summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-04-16 16:55:21 +0000
committerjsing <>2014-04-16 16:55:21 +0000
commitb8d179e6738c9383629b87f386a8d7c447bb254d (patch)
tree906990caf0ef0a9c396c84b07e10b97dd81e3564
parentfedec00ec4e543ede675d14badc50954dc85b8ce (diff)
downloadopenbsd-b8d179e6738c9383629b87f386a8d7c447bb254d.tar.gz
openbsd-b8d179e6738c9383629b87f386a8d7c447bb254d.tar.bz2
openbsd-b8d179e6738c9383629b87f386a8d7c447bb254d.zip
Initial KNF.
Diffstat
-rw-r--r--src/lib/libssl/src/apps/ciphers.c175
-rw-r--r--src/lib/libssl/src/apps/cms.c896
-rw-r--r--src/lib/libssl/src/apps/crl.c464
-rw-r--r--src/lib/libssl/src/apps/crl2p7.c325
4 files changed, 825 insertions, 1035 deletions
diff --git a/src/lib/libssl/src/apps/ciphers.c b/src/lib/libssl/src/apps/ciphers.c
index b5ab166bc5..fb798a440c 100644
--- a/src/lib/libssl/src/apps/ciphers.c
+++ b/src/lib/libssl/src/apps/ciphers.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -69,143 +69,140 @@
69#undef PROG 69#undef PROG
70#define PROG ciphers_main 70#define PROG ciphers_main
71 71
72static const char *ciphers_usage[]={ 72static const char *ciphers_usage[] = {
73"usage: ciphers args\n", 73 "usage: ciphers args\n",
74" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", 74 " -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
75" -V - even more verbose\n", 75 " -V - even more verbose\n",
76" -ssl2 - SSL2 mode\n", 76 " -ssl2 - SSL2 mode\n",
77" -ssl3 - SSL3 mode\n", 77 " -ssl3 - SSL3 mode\n",
78" -tls1 - TLS1 mode\n", 78 " -tls1 - TLS1 mode\n",
79NULL 79 NULL
80}; 80};
81 81
82int MAIN(int, char **); 82int MAIN(int, char **);
83 83
84int MAIN(int argc, char **argv) 84int
85 { 85MAIN(int argc, char **argv)
86 int ret=1,i; 86{
87 int verbose=0,Verbose=0; 87 int ret = 1, i;
88 int verbose = 0, Verbose = 0;
88 const char **pp; 89 const char **pp;
89 const char *p; 90 const char *p;
90 int badops=0; 91 int badops = 0;
91 SSL_CTX *ctx=NULL; 92 SSL_CTX *ctx = NULL;
92 SSL *ssl=NULL; 93 SSL *ssl = NULL;
93 char *ciphers=NULL; 94 char *ciphers = NULL;
94 const SSL_METHOD *meth=NULL; 95 const SSL_METHOD *meth = NULL;
95 STACK_OF(SSL_CIPHER) *sk; 96 STACK_OF(SSL_CIPHER) *sk;
96 char buf[512]; 97 char buf[512];
97 BIO *STDout=NULL; 98 BIO *STDout = NULL;
98 99
99 meth=SSLv3_server_method(); 100 meth = SSLv3_server_method();
100 101
101 apps_startup(); 102 apps_startup();
102 103
103 if (bio_err == NULL) 104 if (bio_err == NULL)
104 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 105 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
105 STDout=BIO_new_fp(stdout,BIO_NOCLOSE); 106 STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
106 if (!load_config(bio_err, NULL)) 107 if (!load_config(bio_err, NULL))
107 goto end; 108 goto end;
108 109
109 argc--; 110 argc--;
110 argv++; 111 argv++;
111 while (argc >= 1) 112 while (argc >= 1) {
112 { 113 if (strcmp(*argv, "-v") == 0)
113 if (strcmp(*argv,"-v") == 0) 114 verbose = 1;
114 verbose=1; 115 else if (strcmp(*argv, "-V") == 0)
115 else if (strcmp(*argv,"-V") == 0) 116 verbose = Verbose = 1;
116 verbose=Verbose=1; 117 else if (strcmp(*argv, "-ssl3") == 0)
117 else if (strcmp(*argv,"-ssl3") == 0) 118 meth = SSLv3_client_method();
118 meth=SSLv3_client_method(); 119 else if (strcmp(*argv, "-tls1") == 0)
119 else if (strcmp(*argv,"-tls1") == 0) 120 meth = TLSv1_client_method();
120 meth=TLSv1_client_method(); 121 else if ((strncmp(*argv, "-h", 2) == 0) ||
121 else if ((strncmp(*argv,"-h",2) == 0) || 122 (strcmp(*argv, "-?") == 0)) {
122 (strcmp(*argv,"-?") == 0)) 123 badops = 1;
123 {
124 badops=1;
125 break; 124 break;
126 } 125 } else {
127 else
128 {
129 ciphers= *argv; 126 ciphers= *argv;
130 } 127 }
131 argc--; 128 argc--;
132 argv++; 129 argv++;
133 } 130 }
134 131
135 if (badops) 132 if (badops) {
136 { 133 for (pp = ciphers_usage; (*pp != NULL); pp++)
137 for (pp=ciphers_usage; (*pp != NULL); pp++) 134 BIO_printf(bio_err, "%s", *pp);
138 BIO_printf(bio_err,"%s",*pp);
139 goto end; 135 goto end;
140 } 136 }
141 137
142 OpenSSL_add_ssl_algorithms(); 138 OpenSSL_add_ssl_algorithms();
143 139
144 ctx=SSL_CTX_new(meth); 140 ctx = SSL_CTX_new(meth);
145 if (ctx == NULL) goto err; 141 if (ctx == NULL)
142 goto err;
146 if (ciphers != NULL) { 143 if (ciphers != NULL) {
147 if(!SSL_CTX_set_cipher_list(ctx,ciphers)) { 144 if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
148 BIO_printf(bio_err, "Error in cipher list\n"); 145 BIO_printf(bio_err, "Error in cipher list\n");
149 goto err; 146 goto err;
150 } 147 }
151 } 148 }
152 ssl=SSL_new(ctx); 149 ssl = SSL_new(ctx);
153 if (ssl == NULL) goto err; 150 if (ssl == NULL)
154 151 goto err;
155 152
156 if (!verbose) 153
157 { 154 if (!verbose) {
158 for (i=0; ; i++) 155 for (i = 0; ; i++) {
159 { 156 p = SSL_get_cipher_list(ssl, i);
160 p=SSL_get_cipher_list(ssl,i); 157 if (p == NULL)
161 if (p == NULL) break; 158 break;
162 if (i != 0) BIO_printf(STDout,":"); 159 if (i != 0)
163 BIO_printf(STDout,"%s",p); 160 BIO_printf(STDout, ":");
164 } 161 BIO_printf(STDout, "%s", p);
165 BIO_printf(STDout,"\n");
166 } 162 }
163 BIO_printf(STDout, "\n");
164 }
167 else /* verbose */ 165 else /* verbose */
168 { 166 {
169 sk=SSL_get_ciphers(ssl); 167 sk = SSL_get_ciphers(ssl);
170 168
171 for (i=0; i<sk_SSL_CIPHER_num(sk); i++) 169 for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
172 {
173 SSL_CIPHER *c; 170 SSL_CIPHER *c;
174 171
175 c = sk_SSL_CIPHER_value(sk,i); 172 c = sk_SSL_CIPHER_value(sk, i);
176 173
177 if (Verbose) 174 if (Verbose) {
178 {
179 unsigned long id = SSL_CIPHER_get_id(c); 175 unsigned long id = SSL_CIPHER_get_id(c);
180 int id0 = (int)(id >> 24); 176 int id0 = (int)(id >> 24);
181 int id1 = (int)((id >> 16) & 0xffL); 177 int id1 = (int)((id >> 16) & 0xffL);
182 int id2 = (int)((id >> 8) & 0xffL); 178 int id2 = (int)((id >> 8) & 0xffL);
183 int id3 = (int)(id & 0xffL); 179 int id3 = (int)(id & 0xffL);
184 180
185 if ((id & 0xff000000L) == 0x02000000L) 181 if ((id & 0xff000000L) == 0x02000000L)
186 BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ 182 BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
187 else if ((id & 0xff000000L) == 0x03000000L) 183 else if ((id & 0xff000000L) == 0x03000000L)
188 BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ 184 BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
189 else 185 else
190 BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ 186 BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
191 }
192
193 BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
194 } 187 }
188
189 BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf));
195 } 190 }
191 }
196 192
197 ret=0; 193 ret = 0;
198 if (0) 194 if (0) {
199 {
200err: 195err:
201 SSL_load_error_strings(); 196 SSL_load_error_strings();
202 ERR_print_errors(bio_err); 197 ERR_print_errors(bio_err);
203 } 198 }
204end: 199end:
205 if (ctx != NULL) SSL_CTX_free(ctx); 200 if (ctx != NULL)
206 if (ssl != NULL) SSL_free(ssl); 201 SSL_CTX_free(ctx);
207 if (STDout != NULL) BIO_free_all(STDout); 202 if (ssl != NULL)
203 SSL_free(ssl);
204 if (STDout != NULL)
205 BIO_free_all(STDout);
208 apps_shutdown(); 206 apps_shutdown();
209 OPENSSL_EXIT(ret); 207 OPENSSL_EXIT(ret);
210 } 208}
211
diff --git a/src/lib/libssl/src/apps/cms.c b/src/lib/libssl/src/apps/cms.c
index 801d523caf..553b6de76e 100644
--- a/src/lib/libssl/src/apps/cms.c
+++ b/src/lib/libssl/src/apps/cms.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -71,9 +71,10 @@
71static int save_certs(char *signerfile, STACK_OF(X509) *signers); 71static int save_certs(char *signerfile, STACK_OF(X509) *signers);
72static int cms_cb(int ok, X509_STORE_CTX *ctx); 72static int cms_cb(int ok, X509_STORE_CTX *ctx);
73static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); 73static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
74static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, 74static CMS_ReceiptRequest *
75 int rr_allorfirst, 75make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
76 STACK_OF(OPENSSL_STRING) *rr_from); 76 int rr_allorfirst,
77 STACK_OF(OPENSSL_STRING) *rr_from);
77 78
78#define SMIME_OP 0x10 79#define SMIME_OP 0x10
79#define SMIME_IP 0x20 80#define SMIME_IP 0x20
@@ -99,8 +100,9 @@ int verify_err = 0;
99 100
100int MAIN(int, char **); 101int MAIN(int, char **);
101 102
102int MAIN(int argc, char **argv) 103int
103 { 104MAIN(int argc, char **argv)
105{
104 ENGINE *e = NULL; 106 ENGINE *e = NULL;
105 int operation = 0; 107 int operation = 0;
106 int ret = 0; 108 int ret = 0;
@@ -109,7 +111,7 @@ int MAIN(int argc, char **argv)
109 char *infile = NULL, *outfile = NULL, *rctfile = NULL; 111 char *infile = NULL, *outfile = NULL, *rctfile = NULL;
110 char *signerfile = NULL, *recipfile = NULL; 112 char *signerfile = NULL, *recipfile = NULL;
111 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; 113 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
112 char *certfile = NULL, *keyfile = NULL, *contfile=NULL; 114 char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
113 char *certsoutfile = NULL; 115 char *certsoutfile = NULL;
114 const EVP_CIPHER *cipher = NULL; 116 const EVP_CIPHER *cipher = NULL;
115 CMS_ContentInfo *cms = NULL, *rcms = NULL; 117 CMS_ContentInfo *cms = NULL, *rcms = NULL;
@@ -131,9 +133,9 @@ int MAIN(int argc, char **argv)
131 int need_rand = 0; 133 int need_rand = 0;
132 const EVP_MD *sign_md = NULL; 134 const EVP_MD *sign_md = NULL;
133 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 135 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
134 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; 136 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
135#ifndef OPENSSL_NO_ENGINE 137#ifndef OPENSSL_NO_ENGINE
136 char *engine=NULL; 138 char *engine = NULL;
137#endif 139#endif
138 unsigned char *secret_key = NULL, *secret_keyid = NULL; 140 unsigned char *secret_key = NULL, *secret_keyid = NULL;
139 unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; 141 unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
@@ -148,17 +150,15 @@ int MAIN(int argc, char **argv)
148 150
149 apps_startup(); 151 apps_startup();
150 152
151 if (bio_err == NULL) 153 if (bio_err == NULL) {
152 {
153 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 154 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
154 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 155 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
155 } 156 }
156 157
157 if (!load_config(bio_err, NULL)) 158 if (!load_config(bio_err, NULL))
158 goto end; 159 goto end;
159 160
160 while (!badarg && *args && *args[0] == '-') 161 while (!badarg && *args && *args[0] == '-') {
161 {
162 if (!strcmp (*args, "-encrypt")) 162 if (!strcmp (*args, "-encrypt"))
163 operation = SMIME_ENCRYPT; 163 operation = SMIME_ENCRYPT;
164 else if (!strcmp (*args, "-decrypt")) 164 else if (!strcmp (*args, "-decrypt"))
@@ -173,15 +173,13 @@ int MAIN(int argc, char **argv)
173 operation = SMIME_VERIFY; 173 operation = SMIME_VERIFY;
174 else if (!strcmp (*args, "-verify_retcode")) 174 else if (!strcmp (*args, "-verify_retcode"))
175 verify_retcode = 1; 175 verify_retcode = 1;
176 else if (!strcmp(*args,"-verify_receipt")) 176 else if (!strcmp(*args, "-verify_receipt")) {
177 {
178 operation = SMIME_VERIFY_RECEIPT; 177 operation = SMIME_VERIFY_RECEIPT;
179 if (!args[1]) 178 if (!args[1])
180 goto argerr; 179 goto argerr;
181 args++; 180 args++;
182 rctfile = *args; 181 rctfile = *args;
183 } 182 } else if (!strcmp (*args, "-cmsout"))
184 else if (!strcmp (*args, "-cmsout"))
185 operation = SMIME_CMSOUT; 183 operation = SMIME_CMSOUT;
186 else if (!strcmp (*args, "-data_out")) 184 else if (!strcmp (*args, "-data_out"))
187 operation = SMIME_DATAOUT; 185 operation = SMIME_DATAOUT;
@@ -200,202 +198,182 @@ int MAIN(int argc, char **argv)
200 else if (!strcmp (*args, "-EncryptedData_encrypt")) 198 else if (!strcmp (*args, "-EncryptedData_encrypt"))
201 operation = SMIME_ENCRYPTED_ENCRYPT; 199 operation = SMIME_ENCRYPTED_ENCRYPT;
202#ifndef OPENSSL_NO_DES 200#ifndef OPENSSL_NO_DES
203 else if (!strcmp (*args, "-des3")) 201 else if (!strcmp (*args, "-des3"))
204 cipher = EVP_des_ede3_cbc(); 202 cipher = EVP_des_ede3_cbc();
205 else if (!strcmp (*args, "-des")) 203 else if (!strcmp (*args, "-des"))
206 cipher = EVP_des_cbc(); 204 cipher = EVP_des_cbc();
207#endif 205#endif
208#ifndef OPENSSL_NO_SEED 206#ifndef OPENSSL_NO_SEED
209 else if (!strcmp (*args, "-seed")) 207 else if (!strcmp (*args, "-seed"))
210 cipher = EVP_seed_cbc(); 208 cipher = EVP_seed_cbc();
211#endif 209#endif
212#ifndef OPENSSL_NO_RC2 210#ifndef OPENSSL_NO_RC2
213 else if (!strcmp (*args, "-rc2-40")) 211 else if (!strcmp (*args, "-rc2-40"))
214 cipher = EVP_rc2_40_cbc(); 212 cipher = EVP_rc2_40_cbc();
215 else if (!strcmp (*args, "-rc2-128")) 213 else if (!strcmp (*args, "-rc2-128"))
216 cipher = EVP_rc2_cbc(); 214 cipher = EVP_rc2_cbc();
217 else if (!strcmp (*args, "-rc2-64")) 215 else if (!strcmp (*args, "-rc2-64"))
218 cipher = EVP_rc2_64_cbc(); 216 cipher = EVP_rc2_64_cbc();
219#endif 217#endif
220#ifndef OPENSSL_NO_AES 218#ifndef OPENSSL_NO_AES
221 else if (!strcmp(*args,"-aes128")) 219 else if (!strcmp(*args, "-aes128"))
222 cipher = EVP_aes_128_cbc(); 220 cipher = EVP_aes_128_cbc();
223 else if (!strcmp(*args,"-aes192")) 221 else if (!strcmp(*args, "-aes192"))
224 cipher = EVP_aes_192_cbc(); 222 cipher = EVP_aes_192_cbc();
225 else if (!strcmp(*args,"-aes256")) 223 else if (!strcmp(*args, "-aes256"))
226 cipher = EVP_aes_256_cbc(); 224 cipher = EVP_aes_256_cbc();
227#endif 225#endif
228#ifndef OPENSSL_NO_CAMELLIA 226#ifndef OPENSSL_NO_CAMELLIA
229 else if (!strcmp(*args,"-camellia128")) 227 else if (!strcmp(*args, "-camellia128"))
230 cipher = EVP_camellia_128_cbc(); 228 cipher = EVP_camellia_128_cbc();
231 else if (!strcmp(*args,"-camellia192")) 229 else if (!strcmp(*args, "-camellia192"))
232 cipher = EVP_camellia_192_cbc(); 230 cipher = EVP_camellia_192_cbc();
233 else if (!strcmp(*args,"-camellia256")) 231 else if (!strcmp(*args, "-camellia256"))
234 cipher = EVP_camellia_256_cbc(); 232 cipher = EVP_camellia_256_cbc();
235#endif 233#endif
236 else if (!strcmp (*args, "-debug_decrypt")) 234 else if (!strcmp (*args, "-debug_decrypt"))
237 flags |= CMS_DEBUG_DECRYPT; 235 flags |= CMS_DEBUG_DECRYPT;
238 else if (!strcmp (*args, "-text")) 236 else if (!strcmp (*args, "-text"))
239 flags |= CMS_TEXT; 237 flags |= CMS_TEXT;
240 else if (!strcmp (*args, "-nointern")) 238 else if (!strcmp (*args, "-nointern"))
241 flags |= CMS_NOINTERN; 239 flags |= CMS_NOINTERN;
242 else if (!strcmp (*args, "-noverify") 240 else if (!strcmp (*args, "-noverify") ||
243 || !strcmp (*args, "-no_signer_cert_verify")) 241 !strcmp (*args, "-no_signer_cert_verify"))
244 flags |= CMS_NO_SIGNER_CERT_VERIFY; 242 flags |= CMS_NO_SIGNER_CERT_VERIFY;
245 else if (!strcmp (*args, "-nocerts")) 243 else if (!strcmp (*args, "-nocerts"))
246 flags |= CMS_NOCERTS; 244 flags |= CMS_NOCERTS;
247 else if (!strcmp (*args, "-noattr")) 245 else if (!strcmp (*args, "-noattr"))
248 flags |= CMS_NOATTR; 246 flags |= CMS_NOATTR;
249 else if (!strcmp (*args, "-nodetach")) 247 else if (!strcmp (*args, "-nodetach"))
250 flags &= ~CMS_DETACHED; 248 flags &= ~CMS_DETACHED;
251 else if (!strcmp (*args, "-nosmimecap")) 249 else if (!strcmp (*args, "-nosmimecap"))
252 flags |= CMS_NOSMIMECAP; 250 flags |= CMS_NOSMIMECAP;
253 else if (!strcmp (*args, "-binary")) 251 else if (!strcmp (*args, "-binary"))
254 flags |= CMS_BINARY; 252 flags |= CMS_BINARY;
255 else if (!strcmp (*args, "-keyid")) 253 else if (!strcmp (*args, "-keyid"))
256 flags |= CMS_USE_KEYID; 254 flags |= CMS_USE_KEYID;
257 else if (!strcmp (*args, "-nosigs")) 255 else if (!strcmp (*args, "-nosigs"))
258 flags |= CMS_NOSIGS; 256 flags |= CMS_NOSIGS;
259 else if (!strcmp (*args, "-no_content_verify")) 257 else if (!strcmp (*args, "-no_content_verify"))
260 flags |= CMS_NO_CONTENT_VERIFY; 258 flags |= CMS_NO_CONTENT_VERIFY;
261 else if (!strcmp (*args, "-no_attr_verify")) 259 else if (!strcmp (*args, "-no_attr_verify"))
262 flags |= CMS_NO_ATTR_VERIFY; 260 flags |= CMS_NO_ATTR_VERIFY;
263 else if (!strcmp (*args, "-stream")) 261 else if (!strcmp (*args, "-stream"))
264 flags |= CMS_STREAM; 262 flags |= CMS_STREAM;
265 else if (!strcmp (*args, "-indef")) 263 else if (!strcmp (*args, "-indef"))
266 flags |= CMS_STREAM; 264 flags |= CMS_STREAM;
267 else if (!strcmp (*args, "-noindef")) 265 else if (!strcmp (*args, "-noindef"))
268 flags &= ~CMS_STREAM; 266 flags &= ~CMS_STREAM;
269 else if (!strcmp (*args, "-nooldmime")) 267 else if (!strcmp (*args, "-nooldmime"))
270 flags |= CMS_NOOLDMIMETYPE; 268 flags |= CMS_NOOLDMIMETYPE;
271 else if (!strcmp (*args, "-crlfeol")) 269 else if (!strcmp (*args, "-crlfeol"))
272 flags |= CMS_CRLFEOL; 270 flags |= CMS_CRLFEOL;
273 else if (!strcmp (*args, "-noout")) 271 else if (!strcmp (*args, "-noout"))
274 noout = 1; 272 noout = 1;
275 else if (!strcmp (*args, "-receipt_request_print")) 273 else if (!strcmp (*args, "-receipt_request_print"))
276 rr_print = 1; 274 rr_print = 1;
277 else if (!strcmp (*args, "-receipt_request_all")) 275 else if (!strcmp (*args, "-receipt_request_all"))
278 rr_allorfirst = 0; 276 rr_allorfirst = 0;
279 else if (!strcmp (*args, "-receipt_request_first")) 277 else if (!strcmp (*args, "-receipt_request_first"))
280 rr_allorfirst = 1; 278 rr_allorfirst = 1;
281 else if (!strcmp(*args,"-receipt_request_from")) 279 else if (!strcmp(*args, "-receipt_request_from")) {
282 {
283 if (!args[1]) 280 if (!args[1])
284 goto argerr; 281 goto argerr;
285 args++; 282 args++;
286 if (!rr_from) 283 if (!rr_from)
287 rr_from = sk_OPENSSL_STRING_new_null(); 284 rr_from = sk_OPENSSL_STRING_new_null();
288 sk_OPENSSL_STRING_push(rr_from, *args); 285 sk_OPENSSL_STRING_push(rr_from, *args);
289 } 286 }
290 else if (!strcmp(*args,"-receipt_request_to")) 287 else if (!strcmp(*args, "-receipt_request_to")) {
291 {
292 if (!args[1]) 288 if (!args[1])
293 goto argerr; 289 goto argerr;
294 args++; 290 args++;
295 if (!rr_to) 291 if (!rr_to)
296 rr_to = sk_OPENSSL_STRING_new_null(); 292 rr_to = sk_OPENSSL_STRING_new_null();
297 sk_OPENSSL_STRING_push(rr_to, *args); 293 sk_OPENSSL_STRING_push(rr_to, *args);
298 } 294 }
299 else if (!strcmp (*args, "-print")) 295 else if (!strcmp (*args, "-print")) {
300 { 296 noout = 1;
301 noout = 1; 297 print = 1;
302 print = 1; 298 }
303 } 299 else if (!strcmp(*args, "-secretkey")) {
304 else if (!strcmp(*args,"-secretkey"))
305 {
306 long ltmp; 300 long ltmp;
307 if (!args[1]) 301 if (!args[1])
308 goto argerr; 302 goto argerr;
309 args++; 303 args++;
310 secret_key = string_to_hex(*args, &ltmp); 304 secret_key = string_to_hex(*args, &ltmp);
311 if (!secret_key) 305 if (!secret_key) {
312 {
313 BIO_printf(bio_err, "Invalid key %s\n", *args); 306 BIO_printf(bio_err, "Invalid key %s\n", *args);
314 goto argerr; 307 goto argerr;
315 }
316 secret_keylen = (size_t)ltmp;
317 } 308 }
318 else if (!strcmp(*args,"-secretkeyid")) 309 secret_keylen = (size_t)ltmp;
319 { 310 }
311 else if (!strcmp(*args, "-secretkeyid")) {
320 long ltmp; 312 long ltmp;
321 if (!args[1]) 313 if (!args[1])
322 goto argerr; 314 goto argerr;
323 args++; 315 args++;
324 secret_keyid = string_to_hex(*args, &ltmp); 316 secret_keyid = string_to_hex(*args, &ltmp);
325 if (!secret_keyid) 317 if (!secret_keyid) {
326 {
327 BIO_printf(bio_err, "Invalid id %s\n", *args); 318 BIO_printf(bio_err, "Invalid id %s\n", *args);
328 goto argerr; 319 goto argerr;
329 }
330 secret_keyidlen = (size_t)ltmp;
331 } 320 }
332 else if (!strcmp(*args,"-pwri_password")) 321 secret_keyidlen = (size_t)ltmp;
333 { 322 }
323 else if (!strcmp(*args, "-pwri_password")) {
334 if (!args[1]) 324 if (!args[1])
335 goto argerr; 325 goto argerr;
336 args++; 326 args++;
337 pwri_pass = (unsigned char *)*args; 327 pwri_pass = (unsigned char *)*args;
338 } 328 } else if (!strcmp(*args, "-econtent_type")) {
339 else if (!strcmp(*args,"-econtent_type"))
340 {
341 if (!args[1]) 329 if (!args[1])
342 goto argerr; 330 goto argerr;
343 args++; 331 args++;
344 econtent_type = OBJ_txt2obj(*args, 0); 332 econtent_type = OBJ_txt2obj(*args, 0);
345 if (!econtent_type) 333 if (!econtent_type) {
346 {
347 BIO_printf(bio_err, "Invalid OID %s\n", *args); 334 BIO_printf(bio_err, "Invalid OID %s\n", *args);
348 goto argerr; 335 goto argerr;
349 }
350 } 336 }
351 else if (!strcmp(*args,"-rand")) 337 } else if (!strcmp(*args, "-rand")) {
352 {
353 if (!args[1]) 338 if (!args[1])
354 goto argerr; 339 goto argerr;
355 args++; 340 args++;
356 inrand = *args; 341 inrand = *args;
357 need_rand = 1; 342 need_rand = 1;
358 } 343 }
359#ifndef OPENSSL_NO_ENGINE 344#ifndef OPENSSL_NO_ENGINE
360 else if (!strcmp(*args,"-engine")) 345 else if (!strcmp(*args, "-engine")) {
361 {
362 if (!args[1]) 346 if (!args[1])
363 goto argerr; 347 goto argerr;
364 engine = *++args; 348 engine = *++args;
365 } 349 }
366#endif 350#endif
367 else if (!strcmp(*args,"-passin")) 351 else if (!strcmp(*args, "-passin")) {
368 {
369 if (!args[1]) 352 if (!args[1])
370 goto argerr; 353 goto argerr;
371 passargin = *++args; 354 passargin = *++args;
372 } 355 }
373 else if (!strcmp (*args, "-to")) 356 else if (!strcmp (*args, "-to")) {
374 {
375 if (!args[1]) 357 if (!args[1])
376 goto argerr; 358 goto argerr;
377 to = *++args; 359 to = *++args;
378 } 360 }
379 else if (!strcmp (*args, "-from")) 361 else if (!strcmp (*args, "-from")) {
380 {
381 if (!args[1]) 362 if (!args[1])
382 goto argerr; 363 goto argerr;
383 from = *++args; 364 from = *++args;
384 } 365 }
385 else if (!strcmp (*args, "-subject")) 366 else if (!strcmp (*args, "-subject")) {
386 {
387 if (!args[1]) 367 if (!args[1])
388 goto argerr; 368 goto argerr;
389 subject = *++args; 369 subject = *++args;
390 } 370 }
391 else if (!strcmp (*args, "-signer")) 371 else if (!strcmp (*args, "-signer")) {
392 {
393 if (!args[1]) 372 if (!args[1])
394 goto argerr; 373 goto argerr;
395 /* If previous -signer argument add signer to list */ 374 /* If previous -signer argument add signer to list */
396 375
397 if (signerfile) 376 if (signerfile) {
398 {
399 if (!sksigners) 377 if (!sksigners)
400 sksigners = sk_OPENSSL_STRING_new_null(); 378 sksigners = sk_OPENSSL_STRING_new_null();
401 sk_OPENSSL_STRING_push(sksigners, signerfile); 379 sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -405,45 +383,34 @@ int MAIN(int argc, char **argv)
405 skkeys = sk_OPENSSL_STRING_new_null(); 383 skkeys = sk_OPENSSL_STRING_new_null();
406 sk_OPENSSL_STRING_push(skkeys, keyfile); 384 sk_OPENSSL_STRING_push(skkeys, keyfile);
407 keyfile = NULL; 385 keyfile = NULL;
408 }
409 signerfile = *++args;
410 } 386 }
411 else if (!strcmp (*args, "-recip")) 387 signerfile = *++args;
412 { 388 } else if (!strcmp (*args, "-recip")) {
413 if (!args[1]) 389 if (!args[1])
414 goto argerr; 390 goto argerr;
415 recipfile = *++args; 391 recipfile = *++args;
416 } 392 } else if (!strcmp (*args, "-certsout")) {
417 else if (!strcmp (*args, "-certsout"))
418 {
419 if (!args[1]) 393 if (!args[1])
420 goto argerr; 394 goto argerr;
421 certsoutfile = *++args; 395 certsoutfile = *++args;
422 } 396 } else if (!strcmp (*args, "-md")) {
423 else if (!strcmp (*args, "-md"))
424 {
425 if (!args[1]) 397 if (!args[1])
426 goto argerr; 398 goto argerr;
427 sign_md = EVP_get_digestbyname(*++args); 399 sign_md = EVP_get_digestbyname(*++args);
428 if (sign_md == NULL) 400 if (sign_md == NULL) {
429 {
430 BIO_printf(bio_err, "Unknown digest %s\n", 401 BIO_printf(bio_err, "Unknown digest %s\n",
431 *args); 402 *args);
432 goto argerr; 403 goto argerr;
433 }
434 } 404 }
435 else if (!strcmp (*args, "-inkey")) 405 } else if (!strcmp (*args, "-inkey")) {
436 { 406 if (!args[1])
437 if (!args[1])
438 goto argerr; 407 goto argerr;
439 /* If previous -inkey arument add signer to list */ 408 /* If previous -inkey arument add signer to list */
440 if (keyfile) 409 if (keyfile) {
441 { 410 if (!signerfile) {
442 if (!signerfile)
443 {
444 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 411 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
445 goto argerr; 412 goto argerr;
446 } 413 }
447 if (!sksigners) 414 if (!sksigners)
448 sksigners = sk_OPENSSL_STRING_new_null(); 415 sksigners = sk_OPENSSL_STRING_new_null();
449 sk_OPENSSL_STRING_push(sksigners, signerfile); 416 sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -451,103 +418,76 @@ int MAIN(int argc, char **argv)
451 if (!skkeys) 418 if (!skkeys)
452 skkeys = sk_OPENSSL_STRING_new_null(); 419 skkeys = sk_OPENSSL_STRING_new_null();
453 sk_OPENSSL_STRING_push(skkeys, keyfile); 420 sk_OPENSSL_STRING_push(skkeys, keyfile);
454 }
455 keyfile = *++args;
456 } 421 }
457 else if (!strcmp (*args, "-keyform")) 422 keyfile = *++args;
458 { 423 } else if (!strcmp (*args, "-keyform")) {
459 if (!args[1]) 424 if (!args[1])
460 goto argerr; 425 goto argerr;
461 keyform = str2fmt(*++args); 426 keyform = str2fmt(*++args);
462 } 427 } else if (!strcmp (*args, "-rctform")) {
463 else if (!strcmp (*args, "-rctform"))
464 {
465 if (!args[1]) 428 if (!args[1])
466 goto argerr; 429 goto argerr;
467 rctformat = str2fmt(*++args); 430 rctformat = str2fmt(*++args);
468 } 431 } else if (!strcmp (*args, "-certfile")) {
469 else if (!strcmp (*args, "-certfile"))
470 {
471 if (!args[1]) 432 if (!args[1])
472 goto argerr; 433 goto argerr;
473 certfile = *++args; 434 certfile = *++args;
474 } 435 } else if (!strcmp (*args, "-CAfile")) {
475 else if (!strcmp (*args, "-CAfile"))
476 {
477 if (!args[1]) 436 if (!args[1])
478 goto argerr; 437 goto argerr;
479 CAfile = *++args; 438 CAfile = *++args;
480 } 439 } else if (!strcmp (*args, "-CApath")) {
481 else if (!strcmp (*args, "-CApath"))
482 {
483 if (!args[1]) 440 if (!args[1])
484 goto argerr; 441 goto argerr;
485 CApath = *++args; 442 CApath = *++args;
486 } 443 } else if (!strcmp (*args, "-in")) {
487 else if (!strcmp (*args, "-in"))
488 {
489 if (!args[1]) 444 if (!args[1])
490 goto argerr; 445 goto argerr;
491 infile = *++args; 446 infile = *++args;
492 } 447 } else if (!strcmp (*args, "-inform")) {
493 else if (!strcmp (*args, "-inform"))
494 {
495 if (!args[1]) 448 if (!args[1])
496 goto argerr; 449 goto argerr;
497 informat = str2fmt(*++args); 450 informat = str2fmt(*++args);
498 } 451 } else if (!strcmp (*args, "-outform")) {
499 else if (!strcmp (*args, "-outform"))
500 {
501 if (!args[1]) 452 if (!args[1])
502 goto argerr; 453 goto argerr;
503 outformat = str2fmt(*++args); 454 outformat = str2fmt(*++args);
504 } 455 } else if (!strcmp (*args, "-out")) {
505 else if (!strcmp (*args, "-out"))
506 {
507 if (!args[1]) 456 if (!args[1])
508 goto argerr; 457 goto argerr;
509 outfile = *++args; 458 outfile = *++args;
510 } 459 } else if (!strcmp (*args, "-content")) {
511 else if (!strcmp (*args, "-content"))
512 {
513 if (!args[1]) 460 if (!args[1])
514 goto argerr; 461 goto argerr;
515 contfile = *++args; 462 contfile = *++args;
516 } 463 } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
517 else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
518 continue; 464 continue;
519 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) 465 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
520 badarg = 1; 466 badarg = 1;
521 args++; 467 args++;
522 } 468 }
523 469
524 if (((rr_allorfirst != -1) || rr_from) && !rr_to) 470 if (((rr_allorfirst != -1) || rr_from) && !rr_to) {
525 {
526 BIO_puts(bio_err, "No Signed Receipts Recipients\n"); 471 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
527 goto argerr; 472 goto argerr;
528 } 473 }
529 474
530 if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) 475 if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
531 {
532 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); 476 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
533 goto argerr; 477 goto argerr;
534 } 478 }
535 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) 479 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
536 {
537 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 480 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
538 goto argerr; 481 goto argerr;
539 } 482 }
540 483
541 if (operation & SMIME_SIGNERS) 484 if (operation & SMIME_SIGNERS) {
542 { 485 if (keyfile && !signerfile) {
543 if (keyfile && !signerfile)
544 {
545 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 486 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
546 goto argerr; 487 goto argerr;
547 } 488 }
548 /* Check to see if any final signer needs to be appended */ 489 /* Check to see if any final signer needs to be appended */
549 if (signerfile) 490 if (signerfile) {
550 {
551 if (!sksigners) 491 if (!sksigners)
552 sksigners = sk_OPENSSL_STRING_new_null(); 492 sksigners = sk_OPENSSL_STRING_new_null();
553 sk_OPENSSL_STRING_push(sksigners, signerfile); 493 sk_OPENSSL_STRING_push(sksigners, signerfile);
@@ -556,39 +496,29 @@ int MAIN(int argc, char **argv)
556 if (!keyfile) 496 if (!keyfile)
557 keyfile = signerfile; 497 keyfile = signerfile;
558 sk_OPENSSL_STRING_push(skkeys, keyfile); 498 sk_OPENSSL_STRING_push(skkeys, keyfile);
559 } 499 }
560 if (!sksigners) 500 if (!sksigners) {
561 {
562 BIO_printf(bio_err, "No signer certificate specified\n"); 501 BIO_printf(bio_err, "No signer certificate specified\n");
563 badarg = 1; 502 badarg = 1;
564 } 503 }
565 signerfile = NULL; 504 signerfile = NULL;
566 keyfile = NULL; 505 keyfile = NULL;
567 need_rand = 1; 506 need_rand = 1;
568 } 507 } else if (operation == SMIME_DECRYPT) {
569 508 if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
570 else if (operation == SMIME_DECRYPT)
571 {
572 if (!recipfile && !keyfile && !secret_key && !pwri_pass)
573 {
574 BIO_printf(bio_err, "No recipient certificate or key specified\n"); 509 BIO_printf(bio_err, "No recipient certificate or key specified\n");
575 badarg = 1; 510 badarg = 1;
576 }
577 } 511 }
578 else if (operation == SMIME_ENCRYPT) 512 } else if (operation == SMIME_ENCRYPT) {
579 { 513 if (!*args && !secret_key && !pwri_pass) {
580 if (!*args && !secret_key && !pwri_pass)
581 {
582 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 514 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
583 badarg = 1; 515 badarg = 1;
584 }
585 need_rand = 1;
586 } 516 }
587 else if (!operation) 517 need_rand = 1;
518 } else if (!operation)
588 badarg = 1; 519 badarg = 1;
589 520
590 if (badarg) 521 if (badarg) {
591 {
592 argerr: 522 argerr:
593 BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); 523 BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
594 BIO_printf (bio_err, "where options are\n"); 524 BIO_printf (bio_err, "where options are\n");
@@ -653,300 +583,245 @@ int MAIN(int argc, char **argv)
653 BIO_printf(bio_err, " the random number generator\n"); 583 BIO_printf(bio_err, " the random number generator\n");
654 BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); 584 BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
655 goto end; 585 goto end;
656 } 586 }
657 587
658#ifndef OPENSSL_NO_ENGINE 588#ifndef OPENSSL_NO_ENGINE
659 e = setup_engine(bio_err, engine, 0); 589 e = setup_engine(bio_err, engine, 0);
660#endif 590#endif
661 591
662 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 592 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
663 {
664 BIO_printf(bio_err, "Error getting password\n"); 593 BIO_printf(bio_err, "Error getting password\n");
665 goto end; 594 goto end;
666 } 595 }
667 596
668 if (need_rand) 597 if (need_rand) {
669 {
670 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); 598 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
671 if (inrand != NULL) 599 if (inrand != NULL)
672 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 600 BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
673 app_RAND_load_files(inrand)); 601 app_RAND_load_files(inrand));
674 } 602 }
675 603
676 ret = 2; 604 ret = 2;
677 605
678 if (!(operation & SMIME_SIGNERS)) 606 if (!(operation & SMIME_SIGNERS))
679 flags &= ~CMS_DETACHED; 607 flags &= ~CMS_DETACHED;
680 608
681 if (operation & SMIME_OP) 609 if (operation & SMIME_OP) {
682 {
683 if (outformat == FORMAT_ASN1) 610 if (outformat == FORMAT_ASN1)
684 outmode = "wb"; 611 outmode = "wb";
685 } 612 } else {
686 else
687 {
688 if (flags & CMS_BINARY) 613 if (flags & CMS_BINARY)
689 outmode = "wb"; 614 outmode = "wb";
690 } 615 }
691 616
692 if (operation & SMIME_IP) 617 if (operation & SMIME_IP) {
693 {
694 if (informat == FORMAT_ASN1) 618 if (informat == FORMAT_ASN1)
695 inmode = "rb"; 619 inmode = "rb";
696 } 620 } else {
697 else
698 {
699 if (flags & CMS_BINARY) 621 if (flags & CMS_BINARY)
700 inmode = "rb"; 622 inmode = "rb";
701 } 623 }
702 624
703 if (operation == SMIME_ENCRYPT) 625 if (operation == SMIME_ENCRYPT) {
704 { 626 if (!cipher) {
705 if (!cipher) 627#ifndef OPENSSL_NO_DES
706 {
707#ifndef OPENSSL_NO_DES
708 cipher = EVP_des_ede3_cbc(); 628 cipher = EVP_des_ede3_cbc();
709#else 629#else
710 BIO_printf(bio_err, "No cipher selected\n"); 630 BIO_printf(bio_err, "No cipher selected\n");
711 goto end; 631 goto end;
712#endif 632#endif
713 } 633 }
714 634
715 if (secret_key && !secret_keyid) 635 if (secret_key && !secret_keyid) {
716 {
717 BIO_printf(bio_err, "No secret key id\n"); 636 BIO_printf(bio_err, "No secret key id\n");
718 goto end; 637 goto end;
719 } 638 }
720 639
721 if (*args) 640 if (*args)
722 encerts = sk_X509_new_null(); 641 encerts = sk_X509_new_null();
723 while (*args) 642 while (*args) {
724 { 643 if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
725 if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, 644 NULL, e, "recipient certificate file")))
726 NULL, e, "recipient certificate file")))
727 goto end; 645 goto end;
728 sk_X509_push(encerts, cert); 646 sk_X509_push(encerts, cert);
729 cert = NULL; 647 cert = NULL;
730 args++; 648 args++;
731 }
732 } 649 }
650 }
733 651
734 if (certfile) 652 if (certfile) {
735 { 653 if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
736 if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, 654 e, "certificate file"))) {
737 e, "certificate file")))
738 {
739 ERR_print_errors(bio_err); 655 ERR_print_errors(bio_err);
740 goto end; 656 goto end;
741 }
742 } 657 }
658 }
743 659
744 if (recipfile && (operation == SMIME_DECRYPT)) 660 if (recipfile && (operation == SMIME_DECRYPT)) {
745 { 661 if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
746 if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, 662 e, "recipient certificate file"))) {
747 e, "recipient certificate file")))
748 {
749 ERR_print_errors(bio_err); 663 ERR_print_errors(bio_err);
750 goto end; 664 goto end;
751 }
752 } 665 }
666 }
753 667
754 if (operation == SMIME_SIGN_RECEIPT) 668 if (operation == SMIME_SIGN_RECEIPT) {
755 { 669 if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
756 if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL, 670 e, "receipt signer certificate file"))) {
757 e, "receipt signer certificate file")))
758 {
759 ERR_print_errors(bio_err); 671 ERR_print_errors(bio_err);
760 goto end; 672 goto end;
761 }
762 } 673 }
674 }
763 675
764 if (operation == SMIME_DECRYPT) 676 if (operation == SMIME_DECRYPT) {
765 {
766 if (!keyfile) 677 if (!keyfile)
767 keyfile = recipfile; 678 keyfile = recipfile;
768 } 679 } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) {
769 else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
770 {
771 if (!keyfile) 680 if (!keyfile)
772 keyfile = signerfile; 681 keyfile = signerfile;
773 } 682 } else
774 else keyfile = NULL; 683 keyfile = NULL;
775 684
776 if (keyfile) 685 if (keyfile) {
777 {
778 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 686 key = load_key(bio_err, keyfile, keyform, 0, passin, e,
779 "signing key file"); 687 "signing key file");
780 if (!key) 688 if (!key)
781 goto end; 689 goto end;
782 } 690 }
783 691
784 if (infile) 692 if (infile) {
785 { 693 if (!(in = BIO_new_file(infile, inmode))) {
786 if (!(in = BIO_new_file(infile, inmode)))
787 {
788 BIO_printf (bio_err, 694 BIO_printf (bio_err,
789 "Can't open input file %s\n", infile); 695 "Can't open input file %s\n", infile);
790 goto end; 696 goto end;
791 }
792 } 697 }
793 else 698 } else
794 in = BIO_new_fp(stdin, BIO_NOCLOSE); 699 in = BIO_new_fp(stdin, BIO_NOCLOSE);
795 700
796 if (operation & SMIME_IP) 701 if (operation & SMIME_IP) {
797 { 702 if (informat == FORMAT_SMIME)
798 if (informat == FORMAT_SMIME)
799 cms = SMIME_read_CMS(in, &indata); 703 cms = SMIME_read_CMS(in, &indata);
800 else if (informat == FORMAT_PEM) 704 else if (informat == FORMAT_PEM)
801 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); 705 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
802 else if (informat == FORMAT_ASN1) 706 else if (informat == FORMAT_ASN1)
803 cms = d2i_CMS_bio(in, NULL); 707 cms = d2i_CMS_bio(in, NULL);
804 else 708 else {
805 {
806 BIO_printf(bio_err, "Bad input format for CMS file\n"); 709 BIO_printf(bio_err, "Bad input format for CMS file\n");
807 goto end; 710 goto end;
808 } 711 }
809 712
810 if (!cms) 713 if (!cms) {
811 {
812 BIO_printf(bio_err, "Error reading S/MIME message\n"); 714 BIO_printf(bio_err, "Error reading S/MIME message\n");
813 goto end; 715 goto end;
814 } 716 }
815 if (contfile) 717 if (contfile) {
816 {
817 BIO_free(indata); 718 BIO_free(indata);
818 if (!(indata = BIO_new_file(contfile, "rb"))) 719 if (!(indata = BIO_new_file(contfile, "rb"))) {
819 {
820 BIO_printf(bio_err, "Can't read content file %s\n", contfile); 720 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
821 goto end; 721 goto end;
822 }
823 } 722 }
824 if (certsoutfile) 723 }
825 { 724 if (certsoutfile) {
826 STACK_OF(X509) *allcerts; 725 STACK_OF(X509) *allcerts;
827 allcerts = CMS_get1_certs(cms); 726 allcerts = CMS_get1_certs(cms);
828 if (!save_certs(certsoutfile, allcerts)) 727 if (!save_certs(certsoutfile, allcerts)) {
829 {
830 BIO_printf(bio_err, 728 BIO_printf(bio_err,
831 "Error writing certs to %s\n", 729 "Error writing certs to %s\n",
832 certsoutfile); 730 certsoutfile);
833 ret = 5; 731 ret = 5;
834 goto end; 732 goto end;
835 }
836 sk_X509_pop_free(allcerts, X509_free);
837 } 733 }
734 sk_X509_pop_free(allcerts, X509_free);
838 } 735 }
736 }
839 737
840 if (rctfile) 738 if (rctfile) {
841 {
842 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; 739 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
843 if (!(rctin = BIO_new_file(rctfile, rctmode))) 740 if (!(rctin = BIO_new_file(rctfile, rctmode))) {
844 {
845 BIO_printf (bio_err, 741 BIO_printf (bio_err,
846 "Can't open receipt file %s\n", rctfile); 742 "Can't open receipt file %s\n", rctfile);
847 goto end; 743 goto end;
848 } 744 }
849 745
850 if (rctformat == FORMAT_SMIME) 746 if (rctformat == FORMAT_SMIME)
851 rcms = SMIME_read_CMS(rctin, NULL); 747 rcms = SMIME_read_CMS(rctin, NULL);
852 else if (rctformat == FORMAT_PEM) 748 else if (rctformat == FORMAT_PEM)
853 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); 749 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
854 else if (rctformat == FORMAT_ASN1) 750 else if (rctformat == FORMAT_ASN1)
855 rcms = d2i_CMS_bio(rctin, NULL); 751 rcms = d2i_CMS_bio(rctin, NULL);
856 else 752 else {
857 {
858 BIO_printf(bio_err, "Bad input format for receipt\n"); 753 BIO_printf(bio_err, "Bad input format for receipt\n");
859 goto end; 754 goto end;
860 } 755 }
861 756
862 if (!rcms) 757 if (!rcms) {
863 {
864 BIO_printf(bio_err, "Error reading receipt\n"); 758 BIO_printf(bio_err, "Error reading receipt\n");
865 goto end; 759 goto end;
866 }
867 } 760 }
761 }
868 762
869 if (outfile) 763 if (outfile) {
870 { 764 if (!(out = BIO_new_file(outfile, outmode))) {
871 if (!(out = BIO_new_file(outfile, outmode)))
872 {
873 BIO_printf (bio_err, 765 BIO_printf (bio_err,
874 "Can't open output file %s\n", outfile); 766 "Can't open output file %s\n", outfile);
875 goto end; 767 goto end;
876 }
877 } 768 }
878 else 769 } else {
879 {
880 out = BIO_new_fp(stdout, BIO_NOCLOSE); 770 out = BIO_new_fp(stdout, BIO_NOCLOSE);
881 } 771 }
882 772
883 if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) 773 if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
884 {
885 if (!(store = setup_verify(bio_err, CAfile, CApath))) 774 if (!(store = setup_verify(bio_err, CAfile, CApath)))
886 goto end; 775 goto end;
887 X509_STORE_set_verify_cb(store, cms_cb); 776 X509_STORE_set_verify_cb(store, cms_cb);
888 if (vpm) 777 if (vpm)
889 X509_STORE_set1_param(store, vpm); 778 X509_STORE_set1_param(store, vpm);
890 } 779 }
891 780
892 781
893 ret = 3; 782 ret = 3;
894 783
895 if (operation == SMIME_DATA_CREATE) 784 if (operation == SMIME_DATA_CREATE) {
896 {
897 cms = CMS_data_create(in, flags); 785 cms = CMS_data_create(in, flags);
898 } 786 } else if (operation == SMIME_DIGEST_CREATE) {
899 else if (operation == SMIME_DIGEST_CREATE)
900 {
901 cms = CMS_digest_create(in, sign_md, flags); 787 cms = CMS_digest_create(in, sign_md, flags);
902 } 788 } else if (operation == SMIME_COMPRESS) {
903 else if (operation == SMIME_COMPRESS)
904 {
905 cms = CMS_compress(in, -1, flags); 789 cms = CMS_compress(in, -1, flags);
906 } 790 } else if (operation == SMIME_ENCRYPT) {
907 else if (operation == SMIME_ENCRYPT)
908 {
909 flags |= CMS_PARTIAL; 791 flags |= CMS_PARTIAL;
910 cms = CMS_encrypt(encerts, in, cipher, flags); 792 cms = CMS_encrypt(encerts, in, cipher, flags);
911 if (!cms) 793 if (!cms)
912 goto end; 794 goto end;
913 if (secret_key) 795 if (secret_key) {
914 { 796 if (!CMS_add0_recipient_key(cms, NID_undef,
915 if (!CMS_add0_recipient_key(cms, NID_undef, 797 secret_key, secret_keylen,
916 secret_key, secret_keylen, 798 secret_keyid, secret_keyidlen,
917 secret_keyid, secret_keyidlen, 799 NULL, NULL, NULL))
918 NULL, NULL, NULL))
919 goto end; 800 goto end;
920 /* NULL these because call absorbs them */ 801 /* NULL these because call absorbs them */
921 secret_key = NULL; 802 secret_key = NULL;
922 secret_keyid = NULL; 803 secret_keyid = NULL;
923 } 804 }
924 if (pwri_pass) 805 if (pwri_pass) {
925 {
926 pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass); 806 pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
927 if (!pwri_tmp) 807 if (!pwri_tmp)
928 goto end; 808 goto end;
929 if (!CMS_add0_recipient_password(cms, 809 if (!CMS_add0_recipient_password(cms,
930 -1, NID_undef, NID_undef, 810 -1, NID_undef, NID_undef,
931 pwri_tmp, -1, NULL)) 811 pwri_tmp, -1, NULL))
932 goto end; 812 goto end;
933 pwri_tmp = NULL; 813 pwri_tmp = NULL;
934 } 814 }
935 if (!(flags & CMS_STREAM)) 815 if (!(flags & CMS_STREAM)) {
936 {
937 if (!CMS_final(cms, in, NULL, flags)) 816 if (!CMS_final(cms, in, NULL, flags))
938 goto end; 817 goto end;
939 }
940 } 818 }
941 else if (operation == SMIME_ENCRYPTED_ENCRYPT) 819 } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
942 {
943 cms = CMS_EncryptedData_encrypt(in, cipher, 820 cms = CMS_EncryptedData_encrypt(in, cipher,
944 secret_key, secret_keylen, 821 secret_key, secret_keylen,
945 flags); 822 flags);
946 823
947 } 824 } else if (operation == SMIME_SIGN_RECEIPT) {
948 else if (operation == SMIME_SIGN_RECEIPT)
949 {
950 CMS_ContentInfo *srcms = NULL; 825 CMS_ContentInfo *srcms = NULL;
951 STACK_OF(CMS_SignerInfo) *sis; 826 STACK_OF(CMS_SignerInfo) *sis;
952 CMS_SignerInfo *si; 827 CMS_SignerInfo *si;
@@ -959,21 +834,17 @@ int MAIN(int argc, char **argv)
959 goto end; 834 goto end;
960 CMS_ContentInfo_free(cms); 835 CMS_ContentInfo_free(cms);
961 cms = srcms; 836 cms = srcms;
962 } 837 } else if (operation & SMIME_SIGNERS) {
963 else if (operation & SMIME_SIGNERS)
964 {
965 int i; 838 int i;
966 /* If detached data content we enable streaming if 839 /* If detached data content we enable streaming if
967 * S/MIME output format. 840 * S/MIME output format.
968 */ 841 */
969 if (operation == SMIME_SIGN) 842 if (operation == SMIME_SIGN) {
970 { 843
971 844 if (flags & CMS_DETACHED) {
972 if (flags & CMS_DETACHED)
973 {
974 if (outformat == FORMAT_SMIME) 845 if (outformat == FORMAT_SMIME)
975 flags |= CMS_STREAM; 846 flags |= CMS_STREAM;
976 } 847 }
977 flags |= CMS_PARTIAL; 848 flags |= CMS_PARTIAL;
978 cms = CMS_sign(NULL, NULL, other, in, flags); 849 cms = CMS_sign(NULL, NULL, other, in, flags);
979 if (!cms) 850 if (!cms)
@@ -981,31 +852,27 @@ int MAIN(int argc, char **argv)
981 if (econtent_type) 852 if (econtent_type)
982 CMS_set1_eContentType(cms, econtent_type); 853 CMS_set1_eContentType(cms, econtent_type);
983 854
984 if (rr_to) 855 if (rr_to) {
985 {
986 rr = make_receipt_request(rr_to, rr_allorfirst, 856 rr = make_receipt_request(rr_to, rr_allorfirst,
987 rr_from); 857 rr_from);
988 if (!rr) 858 if (!rr) {
989 {
990 BIO_puts(bio_err, 859 BIO_puts(bio_err,
991 "Signed Receipt Request Creation Error\n"); 860 "Signed Receipt Request Creation Error\n");
992 goto end; 861 goto end;
993 }
994 } 862 }
995 } 863 }
996 else 864 } else
997 flags |= CMS_REUSE_DIGEST; 865 flags |= CMS_REUSE_DIGEST;
998 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) 866 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
999 {
1000 CMS_SignerInfo *si; 867 CMS_SignerInfo *si;
1001 signerfile = sk_OPENSSL_STRING_value(sksigners, i); 868 signerfile = sk_OPENSSL_STRING_value(sksigners, i);
1002 keyfile = sk_OPENSSL_STRING_value(skkeys, i); 869 keyfile = sk_OPENSSL_STRING_value(skkeys, i);
1003 signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, 870 signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
1004 e, "signer certificate"); 871 e, "signer certificate");
1005 if (!signer) 872 if (!signer)
1006 goto end; 873 goto end;
1007 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 874 key = load_key(bio_err, keyfile, keyform, 0, passin, e,
1008 "signing key file"); 875 "signing key file");
1009 if (!key) 876 if (!key)
1010 goto end; 877 goto end;
1011 si = CMS_add1_signer(cms, signer, key, sign_md, flags); 878 si = CMS_add1_signer(cms, signer, key, sign_md, flags);
@@ -1017,139 +884,107 @@ int MAIN(int argc, char **argv)
1017 signer = NULL; 884 signer = NULL;
1018 EVP_PKEY_free(key); 885 EVP_PKEY_free(key);
1019 key = NULL; 886 key = NULL;
1020 } 887 }
1021 /* If not streaming or resigning finalize structure */ 888 /* If not streaming or resigning finalize structure */
1022 if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) 889 if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
1023 {
1024 if (!CMS_final(cms, in, NULL, flags)) 890 if (!CMS_final(cms, in, NULL, flags))
1025 goto end; 891 goto end;
1026 }
1027 } 892 }
893 }
1028 894
1029 if (!cms) 895 if (!cms) {
1030 {
1031 BIO_printf(bio_err, "Error creating CMS structure\n"); 896 BIO_printf(bio_err, "Error creating CMS structure\n");
1032 goto end; 897 goto end;
1033 } 898 }
1034 899
1035 ret = 4; 900 ret = 4;
1036 if (operation == SMIME_DECRYPT) 901 if (operation == SMIME_DECRYPT) {
1037 {
1038 if (flags & CMS_DEBUG_DECRYPT) 902 if (flags & CMS_DEBUG_DECRYPT)
1039 CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); 903 CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
1040 904
1041 if (secret_key) 905 if (secret_key) {
1042 {
1043 if (!CMS_decrypt_set1_key(cms, 906 if (!CMS_decrypt_set1_key(cms,
1044 secret_key, secret_keylen, 907 secret_key, secret_keylen,
1045 secret_keyid, secret_keyidlen)) 908 secret_keyid, secret_keyidlen)) {
1046 {
1047 BIO_puts(bio_err, 909 BIO_puts(bio_err,
1048 "Error decrypting CMS using secret key\n"); 910 "Error decrypting CMS using secret key\n");
1049 goto end; 911 goto end;
1050 }
1051 } 912 }
913 }
1052 914
1053 if (key) 915 if (key) {
1054 { 916 if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
1055 if (!CMS_decrypt_set1_pkey(cms, key, recip))
1056 {
1057 BIO_puts(bio_err, 917 BIO_puts(bio_err,
1058 "Error decrypting CMS using private key\n"); 918 "Error decrypting CMS using private key\n");
1059 goto end; 919 goto end;
1060 }
1061 } 920 }
921 }
1062 922
1063 if (pwri_pass) 923 if (pwri_pass) {
1064 { 924 if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
1065 if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))
1066 {
1067 BIO_puts(bio_err, 925 BIO_puts(bio_err,
1068 "Error decrypting CMS using password\n"); 926 "Error decrypting CMS using password\n");
1069 goto end; 927 goto end;
1070 }
1071 } 928 }
929 }
1072 930
1073 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) 931 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
1074 {
1075 BIO_printf(bio_err, "Error decrypting CMS structure\n"); 932 BIO_printf(bio_err, "Error decrypting CMS structure\n");
1076 goto end; 933 goto end;
1077 }
1078 } 934 }
1079 else if (operation == SMIME_DATAOUT) 935 } else if (operation == SMIME_DATAOUT) {
1080 {
1081 if (!CMS_data(cms, out, flags)) 936 if (!CMS_data(cms, out, flags))
1082 goto end; 937 goto end;
1083 } 938 } else if (operation == SMIME_UNCOMPRESS) {
1084 else if (operation == SMIME_UNCOMPRESS)
1085 {
1086 if (!CMS_uncompress(cms, indata, out, flags)) 939 if (!CMS_uncompress(cms, indata, out, flags))
1087 goto end; 940 goto end;
1088 } 941 } else if (operation == SMIME_DIGEST_VERIFY) {
1089 else if (operation == SMIME_DIGEST_VERIFY)
1090 {
1091 if (CMS_digest_verify(cms, indata, out, flags) > 0) 942 if (CMS_digest_verify(cms, indata, out, flags) > 0)
1092 BIO_printf(bio_err, "Verification successful\n"); 943 BIO_printf(bio_err, "Verification successful\n");
1093 else 944 else {
1094 {
1095 BIO_printf(bio_err, "Verification failure\n"); 945 BIO_printf(bio_err, "Verification failure\n");
1096 goto end; 946 goto end;
1097 }
1098 } 947 }
1099 else if (operation == SMIME_ENCRYPTED_DECRYPT) 948 } else if (operation == SMIME_ENCRYPTED_DECRYPT) {
1100 {
1101 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, 949 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
1102 indata, out, flags)) 950 indata, out, flags))
1103 goto end; 951 goto end;
1104 } 952 } else if (operation == SMIME_VERIFY) {
1105 else if (operation == SMIME_VERIFY)
1106 {
1107 if (CMS_verify(cms, other, store, indata, out, flags) > 0) 953 if (CMS_verify(cms, other, store, indata, out, flags) > 0)
1108 BIO_printf(bio_err, "Verification successful\n"); 954 BIO_printf(bio_err, "Verification successful\n");
1109 else 955 else {
1110 {
1111 BIO_printf(bio_err, "Verification failure\n"); 956 BIO_printf(bio_err, "Verification failure\n");
1112 if (verify_retcode) 957 if (verify_retcode)
1113 ret = verify_err + 32; 958 ret = verify_err + 32;
1114 goto end; 959 goto end;
1115 } 960 }
1116 if (signerfile) 961 if (signerfile) {
1117 {
1118 STACK_OF(X509) *signers; 962 STACK_OF(X509) *signers;
1119 signers = CMS_get0_signers(cms); 963 signers = CMS_get0_signers(cms);
1120 if (!save_certs(signerfile, signers)) 964 if (!save_certs(signerfile, signers)) {
1121 {
1122 BIO_printf(bio_err, 965 BIO_printf(bio_err,
1123 "Error writing signers to %s\n", 966 "Error writing signers to %s\n",
1124 signerfile); 967 signerfile);
1125 ret = 5; 968 ret = 5;
1126 goto end; 969 goto end;
1127 }
1128 sk_X509_free(signers);
1129 } 970 }
971 sk_X509_free(signers);
972 }
1130 if (rr_print) 973 if (rr_print)
1131 receipt_request_print(bio_err, cms); 974 receipt_request_print(bio_err, cms);
1132 975
1133 } 976 } else if (operation == SMIME_VERIFY_RECEIPT) {
1134 else if (operation == SMIME_VERIFY_RECEIPT)
1135 {
1136 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) 977 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
1137 BIO_printf(bio_err, "Verification successful\n"); 978 BIO_printf(bio_err, "Verification successful\n");
1138 else 979 else {
1139 {
1140 BIO_printf(bio_err, "Verification failure\n"); 980 BIO_printf(bio_err, "Verification failure\n");
1141 goto end; 981 goto end;
1142 }
1143 } 982 }
1144 else 983 } else {
1145 { 984 if (noout) {
1146 if (noout)
1147 {
1148 if (print) 985 if (print)
1149 CMS_ContentInfo_print_ctx(out, cms, 0, NULL); 986 CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
1150 } 987 } else if (outformat == FORMAT_SMIME) {
1151 else if (outformat == FORMAT_SMIME)
1152 {
1153 if (to) 988 if (to)
1154 BIO_printf(out, "To: %s\n", to); 989 BIO_printf(out, "To: %s\n", to);
1155 if (from) 990 if (from)
@@ -1160,22 +995,19 @@ int MAIN(int argc, char **argv)
1160 ret = SMIME_write_CMS(out, cms, indata, flags); 995 ret = SMIME_write_CMS(out, cms, indata, flags);
1161 else 996 else
1162 ret = SMIME_write_CMS(out, cms, in, flags); 997 ret = SMIME_write_CMS(out, cms, in, flags);
1163 } 998 } else if (outformat == FORMAT_PEM)
1164 else if (outformat == FORMAT_PEM)
1165 ret = PEM_write_bio_CMS_stream(out, cms, in, flags); 999 ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
1166 else if (outformat == FORMAT_ASN1) 1000 else if (outformat == FORMAT_ASN1)
1167 ret = i2d_CMS_bio_stream(out,cms, in, flags); 1001 ret = i2d_CMS_bio_stream(out, cms, in, flags);
1168 else 1002 else {
1169 {
1170 BIO_printf(bio_err, "Bad output format for CMS file\n"); 1003 BIO_printf(bio_err, "Bad output format for CMS file\n");
1171 goto end; 1004 goto end;
1172 } 1005 }
1173 if (ret <= 0) 1006 if (ret <= 0) {
1174 {
1175 ret = 6; 1007 ret = 6;
1176 goto end; 1008 goto end;
1177 }
1178 } 1009 }
1010 }
1179 ret = 0; 1011 ret = 0;
1180end: 1012end:
1181 if (ret) 1013 if (ret)
@@ -1215,66 +1047,69 @@ end:
1215 BIO_free(in); 1047 BIO_free(in);
1216 BIO_free(indata); 1048 BIO_free(indata);
1217 BIO_free_all(out); 1049 BIO_free_all(out);
1218 if (passin) OPENSSL_free(passin); 1050 if (passin)
1051 OPENSSL_free(passin);
1219 return (ret); 1052 return (ret);
1220} 1053}
1221 1054
1222static int save_certs(char *signerfile, STACK_OF(X509) *signers) 1055static int
1223 { 1056save_certs(char *signerfile, STACK_OF(X509) *signers)
1057{
1224 int i; 1058 int i;
1225 BIO *tmp; 1059 BIO *tmp;
1226 if (!signerfile) 1060 if (!signerfile)
1227 return 1; 1061 return 1;
1228 tmp = BIO_new_file(signerfile, "w"); 1062 tmp = BIO_new_file(signerfile, "w");
1229 if (!tmp) return 0; 1063 if (!tmp)
1230 for(i = 0; i < sk_X509_num(signers); i++) 1064 return 0;
1065 for (i = 0; i < sk_X509_num(signers); i++)
1231 PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); 1066 PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
1232 BIO_free(tmp); 1067 BIO_free(tmp);
1233 return 1; 1068 return 1;
1234 } 1069}
1235 1070
1236 1071
1237/* Minimal callback just to output policy info (if any) */ 1072/* Minimal callback just to output policy info (if any) */
1238 1073
1239static int cms_cb(int ok, X509_STORE_CTX *ctx) 1074static int
1240 { 1075cms_cb(int ok, X509_STORE_CTX *ctx)
1076{
1241 int error; 1077 int error;
1242 1078
1243 error = X509_STORE_CTX_get_error(ctx); 1079 error = X509_STORE_CTX_get_error(ctx);
1244 1080
1245 verify_err = error; 1081 verify_err = error;
1246 1082
1247 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) 1083 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) &&
1248 && ((error != X509_V_OK) || (ok != 2))) 1084 ((error != X509_V_OK) || (ok != 2)))
1249 return ok; 1085 return ok;
1250 1086
1251 policies_print(NULL, ctx); 1087 policies_print(NULL, ctx);
1252 1088
1253 return ok; 1089 return ok;
1090}
1254 1091
1255 } 1092static void
1256 1093gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
1257static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) 1094{
1258 {
1259 STACK_OF(GENERAL_NAME) *gens; 1095 STACK_OF(GENERAL_NAME) *gens;
1260 GENERAL_NAME *gen; 1096 GENERAL_NAME *gen;
1261 int i, j; 1097 int i, j;
1262 for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) 1098 for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
1263 {
1264 gens = sk_GENERAL_NAMES_value(gns, i); 1099 gens = sk_GENERAL_NAMES_value(gns, i);
1265 for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) 1100 for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
1266 {
1267 gen = sk_GENERAL_NAME_value(gens, j); 1101 gen = sk_GENERAL_NAME_value(gens, j);
1268 BIO_puts(out, " "); 1102 BIO_puts(out, " ");
1269 GENERAL_NAME_print(out, gen); 1103 GENERAL_NAME_print(out, gen);
1270 BIO_puts(out, "\n"); 1104 BIO_puts(out, "\n");
1271 }
1272 } 1105 }
1273 return;
1274 } 1106 }
1107 return;
1108}
1275 1109
1276static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) 1110static void
1277 { 1111receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1112{
1278 STACK_OF(CMS_SignerInfo) *sis; 1113 STACK_OF(CMS_SignerInfo) *sis;
1279 CMS_SignerInfo *si; 1114 CMS_SignerInfo *si;
1280 CMS_ReceiptRequest *rr; 1115 CMS_ReceiptRequest *rr;
@@ -1283,35 +1118,29 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1283 ASN1_STRING *scid; 1118 ASN1_STRING *scid;
1284 int i, rv; 1119 int i, rv;
1285 sis = CMS_get0_SignerInfos(cms); 1120 sis = CMS_get0_SignerInfos(cms);
1286 for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) 1121 for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
1287 {
1288 si = sk_CMS_SignerInfo_value(sis, i); 1122 si = sk_CMS_SignerInfo_value(sis, i);
1289 rv = CMS_get1_ReceiptRequest(si, &rr); 1123 rv = CMS_get1_ReceiptRequest(si, &rr);
1290 BIO_printf(bio_err, "Signer %d:\n", i + 1); 1124 BIO_printf(bio_err, "Signer %d:\n", i + 1);
1291 if (rv == 0) 1125 if (rv == 0)
1292 BIO_puts(bio_err, " No Receipt Request\n"); 1126 BIO_puts(bio_err, " No Receipt Request\n");
1293 else if (rv < 0) 1127 else if (rv < 0) {
1294 {
1295 BIO_puts(bio_err, " Receipt Request Parse Error\n"); 1128 BIO_puts(bio_err, " Receipt Request Parse Error\n");
1296 ERR_print_errors(bio_err); 1129 ERR_print_errors(bio_err);
1297 } 1130 } else {
1298 else
1299 {
1300 char *id; 1131 char *id;
1301 int idlen; 1132 int idlen;
1302 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, 1133 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1303 &rlist, &rto); 1134 &rlist, &rto);
1304 BIO_puts(out, " Signed Content ID:\n"); 1135 BIO_puts(out, " Signed Content ID:\n");
1305 idlen = ASN1_STRING_length(scid); 1136 idlen = ASN1_STRING_length(scid);
1306 id = (char *)ASN1_STRING_data(scid); 1137 id = (char *)ASN1_STRING_data(scid);
1307 BIO_dump_indent(out, id, idlen, 4); 1138 BIO_dump_indent(out, id, idlen, 4);
1308 BIO_puts(out, " Receipts From"); 1139 BIO_puts(out, " Receipts From");
1309 if (rlist) 1140 if (rlist) {
1310 {
1311 BIO_puts(out, " List:\n"); 1141 BIO_puts(out, " List:\n");
1312 gnames_stack_print(out, rlist); 1142 gnames_stack_print(out, rlist);
1313 } 1143 } else if (allorfirst == 1)
1314 else if (allorfirst == 1)
1315 BIO_puts(out, ": First Tier\n"); 1144 BIO_puts(out, ": First Tier\n");
1316 else if (allorfirst == 0) 1145 else if (allorfirst == 0)
1317 BIO_puts(out, ": All\n"); 1146 BIO_puts(out, ": All\n");
@@ -1319,14 +1148,15 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1319 BIO_printf(out, " Unknown (%d)\n", allorfirst); 1148 BIO_printf(out, " Unknown (%d)\n", allorfirst);
1320 BIO_puts(out, " Receipts To:\n"); 1149 BIO_puts(out, " Receipts To:\n");
1321 gnames_stack_print(out, rto); 1150 gnames_stack_print(out, rto);
1322 } 1151 }
1323 if (rr) 1152 if (rr)
1324 CMS_ReceiptRequest_free(rr); 1153 CMS_ReceiptRequest_free(rr);
1325 }
1326 } 1154 }
1155}
1327 1156
1328static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) 1157static
1329 { 1158STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1159{
1330 int i; 1160 int i;
1331 STACK_OF(GENERAL_NAMES) *ret; 1161 STACK_OF(GENERAL_NAMES) *ret;
1332 GENERAL_NAMES *gens = NULL; 1162 GENERAL_NAMES *gens = NULL;
@@ -1334,8 +1164,7 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1334 ret = sk_GENERAL_NAMES_new_null(); 1164 ret = sk_GENERAL_NAMES_new_null();
1335 if (!ret) 1165 if (!ret)
1336 goto err; 1166 goto err;
1337 for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) 1167 for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
1338 {
1339 char *str = sk_OPENSSL_STRING_value(ns, i); 1168 char *str = sk_OPENSSL_STRING_value(ns, i);
1340 gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); 1169 gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
1341 if (!gen) 1170 if (!gen)
@@ -1349,11 +1178,11 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1349 if (!sk_GENERAL_NAMES_push(ret, gens)) 1178 if (!sk_GENERAL_NAMES_push(ret, gens))
1350 goto err; 1179 goto err;
1351 gens = NULL; 1180 gens = NULL;
1352 } 1181 }
1353 1182
1354 return ret; 1183 return ret;
1355 1184
1356 err: 1185err:
1357 if (ret) 1186 if (ret)
1358 sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); 1187 sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
1359 if (gens) 1188 if (gens)
@@ -1361,31 +1190,30 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1361 if (gen) 1190 if (gen)
1362 GENERAL_NAME_free(gen); 1191 GENERAL_NAME_free(gen);
1363 return NULL; 1192 return NULL;
1364 } 1193}
1365 1194
1366 1195
1367static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, 1196static CMS_ReceiptRequest *
1368 int rr_allorfirst, 1197make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
1369 STACK_OF(OPENSSL_STRING) *rr_from) 1198 STACK_OF(OPENSSL_STRING) *rr_from)
1370 { 1199{
1371 STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; 1200 STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
1372 CMS_ReceiptRequest *rr; 1201 CMS_ReceiptRequest *rr;
1373 rct_to = make_names_stack(rr_to); 1202 rct_to = make_names_stack(rr_to);
1374 if (!rct_to) 1203 if (!rct_to)
1375 goto err; 1204 goto err;
1376 if (rr_from) 1205 if (rr_from) {
1377 {
1378 rct_from = make_names_stack(rr_from); 1206 rct_from = make_names_stack(rr_from);
1379 if (!rct_from) 1207 if (!rct_from)
1380 goto err; 1208 goto err;
1381 } 1209 } else
1382 else
1383 rct_from = NULL; 1210 rct_from = NULL;
1384 rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, 1211 rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1385 rct_to); 1212 rct_to);
1386 return rr; 1213 return rr;
1387 err: 1214
1215err:
1388 return NULL; 1216 return NULL;
1389 } 1217}
1390 1218
1391#endif 1219#endif
diff --git a/src/lib/libssl/src/apps/crl.c b/src/lib/libssl/src/apps/crl.c
index 88e606554a..58c711813f 100644
--- a/src/lib/libssl/src/apps/crl.c
+++ b/src/lib/libssl/src/apps/crl.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -72,47 +72,48 @@
72#undef POSTFIX 72#undef POSTFIX
73#define POSTFIX ".rvk" 73#define POSTFIX ".rvk"
74 74
75static const char *crl_usage[]={ 75static const char *crl_usage[] = {
76"usage: crl args\n", 76 "usage: crl args\n",
77"\n", 77 "\n",
78" -inform arg - input format - default PEM (DER or PEM)\n", 78 " -inform arg - input format - default PEM (DER or PEM)\n",
79" -outform arg - output format - default PEM\n", 79 " -outform arg - output format - default PEM\n",
80" -text - print out a text format version\n", 80 " -text - print out a text format version\n",
81" -in arg - input file - default stdin\n", 81 " -in arg - input file - default stdin\n",
82" -out arg - output file - default stdout\n", 82 " -out arg - output file - default stdout\n",
83" -hash - print hash value\n", 83 " -hash - print hash value\n",
84#ifndef OPENSSL_NO_MD5 84#ifndef OPENSSL_NO_MD5
85" -hash_old - print old-style (MD5) hash value\n", 85 " -hash_old - print old-style (MD5) hash value\n",
86#endif 86#endif
87" -fingerprint - print the crl fingerprint\n", 87 " -fingerprint - print the crl fingerprint\n",
88" -issuer - print issuer DN\n", 88 " -issuer - print issuer DN\n",
89" -lastupdate - lastUpdate field\n", 89 " -lastupdate - lastUpdate field\n",
90" -nextupdate - nextUpdate field\n", 90 " -nextupdate - nextUpdate field\n",
91" -crlnumber - print CRL number\n", 91 " -crlnumber - print CRL number\n",
92" -noout - no CRL output\n", 92 " -noout - no CRL output\n",
93" -CAfile name - verify CRL using certificates in file \"name\"\n", 93 " -CAfile name - verify CRL using certificates in file \"name\"\n",
94" -CApath dir - verify CRL using certificates in \"dir\"\n", 94 " -CApath dir - verify CRL using certificates in \"dir\"\n",
95" -nameopt arg - various certificate name options\n", 95 " -nameopt arg - various certificate name options\n",
96NULL 96 NULL
97}; 97};
98 98
99static X509_CRL *load_crl(char *file, int format); 99static X509_CRL *load_crl(char *file, int format);
100static BIO *bio_out=NULL; 100static BIO *bio_out = NULL;
101 101
102int MAIN(int, char **); 102int MAIN(int, char **);
103 103
104int MAIN(int argc, char **argv) 104int
105 { 105MAIN(int argc, char **argv)
106{
106 unsigned long nmflag = 0; 107 unsigned long nmflag = 0;
107 X509_CRL *x=NULL; 108 X509_CRL *x = NULL;
108 char *CAfile = NULL, *CApath = NULL; 109 char *CAfile = NULL, *CApath = NULL;
109 int ret=1,i,num,badops=0; 110 int ret = 1, i, num, badops = 0;
110 BIO *out=NULL; 111 BIO *out = NULL;
111 int informat,outformat; 112 int informat, outformat;
112 char *infile=NULL,*outfile=NULL; 113 char *infile = NULL, *outfile = NULL;
113 int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; 114 int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0, text = 0;
114#ifndef OPENSSL_NO_MD5 115#ifndef OPENSSL_NO_MD5
115 int hash_old=0; 116 int hash_old = 0;
116#endif 117#endif
117 int fingerprint = 0, crlnumber = 0; 118 int fingerprint = 0, crlnumber = 0;
118 const char **pp; 119 const char **pp;
@@ -122,331 +123,306 @@ int MAIN(int argc, char **argv)
122 X509_OBJECT xobj; 123 X509_OBJECT xobj;
123 EVP_PKEY *pkey; 124 EVP_PKEY *pkey;
124 int do_ver = 0; 125 int do_ver = 0;
125 const EVP_MD *md_alg,*digest=EVP_sha1(); 126 const EVP_MD *md_alg, *digest = EVP_sha1();
126 127
127 apps_startup(); 128 apps_startup();
128 129
129 if (bio_err == NULL) 130 if (bio_err == NULL)
130 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 131 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
131 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 132 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
132 133
133 if (!load_config(bio_err, NULL)) 134 if (!load_config(bio_err, NULL))
134 goto end; 135 goto end;
135 136
136 if (bio_out == NULL) 137 if (bio_out == NULL)
137 if ((bio_out=BIO_new(BIO_s_file())) != NULL) 138 if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
138 { 139 BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
139 BIO_set_fp(bio_out,stdout,BIO_NOCLOSE); 140 }
140 }
141 141
142 informat=FORMAT_PEM; 142 informat = FORMAT_PEM;
143 outformat=FORMAT_PEM; 143 outformat = FORMAT_PEM;
144 144
145 argc--; 145 argc--;
146 argv++; 146 argv++;
147 num=0; 147 num = 0;
148 while (argc >= 1) 148 while (argc >= 1) {
149 {
150#ifdef undef 149#ifdef undef
151 if (strcmp(*argv,"-p") == 0) 150 if (strcmp(*argv, "-p") == 0) {
152 { 151 if (--argc < 1)
153 if (--argc < 1) goto bad; 152 goto bad;
154 if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/ 153 if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
155 } 154 }
156#endif 155#endif
157 if (strcmp(*argv,"-inform") == 0) 156 if (strcmp(*argv, "-inform") == 0) {
158 { 157 if (--argc < 1)
159 if (--argc < 1) goto bad; 158 goto bad;
160 informat=str2fmt(*(++argv)); 159 informat = str2fmt(*(++argv));
161 } 160 } else if (strcmp(*argv, "-outform") == 0) {
162 else if (strcmp(*argv,"-outform") == 0) 161 if (--argc < 1)
163 { 162 goto bad;
164 if (--argc < 1) goto bad; 163 outformat = str2fmt(*(++argv));
165 outformat=str2fmt(*(++argv)); 164 } else if (strcmp(*argv, "-in") == 0) {
166 } 165 if (--argc < 1)
167 else if (strcmp(*argv,"-in") == 0) 166 goto bad;
168 {
169 if (--argc < 1) goto bad;
170 infile= *(++argv); 167 infile= *(++argv);
171 } 168 } else if (strcmp(*argv, "-out") == 0) {
172 else if (strcmp(*argv,"-out") == 0) 169 if (--argc < 1)
173 { 170 goto bad;
174 if (--argc < 1) goto bad;
175 outfile= *(++argv); 171 outfile= *(++argv);
176 } 172 } else if (strcmp(*argv, "-CApath") == 0) {
177 else if (strcmp(*argv,"-CApath") == 0) 173 if (--argc < 1)
178 { 174 goto bad;
179 if (--argc < 1) goto bad;
180 CApath = *(++argv); 175 CApath = *(++argv);
181 do_ver = 1; 176 do_ver = 1;
182 } 177 } else if (strcmp(*argv, "-CAfile") == 0) {
183 else if (strcmp(*argv,"-CAfile") == 0) 178 if (--argc < 1)
184 { 179 goto bad;
185 if (--argc < 1) goto bad;
186 CAfile = *(++argv); 180 CAfile = *(++argv);
187 do_ver = 1; 181 do_ver = 1;
188 } 182 } else if (strcmp(*argv, "-verify") == 0)
189 else if (strcmp(*argv,"-verify") == 0)
190 do_ver = 1; 183 do_ver = 1;
191 else if (strcmp(*argv,"-text") == 0) 184 else if (strcmp(*argv, "-text") == 0)
192 text = 1; 185 text = 1;
193 else if (strcmp(*argv,"-hash") == 0) 186 else if (strcmp(*argv, "-hash") == 0)
194 hash= ++num; 187 hash= ++num;
195#ifndef OPENSSL_NO_MD5 188#ifndef OPENSSL_NO_MD5
196 else if (strcmp(*argv,"-hash_old") == 0) 189 else if (strcmp(*argv, "-hash_old") == 0)
197 hash_old= ++num; 190 hash_old= ++num;
198#endif 191#endif
199 else if (strcmp(*argv,"-nameopt") == 0) 192 else if (strcmp(*argv, "-nameopt") == 0) {
200 { 193 if (--argc < 1)
201 if (--argc < 1) goto bad; 194 goto bad;
202 if (!set_name_ex(&nmflag, *(++argv))) goto bad; 195 if (!set_name_ex(&nmflag, *(++argv)))
203 } 196 goto bad;
204 else if (strcmp(*argv,"-issuer") == 0) 197 } else if (strcmp(*argv, "-issuer") == 0)
205 issuer= ++num; 198 issuer= ++num;
206 else if (strcmp(*argv,"-lastupdate") == 0) 199 else if (strcmp(*argv, "-lastupdate") == 0)
207 lastupdate= ++num; 200 lastupdate= ++num;
208 else if (strcmp(*argv,"-nextupdate") == 0) 201 else if (strcmp(*argv, "-nextupdate") == 0)
209 nextupdate= ++num; 202 nextupdate= ++num;
210 else if (strcmp(*argv,"-noout") == 0) 203 else if (strcmp(*argv, "-noout") == 0)
211 noout= ++num; 204 noout= ++num;
212 else if (strcmp(*argv,"-fingerprint") == 0) 205 else if (strcmp(*argv, "-fingerprint") == 0)
213 fingerprint= ++num; 206 fingerprint= ++num;
214 else if (strcmp(*argv,"-crlnumber") == 0) 207 else if (strcmp(*argv, "-crlnumber") == 0)
215 crlnumber= ++num; 208 crlnumber= ++num;
216 else if ((md_alg=EVP_get_digestbyname(*argv + 1))) 209 else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
217 {
218 /* ok */ 210 /* ok */
219 digest=md_alg; 211 digest = md_alg;
220 } 212 } else {
221 else 213 BIO_printf(bio_err, "unknown option %s\n", *argv);
222 { 214 badops = 1;
223 BIO_printf(bio_err,"unknown option %s\n",*argv);
224 badops=1;
225 break; 215 break;
226 } 216 }
227 argc--; 217 argc--;
228 argv++; 218 argv++;
229 } 219 }
230 220
231 if (badops) 221 if (badops) {
232 {
233bad: 222bad:
234 for (pp=crl_usage; (*pp != NULL); pp++) 223 for (pp = crl_usage; (*pp != NULL); pp++)
235 BIO_printf(bio_err,"%s",*pp); 224 BIO_printf(bio_err, "%s", *pp);
236 goto end; 225 goto end;
237 } 226 }
238 227
239 ERR_load_crypto_strings(); 228 ERR_load_crypto_strings();
240 x=load_crl(infile,informat); 229 x = load_crl(infile, informat);
241 if (x == NULL) { goto end; } 230 if (x == NULL) {
231 goto end;
232 }
242 233
243 if(do_ver) { 234 if (do_ver) {
244 store = X509_STORE_new(); 235 store = X509_STORE_new();
245 lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); 236 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
246 if (lookup == NULL) goto end; 237 if (lookup == NULL)
247 if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) 238 goto end;
248 X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); 239 if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM))
249 240 X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
250 lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); 241
251 if (lookup == NULL) goto end; 242 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
252 if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) 243 if (lookup == NULL)
253 X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); 244 goto end;
245 if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM))
246 X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
254 ERR_clear_error(); 247 ERR_clear_error();
255 248
256 if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) { 249 if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
257 BIO_printf(bio_err, 250 BIO_printf(bio_err,
258 "Error initialising X509 store\n"); 251 "Error initialising X509 store\n");
259 goto end; 252 goto end;
260 } 253 }
261 254
262 i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 255 i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
263 X509_CRL_get_issuer(x), &xobj); 256 X509_CRL_get_issuer(x), &xobj);
264 if(i <= 0) { 257 if (i <= 0) {
265 BIO_printf(bio_err, 258 BIO_printf(bio_err,
266 "Error getting CRL issuer certificate\n"); 259 "Error getting CRL issuer certificate\n");
267 goto end; 260 goto end;
268 } 261 }
269 pkey = X509_get_pubkey(xobj.data.x509); 262 pkey = X509_get_pubkey(xobj.data.x509);
270 X509_OBJECT_free_contents(&xobj); 263 X509_OBJECT_free_contents(&xobj);
271 if(!pkey) { 264 if (!pkey) {
272 BIO_printf(bio_err, 265 BIO_printf(bio_err,
273 "Error getting CRL issuer public key\n"); 266 "Error getting CRL issuer public key\n");
274 goto end; 267 goto end;
275 } 268 }
276 i = X509_CRL_verify(x, pkey); 269 i = X509_CRL_verify(x, pkey);
277 EVP_PKEY_free(pkey); 270 EVP_PKEY_free(pkey);
278 if(i < 0) goto end; 271 if (i < 0)
279 if(i == 0) BIO_printf(bio_err, "verify failure\n"); 272 goto end;
280 else BIO_printf(bio_err, "verify OK\n"); 273 if (i == 0)
274 BIO_printf(bio_err, "verify failure\n");
275 else
276 BIO_printf(bio_err, "verify OK\n");
281 } 277 }
282 278
283 if (num) 279 if (num) {
284 { 280 for (i = 1; i <= num; i++) {
285 for (i=1; i<=num; i++) 281 if (issuer == i) {
286 {
287 if (issuer == i)
288 {
289 print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); 282 print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
290 } 283 }
291 if (crlnumber == i) 284 if (crlnumber == i) {
292 {
293 ASN1_INTEGER *crlnum; 285 ASN1_INTEGER *crlnum;
294 crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, 286 crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
295 NULL, NULL); 287 NULL, NULL);
296 BIO_printf(bio_out,"crlNumber="); 288 BIO_printf(bio_out, "crlNumber=");
297 if (crlnum) 289 if (crlnum) {
298 {
299 i2a_ASN1_INTEGER(bio_out, crlnum); 290 i2a_ASN1_INTEGER(bio_out, crlnum);
300 ASN1_INTEGER_free(crlnum); 291 ASN1_INTEGER_free(crlnum);
301 } 292 } else
302 else
303 BIO_puts(bio_out, "<NONE>"); 293 BIO_puts(bio_out, "<NONE>");
304 BIO_printf(bio_out,"\n"); 294 BIO_printf(bio_out, "\n");
305 } 295 }
306 if (hash == i) 296 if (hash == i) {
307 { 297 BIO_printf(bio_out, "%08lx\n",
308 BIO_printf(bio_out,"%08lx\n", 298 X509_NAME_hash(X509_CRL_get_issuer(x)));
309 X509_NAME_hash(X509_CRL_get_issuer(x))); 299 }
310 }
311#ifndef OPENSSL_NO_MD5 300#ifndef OPENSSL_NO_MD5
312 if (hash_old == i) 301 if (hash_old == i) {
313 { 302 BIO_printf(bio_out, "%08lx\n",
314 BIO_printf(bio_out,"%08lx\n", 303 X509_NAME_hash_old(
315 X509_NAME_hash_old( 304 X509_CRL_get_issuer(x)));
316 X509_CRL_get_issuer(x))); 305 }
317 }
318#endif 306#endif
319 if (lastupdate == i) 307 if (lastupdate == i) {
320 { 308 BIO_printf(bio_out, "lastUpdate=");
321 BIO_printf(bio_out,"lastUpdate=");
322 ASN1_TIME_print(bio_out, 309 ASN1_TIME_print(bio_out,
323 X509_CRL_get_lastUpdate(x)); 310 X509_CRL_get_lastUpdate(x));
324 BIO_printf(bio_out,"\n"); 311 BIO_printf(bio_out, "\n");
325 } 312 }
326 if (nextupdate == i) 313 if (nextupdate == i) {
327 { 314 BIO_printf(bio_out, "nextUpdate=");
328 BIO_printf(bio_out,"nextUpdate="); 315 if (X509_CRL_get_nextUpdate(x))
329 if (X509_CRL_get_nextUpdate(x))
330 ASN1_TIME_print(bio_out, 316 ASN1_TIME_print(bio_out,
331 X509_CRL_get_nextUpdate(x)); 317 X509_CRL_get_nextUpdate(x));
332 else 318 else
333 BIO_printf(bio_out,"NONE"); 319 BIO_printf(bio_out, "NONE");
334 BIO_printf(bio_out,"\n"); 320 BIO_printf(bio_out, "\n");
335 } 321 }
336 if (fingerprint == i) 322 if (fingerprint == i) {
337 {
338 int j; 323 int j;
339 unsigned int n; 324 unsigned int n;
340 unsigned char md[EVP_MAX_MD_SIZE]; 325 unsigned char md[EVP_MAX_MD_SIZE];
341 326
342 if (!X509_CRL_digest(x,digest,md,&n)) 327 if (!X509_CRL_digest(x, digest, md, &n)) {
343 { 328 BIO_printf(bio_err, "out of memory\n");
344 BIO_printf(bio_err,"out of memory\n");
345 goto end; 329 goto end;
346 } 330 }
347 BIO_printf(bio_out,"%s Fingerprint=", 331 BIO_printf(bio_out, "%s Fingerprint=",
348 OBJ_nid2sn(EVP_MD_type(digest))); 332 OBJ_nid2sn(EVP_MD_type(digest)));
349 for (j=0; j<(int)n; j++) 333 for (j = 0; j < (int)n; j++) {
350 { 334 BIO_printf(bio_out, "%02X%c", md[j],
351 BIO_printf(bio_out,"%02X%c",md[j], 335 (j + 1 == (int)n) ? '\n' : ':');
352 (j+1 == (int)n)
353 ?'\n':':');
354 }
355 } 336 }
356 } 337 }
357 } 338 }
339 }
358 340
359 out=BIO_new(BIO_s_file()); 341 out = BIO_new(BIO_s_file());
360 if (out == NULL) 342 if (out == NULL) {
361 {
362 ERR_print_errors(bio_err); 343 ERR_print_errors(bio_err);
363 goto end; 344 goto end;
364 } 345 }
365 346
366 if (outfile == NULL) 347 if (outfile == NULL) {
367 { 348 BIO_set_fp(out, stdout, BIO_NOCLOSE);
368 BIO_set_fp(out,stdout,BIO_NOCLOSE); 349 } else {
369 } 350 if (BIO_write_filename(out, outfile) <= 0) {
370 else
371 {
372 if (BIO_write_filename(out,outfile) <= 0)
373 {
374 perror(outfile); 351 perror(outfile);
375 goto end; 352 goto end;
376 }
377 } 353 }
354 }
378 355
379 if (text) X509_CRL_print(out, x); 356 if (text)
357 X509_CRL_print(out, x);
380 358
381 if (noout) 359 if (noout) {
382 {
383 ret = 0; 360 ret = 0;
384 goto end; 361 goto end;
385 } 362 }
386 363
387 if (outformat == FORMAT_ASN1) 364 if (outformat == FORMAT_ASN1)
388 i=(int)i2d_X509_CRL_bio(out,x); 365 i = (int)i2d_X509_CRL_bio(out, x);
389 else if (outformat == FORMAT_PEM) 366 else if (outformat == FORMAT_PEM)
390 i=PEM_write_bio_X509_CRL(out,x); 367 i = PEM_write_bio_X509_CRL(out, x);
391 else 368 else {
392 { 369 BIO_printf(bio_err, "bad output format specified for outfile\n");
393 BIO_printf(bio_err,"bad output format specified for outfile\n");
394 goto end; 370 goto end;
395 } 371 }
396 if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; } 372 if (!i) {
397 ret=0; 373 BIO_printf(bio_err, "unable to write CRL\n");
374 goto end;
375 }
376 ret = 0;
377
398end: 378end:
399 BIO_free_all(out); 379 BIO_free_all(out);
400 BIO_free_all(bio_out); 380 BIO_free_all(bio_out);
401 bio_out=NULL; 381 bio_out = NULL;
402 X509_CRL_free(x); 382 X509_CRL_free(x);
403 if(store) { 383 if (store) {
404 X509_STORE_CTX_cleanup(&ctx); 384 X509_STORE_CTX_cleanup(&ctx);
405 X509_STORE_free(store); 385 X509_STORE_free(store);
406 } 386 }
407 apps_shutdown(); 387 apps_shutdown();
408 OPENSSL_EXIT(ret); 388 OPENSSL_EXIT(ret);
409 } 389}
410 390
411static X509_CRL *load_crl(char *infile, int format) 391static X509_CRL *
412 { 392load_crl(char *infile, int format)
413 X509_CRL *x=NULL; 393{
414 BIO *in=NULL; 394 X509_CRL *x = NULL;
395 BIO *in = NULL;
415 396
416 in=BIO_new(BIO_s_file()); 397 in = BIO_new(BIO_s_file());
417 if (in == NULL) 398 if (in == NULL) {
418 {
419 ERR_print_errors(bio_err); 399 ERR_print_errors(bio_err);
420 goto end; 400 goto end;
421 } 401 }
422 402
423 if (infile == NULL) 403 if (infile == NULL)
424 BIO_set_fp(in,stdin,BIO_NOCLOSE); 404 BIO_set_fp(in, stdin, BIO_NOCLOSE);
425 else 405 else {
426 { 406 if (BIO_read_filename(in, infile) <= 0) {
427 if (BIO_read_filename(in,infile) <= 0)
428 {
429 perror(infile); 407 perror(infile);
430 goto end; 408 goto end;
431 }
432 } 409 }
433 if (format == FORMAT_ASN1) 410 }
434 x=d2i_X509_CRL_bio(in,NULL); 411 if (format == FORMAT_ASN1)
412 x = d2i_X509_CRL_bio(in, NULL);
435 else if (format == FORMAT_PEM) 413 else if (format == FORMAT_PEM)
436 x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); 414 x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
437 else { 415 else {
438 BIO_printf(bio_err,"bad input format specified for input crl\n"); 416 BIO_printf(bio_err, "bad input format specified for input crl\n");
439 goto end; 417 goto end;
440 } 418 }
441 if (x == NULL) 419 if (x == NULL) {
442 { 420 BIO_printf(bio_err, "unable to load CRL\n");
443 BIO_printf(bio_err,"unable to load CRL\n");
444 ERR_print_errors(bio_err); 421 ERR_print_errors(bio_err);
445 goto end; 422 goto end;
446 }
447
448end:
449 BIO_free(in);
450 return(x);
451 } 423 }
452 424
425end:
426 BIO_free(in);
427 return (x);
428}
diff --git a/src/lib/libssl/src/apps/crl2p7.c b/src/lib/libssl/src/apps/crl2p7.c
index 20207091a9..b85ef51cfb 100644
--- a/src/lib/libssl/src/apps/crl2p7.c
+++ b/src/lib/libssl/src/apps/crl2p7.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -83,198 +83,187 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
83 83
84int MAIN(int, char **); 84int MAIN(int, char **);
85 85
86int MAIN(int argc, char **argv) 86int
87 { 87MAIN(int argc, char **argv)
88 int i,badops=0; 88{
89 BIO *in=NULL,*out=NULL; 89 int i, badops = 0;
90 int informat,outformat; 90 BIO *in = NULL, *out = NULL;
91 char *infile,*outfile,*prog,*certfile; 91 int informat, outformat;
92 char *infile, *outfile, *prog, *certfile;
92 PKCS7 *p7 = NULL; 93 PKCS7 *p7 = NULL;
93 PKCS7_SIGNED *p7s = NULL; 94 PKCS7_SIGNED *p7s = NULL;
94 X509_CRL *crl=NULL; 95 X509_CRL *crl = NULL;
95 STACK_OF(OPENSSL_STRING) *certflst=NULL; 96 STACK_OF(OPENSSL_STRING) *certflst = NULL;
96 STACK_OF(X509_CRL) *crl_stack=NULL; 97 STACK_OF(X509_CRL) *crl_stack = NULL;
97 STACK_OF(X509) *cert_stack=NULL; 98 STACK_OF(X509) *cert_stack = NULL;
98 int ret=1,nocrl=0; 99 int ret = 1, nocrl = 0;
99 100
100 apps_startup(); 101 apps_startup();
101 102
102 if (bio_err == NULL) 103 if (bio_err == NULL)
103 if ((bio_err=BIO_new(BIO_s_file())) != NULL) 104 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
104 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); 105 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
105 106
106 infile=NULL; 107 infile = NULL;
107 outfile=NULL; 108 outfile = NULL;
108 informat=FORMAT_PEM; 109 informat = FORMAT_PEM;
109 outformat=FORMAT_PEM; 110 outformat = FORMAT_PEM;
110 111
111 prog=argv[0]; 112 prog = argv[0];
112 argc--; 113 argc--;
113 argv++; 114 argv++;
114 while (argc >= 1) 115 while (argc >= 1) {
115 { 116 if (strcmp(*argv, "-inform") == 0) {
116 if (strcmp(*argv,"-inform") == 0) 117 if (--argc < 1)
117 { 118 goto bad;
118 if (--argc < 1) goto bad; 119 informat = str2fmt(*(++argv));
119 informat=str2fmt(*(++argv)); 120 } else if (strcmp(*argv, "-outform") == 0) {
120 } 121 if (--argc < 1)
121 else if (strcmp(*argv,"-outform") == 0) 122 goto bad;
122 { 123 outformat = str2fmt(*(++argv));
123 if (--argc < 1) goto bad; 124 } else if (strcmp(*argv, "-in") == 0) {
124 outformat=str2fmt(*(++argv)); 125 if (--argc < 1)
125 } 126 goto bad;
126 else if (strcmp(*argv,"-in") == 0)
127 {
128 if (--argc < 1) goto bad;
129 infile= *(++argv); 127 infile= *(++argv);
130 } 128 } else if (strcmp(*argv, "-nocrl") == 0) {
131 else if (strcmp(*argv,"-nocrl") == 0) 129 nocrl = 1;
132 { 130 } else if (strcmp(*argv, "-out") == 0) {
133 nocrl=1; 131 if (--argc < 1)
134 } 132 goto bad;
135 else if (strcmp(*argv,"-out") == 0)
136 {
137 if (--argc < 1) goto bad;
138 outfile= *(++argv); 133 outfile= *(++argv);
139 } 134 } else if (strcmp(*argv, "-certfile") == 0) {
140 else if (strcmp(*argv,"-certfile") == 0) 135 if (--argc < 1)
141 { 136 goto bad;
142 if (--argc < 1) goto bad; 137 if (!certflst) certflst = sk_OPENSSL_STRING_new_null();
143 if(!certflst) certflst = sk_OPENSSL_STRING_new_null(); 138 sk_OPENSSL_STRING_push(certflst, *(++argv));
144 sk_OPENSSL_STRING_push(certflst,*(++argv)); 139 } else {
145 } 140 BIO_printf(bio_err, "unknown option %s\n", *argv);
146 else 141 badops = 1;
147 {
148 BIO_printf(bio_err,"unknown option %s\n",*argv);
149 badops=1;
150 break; 142 break;
151 } 143 }
152 argc--; 144 argc--;
153 argv++; 145 argv++;
154 } 146 }
155 147
156 if (badops) 148 if (badops) {
157 {
158bad: 149bad:
159 BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog); 150 BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
160 BIO_printf(bio_err,"where options are\n"); 151 BIO_printf(bio_err, "where options are\n");
161 BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); 152 BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
162 BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); 153 BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
163 BIO_printf(bio_err," -in arg input file\n"); 154 BIO_printf(bio_err, " -in arg input file\n");
164 BIO_printf(bio_err," -out arg output file\n"); 155 BIO_printf(bio_err, " -out arg output file\n");
165 BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n"); 156 BIO_printf(bio_err, " -certfile arg certificates file of chain to a trusted CA\n");
166 BIO_printf(bio_err," (can be used more than once)\n"); 157 BIO_printf(bio_err, " (can be used more than once)\n");
167 BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n"); 158 BIO_printf(bio_err, " -nocrl no crl to load, just certs from '-certfile'\n");
168 ret = 1; 159 ret = 1;
169 goto end; 160 goto end;
170 } 161 }
171 162
172 ERR_load_crypto_strings(); 163 ERR_load_crypto_strings();
173 164
174 in=BIO_new(BIO_s_file()); 165 in = BIO_new(BIO_s_file());
175 out=BIO_new(BIO_s_file()); 166 out = BIO_new(BIO_s_file());
176 if ((in == NULL) || (out == NULL)) 167 if ((in == NULL) || (out == NULL)) {
177 {
178 ERR_print_errors(bio_err); 168 ERR_print_errors(bio_err);
179 goto end; 169 goto end;
180 } 170 }
181 171
182 if (!nocrl) 172 if (!nocrl) {
183 {
184 if (infile == NULL) 173 if (infile == NULL)
185 BIO_set_fp(in,stdin,BIO_NOCLOSE); 174 BIO_set_fp(in, stdin, BIO_NOCLOSE);
186 else 175 else {
187 { 176 if (BIO_read_filename(in, infile) <= 0) {
188 if (BIO_read_filename(in,infile) <= 0)
189 {
190 perror(infile); 177 perror(infile);
191 goto end; 178 goto end;
192 }
193 } 179 }
180 }
194 181
195 if (informat == FORMAT_ASN1) 182 if (informat == FORMAT_ASN1)
196 crl=d2i_X509_CRL_bio(in,NULL); 183 crl = d2i_X509_CRL_bio(in, NULL);
197 else if (informat == FORMAT_PEM) 184 else if (informat == FORMAT_PEM)
198 crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); 185 crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
199 else { 186 else {
200 BIO_printf(bio_err,"bad input format specified for input crl\n"); 187 BIO_printf(bio_err, "bad input format specified for input crl\n");
201 goto end; 188 goto end;
202 } 189 }
203 if (crl == NULL) 190 if (crl == NULL) {
204 { 191 BIO_printf(bio_err, "unable to load CRL\n");
205 BIO_printf(bio_err,"unable to load CRL\n");
206 ERR_print_errors(bio_err); 192 ERR_print_errors(bio_err);
207 goto end; 193 goto end;
208 }
209 } 194 }
210 195 }
211 if ((p7=PKCS7_new()) == NULL) goto end;
212 if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
213 p7->type=OBJ_nid2obj(NID_pkcs7_signed);
214 p7->d.sign=p7s;
215 p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
216 196
217 if (!ASN1_INTEGER_set(p7s->version,1)) goto end; 197 if ((p7 = PKCS7_new()) == NULL)
218 if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end; 198 goto end;
219 p7s->crl=crl_stack; 199 if ((p7s = PKCS7_SIGNED_new()) == NULL)
220 if (crl != NULL) 200 goto end;
221 { 201 p7->type = OBJ_nid2obj(NID_pkcs7_signed);
222 sk_X509_CRL_push(crl_stack,crl); 202 p7->d.sign = p7s;
203 p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
204
205 if (!ASN1_INTEGER_set(p7s->version, 1))
206 goto end;
207 if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
208 goto end;
209 p7s->crl = crl_stack;
210 if (crl != NULL) {
211 sk_X509_CRL_push(crl_stack, crl);
223 crl=NULL; /* now part of p7 for OPENSSL_freeing */ 212 crl=NULL; /* now part of p7 for OPENSSL_freeing */
224 } 213 }
225 214
226 if ((cert_stack=sk_X509_new_null()) == NULL) goto end; 215 if ((cert_stack = sk_X509_new_null()) == NULL)
227 p7s->cert=cert_stack; 216 goto end;
217 p7s->cert = cert_stack;
228 218
229 if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { 219 if (certflst) for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
230 certfile = sk_OPENSSL_STRING_value(certflst, i); 220 certfile = sk_OPENSSL_STRING_value(certflst, i);
231 if (add_certs_from_file(cert_stack,certfile) < 0) 221 if (add_certs_from_file(cert_stack, certfile) < 0) {
232 {
233 BIO_printf(bio_err, "error loading certificates\n"); 222 BIO_printf(bio_err, "error loading certificates\n");
234 ERR_print_errors(bio_err); 223 ERR_print_errors(bio_err);
235 goto end; 224 goto end;
236 } 225 }
237 } 226 }
238 227
239 sk_OPENSSL_STRING_free(certflst); 228 sk_OPENSSL_STRING_free(certflst);
240 229
241 if (outfile == NULL) 230 if (outfile == NULL) {
242 { 231 BIO_set_fp(out, stdout, BIO_NOCLOSE);
243 BIO_set_fp(out,stdout,BIO_NOCLOSE); 232 } else {
244 } 233 if (BIO_write_filename(out, outfile) <= 0) {
245 else
246 {
247 if (BIO_write_filename(out,outfile) <= 0)
248 {
249 perror(outfile); 234 perror(outfile);
250 goto end; 235 goto end;
251 }
252 } 236 }
237 }
253 238
254 if (outformat == FORMAT_ASN1) 239 if (outformat == FORMAT_ASN1)
255 i=i2d_PKCS7_bio(out,p7); 240 i = i2d_PKCS7_bio(out, p7);
256 else if (outformat == FORMAT_PEM) 241 else if (outformat == FORMAT_PEM)
257 i=PEM_write_bio_PKCS7(out,p7); 242 i = PEM_write_bio_PKCS7(out, p7);
258 else { 243 else {
259 BIO_printf(bio_err,"bad output format specified for outfile\n"); 244 BIO_printf(bio_err, "bad output format specified for outfile\n");
260 goto end; 245 goto end;
261 } 246 }
262 if (!i) 247 if (!i) {
263 { 248 BIO_printf(bio_err, "unable to write pkcs7 object\n");
264 BIO_printf(bio_err,"unable to write pkcs7 object\n");
265 ERR_print_errors(bio_err); 249 ERR_print_errors(bio_err);
266 goto end; 250 goto end;
267 } 251 }
268 ret=0; 252 ret = 0;
253
269end: 254end:
270 if (in != NULL) BIO_free(in); 255 if (in != NULL)
271 if (out != NULL) BIO_free_all(out); 256 BIO_free(in);
272 if (p7 != NULL) PKCS7_free(p7); 257 if (out != NULL)
273 if (crl != NULL) X509_CRL_free(crl); 258 BIO_free_all(out);
259 if (p7 != NULL)
260 PKCS7_free(p7);
261 if (crl != NULL)
262 X509_CRL_free(crl);
274 263
275 apps_shutdown(); 264 apps_shutdown();
276 OPENSSL_EXIT(ret); 265 OPENSSL_EXIT(ret);
277 } 266}
278 267
279/* 268/*
280 *---------------------------------------------------------------------- 269 *----------------------------------------------------------------------
@@ -286,46 +275,46 @@ end:
286 * number of certs added if successful, -1 if not. 275 * number of certs added if successful, -1 if not.
287 *---------------------------------------------------------------------- 276 *----------------------------------------------------------------------
288 */ 277 */
289static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) 278static int
290 { 279add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
291 BIO *in=NULL; 280{
292 int count=0; 281 BIO *in = NULL;
293 int ret= -1; 282 int count = 0;
294 STACK_OF(X509_INFO) *sk=NULL; 283 int ret = -1;
284 STACK_OF(X509_INFO) *sk = NULL;
295 X509_INFO *xi; 285 X509_INFO *xi;
296 286
297 in=BIO_new(BIO_s_file()); 287 in = BIO_new(BIO_s_file());
298 if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0)) 288 if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
299 { 289 BIO_printf(bio_err, "error opening the file, %s\n", certfile);
300 BIO_printf(bio_err,"error opening the file, %s\n",certfile);
301 goto end; 290 goto end;
302 } 291 }
303 292
304 /* This loads from a file, a stack of x509/crl/pkey sets */ 293 /* This loads from a file, a stack of x509/crl/pkey sets */
305 sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL); 294 sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
306 if (sk == NULL) { 295 if (sk == NULL) {
307 BIO_printf(bio_err,"error reading the file, %s\n",certfile); 296 BIO_printf(bio_err, "error reading the file, %s\n", certfile);
308 goto end; 297 goto end;
309 } 298 }
310 299
311 /* scan over it and pull out the CRL's */ 300 /* scan over it and pull out the CRL's */
312 while (sk_X509_INFO_num(sk)) 301 while (sk_X509_INFO_num(sk)) {
313 { 302 xi = sk_X509_INFO_shift(sk);
314 xi=sk_X509_INFO_shift(sk); 303 if (xi->x509 != NULL) {
315 if (xi->x509 != NULL) 304 sk_X509_push(stack, xi->x509);
316 { 305 xi->x509 = NULL;
317 sk_X509_push(stack,xi->x509);
318 xi->x509=NULL;
319 count++; 306 count++;
320 }
321 X509_INFO_free(xi);
322 } 307 }
323 308 X509_INFO_free(xi);
324 ret=count;
325end:
326 /* never need to OPENSSL_free x */
327 if (in != NULL) BIO_free(in);
328 if (sk != NULL) sk_X509_INFO_free(sk);
329 return(ret);
330 } 309 }
331 310
311 ret = count;
312
313end:
314 /* never need to OPENSSL_free x */
315 if (in != NULL)
316 BIO_free(in);
317 if (sk != NULL)
318 sk_X509_INFO_free(sk);
319 return (ret);
320}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:44:18 +0000