diff options
| author | inoguchi <> | 2022-01-11 16:06:48 +0000 |
|---|---|---|
| committer | inoguchi <> | 2022-01-11 16:06:48 +0000 |
| commit | b5533906bb806370a314519f28997663cbefb9b5 (patch) | |
| tree | aee4e720e75eb1fee746831d9642e48739f59b6d /src/usr.bin | |
| parent | d9052f84c6db2f82bf6c973587ca6b90955b1acf (diff) | |
| download | openbsd-b5533906bb806370a314519f28997663cbefb9b5.tar.gz openbsd-b5533906bb806370a314519f28997663cbefb9b5.tar.bz2 openbsd-b5533906bb806370a314519f28997663cbefb9b5.zip | |
Wrap long lines
Diffstat (limited to 'src/usr.bin')
| -rw-r--r-- | src/usr.bin/openssl/smime.c | 116 |
1 files changed, 74 insertions, 42 deletions
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c index 9b8ffc2d33..1a82d06865 100644 --- a/src/usr.bin/openssl/smime.c +++ b/src/usr.bin/openssl/smime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: smime.c,v 1.15 2022/01/11 15:45:00 inoguchi Exp $ */ | 1 | /* $OpenBSD: smime.c,v 1.16 2022/01/11 16:06:48 inoguchi Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -740,46 +740,56 @@ smime_main(int argc, char **argv) | |||
| 740 | args = argv + argsused; | 740 | args = argv + argsused; |
| 741 | ret = 1; | 741 | ret = 1; |
| 742 | 742 | ||
| 743 | if (!(smime_config.operation & SMIME_SIGNERS) && (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) { | 743 | if (!(smime_config.operation & SMIME_SIGNERS) && |
| 744 | (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) { | ||
| 744 | BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); | 745 | BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); |
| 745 | goto argerr; | 746 | goto argerr; |
| 746 | } | 747 | } |
| 747 | if (smime_config.operation & SMIME_SIGNERS) { | 748 | if (smime_config.operation & SMIME_SIGNERS) { |
| 748 | /* Check to see if any final signer needs to be appended */ | 749 | /* Check to see if any final signer needs to be appended */ |
| 749 | if (smime_config.keyfile != NULL && smime_config.signerfile == NULL) { | 750 | if (smime_config.keyfile != NULL && |
| 751 | smime_config.signerfile == NULL) { | ||
| 750 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); | 752 | BIO_puts(bio_err, "Illegal -inkey without -signer\n"); |
| 751 | goto argerr; | 753 | goto argerr; |
| 752 | } | 754 | } |
| 753 | if (smime_config.signerfile != NULL) { | 755 | if (smime_config.signerfile != NULL) { |
| 754 | if (smime_config.sksigners == NULL) { | 756 | if (smime_config.sksigners == NULL) { |
| 755 | if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) | 757 | if ((smime_config.sksigners = |
| 758 | sk_OPENSSL_STRING_new_null()) == NULL) | ||
| 756 | goto end; | 759 | goto end; |
| 757 | } | 760 | } |
| 758 | if (!sk_OPENSSL_STRING_push(smime_config.sksigners, smime_config.signerfile)) | 761 | if (!sk_OPENSSL_STRING_push(smime_config.sksigners, |
| 762 | smime_config.signerfile)) | ||
| 759 | goto end; | 763 | goto end; |
| 760 | if (smime_config.skkeys == NULL) { | 764 | if (smime_config.skkeys == NULL) { |
| 761 | if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) | 765 | if ((smime_config.skkeys = |
| 766 | sk_OPENSSL_STRING_new_null()) == NULL) | ||
| 762 | goto end; | 767 | goto end; |
| 763 | } | 768 | } |
| 764 | if (smime_config.keyfile == NULL) | 769 | if (smime_config.keyfile == NULL) |
| 765 | smime_config.keyfile = smime_config.signerfile; | 770 | smime_config.keyfile = smime_config.signerfile; |
| 766 | if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) | 771 | if (!sk_OPENSSL_STRING_push(smime_config.skkeys, |
| 772 | smime_config.keyfile)) | ||
| 767 | goto end; | 773 | goto end; |
| 768 | } | 774 | } |
| 769 | if (smime_config.sksigners == NULL) { | 775 | if (smime_config.sksigners == NULL) { |
| 770 | BIO_printf(bio_err, "No signer certificate specified\n"); | 776 | BIO_printf(bio_err, |
| 777 | "No signer certificate specified\n"); | ||
| 771 | badarg = 1; | 778 | badarg = 1; |
| 772 | } | 779 | } |
| 773 | smime_config.signerfile = NULL; | 780 | smime_config.signerfile = NULL; |
| 774 | smime_config.keyfile = NULL; | 781 | smime_config.keyfile = NULL; |
| 775 | } else if (smime_config.operation == SMIME_DECRYPT) { | 782 | } else if (smime_config.operation == SMIME_DECRYPT) { |
| 776 | if (smime_config.recipfile == NULL && smime_config.keyfile == NULL) { | 783 | if (smime_config.recipfile == NULL && |
| 777 | BIO_printf(bio_err, "No recipient certificate or key specified\n"); | 784 | smime_config.keyfile == NULL) { |
| 785 | BIO_printf(bio_err, | ||
| 786 | "No recipient certificate or key specified\n"); | ||
| 778 | badarg = 1; | 787 | badarg = 1; |
| 779 | } | 788 | } |
| 780 | } else if (smime_config.operation == SMIME_ENCRYPT) { | 789 | } else if (smime_config.operation == SMIME_ENCRYPT) { |
| 781 | if (*args == NULL) { | 790 | if (*args == NULL) { |
| 782 | BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); | 791 | BIO_printf(bio_err, |
| 792 | "No recipient(s) certificate(s) specified\n"); | ||
| 783 | badarg = 1; | 793 | badarg = 1; |
| 784 | } | 794 | } |
| 785 | } else if (!smime_config.operation) { | 795 | } else if (!smime_config.operation) { |
| @@ -840,15 +850,16 @@ smime_main(int argc, char **argv) | |||
| 840 | } | 850 | } |
| 841 | } | 851 | } |
| 842 | if (smime_config.certfile != NULL) { | 852 | if (smime_config.certfile != NULL) { |
| 843 | if ((other = load_certs(bio_err, smime_config.certfile, FORMAT_PEM, NULL, | 853 | if ((other = load_certs(bio_err, smime_config.certfile, |
| 844 | "certificate file")) == NULL) { | 854 | FORMAT_PEM, NULL, "certificate file")) == NULL) { |
| 845 | ERR_print_errors(bio_err); | 855 | ERR_print_errors(bio_err); |
| 846 | goto end; | 856 | goto end; |
| 847 | } | 857 | } |
| 848 | } | 858 | } |
| 849 | if (smime_config.recipfile != NULL && (smime_config.operation == SMIME_DECRYPT)) { | 859 | if (smime_config.recipfile != NULL && |
| 850 | if ((recip = load_cert(bio_err, smime_config.recipfile, FORMAT_PEM, NULL, | 860 | (smime_config.operation == SMIME_DECRYPT)) { |
| 851 | "recipient certificate file")) == NULL) { | 861 | if ((recip = load_cert(bio_err, smime_config.recipfile, |
| 862 | FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { | ||
| 852 | ERR_print_errors(bio_err); | 863 | ERR_print_errors(bio_err); |
| 853 | goto end; | 864 | goto end; |
| 854 | } | 865 | } |
| @@ -864,8 +875,8 @@ smime_main(int argc, char **argv) | |||
| 864 | } | 875 | } |
| 865 | 876 | ||
| 866 | if (smime_config.keyfile != NULL) { | 877 | if (smime_config.keyfile != NULL) { |
| 867 | key = load_key(bio_err, smime_config.keyfile, smime_config.keyform, 0, passin, | 878 | key = load_key(bio_err, smime_config.keyfile, |
| 868 | "signing key file"); | 879 | smime_config.keyform, 0, passin, "signing key file"); |
| 869 | if (key == NULL) | 880 | if (key == NULL) |
| 870 | goto end; | 881 | goto end; |
| 871 | } | 882 | } |
| @@ -888,7 +899,8 @@ smime_main(int argc, char **argv) | |||
| 888 | else if (smime_config.informat == FORMAT_ASN1) | 899 | else if (smime_config.informat == FORMAT_ASN1) |
| 889 | p7 = d2i_PKCS7_bio(in, NULL); | 900 | p7 = d2i_PKCS7_bio(in, NULL); |
| 890 | else { | 901 | else { |
| 891 | BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); | 902 | BIO_printf(bio_err, |
| 903 | "Bad input format for PKCS#7 file\n"); | ||
| 892 | goto end; | 904 | goto end; |
| 893 | } | 905 | } |
| 894 | 906 | ||
| @@ -898,8 +910,11 @@ smime_main(int argc, char **argv) | |||
| 898 | } | 910 | } |
| 899 | if (smime_config.contfile != NULL) { | 911 | if (smime_config.contfile != NULL) { |
| 900 | BIO_free(indata); | 912 | BIO_free(indata); |
| 901 | if ((indata = BIO_new_file(smime_config.contfile, "rb")) == NULL) { | 913 | if ((indata = BIO_new_file(smime_config.contfile, |
| 902 | BIO_printf(bio_err, "Can't read content file %s\n", smime_config.contfile); | 914 | "rb")) == NULL) { |
| 915 | BIO_printf(bio_err, | ||
| 916 | "Can't read content file %s\n", | ||
| 917 | smime_config.contfile); | ||
| 903 | goto end; | 918 | goto end; |
| 904 | } | 919 | } |
| 905 | } | 920 | } |
| @@ -907,7 +922,8 @@ smime_main(int argc, char **argv) | |||
| 907 | if (smime_config.outfile != NULL) { | 922 | if (smime_config.outfile != NULL) { |
| 908 | if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) { | 923 | if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) { |
| 909 | BIO_printf(bio_err, | 924 | BIO_printf(bio_err, |
| 910 | "Can't open output file %s\n", smime_config.outfile); | 925 | "Can't open output file %s\n", |
| 926 | smime_config.outfile); | ||
| 911 | goto end; | 927 | goto end; |
| 912 | } | 928 | } |
| 913 | } else { | 929 | } else { |
| @@ -916,7 +932,8 @@ smime_main(int argc, char **argv) | |||
| 916 | } | 932 | } |
| 917 | 933 | ||
| 918 | if (smime_config.operation == SMIME_VERIFY) { | 934 | if (smime_config.operation == SMIME_VERIFY) { |
| 919 | if ((store = setup_verify(bio_err, smime_config.CAfile, smime_config.CApath)) == NULL) | 935 | if ((store = setup_verify(bio_err, smime_config.CAfile, |
| 936 | smime_config.CApath)) == NULL) | ||
| 920 | goto end; | 937 | goto end; |
| 921 | X509_STORE_set_verify_cb(store, smime_cb); | 938 | X509_STORE_set_verify_cb(store, smime_cb); |
| 922 | if (smime_config.vpm != NULL) { | 939 | if (smime_config.vpm != NULL) { |
| @@ -929,7 +946,8 @@ smime_main(int argc, char **argv) | |||
| 929 | if (smime_config.operation == SMIME_ENCRYPT) { | 946 | if (smime_config.operation == SMIME_ENCRYPT) { |
| 930 | if (smime_config.indef) | 947 | if (smime_config.indef) |
| 931 | smime_config.flags |= PKCS7_STREAM; | 948 | smime_config.flags |= PKCS7_STREAM; |
| 932 | p7 = PKCS7_encrypt(encerts, in, smime_config.cipher, smime_config.flags); | 949 | p7 = PKCS7_encrypt(encerts, in, smime_config.cipher, |
| 950 | smime_config.flags); | ||
| 933 | } else if (smime_config.operation & SMIME_SIGNERS) { | 951 | } else if (smime_config.operation & SMIME_SIGNERS) { |
| 934 | int i; | 952 | int i; |
| 935 | /* | 953 | /* |
| @@ -944,25 +962,29 @@ smime_main(int argc, char **argv) | |||
| 944 | smime_config.flags |= PKCS7_STREAM; | 962 | smime_config.flags |= PKCS7_STREAM; |
| 945 | } | 963 | } |
| 946 | smime_config.flags |= PKCS7_PARTIAL; | 964 | smime_config.flags |= PKCS7_PARTIAL; |
| 947 | p7 = PKCS7_sign(NULL, NULL, other, in, smime_config.flags); | 965 | p7 = PKCS7_sign(NULL, NULL, other, in, |
| 966 | smime_config.flags); | ||
| 948 | if (p7 == NULL) | 967 | if (p7 == NULL) |
| 949 | goto end; | 968 | goto end; |
| 950 | } else { | 969 | } else { |
| 951 | smime_config.flags |= PKCS7_REUSE_DIGEST; | 970 | smime_config.flags |= PKCS7_REUSE_DIGEST; |
| 952 | } | 971 | } |
| 953 | for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) { | 972 | for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) { |
| 954 | smime_config.signerfile = sk_OPENSSL_STRING_value(smime_config.sksigners, i); | 973 | smime_config.signerfile = |
| 955 | smime_config.keyfile = sk_OPENSSL_STRING_value(smime_config.skkeys, i); | 974 | sk_OPENSSL_STRING_value(smime_config.sksigners, i); |
| 956 | signer = load_cert(bio_err, smime_config.signerfile, FORMAT_PEM, NULL, | 975 | smime_config.keyfile = |
| 957 | "signer certificate"); | 976 | sk_OPENSSL_STRING_value(smime_config.skkeys, i); |
| 977 | signer = load_cert(bio_err, smime_config.signerfile, | ||
| 978 | FORMAT_PEM, NULL, "signer certificate"); | ||
| 958 | if (signer == NULL) | 979 | if (signer == NULL) |
| 959 | goto end; | 980 | goto end; |
| 960 | key = load_key(bio_err, smime_config.keyfile, smime_config.keyform, 0, passin, | 981 | key = load_key(bio_err, smime_config.keyfile, |
| 982 | smime_config.keyform, 0, passin, | ||
| 961 | "signing key file"); | 983 | "signing key file"); |
| 962 | if (key == NULL) | 984 | if (key == NULL) |
| 963 | goto end; | 985 | goto end; |
| 964 | if (PKCS7_sign_add_signer(p7, signer, key, | 986 | if (PKCS7_sign_add_signer(p7, signer, key, |
| 965 | smime_config.sign_md, smime_config.flags) == NULL) | 987 | smime_config.sign_md, smime_config.flags) == NULL) |
| 966 | goto end; | 988 | goto end; |
| 967 | X509_free(signer); | 989 | X509_free(signer); |
| 968 | signer = NULL; | 990 | signer = NULL; |
| @@ -970,7 +992,8 @@ smime_main(int argc, char **argv) | |||
| 970 | key = NULL; | 992 | key = NULL; |
| 971 | } | 993 | } |
| 972 | /* If not streaming or resigning finalize structure */ | 994 | /* If not streaming or resigning finalize structure */ |
| 973 | if ((smime_config.operation == SMIME_SIGN) && !(smime_config.flags & PKCS7_STREAM)) { | 995 | if ((smime_config.operation == SMIME_SIGN) && |
| 996 | !(smime_config.flags & PKCS7_STREAM)) { | ||
| 974 | if (!PKCS7_final(p7, in, smime_config.flags)) | 997 | if (!PKCS7_final(p7, in, smime_config.flags)) |
| 975 | goto end; | 998 | goto end; |
| 976 | } | 999 | } |
| @@ -980,20 +1003,24 @@ smime_main(int argc, char **argv) | |||
| 980 | goto end; | 1003 | goto end; |
| 981 | } | 1004 | } |
| 982 | ret = 4; | 1005 | ret = 4; |
| 1006 | |||
| 983 | if (smime_config.operation == SMIME_DECRYPT) { | 1007 | if (smime_config.operation == SMIME_DECRYPT) { |
| 984 | if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) { | 1008 | if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) { |
| 985 | BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); | 1009 | BIO_printf(bio_err, |
| 1010 | "Error decrypting PKCS#7 structure\n"); | ||
| 986 | goto end; | 1011 | goto end; |
| 987 | } | 1012 | } |
| 988 | } else if (smime_config.operation == SMIME_VERIFY) { | 1013 | } else if (smime_config.operation == SMIME_VERIFY) { |
| 989 | STACK_OF(X509) *signers; | 1014 | STACK_OF(X509) *signers; |
| 990 | if (PKCS7_verify(p7, other, store, indata, out, smime_config.flags)) { | 1015 | if (PKCS7_verify(p7, other, store, indata, out, |
| 1016 | smime_config.flags)) { | ||
| 991 | BIO_printf(bio_err, "Verification successful\n"); | 1017 | BIO_printf(bio_err, "Verification successful\n"); |
| 992 | } else { | 1018 | } else { |
| 993 | BIO_printf(bio_err, "Verification failure\n"); | 1019 | BIO_printf(bio_err, "Verification failure\n"); |
| 994 | goto end; | 1020 | goto end; |
| 995 | } | 1021 | } |
| 996 | if ((signers = PKCS7_get0_signers(p7, other, smime_config.flags)) == NULL) | 1022 | if ((signers = PKCS7_get0_signers(p7, other, |
| 1023 | smime_config.flags)) == NULL) | ||
| 997 | goto end; | 1024 | goto end; |
| 998 | if (!save_certs(smime_config.signerfile, signers)) { | 1025 | if (!save_certs(smime_config.signerfile, signers)) { |
| 999 | BIO_printf(bio_err, "Error writing signers to %s\n", | 1026 | BIO_printf(bio_err, "Error writing signers to %s\n", |
| @@ -1013,20 +1040,25 @@ smime_main(int argc, char **argv) | |||
| 1013 | BIO_printf(out, "Subject: %s\n", smime_config.subject); | 1040 | BIO_printf(out, "Subject: %s\n", smime_config.subject); |
| 1014 | if (smime_config.outformat == FORMAT_SMIME) { | 1041 | if (smime_config.outformat == FORMAT_SMIME) { |
| 1015 | if (smime_config.operation == SMIME_RESIGN) { | 1042 | if (smime_config.operation == SMIME_RESIGN) { |
| 1016 | if (!SMIME_write_PKCS7(out, p7, indata, smime_config.flags)) | 1043 | if (!SMIME_write_PKCS7(out, p7, indata, |
| 1044 | smime_config.flags)) | ||
| 1017 | goto end; | 1045 | goto end; |
| 1018 | } else { | 1046 | } else { |
| 1019 | if (!SMIME_write_PKCS7(out, p7, in, smime_config.flags)) | 1047 | if (!SMIME_write_PKCS7(out, p7, in, |
| 1048 | smime_config.flags)) | ||
| 1020 | goto end; | 1049 | goto end; |
| 1021 | } | 1050 | } |
| 1022 | } else if (smime_config.outformat == FORMAT_PEM) { | 1051 | } else if (smime_config.outformat == FORMAT_PEM) { |
| 1023 | if (!PEM_write_bio_PKCS7_stream(out, p7, in, smime_config.flags)) | 1052 | if (!PEM_write_bio_PKCS7_stream(out, p7, in, |
| 1053 | smime_config.flags)) | ||
| 1024 | goto end; | 1054 | goto end; |
| 1025 | } else if (smime_config.outformat == FORMAT_ASN1) { | 1055 | } else if (smime_config.outformat == FORMAT_ASN1) { |
| 1026 | if (!i2d_PKCS7_bio_stream(out, p7, in, smime_config.flags)) | 1056 | if (!i2d_PKCS7_bio_stream(out, p7, in, |
| 1057 | smime_config.flags)) | ||
| 1027 | goto end; | 1058 | goto end; |
| 1028 | } else { | 1059 | } else { |
| 1029 | BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); | 1060 | BIO_printf(bio_err, |
| 1061 | "Bad output format for PKCS#7 file\n"); | ||
| 1030 | goto end; | 1062 | goto end; |
| 1031 | } | 1063 | } |
| 1032 | } | 1064 | } |
| @@ -1081,8 +1113,8 @@ smime_cb(int ok, X509_STORE_CTX *ctx) | |||
| 1081 | 1113 | ||
| 1082 | error = X509_STORE_CTX_get_error(ctx); | 1114 | error = X509_STORE_CTX_get_error(ctx); |
| 1083 | 1115 | ||
| 1084 | if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) | 1116 | if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) && |
| 1085 | && ((error != X509_V_OK) || (ok != 2))) | 1117 | ((error != X509_V_OK) || (ok != 2))) |
| 1086 | return ok; | 1118 | return ok; |
| 1087 | 1119 | ||
| 1088 | policies_print(NULL, ctx); | 1120 | policies_print(NULL, ctx); |