Context Navigation

source: rtems-libbsd/freebsd/crypto/openssl/apps/smime.c @ d1dac78

5

Last change on this file since d1dac78 was d1dac78, checked in by Christian Mauderer <christian.mauderer@…>, on 03/26/19 at 10:08:47
bin/openssl: Port to RTEMS.
Property mode set to `100644`
File size: 21.2 KB

Line
1	#include <machine/rtems-bsd-user-space.h>
2	#ifdef __rtems__
3	#include <machine/rtems-bsd-program.h>
4	#include "rtems-bsd-openssl-namespace.h"
5	#endif /* __rtems__ */
6
7	/*
8	* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
9	*
10	* Licensed under the OpenSSL license (the "License"). You may not use
11	* this file except in compliance with the License. You can obtain a copy
12	* in the file LICENSE in the source distribution or at
13	* https://www.openssl.org/source/license.html
14	*/
15
16	/* S/MIME utility function */
17
18	#include <stdio.h>
19	#include <string.h>
20	#include "apps.h"
21	#include "progs.h"
22	#include <openssl/crypto.h>
23	#include <openssl/pem.h>
24	#include <openssl/err.h>
25	#include <openssl/x509_vfy.h>
26	#include <openssl/x509v3.h>
27
28	static int save_certs(char signerfile, STACK_OF(X509) signers);
29	static int smime_cb(int ok, X509_STORE_CTX *ctx);
30
31	#define SMIME_OP 0x10
32	#define SMIME_IP 0x20
33	#define SMIME_SIGNERS 0x40
34	#define SMIME_ENCRYPT (1 \| SMIME_OP)
35	#define SMIME_DECRYPT (2 \| SMIME_IP)
36	#define SMIME_SIGN (3 \| SMIME_OP \| SMIME_SIGNERS)
37	#define SMIME_VERIFY (4 \| SMIME_IP)
38	#define SMIME_PK7OUT (5 \| SMIME_IP \| SMIME_OP)
39	#define SMIME_RESIGN (6 \| SMIME_IP \| SMIME_OP \| SMIME_SIGNERS)
40
41	typedef enum OPTION_choice {
42	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
43	OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
44	OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
45	OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
46	OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
47	OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,
48	OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
49	OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
50	OPT_R_ENUM,
51	OPT_V_ENUM,
52	OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
53	OPT_OUTFORM, OPT_CONTENT
54	} OPTION_CHOICE;
55
56	const OPTIONS smime_options[] = {
57	{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
58	{OPT_HELP_STR, 1, '-',
59	" cert.pem... recipient certs for encryption\n"},
60	{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
61	{"help", OPT_HELP, '-', "Display this summary"},
62	{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
63	{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
64	{"sign", OPT_SIGN, '-', "Sign message"},
65	{"verify", OPT_VERIFY, '-', "Verify signed message"},
66	{"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
67	{"nointern", OPT_NOINTERN, '-',
68	"Don't search certificates in message for signer"},
69	{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
70	{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
71	{"nocerts", OPT_NOCERTS, '-',
72	"Don't include signers certificate when signing"},
73	{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
74	{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
75	{"binary", OPT_BINARY, '-', "Don't translate message to text"},
76	{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
77	{"signer", OPT_SIGNER, 's', "Signer certificate file"},
78	{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
79	{"in", OPT_IN, '<', "Input file"},
80	{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
81	{"inkey", OPT_INKEY, 's',
82	"Input private key (if not signer or recipient)"},
83	{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
84	{"out", OPT_OUT, '>', "Output file"},
85	{"outform", OPT_OUTFORM, 'c',
86	"Output format SMIME (default), PEM or DER"},
87	{"content", OPT_CONTENT, '<',
88	"Supply or override content for detached signature"},
89	{"to", OPT_TO, 's', "To address"},
90	{"from", OPT_FROM, 's', "From address"},
91	{"subject", OPT_SUBJECT, 's', "Subject"},
92	{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
93	{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
94	{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
95	{"no-CAfile", OPT_NOCAFILE, '-',
96	"Do not load the default certificates file"},
97	{"no-CApath", OPT_NOCAPATH, '-',
98	"Do not load certificates from the default certificates directory"},
99	{"resign", OPT_RESIGN, '-', "Resign a signed message"},
100	{"nochain", OPT_NOCHAIN, '-',
101	"set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
102	{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
103	{"stream", OPT_STREAM, '-', "Enable CMS streaming" },
104	{"indef", OPT_INDEF, '-', "Same as -stream" },
105	{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
106	{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
107	OPT_R_OPTIONS,
108	{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
109	{"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
110	{"", OPT_CIPHER, '-', "Any supported cipher"},
111	OPT_V_OPTIONS,
112	#ifndef OPENSSL_NO_ENGINE
113	{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
114	#endif
115	{NULL}
116	};
117
118	int smime_main(int argc, char **argv)
119	{
120	BIO in = NULL, out = NULL, *indata = NULL;
121	EVP_PKEY *key = NULL;
122	PKCS7 *p7 = NULL;
123	STACK_OF(OPENSSL_STRING) sksigners = NULL, skkeys = NULL;
124	STACK_OF(X509) encerts = NULL, other = NULL;
125	X509 cert = NULL, recip = NULL, *signer = NULL;
126	X509_STORE *store = NULL;
127	X509_VERIFY_PARAM *vpm = NULL;
128	const EVP_CIPHER *cipher = NULL;
129	const EVP_MD *sign_md = NULL;
130	const char CAfile = NULL, CApath = NULL, *prog = NULL;
131	char certfile = NULL, keyfile = NULL, *contfile = NULL;
132	char infile = NULL, outfile = NULL, signerfile = NULL, recipfile = NULL;
133	char passinarg = NULL, passin = NULL, to = NULL, from = NULL, *subject = NULL;
134	OPTION_CHOICE o;
135	int noCApath = 0, noCAfile = 0;
136	int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
137	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
138	FORMAT_PEM;
139	int vpmtouched = 0, rv = 0;
140	ENGINE *e = NULL;
141	const char *mime_eol = "\n";
142
143	if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
144	return 1;
145
146	prog = opt_init(argc, argv, smime_options);
147	while ((o = opt_next()) != OPT_EOF) {
148	switch (o) {
149	case OPT_EOF:
150	case OPT_ERR:
151	opthelp:
152	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
153	goto end;
154	case OPT_HELP:
155	opt_help(smime_options);
156	ret = 0;
157	goto end;
158	case OPT_INFORM:
159	if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
160	goto opthelp;
161	break;
162	case OPT_IN:
163	infile = opt_arg();
164	break;
165	case OPT_OUTFORM:
166	if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
167	goto opthelp;
168	break;
169	case OPT_OUT:
170	outfile = opt_arg();
171	break;
172	case OPT_ENCRYPT:
173	operation = SMIME_ENCRYPT;
174	break;
175	case OPT_DECRYPT:
176	operation = SMIME_DECRYPT;
177	break;
178	case OPT_SIGN:
179	operation = SMIME_SIGN;
180	break;
181	case OPT_RESIGN:
182	operation = SMIME_RESIGN;
183	break;
184	case OPT_VERIFY:
185	operation = SMIME_VERIFY;
186	break;
187	case OPT_PK7OUT:
188	operation = SMIME_PK7OUT;
189	break;
190	case OPT_TEXT:
191	flags \|= PKCS7_TEXT;
192	break;
193	case OPT_NOINTERN:
194	flags \|= PKCS7_NOINTERN;
195	break;
196	case OPT_NOVERIFY:
197	flags \|= PKCS7_NOVERIFY;
198	break;
199	case OPT_NOCHAIN:
200	flags \|= PKCS7_NOCHAIN;
201	break;
202	case OPT_NOCERTS:
203	flags \|= PKCS7_NOCERTS;
204	break;
205	case OPT_NOATTR:
206	flags \|= PKCS7_NOATTR;
207	break;
208	case OPT_NODETACH:
209	flags &= ~PKCS7_DETACHED;
210	break;
211	case OPT_NOSMIMECAP:
212	flags \|= PKCS7_NOSMIMECAP;
213	break;
214	case OPT_BINARY:
215	flags \|= PKCS7_BINARY;
216	break;
217	case OPT_NOSIGS:
218	flags \|= PKCS7_NOSIGS;
219	break;
220	case OPT_STREAM:
221	case OPT_INDEF:
222	indef = 1;
223	break;
224	case OPT_NOINDEF:
225	indef = 0;
226	break;
227	case OPT_CRLFEOL:
228	flags \|= PKCS7_CRLFEOL;
229	mime_eol = "\r\n";
230	break;
231	case OPT_R_CASES:
232	if (!opt_rand(o))
233	goto end;
234	break;
235	case OPT_ENGINE:
236	e = setup_engine(opt_arg(), 0);
237	break;
238	case OPT_PASSIN:
239	passinarg = opt_arg();
240	break;
241	case OPT_TO:
242	to = opt_arg();
243	break;
244	case OPT_FROM:
245	from = opt_arg();
246	break;
247	case OPT_SUBJECT:
248	subject = opt_arg();
249	break;
250	case OPT_SIGNER:
251	/* If previous -signer argument add signer to list */
252	if (signerfile != NULL) {
253	if (sksigners == NULL
254	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
255	goto end;
256	sk_OPENSSL_STRING_push(sksigners, signerfile);
257	if (keyfile == NULL)
258	keyfile = signerfile;
259	if (skkeys == NULL
260	&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
261	goto end;
262	sk_OPENSSL_STRING_push(skkeys, keyfile);
263	keyfile = NULL;
264	}
265	signerfile = opt_arg();
266	break;
267	case OPT_RECIP:
268	recipfile = opt_arg();
269	break;
270	case OPT_MD:
271	if (!opt_md(opt_arg(), &sign_md))
272	goto opthelp;
273	break;
274	case OPT_CIPHER:
275	if (!opt_cipher(opt_unknown(), &cipher))
276	goto opthelp;
277	break;
278	case OPT_INKEY:
279	/* If previous -inkey argument add signer to list */
280	if (keyfile != NULL) {
281	if (signerfile == NULL) {
282	BIO_printf(bio_err,
283	"%s: Must have -signer before -inkey\n", prog);
284	goto opthelp;
285	}
286	if (sksigners == NULL
287	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
288	goto end;
289	sk_OPENSSL_STRING_push(sksigners, signerfile);
290	signerfile = NULL;
291	if (skkeys == NULL
292	&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
293	goto end;
294	sk_OPENSSL_STRING_push(skkeys, keyfile);
295	}
296	keyfile = opt_arg();
297	break;
298	case OPT_KEYFORM:
299	if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
300	goto opthelp;
301	break;
302	case OPT_CERTFILE:
303	certfile = opt_arg();
304	break;
305	case OPT_CAFILE:
306	CAfile = opt_arg();
307	break;
308	case OPT_CAPATH:
309	CApath = opt_arg();
310	break;
311	case OPT_NOCAFILE:
312	noCAfile = 1;
313	break;
314	case OPT_NOCAPATH:
315	noCApath = 1;
316	break;
317	case OPT_CONTENT:
318	contfile = opt_arg();
319	break;
320	case OPT_V_CASES:
321	if (!opt_verify(o, vpm))
322	goto opthelp;
323	vpmtouched++;
324	break;
325	}
326	}
327	argc = opt_num_rest();
328	argv = opt_rest();
329
330	if (!(operation & SMIME_SIGNERS) && (skkeys != NULL \|\| sksigners != NULL)) {
331	BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
332	goto opthelp;
333	}
334
335	if (operation & SMIME_SIGNERS) {
336	/* Check to see if any final signer needs to be appended */
337	if (keyfile && !signerfile) {
338	BIO_puts(bio_err, "Illegal -inkey without -signer\n");
339	goto opthelp;
340	}
341	if (signerfile != NULL) {
342	if (sksigners == NULL
343	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
344	goto end;
345	sk_OPENSSL_STRING_push(sksigners, signerfile);
346	if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
347	goto end;
348	if (!keyfile)
349	keyfile = signerfile;
350	sk_OPENSSL_STRING_push(skkeys, keyfile);
351	}
352	if (sksigners == NULL) {
353	BIO_printf(bio_err, "No signer certificate specified\n");
354	goto opthelp;
355	}
356	signerfile = NULL;
357	keyfile = NULL;
358	} else if (operation == SMIME_DECRYPT) {
359	if (recipfile == NULL && keyfile == NULL) {
360	BIO_printf(bio_err,
361	"No recipient certificate or key specified\n");
362	goto opthelp;
363	}
364	} else if (operation == SMIME_ENCRYPT) {
365	if (argc == 0) {
366	BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
367	goto opthelp;
368	}
369	} else if (!operation) {
370	goto opthelp;
371	}
372
373	if (!app_passwd(passinarg, NULL, &passin, NULL)) {
374	BIO_printf(bio_err, "Error getting password\n");
375	goto end;
376	}
377
378	ret = 2;
379
380	if (!(operation & SMIME_SIGNERS))
381	flags &= ~PKCS7_DETACHED;
382
383	if (!(operation & SMIME_OP)) {
384	if (flags & PKCS7_BINARY)
385	outformat = FORMAT_BINARY;
386	}
387
388	if (!(operation & SMIME_IP)) {
389	if (flags & PKCS7_BINARY)
390	informat = FORMAT_BINARY;
391	}
392
393	if (operation == SMIME_ENCRYPT) {
394	if (cipher == NULL) {
395	#ifndef OPENSSL_NO_DES
396	cipher = EVP_des_ede3_cbc();
397	#else
398	BIO_printf(bio_err, "No cipher selected\n");
399	goto end;
400	#endif
401	}
402	encerts = sk_X509_new_null();
403	if (encerts == NULL)
404	goto end;
405	while (*argv != NULL) {
406	cert = load_cert(*argv, FORMAT_PEM,
407	"recipient certificate file");
408	if (cert == NULL)
409	goto end;
410	sk_X509_push(encerts, cert);
411	cert = NULL;
412	argv++;
413	}
414	}
415
416	if (certfile != NULL) {
417	if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
418	"certificate file")) {
419	ERR_print_errors(bio_err);
420	goto end;
421	}
422	}
423
424	if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
425	if ((recip = load_cert(recipfile, FORMAT_PEM,
426	"recipient certificate file")) == NULL) {
427	ERR_print_errors(bio_err);
428	goto end;
429	}
430	}
431
432	if (operation == SMIME_DECRYPT) {
433	if (keyfile == NULL)
434	keyfile = recipfile;
435	} else if (operation == SMIME_SIGN) {
436	if (keyfile == NULL)
437	keyfile = signerfile;
438	} else {
439	keyfile = NULL;
440	}
441
442	if (keyfile != NULL) {
443	key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
444	if (key == NULL)
445	goto end;
446	}
447
448	in = bio_open_default(infile, 'r', informat);
449	if (in == NULL)
450	goto end;
451
452	if (operation & SMIME_IP) {
453	if (informat == FORMAT_SMIME) {
454	p7 = SMIME_read_PKCS7(in, &indata);
455	} else if (informat == FORMAT_PEM) {
456	p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
457	} else if (informat == FORMAT_ASN1) {
458	p7 = d2i_PKCS7_bio(in, NULL);
459	} else {
460	BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
461	goto end;
462	}
463
464	if (p7 == NULL) {
465	BIO_printf(bio_err, "Error reading S/MIME message\n");
466	goto end;
467	}
468	if (contfile != NULL) {
469	BIO_free(indata);
470	if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
471	BIO_printf(bio_err, "Can't read content file %s\n", contfile);
472	goto end;
473	}
474	}
475	}
476
477	out = bio_open_default(outfile, 'w', outformat);
478	if (out == NULL)
479	goto end;
480
481	if (operation == SMIME_VERIFY) {
482	if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
483	goto end;
484	X509_STORE_set_verify_cb(store, smime_cb);
485	if (vpmtouched)
486	X509_STORE_set1_param(store, vpm);
487	}
488
489	ret = 3;
490
491	if (operation == SMIME_ENCRYPT) {
492	if (indef)
493	flags \|= PKCS7_STREAM;
494	p7 = PKCS7_encrypt(encerts, in, cipher, flags);
495	} else if (operation & SMIME_SIGNERS) {
496	int i;
497	/*
498	* If detached data content we only enable streaming if S/MIME output
499	* format.
500	*/
501	if (operation == SMIME_SIGN) {
502	if (flags & PKCS7_DETACHED) {
503	if (outformat == FORMAT_SMIME)
504	flags \|= PKCS7_STREAM;
505	} else if (indef) {
506	flags \|= PKCS7_STREAM;
507	}
508	flags \|= PKCS7_PARTIAL;
509	p7 = PKCS7_sign(NULL, NULL, other, in, flags);
510	if (p7 == NULL)
511	goto end;
512	if (flags & PKCS7_NOCERTS) {
513	for (i = 0; i < sk_X509_num(other); i++) {
514	X509 *x = sk_X509_value(other, i);
515	PKCS7_add_certificate(p7, x);
516	}
517	}
518	} else {
519	flags \|= PKCS7_REUSE_DIGEST;
520	}
521	for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
522	signerfile = sk_OPENSSL_STRING_value(sksigners, i);
523	keyfile = sk_OPENSSL_STRING_value(skkeys, i);
524	signer = load_cert(signerfile, FORMAT_PEM,
525	"signer certificate");
526	if (signer == NULL)
527	goto end;
528	key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
529	if (key == NULL)
530	goto end;
531	if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
532	goto end;
533	X509_free(signer);
534	signer = NULL;
535	EVP_PKEY_free(key);
536	key = NULL;
537	}
538	/* If not streaming or resigning finalize structure */
539	if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
540	if (!PKCS7_final(p7, in, flags))
541	goto end;
542	}
543	}
544
545	if (p7 == NULL) {
546	BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
547	goto end;
548	}
549
550	ret = 4;
551	if (operation == SMIME_DECRYPT) {
552	if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
553	BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
554	goto end;
555	}
556	} else if (operation == SMIME_VERIFY) {
557	STACK_OF(X509) *signers;
558	if (PKCS7_verify(p7, other, store, indata, out, flags))
559	BIO_printf(bio_err, "Verification successful\n");
560	else {
561	BIO_printf(bio_err, "Verification failure\n");
562	goto end;
563	}
564	signers = PKCS7_get0_signers(p7, other, flags);
565	if (!save_certs(signerfile, signers)) {
566	BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
567	ret = 5;
568	goto end;
569	}
570	sk_X509_free(signers);
571	} else if (operation == SMIME_PK7OUT) {
572	PEM_write_bio_PKCS7(out, p7);
573	} else {
574	if (to)
575	BIO_printf(out, "To: %s%s", to, mime_eol);
576	if (from)
577	BIO_printf(out, "From: %s%s", from, mime_eol);
578	if (subject)
579	BIO_printf(out, "Subject: %s%s", subject, mime_eol);
580	if (outformat == FORMAT_SMIME) {
581	if (operation == SMIME_RESIGN)
582	rv = SMIME_write_PKCS7(out, p7, indata, flags);
583	else
584	rv = SMIME_write_PKCS7(out, p7, in, flags);
585	} else if (outformat == FORMAT_PEM) {
586	rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
587	} else if (outformat == FORMAT_ASN1) {
588	rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
589	} else {
590	BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
591	goto end;
592	}
593	if (rv == 0) {
594	BIO_printf(bio_err, "Error writing output\n");
595	ret = 3;
596	goto end;
597	}
598	}
599	ret = 0;
600	end:
601	if (ret)
602	ERR_print_errors(bio_err);
603	sk_X509_pop_free(encerts, X509_free);
604	sk_X509_pop_free(other, X509_free);
605	X509_VERIFY_PARAM_free(vpm);
606	sk_OPENSSL_STRING_free(sksigners);
607	sk_OPENSSL_STRING_free(skkeys);
608	X509_STORE_free(store);
609	X509_free(cert);
610	X509_free(recip);
611	X509_free(signer);
612	EVP_PKEY_free(key);
613	PKCS7_free(p7);
614	release_engine(e);
615	BIO_free(in);
616	BIO_free(indata);
617	BIO_free_all(out);
618	OPENSSL_free(passin);
619	return ret;
620	}
621
622	static int save_certs(char signerfile, STACK_OF(X509) signers)
623	{
624	int i;
625	BIO *tmp;
626
627	if (signerfile == NULL)
628	return 1;
629	tmp = BIO_new_file(signerfile, "w");
630	if (tmp == NULL)
631	return 0;
632	for (i = 0; i < sk_X509_num(signers); i++)
633	PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
634	BIO_free(tmp);
635	return 1;
636	}
637
638	/* Minimal callback just to output policy info (if any) */
639
640	static int smime_cb(int ok, X509_STORE_CTX *ctx)
641	{
642	int error;
643
644	error = X509_STORE_CTX_get_error(ctx);
645
646	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
647	&& ((error != X509_V_OK) \|\| (ok != 2)))
648	return ok;
649
650	policies_print(ctx);
651
652	return ok;
653	}
654	#ifdef __rtems__
655	#include "rtems-bsd-openssl-smime-data.h"
656	#endif /* __rtems__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: