Context Navigation

source: rtems-libbsd/freebsd/crypto/openssl/apps/cms.c @ 0fecf49

5

Last change on this file since 0fecf49 was 0fecf49, checked in by Christian Mauderer <christian.mauderer@…>, on 03/26/19 at 09:19:22
bin/openssl: Import from FreeBSD.
Property mode set to `100644`
File size: 43.9 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2
3	/*
4	* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
5	*
6	* Licensed under the OpenSSL license (the "License"). You may not use
7	* this file except in compliance with the License. You can obtain a copy
8	* in the file LICENSE in the source distribution or at
9	* https://www.openssl.org/source/license.html
10	*/
11
12	/* CMS utility function */
13
14	#include <stdio.h>
15	#include <string.h>
16	#include "apps.h"
17	#include "progs.h"
18
19	#ifndef OPENSSL_NO_CMS
20
21	# include <openssl/crypto.h>
22	# include <openssl/pem.h>
23	# include <openssl/err.h>
24	# include <openssl/x509_vfy.h>
25	# include <openssl/x509v3.h>
26	# include <openssl/cms.h>
27
28	static int save_certs(char signerfile, STACK_OF(X509) signers);
29	static int cms_cb(int ok, X509_STORE_CTX *ctx);
30	static void receipt_request_print(CMS_ContentInfo *cms);
31	static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
32	*rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
33	*rr_from);
34	static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
35	STACK_OF(OPENSSL_STRING) *param);
36
37	# define SMIME_OP 0x10
38	# define SMIME_IP 0x20
39	# define SMIME_SIGNERS 0x40
40	# define SMIME_ENCRYPT (1 \| SMIME_OP)
41	# define SMIME_DECRYPT (2 \| SMIME_IP)
42	# define SMIME_SIGN (3 \| SMIME_OP \| SMIME_SIGNERS)
43	# define SMIME_VERIFY (4 \| SMIME_IP)
44	# define SMIME_CMSOUT (5 \| SMIME_IP \| SMIME_OP)
45	# define SMIME_RESIGN (6 \| SMIME_IP \| SMIME_OP \| SMIME_SIGNERS)
46	# define SMIME_DATAOUT (7 \| SMIME_IP)
47	# define SMIME_DATA_CREATE (8 \| SMIME_OP)
48	# define SMIME_DIGEST_VERIFY (9 \| SMIME_IP)
49	# define SMIME_DIGEST_CREATE (10 \| SMIME_OP)
50	# define SMIME_UNCOMPRESS (11 \| SMIME_IP)
51	# define SMIME_COMPRESS (12 \| SMIME_OP)
52	# define SMIME_ENCRYPTED_DECRYPT (13 \| SMIME_IP)
53	# define SMIME_ENCRYPTED_ENCRYPT (14 \| SMIME_OP)
54	# define SMIME_SIGN_RECEIPT (15 \| SMIME_IP \| SMIME_OP)
55	# define SMIME_VERIFY_RECEIPT (16 \| SMIME_IP)
56
57	static int verify_err = 0;
58
59	typedef struct cms_key_param_st cms_key_param;
60
61	struct cms_key_param_st {
62	int idx;
63	STACK_OF(OPENSSL_STRING) *param;
64	cms_key_param *next;
65	};
66
67	typedef enum OPTION_choice {
68	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
69	OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
70	OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
71	OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
72	OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
73	OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
74	OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT,
75	OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
76	OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
77	OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
78	OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
79	OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
80	OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
81	OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
82	OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
83	OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
84	OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
85	OPT_3DES_WRAP, OPT_ENGINE,
86	OPT_R_ENUM,
87	OPT_V_ENUM,
88	OPT_CIPHER
89	} OPTION_CHOICE;
90
91	const OPTIONS cms_options[] = {
92	{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
93	{OPT_HELP_STR, 1, '-',
94	" cert.pem... recipient certs for encryption\n"},
95	{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
96	{"help", OPT_HELP, '-', "Display this summary"},
97	{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
98	{"outform", OPT_OUTFORM, 'c',
99	"Output format SMIME (default), PEM or DER"},
100	{"in", OPT_IN, '<', "Input file"},
101	{"out", OPT_OUT, '>', "Output file"},
102	{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
103	{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
104	{"sign", OPT_SIGN, '-', "Sign message"},
105	{"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
106	{"resign", OPT_RESIGN, '-', "Resign a signed message"},
107	{"verify", OPT_VERIFY, '-', "Verify signed message"},
108	{"verify_retcode", OPT_VERIFY_RETCODE, '-'},
109	{"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
110	{"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
111	{"data_out", OPT_DATA_OUT, '-'},
112	{"data_create", OPT_DATA_CREATE, '-'},
113	{"digest_verify", OPT_DIGEST_VERIFY, '-'},
114	{"digest_create", OPT_DIGEST_CREATE, '-'},
115	{"compress", OPT_COMPRESS, '-'},
116	{"uncompress", OPT_UNCOMPRESS, '-'},
117	{"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'},
118	{"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'},
119	{"debug_decrypt", OPT_DEBUG_DECRYPT, '-'},
120	{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
121	{"asciicrlf", OPT_ASCIICRLF, '-'},
122	{"nointern", OPT_NOINTERN, '-',
123	"Don't search certificates in message for signer"},
124	{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
125	{"nocerts", OPT_NOCERTS, '-',
126	"Don't include signers certificate when signing"},
127	{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
128	{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
129	{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
130	{"binary", OPT_BINARY, '-', "Don't translate message to text"},
131	{"keyid", OPT_KEYID, '-', "Use subject key identifier"},
132	{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
133	{"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
134	{"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
135	{"stream", OPT_INDEF, '-', "Enable CMS streaming"},
136	{"indef", OPT_INDEF, '-', "Same as -stream"},
137	{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
138	{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
139	{"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
140	{"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
141	{"receipt_request_all", OPT_RR_ALL, '-'},
142	{"receipt_request_first", OPT_RR_FIRST, '-'},
143	{"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
144	{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
145	{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
146	{"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
147	{"no-CAfile", OPT_NOCAFILE, '-',
148	"Do not load the default certificates file"},
149	{"no-CApath", OPT_NOCAPATH, '-',
150	"Do not load certificates from the default certificates directory"},
151	{"content", OPT_CONTENT, '<',
152	"Supply or override content for detached signature"},
153	{"print", OPT_PRINT, '-',
154	"For the -cmsout operation print out all fields of the CMS structure"},
155	{"secretkey", OPT_SECRETKEY, 's'},
156	{"secretkeyid", OPT_SECRETKEYID, 's'},
157	{"pwri_password", OPT_PWRI_PASSWORD, 's'},
158	{"econtent_type", OPT_ECONTENT_TYPE, 's'},
159	{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
160	{"to", OPT_TO, 's', "To address"},
161	{"from", OPT_FROM, 's', "From address"},
162	{"subject", OPT_SUBJECT, 's', "Subject"},
163	{"signer", OPT_SIGNER, 's', "Signer certificate file"},
164	{"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
165	{"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
166	{"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
167	{"inkey", OPT_INKEY, 's',
168	"Input private key (if not signer or recipient)"},
169	{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
170	{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
171	{"receipt_request_from", OPT_RR_FROM, 's'},
172	{"receipt_request_to", OPT_RR_TO, 's'},
173	{"", OPT_CIPHER, '-', "Any supported cipher"},
174	OPT_R_OPTIONS,
175	OPT_V_OPTIONS,
176	{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
177	{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
178	{"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
179	# ifndef OPENSSL_NO_DES
180	{"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
181	# endif
182	# ifndef OPENSSL_NO_ENGINE
183	{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
184	# endif
185	{NULL}
186	};
187
188	int cms_main(int argc, char **argv)
189	{
190	ASN1_OBJECT *econtent_type = NULL;
191	BIO in = NULL, out = NULL, indata = NULL, rctin = NULL;
192	CMS_ContentInfo cms = NULL, rcms = NULL;
193	CMS_ReceiptRequest *rr = NULL;
194	ENGINE *e = NULL;
195	EVP_PKEY *key = NULL;
196	const EVP_CIPHER cipher = NULL, wrap_cipher = NULL;
197	const EVP_MD *sign_md = NULL;
198	STACK_OF(OPENSSL_STRING) rr_to = NULL, rr_from = NULL;
199	STACK_OF(OPENSSL_STRING) sksigners = NULL, skkeys = NULL;
200	STACK_OF(X509) encerts = NULL, other = NULL;
201	X509 cert = NULL, recip = NULL, *signer = NULL;
202	X509_STORE *store = NULL;
203	X509_VERIFY_PARAM *vpm = NULL;
204	char certfile = NULL, keyfile = NULL, *contfile = NULL;
205	const char CAfile = NULL, CApath = NULL;
206	char *certsoutfile = NULL;
207	int noCAfile = 0, noCApath = 0;
208	char infile = NULL, outfile = NULL, *rctfile = NULL;
209	char passinarg = NULL, passin = NULL, signerfile = NULL, recipfile = NULL;
210	char to = NULL, from = NULL, subject = NULL, prog;
211	cms_key_param key_first = NULL, key_param = NULL;
212	int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
213	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
214	int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
215	int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
216	size_t secret_keylen = 0, secret_keyidlen = 0;
217	unsigned char pwri_pass = NULL, pwri_tmp = NULL;
218	unsigned char secret_key = NULL, secret_keyid = NULL;
219	long ltmp;
220	const char *mime_eol = "\n";
221	OPTION_CHOICE o;
222
223	if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
224	return 1;
225
226	prog = opt_init(argc, argv, cms_options);
227	while ((o = opt_next()) != OPT_EOF) {
228	switch (o) {
229	case OPT_EOF:
230	case OPT_ERR:
231	opthelp:
232	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
233	goto end;
234	case OPT_HELP:
235	opt_help(cms_options);
236	ret = 0;
237	goto end;
238	case OPT_INFORM:
239	if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
240	goto opthelp;
241	break;
242	case OPT_OUTFORM:
243	if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
244	goto opthelp;
245	break;
246	case OPT_OUT:
247	outfile = opt_arg();
248	break;
249	case OPT_ENCRYPT:
250	operation = SMIME_ENCRYPT;
251	break;
252	case OPT_DECRYPT:
253	operation = SMIME_DECRYPT;
254	break;
255	case OPT_SIGN:
256	operation = SMIME_SIGN;
257	break;
258	case OPT_SIGN_RECEIPT:
259	operation = SMIME_SIGN_RECEIPT;
260	break;
261	case OPT_RESIGN:
262	operation = SMIME_RESIGN;
263	break;
264	case OPT_VERIFY:
265	operation = SMIME_VERIFY;
266	break;
267	case OPT_VERIFY_RETCODE:
268	verify_retcode = 1;
269	break;
270	case OPT_VERIFY_RECEIPT:
271	operation = SMIME_VERIFY_RECEIPT;
272	rctfile = opt_arg();
273	break;
274	case OPT_CMSOUT:
275	operation = SMIME_CMSOUT;
276	break;
277	case OPT_DATA_OUT:
278	operation = SMIME_DATAOUT;
279	break;
280	case OPT_DATA_CREATE:
281	operation = SMIME_DATA_CREATE;
282	break;
283	case OPT_DIGEST_VERIFY:
284	operation = SMIME_DIGEST_VERIFY;
285	break;
286	case OPT_DIGEST_CREATE:
287	operation = SMIME_DIGEST_CREATE;
288	break;
289	case OPT_COMPRESS:
290	operation = SMIME_COMPRESS;
291	break;
292	case OPT_UNCOMPRESS:
293	operation = SMIME_UNCOMPRESS;
294	break;
295	case OPT_ED_DECRYPT:
296	operation = SMIME_ENCRYPTED_DECRYPT;
297	break;
298	case OPT_ED_ENCRYPT:
299	operation = SMIME_ENCRYPTED_ENCRYPT;
300	break;
301	case OPT_DEBUG_DECRYPT:
302	flags \|= CMS_DEBUG_DECRYPT;
303	break;
304	case OPT_TEXT:
305	flags \|= CMS_TEXT;
306	break;
307	case OPT_ASCIICRLF:
308	flags \|= CMS_ASCIICRLF;
309	break;
310	case OPT_NOINTERN:
311	flags \|= CMS_NOINTERN;
312	break;
313	case OPT_NOVERIFY:
314	flags \|= CMS_NO_SIGNER_CERT_VERIFY;
315	break;
316	case OPT_NOCERTS:
317	flags \|= CMS_NOCERTS;
318	break;
319	case OPT_NOATTR:
320	flags \|= CMS_NOATTR;
321	break;
322	case OPT_NODETACH:
323	flags &= ~CMS_DETACHED;
324	break;
325	case OPT_NOSMIMECAP:
326	flags \|= CMS_NOSMIMECAP;
327	break;
328	case OPT_BINARY:
329	flags \|= CMS_BINARY;
330	break;
331	case OPT_KEYID:
332	flags \|= CMS_USE_KEYID;
333	break;
334	case OPT_NOSIGS:
335	flags \|= CMS_NOSIGS;
336	break;
337	case OPT_NO_CONTENT_VERIFY:
338	flags \|= CMS_NO_CONTENT_VERIFY;
339	break;
340	case OPT_NO_ATTR_VERIFY:
341	flags \|= CMS_NO_ATTR_VERIFY;
342	break;
343	case OPT_INDEF:
344	flags \|= CMS_STREAM;
345	break;
346	case OPT_NOINDEF:
347	flags &= ~CMS_STREAM;
348	break;
349	case OPT_CRLFEOL:
350	mime_eol = "\r\n";
351	flags \|= CMS_CRLFEOL;
352	break;
353	case OPT_NOOUT:
354	noout = 1;
355	break;
356	case OPT_RR_PRINT:
357	rr_print = 1;
358	break;
359	case OPT_RR_ALL:
360	rr_allorfirst = 0;
361	break;
362	case OPT_RR_FIRST:
363	rr_allorfirst = 1;
364	break;
365	case OPT_RCTFORM:
366	if (rctformat == FORMAT_SMIME)
367	rcms = SMIME_read_CMS(rctin, NULL);
368	else if (rctformat == FORMAT_PEM)
369	rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
370	else if (rctformat == FORMAT_ASN1)
371	if (!opt_format(opt_arg(),
372	OPT_FMT_PEMDER \| OPT_FMT_SMIME, &rctformat))
373	goto opthelp;
374	break;
375	case OPT_CERTFILE:
376	certfile = opt_arg();
377	break;
378	case OPT_CAFILE:
379	CAfile = opt_arg();
380	break;
381	case OPT_CAPATH:
382	CApath = opt_arg();
383	break;
384	case OPT_NOCAFILE:
385	noCAfile = 1;
386	break;
387	case OPT_NOCAPATH:
388	noCApath = 1;
389	break;
390	case OPT_IN:
391	infile = opt_arg();
392	break;
393	case OPT_CONTENT:
394	contfile = opt_arg();
395	break;
396	case OPT_RR_FROM:
397	if (rr_from == NULL
398	&& (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
399	goto end;
400	sk_OPENSSL_STRING_push(rr_from, opt_arg());
401	break;
402	case OPT_RR_TO:
403	if (rr_to == NULL
404	&& (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
405	goto end;
406	sk_OPENSSL_STRING_push(rr_to, opt_arg());
407	break;
408	case OPT_PRINT:
409	noout = print = 1;
410	break;
411	case OPT_SECRETKEY:
412	if (secret_key != NULL) {
413	BIO_printf(bio_err, "Invalid key (supplied twice) %s\n",
414	opt_arg());
415	goto opthelp;
416	}
417	secret_key = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
418	if (secret_key == NULL) {
419	BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
420	goto end;
421	}
422	secret_keylen = (size_t)ltmp;
423	break;
424	case OPT_SECRETKEYID:
425	if (secret_keyid != NULL) {
426	BIO_printf(bio_err, "Invalid id (supplied twice) %s\n",
427	opt_arg());
428	goto opthelp;
429	}
430	secret_keyid = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
431	if (secret_keyid == NULL) {
432	BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
433	goto opthelp;
434	}
435	secret_keyidlen = (size_t)ltmp;
436	break;
437	case OPT_PWRI_PASSWORD:
438	pwri_pass = (unsigned char *)opt_arg();
439	break;
440	case OPT_ECONTENT_TYPE:
441	if (econtent_type != NULL) {
442	BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n",
443	opt_arg());
444	goto opthelp;
445	}
446	econtent_type = OBJ_txt2obj(opt_arg(), 0);
447	if (econtent_type == NULL) {
448	BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());
449	goto opthelp;
450	}
451	break;
452	case OPT_ENGINE:
453	e = setup_engine(opt_arg(), 0);
454	break;
455	case OPT_PASSIN:
456	passinarg = opt_arg();
457	break;
458	case OPT_TO:
459	to = opt_arg();
460	break;
461	case OPT_FROM:
462	from = opt_arg();
463	break;
464	case OPT_SUBJECT:
465	subject = opt_arg();
466	break;
467	case OPT_CERTSOUT:
468	certsoutfile = opt_arg();
469	break;
470	case OPT_MD:
471	if (!opt_md(opt_arg(), &sign_md))
472	goto end;
473	break;
474	case OPT_SIGNER:
475	/* If previous -signer argument add signer to list */
476	if (signerfile != NULL) {
477	if (sksigners == NULL
478	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
479	goto end;
480	sk_OPENSSL_STRING_push(sksigners, signerfile);
481	if (keyfile == NULL)
482	keyfile = signerfile;
483	if (skkeys == NULL
484	&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
485	goto end;
486	sk_OPENSSL_STRING_push(skkeys, keyfile);
487	keyfile = NULL;
488	}
489	signerfile = opt_arg();
490	break;
491	case OPT_INKEY:
492	/* If previous -inkey argument add signer to list */
493	if (keyfile != NULL) {
494	if (signerfile == NULL) {
495	BIO_puts(bio_err, "Illegal -inkey without -signer\n");
496	goto end;
497	}
498	if (sksigners == NULL
499	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
500	goto end;
501	sk_OPENSSL_STRING_push(sksigners, signerfile);
502	signerfile = NULL;
503	if (skkeys == NULL
504	&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
505	goto end;
506	sk_OPENSSL_STRING_push(skkeys, keyfile);
507	}
508	keyfile = opt_arg();
509	break;
510	case OPT_KEYFORM:
511	if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
512	goto opthelp;
513	break;
514	case OPT_RECIP:
515	if (operation == SMIME_ENCRYPT) {
516	if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
517	goto end;
518	cert = load_cert(opt_arg(), FORMAT_PEM,
519	"recipient certificate file");
520	if (cert == NULL)
521	goto end;
522	sk_X509_push(encerts, cert);
523	cert = NULL;
524	} else {
525	recipfile = opt_arg();
526	}
527	break;
528	case OPT_CIPHER:
529	if (!opt_cipher(opt_unknown(), &cipher))
530	goto end;
531	break;
532	case OPT_KEYOPT:
533	keyidx = -1;
534	if (operation == SMIME_ENCRYPT) {
535	if (encerts != NULL)
536	keyidx += sk_X509_num(encerts);
537	} else {
538	if (keyfile != NULL \|\| signerfile != NULL)
539	keyidx++;
540	if (skkeys != NULL)
541	keyidx += sk_OPENSSL_STRING_num(skkeys);
542	}
543	if (keyidx < 0) {
544	BIO_printf(bio_err, "No key specified\n");
545	goto opthelp;
546	}
547	if (key_param == NULL \|\| key_param->idx != keyidx) {
548	cms_key_param *nparam;
549	nparam = app_malloc(sizeof(*nparam), "key param buffer");
550	nparam->idx = keyidx;
551	if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
552	goto end;
553	nparam->next = NULL;
554	if (key_first == NULL)
555	key_first = nparam;
556	else
557	key_param->next = nparam;
558	key_param = nparam;
559	}
560	sk_OPENSSL_STRING_push(key_param->param, opt_arg());
561	break;
562	case OPT_V_CASES:
563	if (!opt_verify(o, vpm))
564	goto end;
565	vpmtouched++;
566	break;
567	case OPT_R_CASES:
568	if (!opt_rand(o))
569	goto end;
570	break;
571	case OPT_3DES_WRAP:
572	# ifndef OPENSSL_NO_DES
573	wrap_cipher = EVP_des_ede3_wrap();
574	# endif
575	break;
576	case OPT_AES128_WRAP:
577	wrap_cipher = EVP_aes_128_wrap();
578	break;
579	case OPT_AES192_WRAP:
580	wrap_cipher = EVP_aes_192_wrap();
581	break;
582	case OPT_AES256_WRAP:
583	wrap_cipher = EVP_aes_256_wrap();
584	break;
585	}
586	}
587	argc = opt_num_rest();
588	argv = opt_rest();
589
590	if ((rr_allorfirst != -1 \|\| rr_from != NULL) && rr_to == NULL) {
591	BIO_puts(bio_err, "No Signed Receipts Recipients\n");
592	goto opthelp;
593	}
594
595	if (!(operation & SMIME_SIGNERS) && (rr_to != NULL \|\| rr_from != NULL)) {
596	BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
597	goto opthelp;
598	}
599	if (!(operation & SMIME_SIGNERS) && (skkeys != NULL \|\| sksigners != NULL)) {
600	BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
601	goto opthelp;
602	}
603
604	if (operation & SMIME_SIGNERS) {
605	if (keyfile != NULL && signerfile == NULL) {
606	BIO_puts(bio_err, "Illegal -inkey without -signer\n");
607	goto opthelp;
608	}
609	/* Check to see if any final signer needs to be appended */
610	if (signerfile != NULL) {
611	if (sksigners == NULL
612	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
613	goto end;
614	sk_OPENSSL_STRING_push(sksigners, signerfile);
615	if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
616	goto end;
617	if (keyfile == NULL)
618	keyfile = signerfile;
619	sk_OPENSSL_STRING_push(skkeys, keyfile);
620	}
621	if (sksigners == NULL) {
622	BIO_printf(bio_err, "No signer certificate specified\n");
623	goto opthelp;
624	}
625	signerfile = NULL;
626	keyfile = NULL;
627	} else if (operation == SMIME_DECRYPT) {
628	if (recipfile == NULL && keyfile == NULL
629	&& secret_key == NULL && pwri_pass == NULL) {
630	BIO_printf(bio_err,
631	"No recipient certificate or key specified\n");
632	goto opthelp;
633	}
634	} else if (operation == SMIME_ENCRYPT) {
635	if (*argv == NULL && secret_key == NULL
636	&& pwri_pass == NULL && encerts == NULL) {
637	BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
638	goto opthelp;
639	}
640	} else if (!operation) {
641	goto opthelp;
642	}
643
644	if (!app_passwd(passinarg, NULL, &passin, NULL)) {
645	BIO_printf(bio_err, "Error getting password\n");
646	goto end;
647	}
648
649	ret = 2;
650
651	if (!(operation & SMIME_SIGNERS))
652	flags &= ~CMS_DETACHED;
653
654	if (!(operation & SMIME_OP))
655	if (flags & CMS_BINARY)
656	outformat = FORMAT_BINARY;
657
658	if (!(operation & SMIME_IP))
659	if (flags & CMS_BINARY)
660	informat = FORMAT_BINARY;
661
662	if (operation == SMIME_ENCRYPT) {
663	if (!cipher) {
664	# ifndef OPENSSL_NO_DES
665	cipher = EVP_des_ede3_cbc();
666	# else
667	BIO_printf(bio_err, "No cipher selected\n");
668	goto end;
669	# endif
670	}
671
672	if (secret_key && !secret_keyid) {
673	BIO_printf(bio_err, "No secret key id\n");
674	goto end;
675	}
676
677	if (*argv && encerts == NULL)
678	if ((encerts = sk_X509_new_null()) == NULL)
679	goto end;
680	while (*argv) {
681	if ((cert = load_cert(*argv, FORMAT_PEM,
682	"recipient certificate file")) == NULL)
683	goto end;
684	sk_X509_push(encerts, cert);
685	cert = NULL;
686	argv++;
687	}
688	}
689
690	if (certfile != NULL) {
691	if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
692	"certificate file")) {
693	ERR_print_errors(bio_err);
694	goto end;
695	}
696	}
697
698	if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
699	if ((recip = load_cert(recipfile, FORMAT_PEM,
700	"recipient certificate file")) == NULL) {
701	ERR_print_errors(bio_err);
702	goto end;
703	}
704	}
705
706	if (operation == SMIME_SIGN_RECEIPT) {
707	if ((signer = load_cert(signerfile, FORMAT_PEM,
708	"receipt signer certificate file")) == NULL) {
709	ERR_print_errors(bio_err);
710	goto end;
711	}
712	}
713
714	if (operation == SMIME_DECRYPT) {
715	if (keyfile == NULL)
716	keyfile = recipfile;
717	} else if ((operation == SMIME_SIGN) \|\| (operation == SMIME_SIGN_RECEIPT)) {
718	if (keyfile == NULL)
719	keyfile = signerfile;
720	} else {
721	keyfile = NULL;
722	}
723
724	if (keyfile != NULL) {
725	key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
726	if (key == NULL)
727	goto end;
728	}
729
730	in = bio_open_default(infile, 'r', informat);
731	if (in == NULL)
732	goto end;
733
734	if (operation & SMIME_IP) {
735	if (informat == FORMAT_SMIME) {
736	cms = SMIME_read_CMS(in, &indata);
737	} else if (informat == FORMAT_PEM) {
738	cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
739	} else if (informat == FORMAT_ASN1) {
740	cms = d2i_CMS_bio(in, NULL);
741	} else {
742	BIO_printf(bio_err, "Bad input format for CMS file\n");
743	goto end;
744	}
745
746	if (cms == NULL) {
747	BIO_printf(bio_err, "Error reading S/MIME message\n");
748	goto end;
749	}
750	if (contfile != NULL) {
751	BIO_free(indata);
752	if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
753	BIO_printf(bio_err, "Can't read content file %s\n", contfile);
754	goto end;
755	}
756	}
757	if (certsoutfile != NULL) {
758	STACK_OF(X509) *allcerts;
759	allcerts = CMS_get1_certs(cms);
760	if (!save_certs(certsoutfile, allcerts)) {
761	BIO_printf(bio_err,
762	"Error writing certs to %s\n", certsoutfile);
763	ret = 5;
764	goto end;
765	}
766	sk_X509_pop_free(allcerts, X509_free);
767	}
768	}
769
770	if (rctfile != NULL) {
771	char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
772	if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
773	BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
774	goto end;
775	}
776
777	if (rctformat == FORMAT_SMIME) {
778	rcms = SMIME_read_CMS(rctin, NULL);
779	} else if (rctformat == FORMAT_PEM) {
780	rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
781	} else if (rctformat == FORMAT_ASN1) {
782	rcms = d2i_CMS_bio(rctin, NULL);
783	} else {
784	BIO_printf(bio_err, "Bad input format for receipt\n");
785	goto end;
786	}
787
788	if (rcms == NULL) {
789	BIO_printf(bio_err, "Error reading receipt\n");
790	goto end;
791	}
792	}
793
794	out = bio_open_default(outfile, 'w', outformat);
795	if (out == NULL)
796	goto end;
797
798	if ((operation == SMIME_VERIFY) \|\| (operation == SMIME_VERIFY_RECEIPT)) {
799	if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
800	goto end;
801	X509_STORE_set_verify_cb(store, cms_cb);
802	if (vpmtouched)
803	X509_STORE_set1_param(store, vpm);
804	}
805
806	ret = 3;
807
808	if (operation == SMIME_DATA_CREATE) {
809	cms = CMS_data_create(in, flags);
810	} else if (operation == SMIME_DIGEST_CREATE) {
811	cms = CMS_digest_create(in, sign_md, flags);
812	} else if (operation == SMIME_COMPRESS) {
813	cms = CMS_compress(in, -1, flags);
814	} else if (operation == SMIME_ENCRYPT) {
815	int i;
816	flags \|= CMS_PARTIAL;
817	cms = CMS_encrypt(NULL, in, cipher, flags);
818	if (cms == NULL)
819	goto end;
820	for (i = 0; i < sk_X509_num(encerts); i++) {
821	CMS_RecipientInfo *ri;
822	cms_key_param *kparam;
823	int tflags = flags;
824	X509 *x = sk_X509_value(encerts, i);
825	for (kparam = key_first; kparam; kparam = kparam->next) {
826	if (kparam->idx == i) {
827	tflags \|= CMS_KEY_PARAM;
828	break;
829	}
830	}
831	ri = CMS_add1_recipient_cert(cms, x, tflags);
832	if (ri == NULL)
833	goto end;
834	if (kparam != NULL) {
835	EVP_PKEY_CTX *pctx;
836	pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
837	if (!cms_set_pkey_param(pctx, kparam->param))
838	goto end;
839	}
840	if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE
841	&& wrap_cipher) {
842	EVP_CIPHER_CTX *wctx;
843	wctx = CMS_RecipientInfo_kari_get0_ctx(ri);
844	EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL);
845	}
846	}
847
848	if (secret_key != NULL) {
849	if (!CMS_add0_recipient_key(cms, NID_undef,
850	secret_key, secret_keylen,
851	secret_keyid, secret_keyidlen,
852	NULL, NULL, NULL))
853	goto end;
854	/* NULL these because call absorbs them */
855	secret_key = NULL;
856	secret_keyid = NULL;
857	}
858	if (pwri_pass != NULL) {
859	pwri_tmp = (unsigned char )OPENSSL_strdup((char )pwri_pass);
860	if (pwri_tmp == NULL)
861	goto end;
862	if (CMS_add0_recipient_password(cms,
863	-1, NID_undef, NID_undef,
864	pwri_tmp, -1, NULL) == NULL)
865	goto end;
866	pwri_tmp = NULL;
867	}
868	if (!(flags & CMS_STREAM)) {
869	if (!CMS_final(cms, in, NULL, flags))
870	goto end;
871	}
872	} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
873	cms = CMS_EncryptedData_encrypt(in, cipher,
874	secret_key, secret_keylen, flags);
875
876	} else if (operation == SMIME_SIGN_RECEIPT) {
877	CMS_ContentInfo *srcms = NULL;
878	STACK_OF(CMS_SignerInfo) *sis;
879	CMS_SignerInfo *si;
880	sis = CMS_get0_SignerInfos(cms);
881	if (sis == NULL)
882	goto end;
883	si = sk_CMS_SignerInfo_value(sis, 0);
884	srcms = CMS_sign_receipt(si, signer, key, other, flags);
885	if (srcms == NULL)
886	goto end;
887	CMS_ContentInfo_free(cms);
888	cms = srcms;
889	} else if (operation & SMIME_SIGNERS) {
890	int i;
891	/*
892	* If detached data content we enable streaming if S/MIME output
893	* format.
894	*/
895	if (operation == SMIME_SIGN) {
896
897	if (flags & CMS_DETACHED) {
898	if (outformat == FORMAT_SMIME)
899	flags \|= CMS_STREAM;
900	}
901	flags \|= CMS_PARTIAL;
902	cms = CMS_sign(NULL, NULL, other, in, flags);
903	if (cms == NULL)
904	goto end;
905	if (econtent_type != NULL)
906	CMS_set1_eContentType(cms, econtent_type);
907
908	if (rr_to != NULL) {
909	rr = make_receipt_request(rr_to, rr_allorfirst, rr_from);
910	if (rr == NULL) {
911	BIO_puts(bio_err,
912	"Signed Receipt Request Creation Error\n");
913	goto end;
914	}
915	}
916	} else {
917	flags \|= CMS_REUSE_DIGEST;
918	}
919	for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
920	CMS_SignerInfo *si;
921	cms_key_param *kparam;
922	int tflags = flags;
923	signerfile = sk_OPENSSL_STRING_value(sksigners, i);
924	keyfile = sk_OPENSSL_STRING_value(skkeys, i);
925
926	signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
927	if (signer == NULL) {
928	ret = 2;
929	goto end;
930	}
931	key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
932	if (key == NULL) {
933	ret = 2;
934	goto end;
935	}
936	for (kparam = key_first; kparam; kparam = kparam->next) {
937	if (kparam->idx == i) {
938	tflags \|= CMS_KEY_PARAM;
939	break;
940	}
941	}
942	si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
943	if (si == NULL)
944	goto end;
945	if (kparam != NULL) {
946	EVP_PKEY_CTX *pctx;
947	pctx = CMS_SignerInfo_get0_pkey_ctx(si);
948	if (!cms_set_pkey_param(pctx, kparam->param))
949	goto end;
950	}
951	if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr))
952	goto end;
953	X509_free(signer);
954	signer = NULL;
955	EVP_PKEY_free(key);
956	key = NULL;
957	}
958	/* If not streaming or resigning finalize structure */
959	if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
960	if (!CMS_final(cms, in, NULL, flags))
961	goto end;
962	}
963	}
964
965	if (cms == NULL) {
966	BIO_printf(bio_err, "Error creating CMS structure\n");
967	goto end;
968	}
969
970	ret = 4;
971	if (operation == SMIME_DECRYPT) {
972	if (flags & CMS_DEBUG_DECRYPT)
973	CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
974
975	if (secret_key != NULL) {
976	if (!CMS_decrypt_set1_key(cms,
977	secret_key, secret_keylen,
978	secret_keyid, secret_keyidlen)) {
979	BIO_puts(bio_err, "Error decrypting CMS using secret key\n");
980	goto end;
981	}
982	}
983
984	if (key != NULL) {
985	if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
986	BIO_puts(bio_err, "Error decrypting CMS using private key\n");
987	goto end;
988	}
989	}
990
991	if (pwri_pass != NULL) {
992	if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
993	BIO_puts(bio_err, "Error decrypting CMS using password\n");
994	goto end;
995	}
996	}
997
998	if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
999	BIO_printf(bio_err, "Error decrypting CMS structure\n");
1000	goto end;
1001	}
1002	} else if (operation == SMIME_DATAOUT) {
1003	if (!CMS_data(cms, out, flags))
1004	goto end;
1005	} else if (operation == SMIME_UNCOMPRESS) {
1006	if (!CMS_uncompress(cms, indata, out, flags))
1007	goto end;
1008	} else if (operation == SMIME_DIGEST_VERIFY) {
1009	if (CMS_digest_verify(cms, indata, out, flags) > 0) {
1010	BIO_printf(bio_err, "Verification successful\n");
1011	} else {
1012	BIO_printf(bio_err, "Verification failure\n");
1013	goto end;
1014	}
1015	} else if (operation == SMIME_ENCRYPTED_DECRYPT) {
1016	if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
1017	indata, out, flags))
1018	goto end;
1019	} else if (operation == SMIME_VERIFY) {
1020	if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
1021	BIO_printf(bio_err, "Verification successful\n");
1022	} else {
1023	BIO_printf(bio_err, "Verification failure\n");
1024	if (verify_retcode)
1025	ret = verify_err + 32;
1026	goto end;
1027	}
1028	if (signerfile != NULL) {
1029	STACK_OF(X509) *signers;
1030	signers = CMS_get0_signers(cms);
1031	if (!save_certs(signerfile, signers)) {
1032	BIO_printf(bio_err,
1033	"Error writing signers to %s\n", signerfile);
1034	ret = 5;
1035	goto end;
1036	}
1037	sk_X509_free(signers);
1038	}
1039	if (rr_print)
1040	receipt_request_print(cms);
1041
1042	} else if (operation == SMIME_VERIFY_RECEIPT) {
1043	if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) {
1044	BIO_printf(bio_err, "Verification successful\n");
1045	} else {
1046	BIO_printf(bio_err, "Verification failure\n");
1047	goto end;
1048	}
1049	} else {
1050	if (noout) {
1051	if (print)
1052	CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
1053	} else if (outformat == FORMAT_SMIME) {
1054	if (to)
1055	BIO_printf(out, "To: %s%s", to, mime_eol);
1056	if (from)
1057	BIO_printf(out, "From: %s%s", from, mime_eol);
1058	if (subject)
1059	BIO_printf(out, "Subject: %s%s", subject, mime_eol);
1060	if (operation == SMIME_RESIGN)
1061	ret = SMIME_write_CMS(out, cms, indata, flags);
1062	else
1063	ret = SMIME_write_CMS(out, cms, in, flags);
1064	} else if (outformat == FORMAT_PEM) {
1065	ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
1066	} else if (outformat == FORMAT_ASN1) {
1067	ret = i2d_CMS_bio_stream(out, cms, in, flags);
1068	} else {
1069	BIO_printf(bio_err, "Bad output format for CMS file\n");
1070	goto end;
1071	}
1072	if (ret <= 0) {
1073	ret = 6;
1074	goto end;
1075	}
1076	}
1077	ret = 0;
1078	end:
1079	if (ret)
1080	ERR_print_errors(bio_err);
1081	sk_X509_pop_free(encerts, X509_free);
1082	sk_X509_pop_free(other, X509_free);
1083	X509_VERIFY_PARAM_free(vpm);
1084	sk_OPENSSL_STRING_free(sksigners);
1085	sk_OPENSSL_STRING_free(skkeys);
1086	OPENSSL_free(secret_key);
1087	OPENSSL_free(secret_keyid);
1088	OPENSSL_free(pwri_tmp);
1089	ASN1_OBJECT_free(econtent_type);
1090	CMS_ReceiptRequest_free(rr);
1091	sk_OPENSSL_STRING_free(rr_to);
1092	sk_OPENSSL_STRING_free(rr_from);
1093	for (key_param = key_first; key_param;) {
1094	cms_key_param *tparam;
1095	sk_OPENSSL_STRING_free(key_param->param);
1096	tparam = key_param->next;
1097	OPENSSL_free(key_param);
1098	key_param = tparam;
1099	}
1100	X509_STORE_free(store);
1101	X509_free(cert);
1102	X509_free(recip);
1103	X509_free(signer);
1104	EVP_PKEY_free(key);
1105	CMS_ContentInfo_free(cms);
1106	CMS_ContentInfo_free(rcms);
1107	release_engine(e);
1108	BIO_free(rctin);
1109	BIO_free(in);
1110	BIO_free(indata);
1111	BIO_free_all(out);
1112	OPENSSL_free(passin);
1113	return ret;
1114	}
1115
1116	static int save_certs(char signerfile, STACK_OF(X509) signers)
1117	{
1118	int i;
1119	BIO *tmp;
1120	if (signerfile == NULL)
1121	return 1;
1122	tmp = BIO_new_file(signerfile, "w");
1123	if (tmp == NULL)
1124	return 0;
1125	for (i = 0; i < sk_X509_num(signers); i++)
1126	PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
1127	BIO_free(tmp);
1128	return 1;
1129	}
1130
1131	/* Minimal callback just to output policy info (if any) */
1132
1133	static int cms_cb(int ok, X509_STORE_CTX *ctx)
1134	{
1135	int error;
1136
1137	error = X509_STORE_CTX_get_error(ctx);
1138
1139	verify_err = error;
1140
1141	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
1142	&& ((error != X509_V_OK) \|\| (ok != 2)))
1143	return ok;
1144
1145	policies_print(ctx);
1146
1147	return ok;
1148
1149	}
1150
1151	static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns)
1152	{
1153	STACK_OF(GENERAL_NAME) *gens;
1154	GENERAL_NAME *gen;
1155	int i, j;
1156
1157	for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
1158	gens = sk_GENERAL_NAMES_value(gns, i);
1159	for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
1160	gen = sk_GENERAL_NAME_value(gens, j);
1161	BIO_puts(bio_err, " ");
1162	GENERAL_NAME_print(bio_err, gen);
1163	BIO_puts(bio_err, "\n");
1164	}
1165	}
1166	return;
1167	}
1168
1169	static void receipt_request_print(CMS_ContentInfo *cms)
1170	{
1171	STACK_OF(CMS_SignerInfo) *sis;
1172	CMS_SignerInfo *si;
1173	CMS_ReceiptRequest *rr;
1174	int allorfirst;
1175	STACK_OF(GENERAL_NAMES) rto, rlist;
1176	ASN1_STRING *scid;
1177	int i, rv;
1178	sis = CMS_get0_SignerInfos(cms);
1179	for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
1180	si = sk_CMS_SignerInfo_value(sis, i);
1181	rv = CMS_get1_ReceiptRequest(si, &rr);
1182	BIO_printf(bio_err, "Signer %d:\n", i + 1);
1183	if (rv == 0) {
1184	BIO_puts(bio_err, " No Receipt Request\n");
1185	} else if (rv < 0) {
1186	BIO_puts(bio_err, " Receipt Request Parse Error\n");
1187	ERR_print_errors(bio_err);
1188	} else {
1189	const char *id;
1190	int idlen;
1191	CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1192	&rlist, &rto);
1193	BIO_puts(bio_err, " Signed Content ID:\n");
1194	idlen = ASN1_STRING_length(scid);
1195	id = (const char *)ASN1_STRING_get0_data(scid);
1196	BIO_dump_indent(bio_err, id, idlen, 4);
1197	BIO_puts(bio_err, " Receipts From");
1198	if (rlist != NULL) {
1199	BIO_puts(bio_err, " List:\n");
1200	gnames_stack_print(rlist);
1201	} else if (allorfirst == 1) {
1202	BIO_puts(bio_err, ": First Tier\n");
1203	} else if (allorfirst == 0) {
1204	BIO_puts(bio_err, ": All\n");
1205	} else {
1206	BIO_printf(bio_err, " Unknown (%d)\n", allorfirst);
1207	}
1208	BIO_puts(bio_err, " Receipts To:\n");
1209	gnames_stack_print(rto);
1210	}
1211	CMS_ReceiptRequest_free(rr);
1212	}
1213	}
1214
1215	static STACK_OF(GENERAL_NAMES) make_names_stack(STACK_OF(OPENSSL_STRING) ns)
1216	{
1217	int i;
1218	STACK_OF(GENERAL_NAMES) *ret;
1219	GENERAL_NAMES *gens = NULL;
1220	GENERAL_NAME *gen = NULL;
1221	ret = sk_GENERAL_NAMES_new_null();
1222	if (ret == NULL)
1223	goto err;
1224	for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
1225	char *str = sk_OPENSSL_STRING_value(ns, i);
1226	gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
1227	if (gen == NULL)
1228	goto err;
1229	gens = GENERAL_NAMES_new();
1230	if (gens == NULL)
1231	goto err;
1232	if (!sk_GENERAL_NAME_push(gens, gen))
1233	goto err;
1234	gen = NULL;
1235	if (!sk_GENERAL_NAMES_push(ret, gens))
1236	goto err;
1237	gens = NULL;
1238	}
1239
1240	return ret;
1241
1242	err:
1243	sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
1244	GENERAL_NAMES_free(gens);
1245	GENERAL_NAME_free(gen);
1246	return NULL;
1247	}
1248
1249	static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
1250	*rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
1251	*rr_from)
1252	{
1253	STACK_OF(GENERAL_NAMES) rct_to = NULL, rct_from = NULL;
1254	CMS_ReceiptRequest *rr;
1255	rct_to = make_names_stack(rr_to);
1256	if (rct_to == NULL)
1257	goto err;
1258	if (rr_from != NULL) {
1259	rct_from = make_names_stack(rr_from);
1260	if (rct_from == NULL)
1261	goto err;
1262	} else {
1263	rct_from = NULL;
1264	}
1265	rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1266	rct_to);
1267	return rr;
1268	err:
1269	sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
1270	return NULL;
1271	}
1272
1273	static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
1274	STACK_OF(OPENSSL_STRING) *param)
1275	{
1276	char *keyopt;
1277	int i;
1278	if (sk_OPENSSL_STRING_num(param) <= 0)
1279	return 1;
1280	for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) {
1281	keyopt = sk_OPENSSL_STRING_value(param, i);
1282	if (pkey_ctrl_string(pctx, keyopt) <= 0) {
1283	BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt);
1284	ERR_print_errors(bio_err);
1285	return 0;
1286	}
1287	}
1288	return 1;
1289	}
1290
1291	#endif

Note: See TracBrowser for help on using the repository browser.

Download in other formats: