summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorinoguchi <>2022-01-11 14:23:05 +0000
committerinoguchi <>2022-01-11 14:23:05 +0000
commit5e4522afeff947e01ff7fb06980e868f455ea1dc (patch)
tree056afc76e3a733e4c239c3c903c578a36cd87e35 /src
parent4f0cc9e9c571da9cb2829afb6bf7c5afbc30a0af (diff)
downloadopenbsd-5e4522afeff947e01ff7fb06980e868f455ea1dc.tar.gz
openbsd-5e4522afeff947e01ff7fb06980e868f455ea1dc.tar.bz2
openbsd-5e4522afeff947e01ff7fb06980e868f455ea1dc.zip
Convert openssl(1) smime option handling
Apply new option handling to openssl(1) smime and no functional changes. input and ok jsing@
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/openssl/smime.c1101
1 files changed, 744 insertions, 357 deletions
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c
index e8f5201e1b..5aa04c21a6 100644
--- a/src/usr.bin/openssl/smime.c
+++ b/src/usr.bin/openssl/smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: smime.c,v 1.10 2018/02/07 05:47:55 jsing Exp $ */ 1/* $OpenBSD: smime.c,v 1.11 2022/01/11 14:23:05 inoguchi Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -82,18 +82,635 @@ static int smime_cb(int ok, X509_STORE_CTX * ctx);
82#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP) 82#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP)
83#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) 83#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
84 84
85static struct {
86 char *CAfile;
87 char *CApath;
88 char *certfile;
89 const EVP_CIPHER *cipher;
90 char *contfile;
91 int flags;
92 char *from;
93 int indef;
94 char *infile;
95 int informat;
96 char *keyfile;
97 int keyform;
98 int operation;
99 char *outfile;
100 int outformat;
101 char *passargin;
102 char *recipfile;
103 const EVP_MD *sign_md;
104 char *signerfile;
105 STACK_OF(OPENSSL_STRING) *skkeys;
106 STACK_OF(OPENSSL_STRING) *sksigners;
107 char *subject;
108 char *to;
109 X509_VERIFY_PARAM *vpm;
110} smime_config;
111
112static const EVP_CIPHER *
113get_cipher_by_name(char *name)
114{
115 if (name == NULL || strcmp(name, "") == 0)
116 return (NULL);
117#ifndef OPENSSL_NO_AES
118 else if (strcmp(name, "aes128") == 0)
119 return EVP_aes_128_cbc();
120 else if (strcmp(name, "aes192") == 0)
121 return EVP_aes_192_cbc();
122 else if (strcmp(name, "aes256") == 0)
123 return EVP_aes_256_cbc();
124#endif
125#ifndef OPENSSL_NO_CAMELLIA
126 else if (strcmp(name, "camellia128") == 0)
127 return EVP_camellia_128_cbc();
128 else if (strcmp(name, "camellia192") == 0)
129 return EVP_camellia_192_cbc();
130 else if (strcmp(name, "camellia256") == 0)
131 return EVP_camellia_256_cbc();
132#endif
133#ifndef OPENSSL_NO_DES
134 else if (strcmp(name, "des") == 0)
135 return EVP_des_cbc();
136 else if (strcmp(name, "des3") == 0)
137 return EVP_des_ede3_cbc();
138#endif
139#ifndef OPENSSL_NO_RC2
140 else if (!strcmp(name, "rc2-40"))
141 return EVP_rc2_40_cbc();
142 else if (!strcmp(name, "rc2-64"))
143 return EVP_rc2_64_cbc();
144 else if (!strcmp(name, "rc2-128"))
145 return EVP_rc2_cbc();
146#endif
147}
148
149static int
150smime_opt_cipher(int argc, char **argv, int *argsused)
151{
152 char *name = argv[0];
153
154 if (*name++ != '-')
155 return (1);
156
157 if ((smime_config.cipher = get_cipher_by_name(name)) == NULL)
158 if ((smime_config.cipher = EVP_get_cipherbyname(name)) == NULL)
159 return (1);
160
161 *argsused = 1;
162 return (0);
163}
164
165static int
166smime_opt_inkey(char *arg)
167{
168 if (smime_config.keyfile == NULL) {
169 smime_config.keyfile = arg;
170 return (0);
171 }
172
173 if (smime_config.signerfile == NULL) {
174 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
175 return (1);
176 }
177
178 if (smime_config.sksigners == NULL) {
179 if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
180 return (1);
181 }
182 if (!sk_OPENSSL_STRING_push(smime_config.sksigners,
183 smime_config.signerfile))
184 return (1);
185
186 smime_config.signerfile = NULL;
187
188 if (smime_config.skkeys == NULL) {
189 if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
190 return (1);
191 }
192 if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile))
193 return (1);
194
195 smime_config.keyfile = arg;
196 return (0);
197}
198
199static int
200smime_opt_md(char *arg)
201{
202 if ((smime_config.sign_md = EVP_get_digestbyname(arg)) == NULL) {
203 BIO_printf(bio_err, "Unknown digest %s\n", arg);
204 return (1);
205 }
206 return (0);
207}
208
209static int
210smime_opt_signer(char *arg)
211{
212 if (smime_config.signerfile == NULL) {
213 smime_config.signerfile = arg;
214 return (0);
215 }
216
217 if (smime_config.sksigners == NULL) {
218 if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
219 return (1);
220 }
221 if (!sk_OPENSSL_STRING_push(smime_config.sksigners,
222 smime_config.signerfile))
223 return (1);
224
225 if (smime_config.keyfile == NULL)
226 smime_config.keyfile = smime_config.signerfile;
227
228 if (smime_config.skkeys == NULL) {
229 if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
230 return (1);
231 }
232 if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile))
233 return (1);
234
235 smime_config.keyfile = NULL;
236
237 smime_config.signerfile = arg;
238 return (0);
239}
240
241static int
242smime_opt_verify_param(int argc, char **argv, int *argsused)
243{
244 int oargc = argc;
245 int badarg = 0;
246
247 if (!args_verify(&argv, &argc, &badarg, bio_err, &smime_config.vpm))
248 return (1);
249 if (badarg)
250 return (1);
251
252 *argsused = oargc - argc;
253
254 return (0);
255}
256
257static const struct option smime_options[] = {
258#ifndef OPENSSL_NO_AES
259 {
260 .name = "aes128",
261 .desc = "Encrypt PEM output with CBC AES",
262 .type = OPTION_ARGV_FUNC,
263 .opt.argvfunc = smime_opt_cipher,
264 },
265 {
266 .name = "aes192",
267 .desc = "Encrypt PEM output with CBC AES",
268 .type = OPTION_ARGV_FUNC,
269 .opt.argvfunc = smime_opt_cipher,
270 },
271 {
272 .name = "aes256",
273 .desc = "Encrypt PEM output with CBC AES",
274 .type = OPTION_ARGV_FUNC,
275 .opt.argvfunc = smime_opt_cipher,
276 },
277#endif
278#ifndef OPENSSL_NO_CAMELLIA
279 {
280 .name = "camellia128",
281 .desc = "Encrypt PEM output with CBC Camellia",
282 .type = OPTION_ARGV_FUNC,
283 .opt.argvfunc = smime_opt_cipher,
284 },
285 {
286 .name = "camellia192",
287 .desc = "Encrypt PEM output with CBC Camellia",
288 .type = OPTION_ARGV_FUNC,
289 .opt.argvfunc = smime_opt_cipher,
290 },
291 {
292 .name = "camellia256",
293 .desc = "Encrypt PEM output with CBC Camellia",
294 .type = OPTION_ARGV_FUNC,
295 .opt.argvfunc = smime_opt_cipher,
296 },
297#endif
298#ifndef OPENSSL_NO_DES
299 {
300 .name = "des",
301 .desc = "Encrypt with DES",
302 .type = OPTION_ARGV_FUNC,
303 .opt.argvfunc = smime_opt_cipher,
304 },
305 {
306 .name = "des3",
307 .desc = "Encrypt with triple DES",
308 .type = OPTION_ARGV_FUNC,
309 .opt.argvfunc = smime_opt_cipher,
310 },
311#endif
312#ifndef OPENSSL_NO_RC2
313 {
314 .name = "rc2-40",
315 .desc = "Encrypt with RC2-40 (default)",
316 .type = OPTION_ARGV_FUNC,
317 .opt.argvfunc = smime_opt_cipher,
318 },
319 {
320 .name = "rc2-64",
321 .desc = "Encrypt with RC2-64",
322 .type = OPTION_ARGV_FUNC,
323 .opt.argvfunc = smime_opt_cipher,
324 },
325 {
326 .name = "rc2-128",
327 .desc = "Encrypt with RC2-128",
328 .type = OPTION_ARGV_FUNC,
329 .opt.argvfunc = smime_opt_cipher,
330 },
331#endif
332 {
333 .name = "CAfile",
334 .argname = "file",
335 .desc = "Certificate Authority file",
336 .type = OPTION_ARG,
337 .opt.arg = &smime_config.CAfile,
338 },
339 {
340 .name = "CApath",
341 .argname = "path",
342 .desc = "Certificate Authority path",
343 .type = OPTION_ARG,
344 .opt.arg = &smime_config.CApath,
345 },
346 {
347 .name = "binary",
348 .desc = "Do not translate message to text",
349 .type = OPTION_VALUE_OR,
350 .opt.value = &smime_config.flags,
351 .value = PKCS7_BINARY,
352 },
353 {
354 .name = "certfile",
355 .argname = "file",
356 .desc = "Other certificates file",
357 .type = OPTION_ARG,
358 .opt.arg = &smime_config.certfile,
359 },
360 {
361 .name = "content",
362 .argname = "file",
363 .desc = "Supply or override content for detached signature",
364 .type = OPTION_ARG,
365 .opt.arg = &smime_config.contfile,
366 },
367 {
368 .name = "crlfeol",
369 .desc = "Use CRLF as EOL termination instead of CR only",
370 .type = OPTION_VALUE_OR,
371 .opt.value = &smime_config.flags,
372 .value = PKCS7_CRLFEOL,
373 },
374 {
375 .name = "decrypt",
376 .desc = "Decrypt encrypted message",
377 .type = OPTION_VALUE,
378 .opt.value = &smime_config.operation,
379 .value = SMIME_DECRYPT,
380 },
381 {
382 .name = "encrypt",
383 .desc = "Encrypt message",
384 .type = OPTION_VALUE,
385 .opt.value = &smime_config.operation,
386 .value = SMIME_ENCRYPT,
387 },
388 {
389 .name = "from",
390 .argname = "addr",
391 .desc = "From address",
392 .type = OPTION_ARG,
393 .opt.arg = &smime_config.from,
394 },
395 {
396 .name = "in",
397 .argname = "file",
398 .desc = "Input file",
399 .type = OPTION_ARG,
400 .opt.arg = &smime_config.infile,
401 },
402 {
403 .name = "indef",
404 .desc = "Same as -stream",
405 .type = OPTION_VALUE,
406 .opt.value = &smime_config.indef,
407 .value = 1,
408 },
409 {
410 .name = "inform",
411 .argname = "fmt",
412 .desc = "Input format (DER, PEM or SMIME (default))",
413 .type = OPTION_ARG_FORMAT,
414 .opt.value = &smime_config.informat,
415 },
416 {
417 .name = "inkey",
418 .argname = "file",
419 .desc = "Input key file",
420 .type = OPTION_ARG_FUNC,
421 .opt.argfunc = smime_opt_inkey,
422 },
423 {
424 .name = "keyform",
425 .argname = "fmt",
426 .desc = "Input key format (DER or PEM (default))",
427 .type = OPTION_ARG_FORMAT,
428 .opt.value = &smime_config.keyform,
429 },
430 {
431 .name = "md",
432 .argname = "digest",
433 .desc = "Digest to use when signing or resigning",
434 .type = OPTION_ARG_FUNC,
435 .opt.argfunc = smime_opt_md,
436 },
437 {
438 .name = "noattr",
439 .desc = "Do not include any signed attributes",
440 .type = OPTION_VALUE_OR,
441 .opt.value = &smime_config.flags,
442 .value = PKCS7_NOATTR,
443 },
444 {
445 .name = "nocerts",
446 .desc = "Do not include signer's certificate when signing",
447 .type = OPTION_VALUE_OR,
448 .opt.value = &smime_config.flags,
449 .value = PKCS7_NOCERTS,
450 },
451 {
452 .name = "nochain",
453 .desc = "Do not chain verification of signer's certificates",
454 .type = OPTION_VALUE_OR,
455 .opt.value = &smime_config.flags,
456 .value = PKCS7_NOCHAIN,
457 },
458 {
459 .name = "nodetach",
460 .desc = "Use opaque signing",
461 .type = OPTION_VALUE_AND,
462 .opt.value = &smime_config.flags,
463 .value = ~PKCS7_DETACHED,
464 },
465 {
466 .name = "noindef",
467 .desc = "Disable streaming I/O",
468 .type = OPTION_VALUE,
469 .opt.value = &smime_config.indef,
470 .value = 0,
471 },
472 {
473 .name = "nointern",
474 .desc = "Do not search certificates in message for signer",
475 .type = OPTION_VALUE_OR,
476 .opt.value = &smime_config.flags,
477 .value = PKCS7_NOINTERN,
478 },
479 {
480 .name = "nooldmime",
481 .desc = "Output old S/MIME content type",
482 .type = OPTION_VALUE_OR,
483 .opt.value = &smime_config.flags,
484 .value = PKCS7_NOOLDMIMETYPE,
485 },
486 {
487 .name = "nosigs",
488 .desc = "Do not verify message signature",
489 .type = OPTION_VALUE_OR,
490 .opt.value = &smime_config.flags,
491 .value = PKCS7_NOSIGS,
492 },
493 {
494 .name = "nosmimecap",
495 .desc = "Omit the SMIMECapabilities attribute",
496 .type = OPTION_VALUE_OR,
497 .opt.value = &smime_config.flags,
498 .value = PKCS7_NOSMIMECAP,
499 },
500 {
501 .name = "noverify",
502 .desc = "Do not verify signer's certificate",
503 .type = OPTION_VALUE_OR,
504 .opt.value = &smime_config.flags,
505 .value = PKCS7_NOVERIFY,
506 },
507 {
508 .name = "out",
509 .argname = "file",
510 .desc = "Output file",
511 .type = OPTION_ARG,
512 .opt.arg = &smime_config.outfile,
513 },
514 {
515 .name = "outform",
516 .argname = "fmt",
517 .desc = "Output format (DER, PEM or SMIME (default))",
518 .type = OPTION_ARG_FORMAT,
519 .opt.value = &smime_config.outformat,
520 },
521 {
522 .name = "passin",
523 .argname = "src",
524 .desc = "Private key password source",
525 .type = OPTION_ARG,
526 .opt.arg = &smime_config.passargin,
527 },
528 {
529 .name = "pk7out",
530 .desc = "Output PKCS#7 structure",
531 .type = OPTION_VALUE,
532 .opt.value = &smime_config.operation,
533 .value = SMIME_PK7OUT,
534 },
535 {
536 .name = "recip",
537 .argname = "file",
538 .desc = "Recipient certificate file for decryption",
539 .type = OPTION_ARG,
540 .opt.arg = &smime_config.recipfile,
541 },
542 {
543 .name = "resign",
544 .desc = "Resign a signed message",
545 .type = OPTION_VALUE,
546 .opt.value = &smime_config.operation,
547 .value = SMIME_RESIGN,
548 },
549 {
550 .name = "sign",
551 .desc = "Sign message",
552 .type = OPTION_VALUE,
553 .opt.value = &smime_config.operation,
554 .value = SMIME_SIGN,
555 },
556 {
557 .name = "signer",
558 .argname = "file",
559 .desc = "Signer certificate file",
560 .type = OPTION_ARG_FUNC,
561 .opt.argfunc = smime_opt_signer,
562 },
563 {
564 .name = "stream",
565 .desc = "Enable streaming I/O",
566 .type = OPTION_VALUE,
567 .opt.value = &smime_config.indef,
568 .value = 1,
569 },
570 {
571 .name = "subject",
572 .argname = "s",
573 .desc = "Subject",
574 .type = OPTION_ARG,
575 .opt.arg = &smime_config.subject,
576 },
577 {
578 .name = "text",
579 .desc = "Include or delete text MIME headers",
580 .type = OPTION_VALUE_OR,
581 .opt.value = &smime_config.flags,
582 .value = PKCS7_TEXT,
583 },
584 {
585 .name = "to",
586 .argname = "addr",
587 .desc = "To address",
588 .type = OPTION_ARG,
589 .opt.arg = &smime_config.to,
590 },
591 {
592 .name = "verify",
593 .desc = "Verify signed message",
594 .type = OPTION_VALUE,
595 .opt.value = &smime_config.operation,
596 .value = SMIME_VERIFY,
597 },
598 {
599 .name = "check_ss_sig",
600 .type = OPTION_ARGV_FUNC,
601 .opt.argvfunc = smime_opt_verify_param,
602 },
603 {
604 .name = "crl_check",
605 .type = OPTION_ARGV_FUNC,
606 .opt.argvfunc = smime_opt_verify_param,
607 },
608 {
609 .name = "crl_check_all",
610 .type = OPTION_ARGV_FUNC,
611 .opt.argvfunc = smime_opt_verify_param,
612 },
613 {
614 .name = "extended_crl",
615 .type = OPTION_ARGV_FUNC,
616 .opt.argvfunc = smime_opt_verify_param,
617 },
618 {
619 .name = "ignore_critical",
620 .type = OPTION_ARGV_FUNC,
621 .opt.argvfunc = smime_opt_verify_param,
622 },
623 {
624 .name = "issuer_checks",
625 .type = OPTION_ARGV_FUNC,
626 .opt.argvfunc = smime_opt_verify_param,
627 },
628 {
629 .name = "policy_check",
630 .type = OPTION_ARGV_FUNC,
631 .opt.argvfunc = smime_opt_verify_param,
632 },
633 {
634 .name = "x509_strict",
635 .type = OPTION_ARGV_FUNC,
636 .opt.argvfunc = smime_opt_verify_param,
637 },
638 {
639 .name = NULL,
640 .type = OPTION_ARGV_FUNC,
641 .opt.argvfunc = smime_opt_cipher,
642 },
643 { NULL },
644};
645
646static const struct option verify_shared_options[] = {
647 {
648 .name = "check_ss_sig",
649 .desc = "Check the root CA self-signed certificate signature",
650 },
651 {
652 .name = "crl_check",
653 .desc = "Enable CRL checking for the leaf certificate",
654 },
655 {
656 .name = "crl_check_all",
657 .desc = "Enable CRL checking for the entire certificate chain",
658 },
659 {
660 .name = "extended_crl",
661 .desc = "Enable extended CRL support",
662 },
663 {
664 .name = "ignore_critical",
665 .desc = "Disable critical extension checking",
666 },
667 {
668 .name = "issuer_checks",
669 .desc = "Enable debugging of certificate issuer checks",
670 },
671 {
672 .name = "policy_check",
673 .desc = "Enable certificate policy checking",
674 },
675 {
676 .name = "x509_strict",
677 .desc = "Use strict X.509 rules (disables workarounds)",
678 },
679 { NULL },
680};
681
682static void
683smime_usage(void)
684{
685 fprintf(stderr, "usage: smime "
686 "[-aes128 | -aes192 | -aes256 | -des |\n"
687 " -des3 | -rc2-40 | -rc2-64 | -rc2-128] [-binary]\n"
688 " [-CAfile file] [-CApath directory] [-certfile file]\n"
689 " [-content file]\n"
690 " [-decrypt] [-encrypt]\n"
691 " [-from addr] [-in file] [-indef]\n"
692 " [-inform der | pem | smime] [-inkey file]\n"
693 " [-keyform der | pem] [-md digest] [-noattr] [-nocerts]\n"
694 " [-nochain] [-nodetach] [-noindef] [-nointern] [-nosigs]\n"
695 " [-nosmimecap] [-noverify] [-out file]\n"
696 " [-outform der | pem | smime] [-passin arg] [-pk7out]\n"
697 " [-recip file] [-resign] [-sign]\n"
698 " [-signer file] [-stream] [-subject s] [-text] [-to addr]\n"
699 " [-verify] [cert.pem ...]\n\n");
700
701 options_usage(smime_options);
702
703 fprintf(stderr, "\nVerification options:\n\n");
704 options_usage(verify_shared_options);
705}
706
85int 707int
86smime_main(int argc, char **argv) 708smime_main(int argc, char **argv)
87{ 709{
88 int operation = 0;
89 int ret = 0; 710 int ret = 0;
90 char **args; 711 char **args;
712 int argsused = 0;
91 const char *inmode = "r", *outmode = "w"; 713 const char *inmode = "r", *outmode = "w";
92 char *infile = NULL, *outfile = NULL;
93 char *signerfile = NULL, *recipfile = NULL;
94 STACK_OF(OPENSSL_STRING) * sksigners = NULL, *skkeys = NULL;
95 char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
96 const EVP_CIPHER *cipher = NULL;
97 PKCS7 *p7 = NULL; 714 PKCS7 *p7 = NULL;
98 X509_STORE *store = NULL; 715 X509_STORE *store = NULL;
99 X509 *cert = NULL, *recip = NULL, *signer = NULL; 716 X509 *cert = NULL, *recip = NULL, *signer = NULL;
@@ -101,16 +718,7 @@ smime_main(int argc, char **argv)
101 STACK_OF(X509) * encerts = NULL, *other = NULL; 718 STACK_OF(X509) * encerts = NULL, *other = NULL;
102 BIO *in = NULL, *out = NULL, *indata = NULL; 719 BIO *in = NULL, *out = NULL, *indata = NULL;
103 int badarg = 0; 720 int badarg = 0;
104 int flags = PKCS7_DETACHED; 721 char *passin = NULL;
105 char *to = NULL, *from = NULL, *subject = NULL;
106 char *CAfile = NULL, *CApath = NULL;
107 char *passargin = NULL, *passin = NULL;
108 int indef = 0;
109 const EVP_MD *sign_md = NULL;
110 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
111 int keyform = FORMAT_PEM;
112
113 X509_VERIFY_PARAM *vpm = NULL;
114 722
115 if (single_execution) { 723 if (single_execution) {
116 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) { 724 if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
@@ -119,313 +727,91 @@ smime_main(int argc, char **argv)
119 } 727 }
120 } 728 }
121 729
122 args = argv + 1; 730 memset(&smime_config, 0, sizeof(smime_config));
123 ret = 1; 731 smime_config.flags = PKCS7_DETACHED;
124 732 smime_config.informat = FORMAT_SMIME;
125 while (!badarg && *args && *args[0] == '-') { 733 smime_config.outformat = FORMAT_SMIME;
126 if (!strcmp(*args, "-encrypt")) 734 smime_config.keyform = FORMAT_PEM;
127 operation = SMIME_ENCRYPT; 735 if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) {
128 else if (!strcmp(*args, "-decrypt")) 736 goto argerr;
129 operation = SMIME_DECRYPT;
130 else if (!strcmp(*args, "-sign"))
131 operation = SMIME_SIGN;
132 else if (!strcmp(*args, "-resign"))
133 operation = SMIME_RESIGN;
134 else if (!strcmp(*args, "-verify"))
135 operation = SMIME_VERIFY;
136 else if (!strcmp(*args, "-pk7out"))
137 operation = SMIME_PK7OUT;
138#ifndef OPENSSL_NO_DES
139 else if (!strcmp(*args, "-des3"))
140 cipher = EVP_des_ede3_cbc();
141 else if (!strcmp(*args, "-des"))
142 cipher = EVP_des_cbc();
143#endif
144#ifndef OPENSSL_NO_RC2
145 else if (!strcmp(*args, "-rc2-40"))
146 cipher = EVP_rc2_40_cbc();
147 else if (!strcmp(*args, "-rc2-128"))
148 cipher = EVP_rc2_cbc();
149 else if (!strcmp(*args, "-rc2-64"))
150 cipher = EVP_rc2_64_cbc();
151#endif
152#ifndef OPENSSL_NO_AES
153 else if (!strcmp(*args, "-aes128"))
154 cipher = EVP_aes_128_cbc();
155 else if (!strcmp(*args, "-aes192"))
156 cipher = EVP_aes_192_cbc();
157 else if (!strcmp(*args, "-aes256"))
158 cipher = EVP_aes_256_cbc();
159#endif
160#ifndef OPENSSL_NO_CAMELLIA
161 else if (!strcmp(*args, "-camellia128"))
162 cipher = EVP_camellia_128_cbc();
163 else if (!strcmp(*args, "-camellia192"))
164 cipher = EVP_camellia_192_cbc();
165 else if (!strcmp(*args, "-camellia256"))
166 cipher = EVP_camellia_256_cbc();
167#endif
168 else if (!strcmp(*args, "-text"))
169 flags |= PKCS7_TEXT;
170 else if (!strcmp(*args, "-nointern"))
171 flags |= PKCS7_NOINTERN;
172 else if (!strcmp(*args, "-noverify"))
173 flags |= PKCS7_NOVERIFY;
174 else if (!strcmp(*args, "-nochain"))
175 flags |= PKCS7_NOCHAIN;
176 else if (!strcmp(*args, "-nocerts"))
177 flags |= PKCS7_NOCERTS;
178 else if (!strcmp(*args, "-noattr"))
179 flags |= PKCS7_NOATTR;
180 else if (!strcmp(*args, "-nodetach"))
181 flags &= ~PKCS7_DETACHED;
182 else if (!strcmp(*args, "-nosmimecap"))
183 flags |= PKCS7_NOSMIMECAP;
184 else if (!strcmp(*args, "-binary"))
185 flags |= PKCS7_BINARY;
186 else if (!strcmp(*args, "-nosigs"))
187 flags |= PKCS7_NOSIGS;
188 else if (!strcmp(*args, "-stream"))
189 indef = 1;
190 else if (!strcmp(*args, "-indef"))
191 indef = 1;
192 else if (!strcmp(*args, "-noindef"))
193 indef = 0;
194 else if (!strcmp(*args, "-nooldmime"))
195 flags |= PKCS7_NOOLDMIMETYPE;
196 else if (!strcmp(*args, "-crlfeol"))
197 flags |= PKCS7_CRLFEOL;
198 else if (!strcmp(*args, "-passin")) {
199 if (!args[1])
200 goto argerr;
201 passargin = *++args;
202 } else if (!strcmp(*args, "-to")) {
203 if (!args[1])
204 goto argerr;
205 to = *++args;
206 } else if (!strcmp(*args, "-from")) {
207 if (!args[1])
208 goto argerr;
209 from = *++args;
210 } else if (!strcmp(*args, "-subject")) {
211 if (!args[1])
212 goto argerr;
213 subject = *++args;
214 } else if (!strcmp(*args, "-signer")) {
215 if (!args[1])
216 goto argerr;
217 /* If previous -signer argument add signer to list */
218
219 if (signerfile) {
220 if (!sksigners)
221 sksigners = sk_OPENSSL_STRING_new_null();
222 sk_OPENSSL_STRING_push(sksigners, signerfile);
223 if (!keyfile)
224 keyfile = signerfile;
225 if (!skkeys)
226 skkeys = sk_OPENSSL_STRING_new_null();
227 sk_OPENSSL_STRING_push(skkeys, keyfile);
228 keyfile = NULL;
229 }
230 signerfile = *++args;
231 } else if (!strcmp(*args, "-recip")) {
232 if (!args[1])
233 goto argerr;
234 recipfile = *++args;
235 } else if (!strcmp(*args, "-md")) {
236 if (!args[1])
237 goto argerr;
238 sign_md = EVP_get_digestbyname(*++args);
239 if (sign_md == NULL) {
240 BIO_printf(bio_err, "Unknown digest %s\n",
241 *args);
242 goto argerr;
243 }
244 } else if (!strcmp(*args, "-inkey")) {
245 if (!args[1])
246 goto argerr;
247 /* If previous -inkey arument add signer to list */
248 if (keyfile) {
249 if (!signerfile) {
250 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
251 goto argerr;
252 }
253 if (!sksigners)
254 sksigners = sk_OPENSSL_STRING_new_null();
255 sk_OPENSSL_STRING_push(sksigners, signerfile);
256 signerfile = NULL;
257 if (!skkeys)
258 skkeys = sk_OPENSSL_STRING_new_null();
259 sk_OPENSSL_STRING_push(skkeys, keyfile);
260 }
261 keyfile = *++args;
262 } else if (!strcmp(*args, "-keyform")) {
263 if (!args[1])
264 goto argerr;
265 keyform = str2fmt(*++args);
266 } else if (!strcmp(*args, "-certfile")) {
267 if (!args[1])
268 goto argerr;
269 certfile = *++args;
270 } else if (!strcmp(*args, "-CAfile")) {
271 if (!args[1])
272 goto argerr;
273 CAfile = *++args;
274 } else if (!strcmp(*args, "-CApath")) {
275 if (!args[1])
276 goto argerr;
277 CApath = *++args;
278 } else if (!strcmp(*args, "-in")) {
279 if (!args[1])
280 goto argerr;
281 infile = *++args;
282 } else if (!strcmp(*args, "-inform")) {
283 if (!args[1])
284 goto argerr;
285 informat = str2fmt(*++args);
286 } else if (!strcmp(*args, "-outform")) {
287 if (!args[1])
288 goto argerr;
289 outformat = str2fmt(*++args);
290 } else if (!strcmp(*args, "-out")) {
291 if (!args[1])
292 goto argerr;
293 outfile = *++args;
294 } else if (!strcmp(*args, "-content")) {
295 if (!args[1])
296 goto argerr;
297 contfile = *++args;
298 } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
299 continue;
300 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
301 badarg = 1;
302 args++;
303 } 737 }
738 args = argv + argsused;
739 ret = 1;
304 740
305 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) { 741 if (!(smime_config.operation & SMIME_SIGNERS) && (smime_config.skkeys || smime_config.sksigners)) {
306 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 742 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
307 goto argerr; 743 goto argerr;
308 } 744 }
309 if (operation & SMIME_SIGNERS) { 745 if (smime_config.operation & SMIME_SIGNERS) {
310 /* Check to see if any final signer needs to be appended */ 746 /* Check to see if any final signer needs to be appended */
311 if (keyfile && !signerfile) { 747 if (smime_config.keyfile && !smime_config.signerfile) {
312 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 748 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
313 goto argerr; 749 goto argerr;
314 } 750 }
315 if (signerfile) { 751 if (smime_config.signerfile) {
316 if (!sksigners) 752 if (!smime_config.sksigners)
317 sksigners = sk_OPENSSL_STRING_new_null(); 753 smime_config.sksigners = sk_OPENSSL_STRING_new_null();
318 sk_OPENSSL_STRING_push(sksigners, signerfile); 754 sk_OPENSSL_STRING_push(smime_config.sksigners, smime_config.signerfile);
319 if (!skkeys) 755 if (!smime_config.skkeys)
320 skkeys = sk_OPENSSL_STRING_new_null(); 756 smime_config.skkeys = sk_OPENSSL_STRING_new_null();
321 if (!keyfile) 757 if (!smime_config.keyfile)
322 keyfile = signerfile; 758 smime_config.keyfile = smime_config.signerfile;
323 sk_OPENSSL_STRING_push(skkeys, keyfile); 759 sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile);
324 } 760 }
325 if (!sksigners) { 761 if (!smime_config.sksigners) {
326 BIO_printf(bio_err, "No signer certificate specified\n"); 762 BIO_printf(bio_err, "No signer certificate specified\n");
327 badarg = 1; 763 badarg = 1;
328 } 764 }
329 signerfile = NULL; 765 smime_config.signerfile = NULL;
330 keyfile = NULL; 766 smime_config.keyfile = NULL;
331 } else if (operation == SMIME_DECRYPT) { 767 } else if (smime_config.operation == SMIME_DECRYPT) {
332 if (!recipfile && !keyfile) { 768 if (!smime_config.recipfile && !smime_config.keyfile) {
333 BIO_printf(bio_err, "No recipient certificate or key specified\n"); 769 BIO_printf(bio_err, "No recipient certificate or key specified\n");
334 badarg = 1; 770 badarg = 1;
335 } 771 }
336 } else if (operation == SMIME_ENCRYPT) { 772 } else if (smime_config.operation == SMIME_ENCRYPT) {
337 if (!*args) { 773 if (!*args) {
338 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 774 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
339 badarg = 1; 775 badarg = 1;
340 } 776 }
341 } else if (!operation) 777 } else if (!smime_config.operation)
342 badarg = 1; 778 badarg = 1;
343 779
344 if (badarg) { 780 if (badarg) {
345 argerr: 781 argerr:
346 BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n"); 782 smime_usage();
347 BIO_printf(bio_err, "where options are\n");
348 BIO_printf(bio_err, "-encrypt encrypt message\n");
349 BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
350 BIO_printf(bio_err, "-sign sign message\n");
351 BIO_printf(bio_err, "-verify verify signed message\n");
352 BIO_printf(bio_err, "-pk7out output PKCS#7 structure\n");
353#ifndef OPENSSL_NO_DES
354 BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
355 BIO_printf(bio_err, "-des encrypt with DES\n");
356#endif
357#ifndef OPENSSL_NO_RC2
358 BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
359 BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
360 BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
361#endif
362#ifndef OPENSSL_NO_AES
363 BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
364 BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
365#endif
366#ifndef OPENSSL_NO_CAMELLIA
367 BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
368 BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
369#endif
370 BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n");
371 BIO_printf(bio_err, "-nosigs don't verify message signature\n");
372 BIO_printf(bio_err, "-noverify don't verify signers certificate\n");
373 BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n");
374 BIO_printf(bio_err, "-nodetach use opaque signing\n");
375 BIO_printf(bio_err, "-noattr don't include any signed attributes\n");
376 BIO_printf(bio_err, "-binary don't translate message to text\n");
377 BIO_printf(bio_err, "-certfile file other certificates file\n");
378 BIO_printf(bio_err, "-signer file signer certificate file\n");
379 BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n");
380 BIO_printf(bio_err, "-in file input file\n");
381 BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
382 BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n");
383 BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n");
384 BIO_printf(bio_err, "-out file output file\n");
385 BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
386 BIO_printf(bio_err, "-content file supply or override content for detached signature\n");
387 BIO_printf(bio_err, "-to addr to address\n");
388 BIO_printf(bio_err, "-from ad from address\n");
389 BIO_printf(bio_err, "-subject s subject\n");
390 BIO_printf(bio_err, "-text include or delete text MIME headers\n");
391 BIO_printf(bio_err, "-CApath dir trusted certificates directory\n");
392 BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
393 BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
394 BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
395 BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
396 BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n");
397 goto end; 783 goto end;
398 } 784 }
399 785
400 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 786 if (!app_passwd(bio_err, smime_config.passargin, NULL, &passin, NULL)) {
401 BIO_printf(bio_err, "Error getting password\n"); 787 BIO_printf(bio_err, "Error getting password\n");
402 goto end; 788 goto end;
403 } 789 }
404 ret = 2; 790 ret = 2;
405 791
406 if (!(operation & SMIME_SIGNERS)) 792 if (!(smime_config.operation & SMIME_SIGNERS))
407 flags &= ~PKCS7_DETACHED; 793 smime_config.flags &= ~PKCS7_DETACHED;
408 794
409 if (operation & SMIME_OP) { 795 if (smime_config.operation & SMIME_OP) {
410 if (outformat == FORMAT_ASN1) 796 if (smime_config.outformat == FORMAT_ASN1)
411 outmode = "wb"; 797 outmode = "wb";
412 } else { 798 } else {
413 if (flags & PKCS7_BINARY) 799 if (smime_config.flags & PKCS7_BINARY)
414 outmode = "wb"; 800 outmode = "wb";
415 } 801 }
416 802
417 if (operation & SMIME_IP) { 803 if (smime_config.operation & SMIME_IP) {
418 if (informat == FORMAT_ASN1) 804 if (smime_config.informat == FORMAT_ASN1)
419 inmode = "rb"; 805 inmode = "rb";
420 } else { 806 } else {
421 if (flags & PKCS7_BINARY) 807 if (smime_config.flags & PKCS7_BINARY)
422 inmode = "rb"; 808 inmode = "rb";
423 } 809 }
424 810
425 if (operation == SMIME_ENCRYPT) { 811 if (smime_config.operation == SMIME_ENCRYPT) {
426 if (!cipher) { 812 if (!smime_config.cipher) {
427#ifndef OPENSSL_NO_RC2 813#ifndef OPENSSL_NO_RC2
428 cipher = EVP_rc2_40_cbc(); 814 smime_config.cipher = EVP_rc2_40_cbc();
429#else 815#else
430 BIO_printf(bio_err, "No cipher selected\n"); 816 BIO_printf(bio_err, "No cipher selected\n");
431 goto end; 817 goto end;
@@ -442,50 +828,50 @@ smime_main(int argc, char **argv)
442 args++; 828 args++;
443 } 829 }
444 } 830 }
445 if (certfile) { 831 if (smime_config.certfile) {
446 if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, 832 if (!(other = load_certs(bio_err, smime_config.certfile, FORMAT_PEM, NULL,
447 "certificate file"))) { 833 "certificate file"))) {
448 ERR_print_errors(bio_err); 834 ERR_print_errors(bio_err);
449 goto end; 835 goto end;
450 } 836 }
451 } 837 }
452 if (recipfile && (operation == SMIME_DECRYPT)) { 838 if (smime_config.recipfile && (smime_config.operation == SMIME_DECRYPT)) {
453 if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, 839 if (!(recip = load_cert(bio_err, smime_config.recipfile, FORMAT_PEM, NULL,
454 "recipient certificate file"))) { 840 "recipient certificate file"))) {
455 ERR_print_errors(bio_err); 841 ERR_print_errors(bio_err);
456 goto end; 842 goto end;
457 } 843 }
458 } 844 }
459 if (operation == SMIME_DECRYPT) { 845 if (smime_config.operation == SMIME_DECRYPT) {
460 if (!keyfile) 846 if (!smime_config.keyfile)
461 keyfile = recipfile; 847 smime_config.keyfile = smime_config.recipfile;
462 } else if (operation == SMIME_SIGN) { 848 } else if (smime_config.operation == SMIME_SIGN) {
463 if (!keyfile) 849 if (!smime_config.keyfile)
464 keyfile = signerfile; 850 smime_config.keyfile = smime_config.signerfile;
465 } else 851 } else
466 keyfile = NULL; 852 smime_config.keyfile = NULL;
467 853
468 if (keyfile) { 854 if (smime_config.keyfile) {
469 key = load_key(bio_err, keyfile, keyform, 0, passin, 855 key = load_key(bio_err, smime_config.keyfile, smime_config.keyform, 0, passin,
470 "signing key file"); 856 "signing key file");
471 if (!key) 857 if (!key)
472 goto end; 858 goto end;
473 } 859 }
474 if (infile) { 860 if (smime_config.infile) {
475 if (!(in = BIO_new_file(infile, inmode))) { 861 if (!(in = BIO_new_file(smime_config.infile, inmode))) {
476 BIO_printf(bio_err, 862 BIO_printf(bio_err,
477 "Can't open input file %s\n", infile); 863 "Can't open input file %s\n", smime_config.infile);
478 goto end; 864 goto end;
479 } 865 }
480 } else 866 } else
481 in = BIO_new_fp(stdin, BIO_NOCLOSE); 867 in = BIO_new_fp(stdin, BIO_NOCLOSE);
482 868
483 if (operation & SMIME_IP) { 869 if (smime_config.operation & SMIME_IP) {
484 if (informat == FORMAT_SMIME) 870 if (smime_config.informat == FORMAT_SMIME)
485 p7 = SMIME_read_PKCS7(in, &indata); 871 p7 = SMIME_read_PKCS7(in, &indata);
486 else if (informat == FORMAT_PEM) 872 else if (smime_config.informat == FORMAT_PEM)
487 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); 873 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
488 else if (informat == FORMAT_ASN1) 874 else if (smime_config.informat == FORMAT_ASN1)
489 p7 = d2i_PKCS7_bio(in, NULL); 875 p7 = d2i_PKCS7_bio(in, NULL);
490 else { 876 else {
491 BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); 877 BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
@@ -496,68 +882,68 @@ smime_main(int argc, char **argv)
496 BIO_printf(bio_err, "Error reading S/MIME message\n"); 882 BIO_printf(bio_err, "Error reading S/MIME message\n");
497 goto end; 883 goto end;
498 } 884 }
499 if (contfile) { 885 if (smime_config.contfile) {
500 BIO_free(indata); 886 BIO_free(indata);
501 if (!(indata = BIO_new_file(contfile, "rb"))) { 887 if (!(indata = BIO_new_file(smime_config.contfile, "rb"))) {
502 BIO_printf(bio_err, "Can't read content file %s\n", contfile); 888 BIO_printf(bio_err, "Can't read content file %s\n", smime_config.contfile);
503 goto end; 889 goto end;
504 } 890 }
505 } 891 }
506 } 892 }
507 if (outfile) { 893 if (smime_config.outfile) {
508 if (!(out = BIO_new_file(outfile, outmode))) { 894 if (!(out = BIO_new_file(smime_config.outfile, outmode))) {
509 BIO_printf(bio_err, 895 BIO_printf(bio_err,
510 "Can't open output file %s\n", outfile); 896 "Can't open output file %s\n", smime_config.outfile);
511 goto end; 897 goto end;
512 } 898 }
513 } else { 899 } else {
514 out = BIO_new_fp(stdout, BIO_NOCLOSE); 900 out = BIO_new_fp(stdout, BIO_NOCLOSE);
515 } 901 }
516 902
517 if (operation == SMIME_VERIFY) { 903 if (smime_config.operation == SMIME_VERIFY) {
518 if (!(store = setup_verify(bio_err, CAfile, CApath))) 904 if (!(store = setup_verify(bio_err, smime_config.CAfile, smime_config.CApath)))
519 goto end; 905 goto end;
520 X509_STORE_set_verify_cb(store, smime_cb); 906 X509_STORE_set_verify_cb(store, smime_cb);
521 if (vpm) 907 if (smime_config.vpm)
522 X509_STORE_set1_param(store, vpm); 908 X509_STORE_set1_param(store, smime_config.vpm);
523 } 909 }
524 ret = 3; 910 ret = 3;
525 911
526 if (operation == SMIME_ENCRYPT) { 912 if (smime_config.operation == SMIME_ENCRYPT) {
527 if (indef) 913 if (smime_config.indef)
528 flags |= PKCS7_STREAM; 914 smime_config.flags |= PKCS7_STREAM;
529 p7 = PKCS7_encrypt(encerts, in, cipher, flags); 915 p7 = PKCS7_encrypt(encerts, in, smime_config.cipher, smime_config.flags);
530 } else if (operation & SMIME_SIGNERS) { 916 } else if (smime_config.operation & SMIME_SIGNERS) {
531 int i; 917 int i;
532 /* 918 /*
533 * If detached data content we only enable streaming if 919 * If detached data content we only enable streaming if
534 * S/MIME output format. 920 * S/MIME output format.
535 */ 921 */
536 if (operation == SMIME_SIGN) { 922 if (smime_config.operation == SMIME_SIGN) {
537 if (flags & PKCS7_DETACHED) { 923 if (smime_config.flags & PKCS7_DETACHED) {
538 if (outformat == FORMAT_SMIME) 924 if (smime_config.outformat == FORMAT_SMIME)
539 flags |= PKCS7_STREAM; 925 smime_config.flags |= PKCS7_STREAM;
540 } else if (indef) 926 } else if (smime_config.indef)
541 flags |= PKCS7_STREAM; 927 smime_config.flags |= PKCS7_STREAM;
542 flags |= PKCS7_PARTIAL; 928 smime_config.flags |= PKCS7_PARTIAL;
543 p7 = PKCS7_sign(NULL, NULL, other, in, flags); 929 p7 = PKCS7_sign(NULL, NULL, other, in, smime_config.flags);
544 if (!p7) 930 if (!p7)
545 goto end; 931 goto end;
546 } else 932 } else
547 flags |= PKCS7_REUSE_DIGEST; 933 smime_config.flags |= PKCS7_REUSE_DIGEST;
548 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { 934 for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) {
549 signerfile = sk_OPENSSL_STRING_value(sksigners, i); 935 smime_config.signerfile = sk_OPENSSL_STRING_value(smime_config.sksigners, i);
550 keyfile = sk_OPENSSL_STRING_value(skkeys, i); 936 smime_config.keyfile = sk_OPENSSL_STRING_value(smime_config.skkeys, i);
551 signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, 937 signer = load_cert(bio_err, smime_config.signerfile, FORMAT_PEM, NULL,
552 "signer certificate"); 938 "signer certificate");
553 if (!signer) 939 if (!signer)
554 goto end; 940 goto end;
555 key = load_key(bio_err, keyfile, keyform, 0, passin, 941 key = load_key(bio_err, smime_config.keyfile, smime_config.keyform, 0, passin,
556 "signing key file"); 942 "signing key file");
557 if (!key) 943 if (!key)
558 goto end; 944 goto end;
559 if (!PKCS7_sign_add_signer(p7, signer, key, 945 if (!PKCS7_sign_add_signer(p7, signer, key,
560 sign_md, flags)) 946 smime_config.sign_md, smime_config.flags))
561 goto end; 947 goto end;
562 X509_free(signer); 948 X509_free(signer);
563 signer = NULL; 949 signer = NULL;
@@ -565,8 +951,8 @@ smime_main(int argc, char **argv)
565 key = NULL; 951 key = NULL;
566 } 952 }
567 /* If not streaming or resigning finalize structure */ 953 /* If not streaming or resigning finalize structure */
568 if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) { 954 if ((smime_config.operation == SMIME_SIGN) && !(smime_config.flags & PKCS7_STREAM)) {
569 if (!PKCS7_final(p7, in, flags)) 955 if (!PKCS7_final(p7, in, smime_config.flags))
570 goto end; 956 goto end;
571 } 957 }
572 } 958 }
@@ -575,45 +961,45 @@ smime_main(int argc, char **argv)
575 goto end; 961 goto end;
576 } 962 }
577 ret = 4; 963 ret = 4;
578 if (operation == SMIME_DECRYPT) { 964 if (smime_config.operation == SMIME_DECRYPT) {
579 if (!PKCS7_decrypt(p7, key, recip, out, flags)) { 965 if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) {
580 BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); 966 BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
581 goto end; 967 goto end;
582 } 968 }
583 } else if (operation == SMIME_VERIFY) { 969 } else if (smime_config.operation == SMIME_VERIFY) {
584 STACK_OF(X509) * signers; 970 STACK_OF(X509) * signers;
585 if (PKCS7_verify(p7, other, store, indata, out, flags)) 971 if (PKCS7_verify(p7, other, store, indata, out, smime_config.flags))
586 BIO_printf(bio_err, "Verification successful\n"); 972 BIO_printf(bio_err, "Verification successful\n");
587 else { 973 else {
588 BIO_printf(bio_err, "Verification failure\n"); 974 BIO_printf(bio_err, "Verification failure\n");
589 goto end; 975 goto end;
590 } 976 }
591 signers = PKCS7_get0_signers(p7, other, flags); 977 signers = PKCS7_get0_signers(p7, other, smime_config.flags);
592 if (!save_certs(signerfile, signers)) { 978 if (!save_certs(smime_config.signerfile, signers)) {
593 BIO_printf(bio_err, "Error writing signers to %s\n", 979 BIO_printf(bio_err, "Error writing signers to %s\n",
594 signerfile); 980 smime_config.signerfile);
595 ret = 5; 981 ret = 5;
596 goto end; 982 goto end;
597 } 983 }
598 sk_X509_free(signers); 984 sk_X509_free(signers);
599 } else if (operation == SMIME_PK7OUT) 985 } else if (smime_config.operation == SMIME_PK7OUT)
600 PEM_write_bio_PKCS7(out, p7); 986 PEM_write_bio_PKCS7(out, p7);
601 else { 987 else {
602 if (to) 988 if (smime_config.to)
603 BIO_printf(out, "To: %s\n", to); 989 BIO_printf(out, "To: %s\n", smime_config.to);
604 if (from) 990 if (smime_config.from)
605 BIO_printf(out, "From: %s\n", from); 991 BIO_printf(out, "From: %s\n", smime_config.from);
606 if (subject) 992 if (smime_config.subject)
607 BIO_printf(out, "Subject: %s\n", subject); 993 BIO_printf(out, "Subject: %s\n", smime_config.subject);
608 if (outformat == FORMAT_SMIME) { 994 if (smime_config.outformat == FORMAT_SMIME) {
609 if (operation == SMIME_RESIGN) 995 if (smime_config.operation == SMIME_RESIGN)
610 SMIME_write_PKCS7(out, p7, indata, flags); 996 SMIME_write_PKCS7(out, p7, indata, smime_config.flags);
611 else 997 else
612 SMIME_write_PKCS7(out, p7, in, flags); 998 SMIME_write_PKCS7(out, p7, in, smime_config.flags);
613 } else if (outformat == FORMAT_PEM) 999 } else if (smime_config.outformat == FORMAT_PEM)
614 PEM_write_bio_PKCS7_stream(out, p7, in, flags); 1000 PEM_write_bio_PKCS7_stream(out, p7, in, smime_config.flags);
615 else if (outformat == FORMAT_ASN1) 1001 else if (smime_config.outformat == FORMAT_ASN1)
616 i2d_PKCS7_bio_stream(out, p7, in, flags); 1002 i2d_PKCS7_bio_stream(out, p7, in, smime_config.flags);
617 else { 1003 else {
618 BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); 1004 BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
619 goto end; 1005 goto end;
@@ -625,9 +1011,9 @@ smime_main(int argc, char **argv)
625 ERR_print_errors(bio_err); 1011 ERR_print_errors(bio_err);
626 sk_X509_pop_free(encerts, X509_free); 1012 sk_X509_pop_free(encerts, X509_free);
627 sk_X509_pop_free(other, X509_free); 1013 sk_X509_pop_free(other, X509_free);
628 X509_VERIFY_PARAM_free(vpm); 1014 X509_VERIFY_PARAM_free(smime_config.vpm);
629 sk_OPENSSL_STRING_free(sksigners); 1015 sk_OPENSSL_STRING_free(smime_config.sksigners);
630 sk_OPENSSL_STRING_free(skkeys); 1016 sk_OPENSSL_STRING_free(smime_config.skkeys);
631 X509_STORE_free(store); 1017 X509_STORE_free(store);
632 X509_free(cert); 1018 X509_free(cert);
633 X509_free(recip); 1019 X509_free(recip);
@@ -677,3 +1063,4 @@ smime_cb(int ok, X509_STORE_CTX * ctx)
677 return ok; 1063 return ok;
678 1064
679} 1065}
1066
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-20 18:46:29 +0000