summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/cms.c203
1 files changed, 129 insertions, 74 deletions
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index 1d23c529b9..d453bcd139 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms.c,v 1.23 2022/01/05 12:51:49 inoguchi Exp $ */ 1/* $OpenBSD: cms.c,v 1.24 2022/01/05 13:41:12 inoguchi Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -1177,36 +1177,44 @@ cms_main(int argc, char **argv)
1177 args = argv + argsused; 1177 args = argv + argsused;
1178 ret = 1; 1178 ret = 1;
1179 1179
1180 if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) && cms_config.rr_to == NULL) { 1180 if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) &&
1181 cms_config.rr_to == NULL) {
1181 BIO_puts(bio_err, "No Signed Receipts Recipients\n"); 1182 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
1182 goto argerr; 1183 goto argerr;
1183 } 1184 }
1184 if (!(cms_config.operation & SMIME_SIGNERS) && (cms_config.rr_to != NULL || cms_config.rr_from != NULL)) { 1185 if (!(cms_config.operation & SMIME_SIGNERS) &&
1186 (cms_config.rr_to != NULL || cms_config.rr_from != NULL)) {
1185 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); 1187 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
1186 goto argerr; 1188 goto argerr;
1187 } 1189 }
1188 if (!(cms_config.operation & SMIME_SIGNERS) && (cms_config.skkeys != NULL || cms_config.sksigners != NULL)) { 1190 if (!(cms_config.operation & SMIME_SIGNERS) &&
1191 (cms_config.skkeys != NULL || cms_config.sksigners != NULL)) {
1189 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 1192 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
1190 goto argerr; 1193 goto argerr;
1191 } 1194 }
1192 if (cms_config.operation & SMIME_SIGNERS) { 1195 if (cms_config.operation & SMIME_SIGNERS) {
1193 if (cms_config.keyfile != NULL && cms_config.signerfile == NULL) { 1196 if (cms_config.keyfile != NULL &&
1197 cms_config.signerfile == NULL) {
1194 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 1198 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
1195 goto argerr; 1199 goto argerr;
1196 } 1200 }
1197 /* Check to see if any final signer needs to be appended */ 1201 /* Check to see if any final signer needs to be appended */
1198 if (cms_config.signerfile != NULL) { 1202 if (cms_config.signerfile != NULL) {
1199 if (cms_config.sksigners == NULL && 1203 if (cms_config.sksigners == NULL &&
1200 (cms_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) 1204 (cms_config.sksigners =
1205 sk_OPENSSL_STRING_new_null()) == NULL)
1201 goto end; 1206 goto end;
1202 if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) 1207 if (!sk_OPENSSL_STRING_push(cms_config.sksigners,
1208 cms_config.signerfile))
1203 goto end; 1209 goto end;
1204 if (cms_config.skkeys == NULL && 1210 if (cms_config.skkeys == NULL &&
1205 (cms_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) 1211 (cms_config.skkeys =
1212 sk_OPENSSL_STRING_new_null()) == NULL)
1206 goto end; 1213 goto end;
1207 if (cms_config.keyfile == NULL) 1214 if (cms_config.keyfile == NULL)
1208 cms_config.keyfile = cms_config.signerfile; 1215 cms_config.keyfile = cms_config.signerfile;
1209 if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) 1216 if (!sk_OPENSSL_STRING_push(cms_config.skkeys,
1217 cms_config.keyfile))
1210 goto end; 1218 goto end;
1211 } 1219 }
1212 if (cms_config.sksigners == NULL) { 1220 if (cms_config.sksigners == NULL) {
@@ -1217,19 +1225,25 @@ cms_main(int argc, char **argv)
1217 cms_config.signerfile = NULL; 1225 cms_config.signerfile = NULL;
1218 cms_config.keyfile = NULL; 1226 cms_config.keyfile = NULL;
1219 } else if (cms_config.operation == SMIME_DECRYPT) { 1227 } else if (cms_config.operation == SMIME_DECRYPT) {
1220 if (cms_config.recipfile == NULL && cms_config.keyfile == NULL && cms_config.secret_key == NULL && cms_config.pwri_pass == NULL) { 1228 if (cms_config.recipfile == NULL &&
1229 cms_config.keyfile == NULL &&
1230 cms_config.secret_key == NULL &&
1231 cms_config.pwri_pass == NULL) {
1221 BIO_printf(bio_err, 1232 BIO_printf(bio_err,
1222 "No recipient certificate or key specified\n"); 1233 "No recipient certificate or key specified\n");
1223 badarg = 1; 1234 badarg = 1;
1224 } 1235 }
1225 } else if (cms_config.operation == SMIME_ENCRYPT) { 1236 } else if (cms_config.operation == SMIME_ENCRYPT) {
1226 if (*args == NULL && cms_config.secret_key == NULL && cms_config.pwri_pass == NULL && cms_config.encerts == NULL) { 1237 if (*args == NULL && cms_config.secret_key == NULL &&
1238 cms_config.pwri_pass == NULL &&
1239 cms_config.encerts == NULL) {
1227 BIO_printf(bio_err, 1240 BIO_printf(bio_err,
1228 "No recipient(s) certificate(s) specified\n"); 1241 "No recipient(s) certificate(s) specified\n");
1229 badarg = 1; 1242 badarg = 1;
1230 } 1243 }
1231 } else if (!cms_config.operation) 1244 } else if (!cms_config.operation) {
1232 badarg = 1; 1245 badarg = 1;
1246 }
1233 1247
1234 if (badarg) { 1248 if (badarg) {
1235 argerr: 1249 argerr:
@@ -1271,7 +1285,8 @@ cms_main(int argc, char **argv)
1271 goto end; 1285 goto end;
1272#endif 1286#endif
1273 } 1287 }
1274 if (cms_config.secret_key != NULL && cms_config.secret_keyid == NULL) { 1288 if (cms_config.secret_key != NULL &&
1289 cms_config.secret_keyid == NULL) {
1275 BIO_printf(bio_err, "No secret key id\n"); 1290 BIO_printf(bio_err, "No secret key id\n");
1276 goto end; 1291 goto end;
1277 } 1292 }
@@ -1279,8 +1294,9 @@ cms_main(int argc, char **argv)
1279 if ((cms_config.encerts = sk_X509_new_null()) == NULL) 1294 if ((cms_config.encerts = sk_X509_new_null()) == NULL)
1280 goto end; 1295 goto end;
1281 while (*args) { 1296 while (*args) {
1282 if ((cms_config.cert = load_cert(bio_err, *args, FORMAT_PEM, 1297 if ((cms_config.cert = load_cert(bio_err, *args,
1283 NULL, "recipient certificate file")) == NULL) 1298 FORMAT_PEM, NULL,
1299 "recipient certificate file")) == NULL)
1284 goto end; 1300 goto end;
1285 if (!sk_X509_push(cms_config.encerts, cms_config.cert)) 1301 if (!sk_X509_push(cms_config.encerts, cms_config.cert))
1286 goto end; 1302 goto end;
@@ -1289,21 +1305,23 @@ cms_main(int argc, char **argv)
1289 } 1305 }
1290 } 1306 }
1291 if (cms_config.certfile != NULL) { 1307 if (cms_config.certfile != NULL) {
1292 if ((other = load_certs(bio_err, cms_config.certfile, FORMAT_PEM, NULL, 1308 if ((other = load_certs(bio_err, cms_config.certfile,
1293 "certificate file")) == NULL) { 1309 FORMAT_PEM, NULL, "certificate file")) == NULL) {
1294 ERR_print_errors(bio_err); 1310 ERR_print_errors(bio_err);
1295 goto end; 1311 goto end;
1296 } 1312 }
1297 } 1313 }
1298 if (cms_config.recipfile != NULL && (cms_config.operation == SMIME_DECRYPT)) { 1314 if (cms_config.recipfile != NULL &&
1299 if ((recip = load_cert(bio_err, cms_config.recipfile, FORMAT_PEM, NULL, 1315 (cms_config.operation == SMIME_DECRYPT)) {
1300 "recipient certificate file")) == NULL) { 1316 if ((recip = load_cert(bio_err, cms_config.recipfile,
1317 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {
1301 ERR_print_errors(bio_err); 1318 ERR_print_errors(bio_err);
1302 goto end; 1319 goto end;
1303 } 1320 }
1304 } 1321 }
1305 if (cms_config.operation == SMIME_SIGN_RECEIPT) { 1322 if (cms_config.operation == SMIME_SIGN_RECEIPT) {
1306 if ((signer = load_cert(bio_err, cms_config.signerfile, FORMAT_PEM, NULL, 1323 if ((signer = load_cert(bio_err, cms_config.signerfile,
1324 FORMAT_PEM, NULL,
1307 "receipt signer certificate file")) == NULL) { 1325 "receipt signer certificate file")) == NULL) {
1308 ERR_print_errors(bio_err); 1326 ERR_print_errors(bio_err);
1309 goto end; 1327 goto end;
@@ -1316,12 +1334,13 @@ cms_main(int argc, char **argv)
1316 (cms_config.operation == SMIME_SIGN_RECEIPT)) { 1334 (cms_config.operation == SMIME_SIGN_RECEIPT)) {
1317 if (cms_config.keyfile == NULL) 1335 if (cms_config.keyfile == NULL)
1318 cms_config.keyfile = cms_config.signerfile; 1336 cms_config.keyfile = cms_config.signerfile;
1319 } else 1337 } else {
1320 cms_config.keyfile = NULL; 1338 cms_config.keyfile = NULL;
1339 }
1321 1340
1322 if (cms_config.keyfile != NULL) { 1341 if (cms_config.keyfile != NULL) {
1323 key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, 0, passin, 1342 key = load_key(bio_err, cms_config.keyfile, cms_config.keyform,
1324 "signing key file"); 1343 0, passin, "signing key file");
1325 if (key == NULL) 1344 if (key == NULL)
1326 goto end; 1345 goto end;
1327 } 1346 }
@@ -1331,9 +1350,10 @@ cms_main(int argc, char **argv)
1331 "Can't open input file %s\n", cms_config.infile); 1350 "Can't open input file %s\n", cms_config.infile);
1332 goto end; 1351 goto end;
1333 } 1352 }
1334 } else 1353 } else {
1335 if ((in = BIO_new_fp(stdin, BIO_NOCLOSE)) == NULL) 1354 if ((in = BIO_new_fp(stdin, BIO_NOCLOSE)) == NULL)
1336 goto end; 1355 goto end;
1356 }
1337 1357
1338 if (cms_config.operation & SMIME_IP) { 1358 if (cms_config.operation & SMIME_IP) {
1339 if (cms_config.informat == FORMAT_SMIME) 1359 if (cms_config.informat == FORMAT_SMIME)
@@ -1353,9 +1373,11 @@ cms_main(int argc, char **argv)
1353 } 1373 }
1354 if (cms_config.contfile != NULL) { 1374 if (cms_config.contfile != NULL) {
1355 BIO_free(indata); 1375 BIO_free(indata);
1356 if ((indata = BIO_new_file(cms_config.contfile, "rb")) == NULL) { 1376 if ((indata = BIO_new_file(cms_config.contfile,
1377 "rb")) == NULL) {
1357 BIO_printf(bio_err, 1378 BIO_printf(bio_err,
1358 "Can't read content file %s\n", cms_config.contfile); 1379 "Can't read content file %s\n",
1380 cms_config.contfile);
1359 goto end; 1381 goto end;
1360 } 1382 }
1361 } 1383 }
@@ -1374,7 +1396,8 @@ cms_main(int argc, char **argv)
1374 } 1396 }
1375 } 1397 }
1376 if (cms_config.rctfile != NULL) { 1398 if (cms_config.rctfile != NULL) {
1377 char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ? "rb" : "r"; 1399 char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ?
1400 "rb" : "r";
1378 if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) { 1401 if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) {
1379 BIO_printf(bio_err, 1402 BIO_printf(bio_err,
1380 "Can't open receipt file %s\n", cms_config.rctfile); 1403 "Can't open receipt file %s\n", cms_config.rctfile);
@@ -1409,7 +1432,8 @@ cms_main(int argc, char **argv)
1409 1432
1410 if ((cms_config.operation == SMIME_VERIFY) || 1433 if ((cms_config.operation == SMIME_VERIFY) ||
1411 (cms_config.operation == SMIME_VERIFY_RECEIPT)) { 1434 (cms_config.operation == SMIME_VERIFY_RECEIPT)) {
1412 if ((store = setup_verify(bio_err, cms_config.CAfile, cms_config.CApath)) == NULL) 1435 if ((store = setup_verify(bio_err, cms_config.CAfile,
1436 cms_config.CApath)) == NULL)
1413 goto end; 1437 goto end;
1414 X509_STORE_set_verify_cb(store, cms_cb); 1438 X509_STORE_set_verify_cb(store, cms_cb);
1415 if (cms_config.vpm != NULL) { 1439 if (cms_config.vpm != NULL) {
@@ -1422,13 +1446,15 @@ cms_main(int argc, char **argv)
1422 if (cms_config.operation == SMIME_DATA_CREATE) { 1446 if (cms_config.operation == SMIME_DATA_CREATE) {
1423 cms = CMS_data_create(in, cms_config.flags); 1447 cms = CMS_data_create(in, cms_config.flags);
1424 } else if (cms_config.operation == SMIME_DIGEST_CREATE) { 1448 } else if (cms_config.operation == SMIME_DIGEST_CREATE) {
1425 cms = CMS_digest_create(in, cms_config.sign_md, cms_config.flags); 1449 cms = CMS_digest_create(in, cms_config.sign_md,
1450 cms_config.flags);
1426 } else if (cms_config.operation == SMIME_COMPRESS) { 1451 } else if (cms_config.operation == SMIME_COMPRESS) {
1427 cms = CMS_compress(in, -1, cms_config.flags); 1452 cms = CMS_compress(in, -1, cms_config.flags);
1428 } else if (cms_config.operation == SMIME_ENCRYPT) { 1453 } else if (cms_config.operation == SMIME_ENCRYPT) {
1429 int i; 1454 int i;
1430 cms_config.flags |= CMS_PARTIAL; 1455 cms_config.flags |= CMS_PARTIAL;
1431 cms = CMS_encrypt(NULL, in, cms_config.cipher, cms_config.flags); 1456 cms = CMS_encrypt(NULL, in, cms_config.cipher,
1457 cms_config.flags);
1432 if (cms == NULL) 1458 if (cms == NULL)
1433 goto end; 1459 goto end;
1434 for (i = 0; i < sk_X509_num(cms_config.encerts); i++) { 1460 for (i = 0; i < sk_X509_num(cms_config.encerts); i++) {
@@ -1439,7 +1465,8 @@ cms_main(int argc, char **argv)
1439 1465
1440 if ((x = sk_X509_value(cms_config.encerts, i)) == NULL) 1466 if ((x = sk_X509_value(cms_config.encerts, i)) == NULL)
1441 goto end; 1467 goto end;
1442 for (kparam = cms_config.key_first; kparam != NULL; kparam = kparam->next) { 1468 for (kparam = cms_config.key_first; kparam != NULL;
1469 kparam = kparam->next) {
1443 if (kparam->idx == i) { 1470 if (kparam->idx == i) {
1444 tflags |= CMS_KEY_PARAM; 1471 tflags |= CMS_KEY_PARAM;
1445 break; 1472 break;
@@ -1450,7 +1477,8 @@ cms_main(int argc, char **argv)
1450 goto end; 1477 goto end;
1451 if (kparam != NULL) { 1478 if (kparam != NULL) {
1452 EVP_PKEY_CTX *pctx; 1479 EVP_PKEY_CTX *pctx;
1453 if ((pctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) == NULL) 1480 if ((pctx = CMS_RecipientInfo_get0_pkey_ctx(
1481 ri)) == NULL)
1454 goto end; 1482 goto end;
1455 if (!cms_set_pkey_param(pctx, kparam->param)) 1483 if (!cms_set_pkey_param(pctx, kparam->param))
1456 goto end; 1484 goto end;
@@ -1458,8 +1486,9 @@ cms_main(int argc, char **argv)
1458 } 1486 }
1459 1487
1460 if (cms_config.secret_key != NULL) { 1488 if (cms_config.secret_key != NULL) {
1461 if (CMS_add0_recipient_key(cms, NID_undef, cms_config.secret_key, 1489 if (CMS_add0_recipient_key(cms, NID_undef,
1462 cms_config.secret_keylen, cms_config.secret_keyid, cms_config.secret_keyidlen, 1490 cms_config.secret_key, cms_config.secret_keylen,
1491 cms_config.secret_keyid, cms_config.secret_keyidlen,
1463 NULL, NULL, NULL) == NULL) 1492 NULL, NULL, NULL) == NULL)
1464 goto end; 1493 goto end;
1465 /* NULL these because call absorbs them */ 1494 /* NULL these because call absorbs them */
@@ -1480,8 +1509,9 @@ cms_main(int argc, char **argv)
1480 goto end; 1509 goto end;
1481 } 1510 }
1482 } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) { 1511 } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) {
1483 cms = CMS_EncryptedData_encrypt(in, cms_config.cipher, cms_config.secret_key, 1512 cms = CMS_EncryptedData_encrypt(in, cms_config.cipher,
1484 cms_config.secret_keylen, cms_config.flags); 1513 cms_config.secret_key, cms_config.secret_keylen,
1514 cms_config.flags);
1485 1515
1486 } else if (cms_config.operation == SMIME_SIGN_RECEIPT) { 1516 } else if (cms_config.operation == SMIME_SIGN_RECEIPT) {
1487 CMS_ContentInfo *srcms = NULL; 1517 CMS_ContentInfo *srcms = NULL;
@@ -1493,7 +1523,8 @@ cms_main(int argc, char **argv)
1493 si = sk_CMS_SignerInfo_value(sis, 0); 1523 si = sk_CMS_SignerInfo_value(sis, 0);
1494 if (si == NULL) 1524 if (si == NULL)
1495 goto end; 1525 goto end;
1496 srcms = CMS_sign_receipt(si, signer, key, other, cms_config.flags); 1526 srcms = CMS_sign_receipt(si, signer, key, other,
1527 cms_config.flags);
1497 if (srcms == NULL) 1528 if (srcms == NULL)
1498 goto end; 1529 goto end;
1499 CMS_ContentInfo_free(cms); 1530 CMS_ContentInfo_free(cms);
@@ -1515,11 +1546,13 @@ cms_main(int argc, char **argv)
1515 if (cms == NULL) 1546 if (cms == NULL)
1516 goto end; 1547 goto end;
1517 if (cms_config.econtent_type != NULL) 1548 if (cms_config.econtent_type != NULL)
1518 if (!CMS_set1_eContentType(cms, cms_config.econtent_type)) 1549 if (!CMS_set1_eContentType(cms,
1550 cms_config.econtent_type))
1519 goto end; 1551 goto end;
1520 1552
1521 if (cms_config.rr_to != NULL) { 1553 if (cms_config.rr_to != NULL) {
1522 rr = make_receipt_request(cms_config.rr_to, cms_config.rr_allorfirst, 1554 rr = make_receipt_request(cms_config.rr_to,
1555 cms_config.rr_allorfirst,
1523 cms_config.rr_from); 1556 cms_config.rr_from);
1524 if (rr == NULL) { 1557 if (rr == NULL) {
1525 BIO_puts(bio_err, 1558 BIO_puts(bio_err,
@@ -1527,35 +1560,43 @@ cms_main(int argc, char **argv)
1527 goto end; 1560 goto end;
1528 } 1561 }
1529 } 1562 }
1530 } else 1563 } else {
1531 cms_config.flags |= CMS_REUSE_DIGEST; 1564 cms_config.flags |= CMS_REUSE_DIGEST;
1565 }
1566
1532 for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) { 1567 for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) {
1533 CMS_SignerInfo *si; 1568 CMS_SignerInfo *si;
1534 struct cms_key_param *kparam; 1569 struct cms_key_param *kparam;
1535 int tflags = cms_config.flags; 1570 int tflags = cms_config.flags;
1536 cms_config.signerfile = sk_OPENSSL_STRING_value(cms_config.sksigners, i);
1537 cms_config.keyfile = sk_OPENSSL_STRING_value(cms_config.skkeys, i);
1538 1571
1539 signer = load_cert(bio_err, cms_config.signerfile, FORMAT_PEM, 1572 cms_config.signerfile = sk_OPENSSL_STRING_value(
1540 NULL, "signer certificate"); 1573 cms_config.sksigners, i);
1574 cms_config.keyfile = sk_OPENSSL_STRING_value(
1575 cms_config.skkeys, i);
1576
1577 signer = load_cert(bio_err, cms_config.signerfile,
1578 FORMAT_PEM, NULL, "signer certificate");
1541 if (signer == NULL) 1579 if (signer == NULL)
1542 goto end; 1580 goto end;
1543 key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, 0, passin, 1581 key = load_key(bio_err, cms_config.keyfile,
1544 "signing key file"); 1582 cms_config.keyform, 0, passin, "signing key file");
1545 if (key == NULL) 1583 if (key == NULL)
1546 goto end; 1584 goto end;
1547 for (kparam = cms_config.key_first; kparam != NULL; kparam = kparam->next) { 1585 for (kparam = cms_config.key_first; kparam != NULL;
1586 kparam = kparam->next) {
1548 if (kparam->idx == i) { 1587 if (kparam->idx == i) {
1549 tflags |= CMS_KEY_PARAM; 1588 tflags |= CMS_KEY_PARAM;
1550 break; 1589 break;
1551 } 1590 }
1552 } 1591 }
1553 si = CMS_add1_signer(cms, signer, key, cms_config.sign_md, tflags); 1592 si = CMS_add1_signer(cms, signer, key,
1593 cms_config.sign_md, tflags);
1554 if (si == NULL) 1594 if (si == NULL)
1555 goto end; 1595 goto end;
1556 if (kparam != NULL) { 1596 if (kparam != NULL) {
1557 EVP_PKEY_CTX *pctx; 1597 EVP_PKEY_CTX *pctx;
1558 if ((pctx = CMS_SignerInfo_get0_pkey_ctx(si)) == NULL) 1598 if ((pctx = CMS_SignerInfo_get0_pkey_ctx(
1599 si)) == NULL)
1559 goto end; 1600 goto end;
1560 if (!cms_set_pkey_param(pctx, kparam->param)) 1601 if (!cms_set_pkey_param(pctx, kparam->param))
1561 goto end; 1602 goto end;
@@ -1568,7 +1609,8 @@ cms_main(int argc, char **argv)
1568 key = NULL; 1609 key = NULL;
1569 } 1610 }
1570 /* If not streaming or resigning finalize structure */ 1611 /* If not streaming or resigning finalize structure */
1571 if ((cms_config.operation == SMIME_SIGN) && !(cms_config.flags & CMS_STREAM)) { 1612 if ((cms_config.operation == SMIME_SIGN) &&
1613 !(cms_config.flags & CMS_STREAM)) {
1572 if (!CMS_final(cms, in, NULL, cms_config.flags)) 1614 if (!CMS_final(cms, in, NULL, cms_config.flags))
1573 goto end; 1615 goto end;
1574 } 1616 }
@@ -1580,11 +1622,13 @@ cms_main(int argc, char **argv)
1580 ret = 4; 1622 ret = 4;
1581 if (cms_config.operation == SMIME_DECRYPT) { 1623 if (cms_config.operation == SMIME_DECRYPT) {
1582 if (cms_config.flags & CMS_DEBUG_DECRYPT) 1624 if (cms_config.flags & CMS_DEBUG_DECRYPT)
1583 CMS_decrypt(cms, NULL, NULL, NULL, NULL, cms_config.flags); 1625 CMS_decrypt(cms, NULL, NULL, NULL, NULL,
1626 cms_config.flags);
1584 1627
1585 if (cms_config.secret_key != NULL) { 1628 if (cms_config.secret_key != NULL) {
1586 if (!CMS_decrypt_set1_key(cms, cms_config.secret_key, 1629 if (!CMS_decrypt_set1_key(cms, cms_config.secret_key,
1587 cms_config.secret_keylen, cms_config.secret_keyid, cms_config.secret_keyidlen)) { 1630 cms_config.secret_keylen, cms_config.secret_keyid,
1631 cms_config.secret_keyidlen)) {
1588 BIO_puts(bio_err, 1632 BIO_puts(bio_err,
1589 "Error decrypting CMS using secret key\n"); 1633 "Error decrypting CMS using secret key\n");
1590 goto end; 1634 goto end;
@@ -1598,13 +1642,15 @@ cms_main(int argc, char **argv)
1598 } 1642 }
1599 } 1643 }
1600 if (cms_config.pwri_pass != NULL) { 1644 if (cms_config.pwri_pass != NULL) {
1601 if (!CMS_decrypt_set1_password(cms, cms_config.pwri_pass, -1)) { 1645 if (!CMS_decrypt_set1_password(cms,
1646 cms_config.pwri_pass, -1)) {
1602 BIO_puts(bio_err, 1647 BIO_puts(bio_err,
1603 "Error decrypting CMS using password\n"); 1648 "Error decrypting CMS using password\n");
1604 goto end; 1649 goto end;
1605 } 1650 }
1606 } 1651 }
1607 if (!CMS_decrypt(cms, NULL, NULL, indata, out, cms_config.flags)) { 1652 if (!CMS_decrypt(cms, NULL, NULL, indata, out,
1653 cms_config.flags)) {
1608 BIO_printf(bio_err, "Error decrypting CMS structure\n"); 1654 BIO_printf(bio_err, "Error decrypting CMS structure\n");
1609 goto end; 1655 goto end;
1610 } 1656 }
@@ -1622,13 +1668,14 @@ cms_main(int argc, char **argv)
1622 goto end; 1668 goto end;
1623 } 1669 }
1624 } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) { 1670 } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) {
1625 if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key, cms_config.secret_keylen, 1671 if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key,
1626 indata, out, cms_config.flags)) 1672 cms_config.secret_keylen, indata, out, cms_config.flags))
1627 goto end; 1673 goto end;
1628 } else if (cms_config.operation == SMIME_VERIFY) { 1674 } else if (cms_config.operation == SMIME_VERIFY) {
1629 if (CMS_verify(cms, other, store, indata, out, cms_config.flags) > 0) 1675 if (CMS_verify(cms, other, store, indata, out,
1676 cms_config.flags) > 0) {
1630 BIO_printf(bio_err, "Verification successful\n"); 1677 BIO_printf(bio_err, "Verification successful\n");
1631 else { 1678 } else {
1632 BIO_printf(bio_err, "Verification failure\n"); 1679 BIO_printf(bio_err, "Verification failure\n");
1633 if (cms_config.verify_retcode) 1680 if (cms_config.verify_retcode)
1634 ret = verify_err + 32; 1681 ret = verify_err + 32;
@@ -1651,9 +1698,10 @@ cms_main(int argc, char **argv)
1651 receipt_request_print(bio_err, cms); 1698 receipt_request_print(bio_err, cms);
1652 1699
1653 } else if (cms_config.operation == SMIME_VERIFY_RECEIPT) { 1700 } else if (cms_config.operation == SMIME_VERIFY_RECEIPT) {
1654 if (CMS_verify_receipt(rcms, cms, other, store, cms_config.flags) > 0) 1701 if (CMS_verify_receipt(rcms, cms, other, store,
1702 cms_config.flags) > 0) {
1655 BIO_printf(bio_err, "Verification successful\n"); 1703 BIO_printf(bio_err, "Verification successful\n");
1656 else { 1704 } else {
1657 BIO_printf(bio_err, "Verification failure\n"); 1705 BIO_printf(bio_err, "Verification failure\n");
1658 goto end; 1706 goto end;
1659 } 1707 }
@@ -1668,16 +1716,20 @@ cms_main(int argc, char **argv)
1668 if (cms_config.from != NULL) 1716 if (cms_config.from != NULL)
1669 BIO_printf(out, "From: %s\n", cms_config.from); 1717 BIO_printf(out, "From: %s\n", cms_config.from);
1670 if (cms_config.subject != NULL) 1718 if (cms_config.subject != NULL)
1671 BIO_printf(out, "Subject: %s\n", cms_config.subject); 1719 BIO_printf(out, "Subject: %s\n",
1720 cms_config.subject);
1672 if (cms_config.operation == SMIME_RESIGN) 1721 if (cms_config.operation == SMIME_RESIGN)
1673 ret = SMIME_write_CMS(out, cms, indata, cms_config.flags); 1722 ret = SMIME_write_CMS(out, cms, indata,
1723 cms_config.flags);
1674 else 1724 else
1675 ret = SMIME_write_CMS(out, cms, in, cms_config.flags); 1725 ret = SMIME_write_CMS(out, cms, in,
1676 } else if (cms_config.outformat == FORMAT_PEM) 1726 cms_config.flags);
1677 ret = PEM_write_bio_CMS_stream(out, cms, in, cms_config.flags); 1727 } else if (cms_config.outformat == FORMAT_PEM) {
1678 else if (cms_config.outformat == FORMAT_ASN1) 1728 ret = PEM_write_bio_CMS_stream(out, cms, in,
1729 cms_config.flags);
1730 } else if (cms_config.outformat == FORMAT_ASN1) {
1679 ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags); 1731 ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags);
1680 else { 1732 } else {
1681 BIO_printf(bio_err, "Bad output format for CMS file\n"); 1733 BIO_printf(bio_err, "Bad output format for CMS file\n");
1682 goto end; 1734 goto end;
1683 } 1735 }
@@ -1801,14 +1853,15 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1801 return; 1853 return;
1802 rv = CMS_get1_ReceiptRequest(si, &rr); 1854 rv = CMS_get1_ReceiptRequest(si, &rr);
1803 BIO_printf(bio_err, "Signer %d:\n", i + 1); 1855 BIO_printf(bio_err, "Signer %d:\n", i + 1);
1804 if (rv == 0) 1856 if (rv == 0) {
1805 BIO_puts(bio_err, " No Receipt Request\n"); 1857 BIO_puts(bio_err, " No Receipt Request\n");
1806 else if (rv < 0) { 1858 } else if (rv < 0) {
1807 BIO_puts(bio_err, " Receipt Request Parse Error\n"); 1859 BIO_puts(bio_err, " Receipt Request Parse Error\n");
1808 ERR_print_errors(bio_err); 1860 ERR_print_errors(bio_err);
1809 } else { 1861 } else {
1810 char *id; 1862 char *id;
1811 int idlen; 1863 int idlen;
1864
1812 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, 1865 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1813 &rlist, &rto); 1866 &rlist, &rto);
1814 BIO_puts(out, " Signed Content ID:\n"); 1867 BIO_puts(out, " Signed Content ID:\n");
@@ -1819,12 +1872,13 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1819 if (rlist != NULL) { 1872 if (rlist != NULL) {
1820 BIO_puts(out, " List:\n"); 1873 BIO_puts(out, " List:\n");
1821 gnames_stack_print(out, rlist); 1874 gnames_stack_print(out, rlist);
1822 } else if (allorfirst == 1) 1875 } else if (allorfirst == 1) {
1823 BIO_puts(out, ": First Tier\n"); 1876 BIO_puts(out, ": First Tier\n");
1824 else if (allorfirst == 0) 1877 } else if (allorfirst == 0) {
1825 BIO_puts(out, ": All\n"); 1878 BIO_puts(out, ": All\n");
1826 else 1879 } else {
1827 BIO_printf(out, " Unknown (%d)\n", allorfirst); 1880 BIO_printf(out, " Unknown (%d)\n", allorfirst);
1881 }
1828 BIO_puts(out, " Receipts To:\n"); 1882 BIO_puts(out, " Receipts To:\n");
1829 gnames_stack_print(out, rto); 1883 gnames_stack_print(out, rto);
1830 } 1884 }
@@ -1884,8 +1938,9 @@ make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
1884 rct_from = make_names_stack(rr_from); 1938 rct_from = make_names_stack(rr_from);
1885 if (rct_from == NULL) 1939 if (rct_from == NULL)
1886 goto err; 1940 goto err;
1887 } else 1941 } else {
1888 rct_from = NULL; 1942 rct_from = NULL;
1943 }
1889 1944
1890 if ((rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, 1945 if ((rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1891 rct_to)) == NULL) 1946 rct_to)) == NULL)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-23 16:48:51 +0000