 | ||||
1546 | if (cms_config.flags & CMS_DETACHED0x40) { | |||
1547 | if (cms_config.outformat == FORMAT_SMIME6) | |||
1548 | cms_config.flags |= CMS_STREAM0x1000; | |||
1549 | } | |||
1550 | cms_config.flags |= CMS_PARTIAL0x4000; | |||
1551 | cms = CMS_sign(NULL((void*)0), NULL((void*)0), other, in, cms_config.flags); | |||
1552 | if (cms == NULL((void*)0)) | |||
1553 | goto end; | |||
1554 | if (cms_config.econtent_type != NULL((void*)0)) | |||
1555 | if (!CMS_set1_eContentType(cms, | |||
1556 | cms_config.econtent_type)) | |||
1557 | goto end; | |||
1558 | ||||
1559 | if (cms_config.rr_to != NULL((void*)0)) { | |||
1560 | rr = make_receipt_request(cms_config.rr_to, | |||
1561 | cms_config.rr_allorfirst, | |||
1562 | cms_config.rr_from); | |||
1563 | if (rr == NULL((void*)0)) { | |||
1564 | BIO_puts(bio_err, | |||
1565 | "Signed Receipt Request Creation Error\n"); | |||
1566 | goto end; | |||
1567 | } | |||
1568 | } | |||
1569 | } else { | |||
1570 | cms_config.flags |= CMS_REUSE_DIGEST0x8000; | |||
1571 | } | |||
1572 | ||||
1573 | for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners)sk_num(((_STACK*) (1 ? cms_config.sksigners : (struct stack_st_OPENSSL_STRING *)0))); i++) { | |||
1574 | CMS_SignerInfo *si; | |||
1575 | struct cms_key_param *kparam; | |||
1576 | int tflags = cms_config.flags; | |||
1577 | ||||
1578 | cms_config.signerfile = sk_OPENSSL_STRING_value(((OPENSSL_STRING)sk_value(((_STACK*) (1 ? cms_config.sksigners : (struct stack_st_OPENSSL_STRING*)0)), i)) | |||
1579 | cms_config.sksigners, i)((OPENSSL_STRING)sk_value(((_STACK*) (1 ? cms_config.sksigners : (struct stack_st_OPENSSL_STRING*)0)), i)); | |||
1580 | cms_config.keyfile = sk_OPENSSL_STRING_value(((OPENSSL_STRING)sk_value(((_STACK*) (1 ? cms_config.skkeys : (struct stack_st_OPENSSL_STRING*)0)), i)) | |||
1581 | cms_config.skkeys, i)((OPENSSL_STRING)sk_value(((_STACK*) (1 ? cms_config.skkeys : (struct stack_st_OPENSSL_STRING*)0)), i)); | |||
1582 | ||||
1583 | signer = load_cert(bio_err, cms_config.signerfile, | |||
1584 | FORMAT_PEM3, NULL((void*)0), "signer certificate"); | |||
1585 | if (signer == NULL((void*)0)) | |||
1586 | goto end; | |||
1587 | key = load_key(bio_err, cms_config.keyfile, | |||
1588 | cms_config.keyform, 0, passin, "signing key file"); | |||
1589 | if (key == NULL((void*)0)) | |||
1590 | goto end; | |||
1591 | for (kparam = cms_config.key_first; kparam != NULL((void*)0); | |||
1592 | kparam = kparam->next) { | |||
1593 | if (kparam->idx == i) { | |||
1594 | tflags |= CMS_KEY_PARAM0x40000; | |||
1595 | break; | |||
1596 | } | |||
1597 | } | |||
1598 | si = CMS_add1_signer(cms, signer, key, | |||
1599 | cms_config.sign_md, tflags); | |||
1600 | if (si == NULL((void*)0)) | |||
1601 | goto end; | |||
1602 | if (kparam != NULL((void*)0)) { | |||
1603 | EVP_PKEY_CTX *pctx; | |||
1604 | if ((pctx = CMS_SignerInfo_get0_pkey_ctx( | |||
1605 | si)) == NULL((void*)0)) | |||
1606 | goto end; | |||
1607 | if (!cms_set_pkey_param(pctx, kparam->param)) | |||
1608 | goto end; | |||
1609 | } | |||
1610 | if (rr != NULL((void*)0) && !CMS_add1_ReceiptRequest(si, rr)) | |||
1611 | goto end; | |||
1612 | X509_free(signer); | |||
1613 | signer = NULL((void*)0); | |||
1614 | EVP_PKEY_free(key); | |||
1615 | key = NULL((void*)0); | |||
1616 | } | |||
1617 | /* If not streaming or resigning finalize structure */ | |||
1618 | if ((cms_config.operation == SMIME_SIGN(3 | 0x10 | 0x40)) && | |||
1619 | !(cms_config.flags & CMS_STREAM0x1000)) { | |||
1620 | if (!CMS_final(cms, in, NULL((void*)0), cms_config.flags)) | |||
1621 | goto end; | |||
1622 | } | |||
1623 | } | |||
1624 | if (cms == NULL((void*)0)) { | |||
1625 | BIO_printf(bio_err, "Error creating CMS structure\n"); | |||
1626 | goto end; | |||
1627 | } | |||
1628 | ret = 4; | |||
1629 | if (cms_config.operation == SMIME_DECRYPT(2 | 0x20)) { | |||
1630 | if (cms_config.flags & CMS_DEBUG_DECRYPT0x20000) | |||
1631 | CMS_decrypt(cms, NULL((void*)0), NULL((void*)0), NULL((void*)0), NULL((void*)0), | |||
1632 | cms_config.flags); | |||
1633 | ||||
1634 | if (cms_config.secret_key != NULL((void*)0)) { | |||
1635 | if (!CMS_decrypt_set1_key(cms, cms_config.secret_key, | |||
1636 | cms_config.secret_keylen, cms_config.secret_keyid, | |||
1637 | cms_config.secret_keyidlen)) { | |||
1638 | BIO_puts(bio_err, | |||
1639 | "Error decrypting CMS using secret key\n"); | |||
1640 | goto end; | |||
1641 | } | |||
1642 | } | |||
1643 | if (key != NULL((void*)0)) { | |||
1644 | if (!CMS_decrypt_set1_pkey(cms, key, recip)) { | |||
1645 | BIO_puts(bio_err, | |||
1646 | "Error decrypting CMS using private key\n"); | |||
1647 | goto end; | |||
1648 | } | |||
1649 | } | |||
1650 | if (cms_config.pwri_pass != NULL((void*)0)) { | |||
1651 | if (!CMS_decrypt_set1_password(cms, | |||
1652 | cms_config.pwri_pass, -1)) { | |||
1653 | BIO_puts(bio_err, | |||
1654 | "Error decrypting CMS using password\n"); | |||
1655 | goto end; | |||
1656 | } | |||
1657 | } | |||
1658 | if (!CMS_decrypt(cms, NULL((void*)0), NULL((void*)0), indata, out, | |||
1659 | cms_config.flags)) { | |||
1660 | BIO_printf(bio_err, "Error decrypting CMS structure\n"); | |||
1661 | goto end; | |||
1662 | } | |||
1663 | } else if (cms_config.operation == SMIME_DATAOUT(7 | 0x20)) { | |||
1664 | if (!CMS_data(cms, out, cms_config.flags)) | |||
1665 | goto end; | |||
1666 | } else if (cms_config.operation == SMIME_UNCOMPRESS(11 | 0x20)) { | |||
1667 | if (!CMS_uncompress(cms, indata, out, cms_config.flags)) | |||
1668 | goto end; | |||
1669 | } else if (cms_config.operation == SMIME_DIGEST_VERIFY(9 | 0x20)) { | |||
1670 | if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0) | |||
1671 | BIO_printf(bio_err, "Verification successful\n"); | |||
1672 | else { | |||
1673 | BIO_printf(bio_err, "Verification failure\n"); | |||
1674 | goto end; | |||
1675 | } | |||
1676 | } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT(13 | 0x20)) { | |||
1677 | if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key, | |||
1678 | cms_config.secret_keylen, indata, out, cms_config.flags)) | |||
1679 | goto end; | |||
1680 | } else if (cms_config.operation == SMIME_VERIFY(4 | 0x20)) { | |||
1681 | if (CMS_verify(cms, other, store, indata, out, | |||
1682 | cms_config.flags) > 0) { | |||
1683 | BIO_printf(bio_err, "Verification successful\n"); | |||
1684 | } else { | |||
1685 | BIO_printf(bio_err, "Verification failure\n"); | |||
1686 | if (cms_config.verify_retcode) | |||
1687 | ret = verify_err + 32; | |||
1688 | goto end; | |||
1689 | } | |||
1690 | if (cms_config.signerfile != NULL((void*)0)) { | |||
1691 | STACK_OF(X509)struct stack_st_X509 *signers; | |||
1692 | if ((signers = CMS_get0_signers(cms)) == NULL((void*)0)) | |||
1693 | goto end; | |||
1694 | if (!save_certs(cms_config.signerfile, signers)) { | |||
1695 | BIO_printf(bio_err, | |||
1696 | "Error writing signers to %s\n", | |||
1697 | cms_config.signerfile); | |||
1698 | ret = 5; | |||
1699 | goto end; | |||
1700 | } | |||
1701 | sk_X509_free(signers)sk_free(((_STACK*) (1 ? (signers) : (struct stack_st_X509*)0) )); | |||
1702 | } | |||
1703 | if (cms_config.rr_print) | |||
1704 | receipt_request_print(bio_err, cms); | |||
1705 | ||||
1706 | } else if (cms_config.operation == SMIME_VERIFY_RECEIPT(16 | 0x20)) { | |||
1707 | if (CMS_verify_receipt(rcms, cms, other, store, | |||
1708 | cms_config.flags) > 0) { | |||
1709 | BIO_printf(bio_err, "Verification successful\n"); | |||
1710 | } else { | |||
1711 | BIO_printf(bio_err, "Verification failure\n"); | |||
1712 | goto end; | |||
1713 | } | |||
1714 | } else { | |||
1715 | if (cms_config.noout) { | |||
1716 | if (cms_config.print && | |||
1717 | !CMS_ContentInfo_print_ctx(out, cms, 0, NULL((void*)0))) | |||
1718 | goto end; | |||
1719 | } else if (cms_config.outformat == FORMAT_SMIME6) { | |||
1720 | if (cms_config.to != NULL((void*)0)) | |||
1721 | BIO_printf(out, "To: %s\n", cms_config.to); | |||
1722 | if (cms_config.from != NULL((void*)0)) | |||
1723 | BIO_printf(out, "From: %s\n", cms_config.from); | |||
1724 | if (cms_config.subject != NULL((void*)0)) | |||
1725 | BIO_printf(out, "Subject: %s\n", | |||
1726 | cms_config.subject); | |||
1727 | if (cms_config.operation == SMIME_RESIGN(6 | 0x20 | 0x10 | 0x40)) | |||
1728 | ret = SMIME_write_CMS(out, cms, indata, | |||
1729 | cms_config.flags); | |||
1730 | else | |||
1731 | ret = SMIME_write_CMS(out, cms, in, | |||
1732 | cms_config.flags); | |||
1733 | } else if (cms_config.outformat == FORMAT_PEM3) { | |||
1734 | ret = PEM_write_bio_CMS_stream(out, cms, in, | |||
1735 | cms_config.flags); | |||
1736 | } else if (cms_config.outformat == FORMAT_ASN11) { | |||
1737 | ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags); | |||
1738 | } else { | |||
1739 | BIO_printf(bio_err, "Bad output format for CMS file\n"); | |||
1740 | goto end; | |||
1741 | } | |||
1742 | if (ret <= 0) { | |||
1743 | ret = 6; | |||
1744 | goto end; | |||
1745 | } | |||
1746 | } | |||
1747 | ret = 0; | |||
1748 | ||||
1749 | end: | |||
1750 | if (ret) | |||
1751 | ERR_print_errors(bio_err); | |||
1752 | ||||
1753 | sk_X509_pop_free(cms_config.encerts, X509_free)sk_pop_free(((_STACK*) (1 ? (cms_config.encerts) : (struct stack_st_X509 *)0)), ((void (*)(void *)) ((1 ? (X509_free) : (void (*)(X509 *))0)))); | |||
1754 | sk_X509_pop_free(other, X509_free)sk_pop_free(((_STACK*) (1 ? (other) : (struct stack_st_X509*) 0)), ((void (*)(void *)) ((1 ? (X509_free) : (void (*)(X509 * ))0)))); | |||
1755 | X509_VERIFY_PARAM_free(cms_config.vpm); | |||
1756 | sk_OPENSSL_STRING_free(cms_config.sksigners)sk_free(((_STACK*) (1 ? cms_config.sksigners : (struct stack_st_OPENSSL_STRING *)0))); | |||
1757 | sk_OPENSSL_STRING_free(cms_config.skkeys)sk_free(((_STACK*) (1 ? cms_config.skkeys : (struct stack_st_OPENSSL_STRING *)0))); | |||
1758 | free(cms_config.secret_key); | |||
1759 | free(cms_config.secret_keyid); | |||
1760 | free(pwri_tmp); | |||
1761 | ASN1_OBJECT_free(cms_config.econtent_type); | |||
1762 | CMS_ReceiptRequest_free(rr); | |||
1763 | sk_OPENSSL_STRING_free(cms_config.rr_to)sk_free(((_STACK*) (1 ? cms_config.rr_to : (struct stack_st_OPENSSL_STRING *)0))); | |||
1764 | sk_OPENSSL_STRING_free(cms_config.rr_from)sk_free(((_STACK*) (1 ? cms_config.rr_from : (struct stack_st_OPENSSL_STRING *)0))); | |||
1765 | for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) { | |||
1766 | struct cms_key_param *tparam; | |||
1767 | sk_OPENSSL_STRING_free(cms_config.key_param->param)sk_free(((_STACK*) (1 ? cms_config.key_param->param : (struct stack_st_OPENSSL_STRING*)0))); | |||
1768 | tparam = cms_config.key_param->next; | |||
1769 | free(cms_config.key_param); | |||
1770 | cms_config.key_param = tparam; | |||
1771 | } | |||
1772 | X509_STORE_free(store); | |||
1773 | X509_free(cms_config.cert); | |||
1774 | X509_free(recip); | |||
1775 | X509_free(signer); | |||
1776 | EVP_PKEY_free(key); | |||
1777 | CMS_ContentInfo_free(cms); | |||
1778 | CMS_ContentInfo_free(rcms); | |||
1779 | BIO_free(rctin); | |||
1780 | BIO_free(in); | |||
1781 | BIO_free(indata); | |||
1782 | BIO_free_all(out); | |||
1783 | free(passin); | |||
1784 | ||||
1785 | return (ret); | |||
1786 | } | |||
1787 | ||||
1788 | static int | |||
1789 | save_certs(char *signerfile, STACK_OF(X509)struct stack_st_X509 *signers) | |||
1790 | { | |||
1791 | int i; | |||
1792 | BIO *tmp; | |||
1793 | ||||
1794 | if (signerfile == NULL((void*)0)) | |||
1795 | return 1; | |||
1796 | tmp = BIO_new_file(signerfile, "w"); | |||
1797 | if (tmp == NULL((void*)0)) | |||
1798 | return 0; | |||
1799 | for (i = 0; i < sk_X509_num(signers)sk_num(((_STACK*) (1 ? (signers) : (struct stack_st_X509*)0)) ); i++) | |||
1800 | PEM_write_bio_X509(tmp, sk_X509_value(signers, i)((X509 *)sk_value(((_STACK*) (1 ? (signers) : (struct stack_st_X509 *)0)), (i)))); | |||
1801 | BIO_free(tmp); | |||
1802 | return 1; | |||
1803 | } | |||
1804 | ||||
1805 | /* Minimal callback just to output policy info (if any) */ | |||
1806 | ||||
1807 | static int | |||
1808 | cms_cb(int ok, X509_STORE_CTX *ctx) | |||
1809 | { | |||
1810 | int error; | |||
1811 | ||||
1812 | error = X509_STORE_CTX_get_error(ctx); | |||
1813 | ||||
1814 | verify_err = error; | |||
1815 | ||||
1816 | if ((error != X509_V_ERR_NO_EXPLICIT_POLICY43) && | |||
1817 | ((error != X509_V_OK0) || (ok != 2))) | |||
1818 | return ok; | |||
1819 | ||||
1820 | policies_print(NULL((void*)0), ctx); | |||
1821 | ||||
1822 | return ok; | |||
1823 | } | |||
1824 | ||||
1825 | static void | |||
1826 | gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES *gns) | |||
1827 | { | |||
1828 | STACK_OF(GENERAL_NAME)struct stack_st_GENERAL_NAME *gens; | |||
1829 | GENERAL_NAME *gen; | |||
1830 | int i, j; | |||
1831 | ||||
1832 | for (i = 0; i < sk_GENERAL_NAMES_num(gns)sk_num(((_STACK*) (1 ? (gns) : (struct stack_st_GENERAL_NAMES *)0))); i++) { | |||
1833 | gens = sk_GENERAL_NAMES_value(gns, i)((GENERAL_NAMES *)sk_value(((_STACK*) (1 ? (gns) : (struct stack_st_GENERAL_NAMES *)0)), (i))); | |||
1834 | for (j = 0; j < sk_GENERAL_NAME_num(gens)sk_num(((_STACK*) (1 ? (gens) : (struct stack_st_GENERAL_NAME *)0))); j++) { | |||
1835 | gen = sk_GENERAL_NAME_value(gens, j)((GENERAL_NAME *)sk_value(((_STACK*) (1 ? (gens) : (struct stack_st_GENERAL_NAME *)0)), (j))); | |||
1836 | BIO_puts(out, " "); | |||
1837 | GENERAL_NAME_print(out, gen); | |||
1838 | BIO_puts(out, "\n"); | |||
1839 | } | |||
1840 | } | |||
1841 | return; | |||
1842 | } | |||
1843 | ||||
1844 | static void | |||
1845 | receipt_request_print(BIO *out, CMS_ContentInfo *cms) | |||
1846 | { | |||
1847 | STACK_OF(CMS_SignerInfo)struct stack_st_CMS_SignerInfo *sis; | |||
1848 | CMS_SignerInfo *si; | |||
1849 | CMS_ReceiptRequest *rr; | |||
1850 | int allorfirst; | |||
1851 | STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES *rto, *rlist; | |||
1852 | ASN1_STRING *scid; | |||
1853 | int i, rv; | |||
1854 | ||||
1855 | if ((sis = CMS_get0_SignerInfos(cms)) == NULL((void*)0)) | |||
1856 | return; | |||
1857 | for (i = 0; i < sk_CMS_SignerInfo_num(sis)sk_num(((_STACK*) (1 ? (sis) : (struct stack_st_CMS_SignerInfo *)0))); i++) { | |||
1858 | if ((si = sk_CMS_SignerInfo_value(sis, i)((CMS_SignerInfo *)sk_value(((_STACK*) (1 ? (sis) : (struct stack_st_CMS_SignerInfo *)0)), (i)))) == NULL((void*)0)) | |||
1859 | return; | |||
1860 | rv = CMS_get1_ReceiptRequest(si, &rr); | |||
1861 | BIO_printf(bio_err, "Signer %d:\n", i + 1); | |||
1862 | if (rv == 0) { | |||
1863 | BIO_puts(bio_err, " No Receipt Request\n"); | |||
1864 | } else if (rv < 0) { | |||
1865 | BIO_puts(bio_err, " Receipt Request Parse Error\n"); | |||
1866 | ERR_print_errors(bio_err); | |||
1867 | } else { | |||
1868 | char *id; | |||
1869 | int idlen; | |||
1870 | ||||
1871 | CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, | |||
1872 | &rlist, &rto); | |||
1873 | BIO_puts(out, " Signed Content ID:\n"); | |||
1874 | idlen = ASN1_STRING_length(scid); | |||
1875 | id = (char *) ASN1_STRING_data(scid); | |||
1876 | BIO_dump_indent(out, id, idlen, 4); | |||
1877 | BIO_puts(out, " Receipts From"); | |||
1878 | if (rlist != NULL((void*)0)) { | |||
1879 | BIO_puts(out, " List:\n"); | |||
1880 | gnames_stack_print(out, rlist); | |||
1881 | } else if (allorfirst == 1) { | |||
1882 | BIO_puts(out, ": First Tier\n"); | |||
1883 | } else if (allorfirst == 0) { | |||
1884 | BIO_puts(out, ": All\n"); | |||
1885 | } else { | |||
1886 | BIO_printf(out, " Unknown (%d)\n", allorfirst); | |||
1887 | } | |||
1888 | BIO_puts(out, " Receipts To:\n"); | |||
1889 | gnames_stack_print(out, rto); | |||
1890 | } | |||
1891 | CMS_ReceiptRequest_free(rr); | |||
1892 | } | |||
1893 | } | |||
1894 | ||||
1895 | static STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES * | |||
1896 | make_names_stack(STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *ns) | |||
1897 | { | |||
1898 | int i; | |||
1899 | STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES *ret; | |||
1900 | GENERAL_NAMES *gens = NULL((void*)0); | |||
1901 | GENERAL_NAME *gen = NULL((void*)0); | |||
1902 | ||||
1903 | if ((ret = sk_GENERAL_NAMES_new_null()((struct stack_st_GENERAL_NAMES *)sk_new_null())) == NULL((void*)0)) | |||
1904 | goto err; | |||
1905 | for (i = 0; i < sk_OPENSSL_STRING_num(ns)sk_num(((_STACK*) (1 ? ns : (struct stack_st_OPENSSL_STRING*) 0))); i++) { | |||
1906 | char *str = sk_OPENSSL_STRING_value(ns, i)((OPENSSL_STRING)sk_value(((_STACK*) (1 ? ns : (struct stack_st_OPENSSL_STRING *)0)), i)); | |||
1907 | gen = a2i_GENERAL_NAME(NULL((void*)0), NULL((void*)0), NULL((void*)0), GEN_EMAIL1, str, 0); | |||
1908 | if (gen == NULL((void*)0)) | |||
1909 | goto err; | |||
1910 | gens = GENERAL_NAMES_new(); | |||
1911 | if (gens == NULL((void*)0)) | |||
1912 | goto err; | |||
1913 | if (!sk_GENERAL_NAME_push(gens, gen)sk_push(((_STACK*) (1 ? (gens) : (struct stack_st_GENERAL_NAME *)0)), ((void*) (1 ? (gen) : (GENERAL_NAME*)0)))) | |||
1914 | goto err; | |||
1915 | gen = NULL((void*)0); | |||
1916 | if (!sk_GENERAL_NAMES_push(ret, gens)sk_push(((_STACK*) (1 ? (ret) : (struct stack_st_GENERAL_NAMES *)0)), ((void*) (1 ? (gens) : (GENERAL_NAMES*)0)))) | |||
1917 | goto err; | |||
1918 | gens = NULL((void*)0); | |||
1919 | } | |||
1920 | ||||
1921 | return ret; | |||
1922 | ||||
1923 | err: | |||
1924 | sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free)sk_pop_free(((_STACK*) (1 ? (ret) : (struct stack_st_GENERAL_NAMES *)0)), ((void (*)(void *)) ((1 ? (GENERAL_NAMES_free) : (void (*)(GENERAL_NAMES *))0)))); | |||
1925 | GENERAL_NAMES_free(gens); | |||
1926 | GENERAL_NAME_free(gen); | |||
1927 | ||||
1928 | return NULL((void*)0); | |||
1929 | } | |||
1930 | ||||
1931 | ||||
1932 | static CMS_ReceiptRequest * | |||
1933 | make_receipt_request(STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *rr_to, int rr_allorfirst, | |||
1934 | STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *rr_from) | |||
1935 | { | |||
1936 | STACK_OF(GENERAL_NAMES)struct stack_st_GENERAL_NAMES *rct_to = NULL((void*)0), *rct_from = NULL((void*)0); | |||
1937 | CMS_ReceiptRequest *rr; | |||
1938 | ||||
1939 | rct_to = make_names_stack(rr_to); | |||
1940 | if (rct_to == NULL((void*)0)) | |||
1941 | goto err; | |||
1942 | if (rr_from != NULL((void*)0)) { | |||
1943 | rct_from = make_names_stack(rr_from); | |||
1944 | if (rct_from == NULL((void*)0)) | |||
1945 | goto err; | |||
1946 | } else { | |||
1947 | rct_from = NULL((void*)0); | |||
1948 | } | |||
1949 | ||||
1950 | if ((rr = CMS_ReceiptRequest_create0(NULL((void*)0), -1, rr_allorfirst, rct_from, | |||
1951 | rct_to)) == NULL((void*)0)) | |||
1952 | goto err; | |||
1953 | ||||
1954 | return rr; | |||
1955 | ||||
1956 | err: | |||
1957 | sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free)sk_pop_free(((_STACK*) (1 ? (rct_to) : (struct stack_st_GENERAL_NAMES *)0)), ((void (*)(void *)) ((1 ? (GENERAL_NAMES_free) : (void (*)(GENERAL_NAMES *))0)))); | |||
1958 | sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free)sk_pop_free(((_STACK*) (1 ? (rct_from) : (struct stack_st_GENERAL_NAMES *)0)), ((void (*)(void *)) ((1 ? (GENERAL_NAMES_free) : (void (*)(GENERAL_NAMES *))0)))); | |||
1959 | return NULL((void*)0); | |||
1960 | } | |||
1961 | ||||
1962 | static int | |||
1963 | cms_set_pkey_param(EVP_PKEY_CTX *pctx, STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *param) | |||
1964 | { | |||
1965 | char *keyopt; | |||
1966 | int i; | |||
1967 | ||||
1968 | if (sk_OPENSSL_STRING_num(param)sk_num(((_STACK*) (1 ? param : (struct stack_st_OPENSSL_STRING *)0))) <= 0) | |||
1969 | return 1; | |||
1970 | for (i = 0; i < sk_OPENSSL_STRING_num(param)sk_num(((_STACK*) (1 ? param : (struct stack_st_OPENSSL_STRING *)0))); i++) { | |||
1971 | keyopt = sk_OPENSSL_STRING_value(param, i)((OPENSSL_STRING)sk_value(((_STACK*) (1 ? param : (struct stack_st_OPENSSL_STRING *)0)), i)); | |||
1972 | if (pkey_ctrl_string(pctx, keyopt) <= 0) { | |||
1973 | BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt); | |||
1974 | ERR_print_errors(bio_err); | |||
1975 | return 0; | |||
1976 | } | |||
1977 | } | |||
1978 | return 1; | |||
1979 | } | |||
1980 | ||||
1981 | #endif |