summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/cms.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/usr.bin/openssl/cms.c702
1 files changed, 351 insertions, 351 deletions
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index b88fd55b3c..0ddf26e5a7 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms.c,v 1.32 2023/03/05 13:08:22 tb Exp $ */ 1/* $OpenBSD: cms.c,v 1.33 2023/03/06 14:32:05 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -149,7 +149,7 @@ static struct {
149 char *to; 149 char *to;
150 int verify_retcode; 150 int verify_retcode;
151 X509_VERIFY_PARAM *vpm; 151 X509_VERIFY_PARAM *vpm;
152} cms_config; 152} cfg;
153 153
154static const EVP_CIPHER * 154static const EVP_CIPHER *
155get_cipher_by_name(char *name) 155get_cipher_by_name(char *name)
@@ -198,8 +198,8 @@ cms_opt_cipher(int argc, char **argv, int *argsused)
198 if (*name++ != '-') 198 if (*name++ != '-')
199 return (1); 199 return (1);
200 200
201 if ((cms_config.cipher = get_cipher_by_name(name)) == NULL) 201 if ((cfg.cipher = get_cipher_by_name(name)) == NULL)
202 if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL) 202 if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL)
203 return (1); 203 return (1);
204 204
205 *argsused = 1; 205 *argsused = 1;
@@ -209,9 +209,9 @@ cms_opt_cipher(int argc, char **argv, int *argsused)
209static int 209static int
210cms_opt_econtent_type(char *arg) 210cms_opt_econtent_type(char *arg)
211{ 211{
212 ASN1_OBJECT_free(cms_config.econtent_type); 212 ASN1_OBJECT_free(cfg.econtent_type);
213 213
214 if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { 214 if ((cfg.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) {
215 BIO_printf(bio_err, "Invalid OID %s\n", arg); 215 BIO_printf(bio_err, "Invalid OID %s\n", arg);
216 return (1); 216 return (1);
217 } 217 }
@@ -221,33 +221,33 @@ cms_opt_econtent_type(char *arg)
221static int 221static int
222cms_opt_inkey(char *arg) 222cms_opt_inkey(char *arg)
223{ 223{
224 if (cms_config.keyfile == NULL) { 224 if (cfg.keyfile == NULL) {
225 cms_config.keyfile = arg; 225 cfg.keyfile = arg;
226 return (0); 226 return (0);
227 } 227 }
228 228
229 if (cms_config.signerfile == NULL) { 229 if (cfg.signerfile == NULL) {
230 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 230 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
231 return (1); 231 return (1);
232 } 232 }
233 233
234 if (cms_config.sksigners == NULL) 234 if (cfg.sksigners == NULL)
235 cms_config.sksigners = sk_OPENSSL_STRING_new_null(); 235 cfg.sksigners = sk_OPENSSL_STRING_new_null();
236 if (cms_config.sksigners == NULL) 236 if (cfg.sksigners == NULL)
237 return (1); 237 return (1);
238 if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) 238 if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile))
239 return (1); 239 return (1);
240 240
241 cms_config.signerfile = NULL; 241 cfg.signerfile = NULL;
242 242
243 if (cms_config.skkeys == NULL) 243 if (cfg.skkeys == NULL)
244 cms_config.skkeys = sk_OPENSSL_STRING_new_null(); 244 cfg.skkeys = sk_OPENSSL_STRING_new_null();
245 if (cms_config.skkeys == NULL) 245 if (cfg.skkeys == NULL)
246 return (1); 246 return (1);
247 if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) 247 if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
248 return (1); 248 return (1);
249 249
250 cms_config.keyfile = arg; 250 cfg.keyfile = arg;
251 return (0); 251 return (0);
252} 252}
253 253
@@ -256,14 +256,14 @@ cms_opt_keyopt(char *arg)
256{ 256{
257 int keyidx = -1; 257 int keyidx = -1;
258 258
259 if (cms_config.operation == SMIME_ENCRYPT) { 259 if (cfg.operation == SMIME_ENCRYPT) {
260 if (cms_config.encerts != NULL) 260 if (cfg.encerts != NULL)
261 keyidx += sk_X509_num(cms_config.encerts); 261 keyidx += sk_X509_num(cfg.encerts);
262 } else { 262 } else {
263 if (cms_config.keyfile != NULL || cms_config.signerfile != NULL) 263 if (cfg.keyfile != NULL || cfg.signerfile != NULL)
264 keyidx++; 264 keyidx++;
265 if (cms_config.skkeys != NULL) 265 if (cfg.skkeys != NULL)
266 keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys); 266 keyidx += sk_OPENSSL_STRING_num(cfg.skkeys);
267 } 267 }
268 268
269 if (keyidx < 0) { 269 if (keyidx < 0) {
@@ -271,8 +271,8 @@ cms_opt_keyopt(char *arg)
271 return (1); 271 return (1);
272 } 272 }
273 273
274 if (cms_config.key_param == NULL || 274 if (cfg.key_param == NULL ||
275 cms_config.key_param->idx != keyidx) { 275 cfg.key_param->idx != keyidx) {
276 struct cms_key_param *nparam; 276 struct cms_key_param *nparam;
277 277
278 if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL) 278 if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL)
@@ -285,15 +285,15 @@ cms_opt_keyopt(char *arg)
285 } 285 }
286 286
287 nparam->next = NULL; 287 nparam->next = NULL;
288 if (cms_config.key_first == NULL) 288 if (cfg.key_first == NULL)
289 cms_config.key_first = nparam; 289 cfg.key_first = nparam;
290 else 290 else
291 cms_config.key_param->next = nparam; 291 cfg.key_param->next = nparam;
292 292
293 cms_config.key_param = nparam; 293 cfg.key_param = nparam;
294 } 294 }
295 295
296 if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg)) 296 if (!sk_OPENSSL_STRING_push(cfg.key_param->param, arg))
297 return (1); 297 return (1);
298 298
299 return (0); 299 return (0);
@@ -302,7 +302,7 @@ cms_opt_keyopt(char *arg)
302static int 302static int
303cms_opt_md(char *arg) 303cms_opt_md(char *arg)
304{ 304{
305 if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { 305 if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) {
306 BIO_printf(bio_err, "Unknown digest %s\n", arg); 306 BIO_printf(bio_err, "Unknown digest %s\n", arg);
307 return (1); 307 return (1);
308 } 308 }
@@ -312,38 +312,38 @@ cms_opt_md(char *arg)
312static int 312static int
313cms_opt_print(void) 313cms_opt_print(void)
314{ 314{
315 cms_config.noout = 1; 315 cfg.noout = 1;
316 cms_config.print = 1; 316 cfg.print = 1;
317 return (0); 317 return (0);
318} 318}
319 319
320static int 320static int
321cms_opt_pwri_pass(char *arg) 321cms_opt_pwri_pass(char *arg)
322{ 322{
323 cms_config.pwri_pass = (unsigned char *)arg; 323 cfg.pwri_pass = (unsigned char *)arg;
324 return (0); 324 return (0);
325} 325}
326 326
327static int 327static int
328cms_opt_recip(char *arg) 328cms_opt_recip(char *arg)
329{ 329{
330 if (cms_config.operation == SMIME_ENCRYPT) { 330 if (cfg.operation == SMIME_ENCRYPT) {
331 if (cms_config.encerts == NULL) { 331 if (cfg.encerts == NULL) {
332 if ((cms_config.encerts = sk_X509_new_null()) == NULL) 332 if ((cfg.encerts = sk_X509_new_null()) == NULL)
333 return (1); 333 return (1);
334 } 334 }
335 335
336 cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM, 336 cfg.cert = load_cert(bio_err, arg, FORMAT_PEM,
337 NULL, "recipient certificate file"); 337 NULL, "recipient certificate file");
338 if (cms_config.cert == NULL) 338 if (cfg.cert == NULL)
339 return (1); 339 return (1);
340 340
341 if (!sk_X509_push(cms_config.encerts, cms_config.cert)) 341 if (!sk_X509_push(cfg.encerts, cfg.cert))
342 return (1); 342 return (1);
343 343
344 cms_config.cert = NULL; 344 cfg.cert = NULL;
345 } else { 345 } else {
346 cms_config.recipfile = arg; 346 cfg.recipfile = arg;
347 } 347 }
348 return (0); 348 return (0);
349} 349}
@@ -351,11 +351,11 @@ cms_opt_recip(char *arg)
351static int 351static int
352cms_opt_receipt_request_from(char *arg) 352cms_opt_receipt_request_from(char *arg)
353{ 353{
354 if (cms_config.rr_from == NULL) 354 if (cfg.rr_from == NULL)
355 cms_config.rr_from = sk_OPENSSL_STRING_new_null(); 355 cfg.rr_from = sk_OPENSSL_STRING_new_null();
356 if (cms_config.rr_from == NULL) 356 if (cfg.rr_from == NULL)
357 return (1); 357 return (1);
358 if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg)) 358 if (!sk_OPENSSL_STRING_push(cfg.rr_from, arg))
359 return (1); 359 return (1);
360 360
361 return (0); 361 return (0);
@@ -364,11 +364,11 @@ cms_opt_receipt_request_from(char *arg)
364static int 364static int
365cms_opt_receipt_request_to(char *arg) 365cms_opt_receipt_request_to(char *arg)
366{ 366{
367 if (cms_config.rr_to == NULL) 367 if (cfg.rr_to == NULL)
368 cms_config.rr_to = sk_OPENSSL_STRING_new_null(); 368 cfg.rr_to = sk_OPENSSL_STRING_new_null();
369 if (cms_config.rr_to == NULL) 369 if (cfg.rr_to == NULL)
370 return (1); 370 return (1);
371 if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg)) 371 if (!sk_OPENSSL_STRING_push(cfg.rr_to, arg))
372 return (1); 372 return (1);
373 373
374 return (0); 374 return (0);
@@ -379,13 +379,13 @@ cms_opt_secretkey(char *arg)
379{ 379{
380 long ltmp; 380 long ltmp;
381 381
382 free(cms_config.secret_key); 382 free(cfg.secret_key);
383 383
384 if ((cms_config.secret_key = string_to_hex(arg, &ltmp)) == NULL) { 384 if ((cfg.secret_key = string_to_hex(arg, &ltmp)) == NULL) {
385 BIO_printf(bio_err, "Invalid key %s\n", arg); 385 BIO_printf(bio_err, "Invalid key %s\n", arg);
386 return (1); 386 return (1);
387 } 387 }
388 cms_config.secret_keylen = (size_t)ltmp; 388 cfg.secret_keylen = (size_t)ltmp;
389 return (0); 389 return (0);
390} 390}
391 391
@@ -394,44 +394,44 @@ cms_opt_secretkeyid(char *arg)
394{ 394{
395 long ltmp; 395 long ltmp;
396 396
397 free(cms_config.secret_keyid); 397 free(cfg.secret_keyid);
398 398
399 if ((cms_config.secret_keyid = string_to_hex(arg, &ltmp)) == NULL) { 399 if ((cfg.secret_keyid = string_to_hex(arg, &ltmp)) == NULL) {
400 BIO_printf(bio_err, "Invalid id %s\n", arg); 400 BIO_printf(bio_err, "Invalid id %s\n", arg);
401 return (1); 401 return (1);
402 } 402 }
403 cms_config.secret_keyidlen = (size_t)ltmp; 403 cfg.secret_keyidlen = (size_t)ltmp;
404 return (0); 404 return (0);
405} 405}
406 406
407static int 407static int
408cms_opt_signer(char *arg) 408cms_opt_signer(char *arg)
409{ 409{
410 if (cms_config.signerfile == NULL) { 410 if (cfg.signerfile == NULL) {
411 cms_config.signerfile = arg; 411 cfg.signerfile = arg;
412 return (0); 412 return (0);
413 } 413 }
414 414
415 if (cms_config.sksigners == NULL) 415 if (cfg.sksigners == NULL)
416 cms_config.sksigners = sk_OPENSSL_STRING_new_null(); 416 cfg.sksigners = sk_OPENSSL_STRING_new_null();
417 if (cms_config.sksigners == NULL) 417 if (cfg.sksigners == NULL)
418 return (1); 418 return (1);
419 if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) 419 if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile))
420 return (1); 420 return (1);
421 421
422 if (cms_config.keyfile == NULL) 422 if (cfg.keyfile == NULL)
423 cms_config.keyfile = cms_config.signerfile; 423 cfg.keyfile = cfg.signerfile;
424 424
425 if (cms_config.skkeys == NULL) 425 if (cfg.skkeys == NULL)
426 cms_config.skkeys = sk_OPENSSL_STRING_new_null(); 426 cfg.skkeys = sk_OPENSSL_STRING_new_null();
427 if (cms_config.skkeys == NULL) 427 if (cfg.skkeys == NULL)
428 return (1); 428 return (1);
429 if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) 429 if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
430 return (1); 430 return (1);
431 431
432 cms_config.keyfile = NULL; 432 cfg.keyfile = NULL;
433 433
434 cms_config.signerfile = arg; 434 cfg.signerfile = arg;
435 return (0); 435 return (0);
436} 436}
437 437
@@ -441,7 +441,7 @@ cms_opt_verify_param(int argc, char **argv, int *argsused)
441 int oargc = argc; 441 int oargc = argc;
442 int badarg = 0; 442 int badarg = 0;
443 443
444 if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm)) 444 if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))
445 return (1); 445 return (1);
446 if (badarg) 446 if (badarg)
447 return (1); 447 return (1);
@@ -454,8 +454,8 @@ cms_opt_verify_param(int argc, char **argv, int *argsused)
454static int 454static int
455cms_opt_verify_receipt(char *arg) 455cms_opt_verify_receipt(char *arg)
456{ 456{
457 cms_config.operation = SMIME_VERIFY_RECEIPT; 457 cfg.operation = SMIME_VERIFY_RECEIPT;
458 cms_config.rctfile = arg; 458 cfg.rctfile = arg;
459 return (0); 459 return (0);
460} 460}
461 461
@@ -539,20 +539,20 @@ static const struct option cms_options[] = {
539 .argname = "file", 539 .argname = "file",
540 .desc = "Certificate Authority file", 540 .desc = "Certificate Authority file",
541 .type = OPTION_ARG, 541 .type = OPTION_ARG,
542 .opt.arg = &cms_config.CAfile, 542 .opt.arg = &cfg.CAfile,
543 }, 543 },
544 { 544 {
545 .name = "CApath", 545 .name = "CApath",
546 .argname = "path", 546 .argname = "path",
547 .desc = "Certificate Authority path", 547 .desc = "Certificate Authority path",
548 .type = OPTION_ARG, 548 .type = OPTION_ARG,
549 .opt.arg = &cms_config.CApath, 549 .opt.arg = &cfg.CApath,
550 }, 550 },
551 { 551 {
552 .name = "binary", 552 .name = "binary",
553 .desc = "Do not translate message to text", 553 .desc = "Do not translate message to text",
554 .type = OPTION_VALUE_OR, 554 .type = OPTION_VALUE_OR,
555 .opt.value = &cms_config.flags, 555 .opt.value = &cfg.flags,
556 .value = CMS_BINARY, 556 .value = CMS_BINARY,
557 }, 557 },
558 { 558 {
@@ -560,27 +560,27 @@ static const struct option cms_options[] = {
560 .argname = "file", 560 .argname = "file",
561 .desc = "Other certificates file", 561 .desc = "Other certificates file",
562 .type = OPTION_ARG, 562 .type = OPTION_ARG,
563 .opt.arg = &cms_config.certfile, 563 .opt.arg = &cfg.certfile,
564 }, 564 },
565 { 565 {
566 .name = "certsout", 566 .name = "certsout",
567 .argname = "file", 567 .argname = "file",
568 .desc = "Certificate output file", 568 .desc = "Certificate output file",
569 .type = OPTION_ARG, 569 .type = OPTION_ARG,
570 .opt.arg = &cms_config.certsoutfile, 570 .opt.arg = &cfg.certsoutfile,
571 }, 571 },
572 { 572 {
573 .name = "cmsout", 573 .name = "cmsout",
574 .desc = "Output CMS structure", 574 .desc = "Output CMS structure",
575 .type = OPTION_VALUE, 575 .type = OPTION_VALUE,
576 .opt.value = &cms_config.operation, 576 .opt.value = &cfg.operation,
577 .value = SMIME_CMSOUT, 577 .value = SMIME_CMSOUT,
578 }, 578 },
579 { 579 {
580 .name = "compress", 580 .name = "compress",
581 .desc = "Create CMS CompressedData type", 581 .desc = "Create CMS CompressedData type",
582 .type = OPTION_VALUE, 582 .type = OPTION_VALUE,
583 .opt.value = &cms_config.operation, 583 .opt.value = &cfg.operation,
584 .value = SMIME_COMPRESS, 584 .value = SMIME_COMPRESS,
585 }, 585 },
586 { 586 {
@@ -588,55 +588,55 @@ static const struct option cms_options[] = {
588 .argname = "file", 588 .argname = "file",
589 .desc = "Supply or override content for detached signature", 589 .desc = "Supply or override content for detached signature",
590 .type = OPTION_ARG, 590 .type = OPTION_ARG,
591 .opt.arg = &cms_config.contfile, 591 .opt.arg = &cfg.contfile,
592 }, 592 },
593 { 593 {
594 .name = "crlfeol", 594 .name = "crlfeol",
595 .desc = "Use CRLF as EOL termination instead of CR only", 595 .desc = "Use CRLF as EOL termination instead of CR only",
596 .type = OPTION_VALUE_OR, 596 .type = OPTION_VALUE_OR,
597 .opt.value = &cms_config.flags, 597 .opt.value = &cfg.flags,
598 .value = CMS_CRLFEOL, 598 .value = CMS_CRLFEOL,
599 }, 599 },
600 { 600 {
601 .name = "data_create", 601 .name = "data_create",
602 .desc = "Create CMS Data type", 602 .desc = "Create CMS Data type",
603 .type = OPTION_VALUE, 603 .type = OPTION_VALUE,
604 .opt.value = &cms_config.operation, 604 .opt.value = &cfg.operation,
605 .value = SMIME_DATA_CREATE, 605 .value = SMIME_DATA_CREATE,
606 }, 606 },
607 { 607 {
608 .name = "data_out", 608 .name = "data_out",
609 .desc = "Output content from the input CMS Data type", 609 .desc = "Output content from the input CMS Data type",
610 .type = OPTION_VALUE, 610 .type = OPTION_VALUE,
611 .opt.value = &cms_config.operation, 611 .opt.value = &cfg.operation,
612 .value = SMIME_DATAOUT, 612 .value = SMIME_DATAOUT,
613 }, 613 },
614 { 614 {
615 .name = "debug_decrypt", 615 .name = "debug_decrypt",
616 .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", 616 .desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting",
617 .type = OPTION_VALUE_OR, 617 .type = OPTION_VALUE_OR,
618 .opt.value = &cms_config.flags, 618 .opt.value = &cfg.flags,
619 .value = CMS_DEBUG_DECRYPT, 619 .value = CMS_DEBUG_DECRYPT,
620 }, 620 },
621 { 621 {
622 .name = "decrypt", 622 .name = "decrypt",
623 .desc = "Decrypt encrypted message", 623 .desc = "Decrypt encrypted message",
624 .type = OPTION_VALUE, 624 .type = OPTION_VALUE,
625 .opt.value = &cms_config.operation, 625 .opt.value = &cfg.operation,
626 .value = SMIME_DECRYPT, 626 .value = SMIME_DECRYPT,
627 }, 627 },
628 { 628 {
629 .name = "digest_create", 629 .name = "digest_create",
630 .desc = "Create CMS DigestedData type", 630 .desc = "Create CMS DigestedData type",
631 .type = OPTION_VALUE, 631 .type = OPTION_VALUE,
632 .opt.value = &cms_config.operation, 632 .opt.value = &cfg.operation,
633 .value = SMIME_DIGEST_CREATE, 633 .value = SMIME_DIGEST_CREATE,
634 }, 634 },
635 { 635 {
636 .name = "digest_verify", 636 .name = "digest_verify",
637 .desc = "Verify CMS DigestedData type and output the content", 637 .desc = "Verify CMS DigestedData type and output the content",
638 .type = OPTION_VALUE, 638 .type = OPTION_VALUE,
639 .opt.value = &cms_config.operation, 639 .opt.value = &cfg.operation,
640 .value = SMIME_DIGEST_VERIFY, 640 .value = SMIME_DIGEST_VERIFY,
641 }, 641 },
642 { 642 {
@@ -650,21 +650,21 @@ static const struct option cms_options[] = {
650 .name = "encrypt", 650 .name = "encrypt",
651 .desc = "Encrypt message", 651 .desc = "Encrypt message",
652 .type = OPTION_VALUE, 652 .type = OPTION_VALUE,
653 .opt.value = &cms_config.operation, 653 .opt.value = &cfg.operation,
654 .value = SMIME_ENCRYPT, 654 .value = SMIME_ENCRYPT,
655 }, 655 },
656 { 656 {
657 .name = "EncryptedData_decrypt", 657 .name = "EncryptedData_decrypt",
658 .desc = "Decrypt CMS EncryptedData", 658 .desc = "Decrypt CMS EncryptedData",
659 .type = OPTION_VALUE, 659 .type = OPTION_VALUE,
660 .opt.value = &cms_config.operation, 660 .opt.value = &cfg.operation,
661 .value = SMIME_ENCRYPTED_DECRYPT, 661 .value = SMIME_ENCRYPTED_DECRYPT,
662 }, 662 },
663 { 663 {
664 .name = "EncryptedData_encrypt", 664 .name = "EncryptedData_encrypt",
665 .desc = "Encrypt content using supplied symmetric key and algorithm", 665 .desc = "Encrypt content using supplied symmetric key and algorithm",
666 .type = OPTION_VALUE, 666 .type = OPTION_VALUE,
667 .opt.value = &cms_config.operation, 667 .opt.value = &cfg.operation,
668 .value = SMIME_ENCRYPTED_ENCRYPT, 668 .value = SMIME_ENCRYPTED_ENCRYPT,
669 }, 669 },
670 { 670 {
@@ -672,20 +672,20 @@ static const struct option cms_options[] = {
672 .argname = "addr", 672 .argname = "addr",
673 .desc = "From address", 673 .desc = "From address",
674 .type = OPTION_ARG, 674 .type = OPTION_ARG,
675 .opt.arg = &cms_config.from, 675 .opt.arg = &cfg.from,
676 }, 676 },
677 { 677 {
678 .name = "in", 678 .name = "in",
679 .argname = "file", 679 .argname = "file",
680 .desc = "Input file", 680 .desc = "Input file",
681 .type = OPTION_ARG, 681 .type = OPTION_ARG,
682 .opt.arg = &cms_config.infile, 682 .opt.arg = &cfg.infile,
683 }, 683 },
684 { 684 {
685 .name = "indef", 685 .name = "indef",
686 .desc = "Same as -stream", 686 .desc = "Same as -stream",
687 .type = OPTION_VALUE_OR, 687 .type = OPTION_VALUE_OR,
688 .opt.value = &cms_config.flags, 688 .opt.value = &cfg.flags,
689 .value = CMS_STREAM, 689 .value = CMS_STREAM,
690 }, 690 },
691 { 691 {
@@ -693,7 +693,7 @@ static const struct option cms_options[] = {
693 .argname = "fmt", 693 .argname = "fmt",
694 .desc = "Input format (DER, PEM or SMIME (default))", 694 .desc = "Input format (DER, PEM or SMIME (default))",
695 .type = OPTION_ARG_FORMAT, 695 .type = OPTION_ARG_FORMAT,
696 .opt.value = &cms_config.informat, 696 .opt.value = &cfg.informat,
697 }, 697 },
698 { 698 {
699 .name = "inkey", 699 .name = "inkey",
@@ -707,13 +707,13 @@ static const struct option cms_options[] = {
707 .argname = "fmt", 707 .argname = "fmt",
708 .desc = "Input key format (DER or PEM (default))", 708 .desc = "Input key format (DER or PEM (default))",
709 .type = OPTION_ARG_FORMAT, 709 .type = OPTION_ARG_FORMAT,
710 .opt.value = &cms_config.keyform, 710 .opt.value = &cfg.keyform,
711 }, 711 },
712 { 712 {
713 .name = "keyid", 713 .name = "keyid",
714 .desc = "Use subject key identifier", 714 .desc = "Use subject key identifier",
715 .type = OPTION_VALUE_OR, 715 .type = OPTION_VALUE_OR,
716 .opt.value = &cms_config.flags, 716 .opt.value = &cfg.flags,
717 .value = CMS_USE_KEYID, 717 .value = CMS_USE_KEYID,
718 }, 718 },
719 { 719 {
@@ -734,90 +734,90 @@ static const struct option cms_options[] = {
734 .name = "no_attr_verify", 734 .name = "no_attr_verify",
735 .desc = "Do not verify the signer's attribute of a signature", 735 .desc = "Do not verify the signer's attribute of a signature",
736 .type = OPTION_VALUE_OR, 736 .type = OPTION_VALUE_OR,
737 .opt.value = &cms_config.flags, 737 .opt.value = &cfg.flags,
738 .value = CMS_NO_ATTR_VERIFY, 738 .value = CMS_NO_ATTR_VERIFY,
739 }, 739 },
740 { 740 {
741 .name = "no_content_verify", 741 .name = "no_content_verify",
742 .desc = "Do not verify the content of a signed message", 742 .desc = "Do not verify the content of a signed message",
743 .type = OPTION_VALUE_OR, 743 .type = OPTION_VALUE_OR,
744 .opt.value = &cms_config.flags, 744 .opt.value = &cfg.flags,
745 .value = CMS_NO_CONTENT_VERIFY, 745 .value = CMS_NO_CONTENT_VERIFY,
746 }, 746 },
747 { 747 {
748 .name = "no_signer_cert_verify", 748 .name = "no_signer_cert_verify",
749 .desc = "Do not verify the signer's certificate", 749 .desc = "Do not verify the signer's certificate",
750 .type = OPTION_VALUE_OR, 750 .type = OPTION_VALUE_OR,
751 .opt.value = &cms_config.flags, 751 .opt.value = &cfg.flags,
752 .value = CMS_NO_SIGNER_CERT_VERIFY, 752 .value = CMS_NO_SIGNER_CERT_VERIFY,
753 }, 753 },
754 { 754 {
755 .name = "noattr", 755 .name = "noattr",
756 .desc = "Do not include any signed attributes", 756 .desc = "Do not include any signed attributes",
757 .type = OPTION_VALUE_OR, 757 .type = OPTION_VALUE_OR,
758 .opt.value = &cms_config.flags, 758 .opt.value = &cfg.flags,
759 .value = CMS_NOATTR, 759 .value = CMS_NOATTR,
760 }, 760 },
761 { 761 {
762 .name = "nocerts", 762 .name = "nocerts",
763 .desc = "Do not include signer's certificate when signing", 763 .desc = "Do not include signer's certificate when signing",
764 .type = OPTION_VALUE_OR, 764 .type = OPTION_VALUE_OR,
765 .opt.value = &cms_config.flags, 765 .opt.value = &cfg.flags,
766 .value = CMS_NOCERTS, 766 .value = CMS_NOCERTS,
767 }, 767 },
768 { 768 {
769 .name = "nodetach", 769 .name = "nodetach",
770 .desc = "Use opaque signing", 770 .desc = "Use opaque signing",
771 .type = OPTION_VALUE_AND, 771 .type = OPTION_VALUE_AND,
772 .opt.value = &cms_config.flags, 772 .opt.value = &cfg.flags,
773 .value = ~CMS_DETACHED, 773 .value = ~CMS_DETACHED,
774 }, 774 },
775 { 775 {
776 .name = "noindef", 776 .name = "noindef",
777 .desc = "Disable CMS streaming", 777 .desc = "Disable CMS streaming",
778 .type = OPTION_VALUE_AND, 778 .type = OPTION_VALUE_AND,
779 .opt.value = &cms_config.flags, 779 .opt.value = &cfg.flags,
780 .value = ~CMS_STREAM, 780 .value = ~CMS_STREAM,
781 }, 781 },
782 { 782 {
783 .name = "nointern", 783 .name = "nointern",
784 .desc = "Do not search certificates in message for signer", 784 .desc = "Do not search certificates in message for signer",
785 .type = OPTION_VALUE_OR, 785 .type = OPTION_VALUE_OR,
786 .opt.value = &cms_config.flags, 786 .opt.value = &cfg.flags,
787 .value = CMS_NOINTERN, 787 .value = CMS_NOINTERN,
788 }, 788 },
789 { 789 {
790 .name = "nooldmime", 790 .name = "nooldmime",
791 .desc = "Output old S/MIME content type", 791 .desc = "Output old S/MIME content type",
792 .type = OPTION_VALUE_OR, 792 .type = OPTION_VALUE_OR,
793 .opt.value = &cms_config.flags, 793 .opt.value = &cfg.flags,
794 .value = CMS_NOOLDMIMETYPE, 794 .value = CMS_NOOLDMIMETYPE,
795 }, 795 },
796 { 796 {
797 .name = "noout", 797 .name = "noout",
798 .desc = "Do not output the parsed CMS structure", 798 .desc = "Do not output the parsed CMS structure",
799 .type = OPTION_FLAG, 799 .type = OPTION_FLAG,
800 .opt.flag = &cms_config.noout, 800 .opt.flag = &cfg.noout,
801 }, 801 },
802 { 802 {
803 .name = "nosigs", 803 .name = "nosigs",
804 .desc = "Do not verify message signature", 804 .desc = "Do not verify message signature",
805 .type = OPTION_VALUE_OR, 805 .type = OPTION_VALUE_OR,
806 .opt.value = &cms_config.flags, 806 .opt.value = &cfg.flags,
807 .value = CMS_NOSIGS, 807 .value = CMS_NOSIGS,
808 }, 808 },
809 { 809 {
810 .name = "nosmimecap", 810 .name = "nosmimecap",
811 .desc = "Omit the SMIMECapabilities attribute", 811 .desc = "Omit the SMIMECapabilities attribute",
812 .type = OPTION_VALUE_OR, 812 .type = OPTION_VALUE_OR,
813 .opt.value = &cms_config.flags, 813 .opt.value = &cfg.flags,
814 .value = CMS_NOSMIMECAP, 814 .value = CMS_NOSMIMECAP,
815 }, 815 },
816 { 816 {
817 .name = "noverify", 817 .name = "noverify",
818 .desc = "Do not verify signer's certificate", 818 .desc = "Do not verify signer's certificate",
819 .type = OPTION_VALUE_OR, 819 .type = OPTION_VALUE_OR,
820 .opt.value = &cms_config.flags, 820 .opt.value = &cfg.flags,
821 .value = CMS_NO_SIGNER_CERT_VERIFY, 821 .value = CMS_NO_SIGNER_CERT_VERIFY,
822 }, 822 },
823 { 823 {
@@ -825,21 +825,21 @@ static const struct option cms_options[] = {
825 .argname = "file", 825 .argname = "file",
826 .desc = "Output file", 826 .desc = "Output file",
827 .type = OPTION_ARG, 827 .type = OPTION_ARG,
828 .opt.arg = &cms_config.outfile, 828 .opt.arg = &cfg.outfile,
829 }, 829 },
830 { 830 {
831 .name = "outform", 831 .name = "outform",
832 .argname = "fmt", 832 .argname = "fmt",
833 .desc = "Output format (DER, PEM or SMIME (default))", 833 .desc = "Output format (DER, PEM or SMIME (default))",
834 .type = OPTION_ARG_FORMAT, 834 .type = OPTION_ARG_FORMAT,
835 .opt.value = &cms_config.outformat, 835 .opt.value = &cfg.outformat,
836 }, 836 },
837 { 837 {
838 .name = "passin", 838 .name = "passin",
839 .argname = "src", 839 .argname = "src",
840 .desc = "Private key password source", 840 .desc = "Private key password source",
841 .type = OPTION_ARG, 841 .type = OPTION_ARG,
842 .opt.arg = &cms_config.passargin, 842 .opt.arg = &cfg.passargin,
843 }, 843 },
844 { 844 {
845 .name = "print", 845 .name = "print",
@@ -859,20 +859,20 @@ static const struct option cms_options[] = {
859 .argname = "fmt", 859 .argname = "fmt",
860 .desc = "Receipt file format (DER, PEM or SMIME (default))", 860 .desc = "Receipt file format (DER, PEM or SMIME (default))",
861 .type = OPTION_ARG_FORMAT, 861 .type = OPTION_ARG_FORMAT,
862 .opt.value = &cms_config.rctformat, 862 .opt.value = &cfg.rctformat,
863 }, 863 },
864 { 864 {
865 .name = "receipt_request_all", 865 .name = "receipt_request_all",
866 .desc = "Indicate requests should be provided by all recipients", 866 .desc = "Indicate requests should be provided by all recipients",
867 .type = OPTION_VALUE, 867 .type = OPTION_VALUE,
868 .opt.value = &cms_config.rr_allorfirst, 868 .opt.value = &cfg.rr_allorfirst,
869 .value = 0, 869 .value = 0,
870 }, 870 },
871 { 871 {
872 .name = "receipt_request_first", 872 .name = "receipt_request_first",
873 .desc = "Indicate requests should be provided by first tier recipient", 873 .desc = "Indicate requests should be provided by first tier recipient",
874 .type = OPTION_VALUE, 874 .type = OPTION_VALUE,
875 .opt.value = &cms_config.rr_allorfirst, 875 .opt.value = &cfg.rr_allorfirst,
876 .value = 1, 876 .value = 1,
877 }, 877 },
878 { 878 {
@@ -886,7 +886,7 @@ static const struct option cms_options[] = {
886 .name = "receipt_request_print", 886 .name = "receipt_request_print",
887 .desc = "Print out the contents of any signed receipt requests", 887 .desc = "Print out the contents of any signed receipt requests",
888 .type = OPTION_FLAG, 888 .type = OPTION_FLAG,
889 .opt.flag = &cms_config.rr_print, 889 .opt.flag = &cfg.rr_print,
890 }, 890 },
891 { 891 {
892 .name = "receipt_request_to", 892 .name = "receipt_request_to",
@@ -906,7 +906,7 @@ static const struct option cms_options[] = {
906 .name = "resign", 906 .name = "resign",
907 .desc = "Resign a signed message", 907 .desc = "Resign a signed message",
908 .type = OPTION_VALUE, 908 .type = OPTION_VALUE,
909 .opt.value = &cms_config.operation, 909 .opt.value = &cfg.operation,
910 .value = SMIME_RESIGN, 910 .value = SMIME_RESIGN,
911 }, 911 },
912 { 912 {
@@ -927,14 +927,14 @@ static const struct option cms_options[] = {
927 .name = "sign", 927 .name = "sign",
928 .desc = "Sign message", 928 .desc = "Sign message",
929 .type = OPTION_VALUE, 929 .type = OPTION_VALUE,
930 .opt.value = &cms_config.operation, 930 .opt.value = &cfg.operation,
931 .value = SMIME_SIGN, 931 .value = SMIME_SIGN,
932 }, 932 },
933 { 933 {
934 .name = "sign_receipt", 934 .name = "sign_receipt",
935 .desc = "Generate a signed receipt for the message", 935 .desc = "Generate a signed receipt for the message",
936 .type = OPTION_VALUE, 936 .type = OPTION_VALUE,
937 .opt.value = &cms_config.operation, 937 .opt.value = &cfg.operation,
938 .value = SMIME_SIGN_RECEIPT, 938 .value = SMIME_SIGN_RECEIPT,
939 }, 939 },
940 { 940 {
@@ -948,7 +948,7 @@ static const struct option cms_options[] = {
948 .name = "stream", 948 .name = "stream",
949 .desc = "Enable CMS streaming", 949 .desc = "Enable CMS streaming",
950 .type = OPTION_VALUE_OR, 950 .type = OPTION_VALUE_OR,
951 .opt.value = &cms_config.flags, 951 .opt.value = &cfg.flags,
952 .value = CMS_STREAM, 952 .value = CMS_STREAM,
953 }, 953 },
954 { 954 {
@@ -956,13 +956,13 @@ static const struct option cms_options[] = {
956 .argname = "s", 956 .argname = "s",
957 .desc = "Subject", 957 .desc = "Subject",
958 .type = OPTION_ARG, 958 .type = OPTION_ARG,
959 .opt.arg = &cms_config.subject, 959 .opt.arg = &cfg.subject,
960 }, 960 },
961 { 961 {
962 .name = "text", 962 .name = "text",
963 .desc = "Include or delete text MIME headers", 963 .desc = "Include or delete text MIME headers",
964 .type = OPTION_VALUE_OR, 964 .type = OPTION_VALUE_OR,
965 .opt.value = &cms_config.flags, 965 .opt.value = &cfg.flags,
966 .value = CMS_TEXT, 966 .value = CMS_TEXT,
967 }, 967 },
968 { 968 {
@@ -970,20 +970,20 @@ static const struct option cms_options[] = {
970 .argname = "addr", 970 .argname = "addr",
971 .desc = "To address", 971 .desc = "To address",
972 .type = OPTION_ARG, 972 .type = OPTION_ARG,
973 .opt.arg = &cms_config.to, 973 .opt.arg = &cfg.to,
974 }, 974 },
975 { 975 {
976 .name = "uncompress", 976 .name = "uncompress",
977 .desc = "Uncompress CMS CompressedData type", 977 .desc = "Uncompress CMS CompressedData type",
978 .type = OPTION_VALUE, 978 .type = OPTION_VALUE,
979 .opt.value = &cms_config.operation, 979 .opt.value = &cfg.operation,
980 .value = SMIME_UNCOMPRESS, 980 .value = SMIME_UNCOMPRESS,
981 }, 981 },
982 { 982 {
983 .name = "verify", 983 .name = "verify",
984 .desc = "Verify signed message", 984 .desc = "Verify signed message",
985 .type = OPTION_VALUE, 985 .type = OPTION_VALUE,
986 .opt.value = &cms_config.operation, 986 .opt.value = &cfg.operation,
987 .value = SMIME_VERIFY, 987 .value = SMIME_VERIFY,
988 }, 988 },
989 { 989 {
@@ -997,7 +997,7 @@ static const struct option cms_options[] = {
997 .name = "verify_retcode", 997 .name = "verify_retcode",
998 .desc = "Set verification error code to exit code", 998 .desc = "Set verification error code to exit code",
999 .type = OPTION_FLAG, 999 .type = OPTION_FLAG,
1000 .opt.flag = &cms_config.verify_retcode, 1000 .opt.flag = &cfg.verify_retcode,
1001 }, 1001 },
1002 { 1002 {
1003 .name = "check_ss_sig", 1003 .name = "check_ss_sig",
@@ -1170,84 +1170,84 @@ cms_main(int argc, char **argv)
1170 exit(1); 1170 exit(1);
1171 } 1171 }
1172 1172
1173 memset(&cms_config, 0, sizeof(cms_config)); 1173 memset(&cfg, 0, sizeof(cfg));
1174 cms_config.flags = CMS_DETACHED; 1174 cfg.flags = CMS_DETACHED;
1175 cms_config.rr_allorfirst = -1; 1175 cfg.rr_allorfirst = -1;
1176 cms_config.informat = FORMAT_SMIME; 1176 cfg.informat = FORMAT_SMIME;
1177 cms_config.outformat = FORMAT_SMIME; 1177 cfg.outformat = FORMAT_SMIME;
1178 cms_config.rctformat = FORMAT_SMIME; 1178 cfg.rctformat = FORMAT_SMIME;
1179 cms_config.keyform = FORMAT_PEM; 1179 cfg.keyform = FORMAT_PEM;
1180 if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) { 1180 if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) {
1181 goto argerr; 1181 goto argerr;
1182 } 1182 }
1183 args = argv + argsused; 1183 args = argv + argsused;
1184 ret = 1; 1184 ret = 1;
1185 1185
1186 if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) && 1186 if (((cfg.rr_allorfirst != -1) || cfg.rr_from != NULL) &&
1187 cms_config.rr_to == NULL) { 1187 cfg.rr_to == NULL) {
1188 BIO_puts(bio_err, "No Signed Receipts Recipients\n"); 1188 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
1189 goto argerr; 1189 goto argerr;
1190 } 1190 }
1191 if (!(cms_config.operation & SMIME_SIGNERS) && 1191 if (!(cfg.operation & SMIME_SIGNERS) &&
1192 (cms_config.rr_to != NULL || cms_config.rr_from != NULL)) { 1192 (cfg.rr_to != NULL || cfg.rr_from != NULL)) {
1193 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); 1193 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
1194 goto argerr; 1194 goto argerr;
1195 } 1195 }
1196 if (!(cms_config.operation & SMIME_SIGNERS) && 1196 if (!(cfg.operation & SMIME_SIGNERS) &&
1197 (cms_config.skkeys != NULL || cms_config.sksigners != NULL)) { 1197 (cfg.skkeys != NULL || cfg.sksigners != NULL)) {
1198 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 1198 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
1199 goto argerr; 1199 goto argerr;
1200 } 1200 }
1201 if (cms_config.operation & SMIME_SIGNERS) { 1201 if (cfg.operation & SMIME_SIGNERS) {
1202 if (cms_config.keyfile != NULL && 1202 if (cfg.keyfile != NULL &&
1203 cms_config.signerfile == NULL) { 1203 cfg.signerfile == NULL) {
1204 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 1204 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
1205 goto argerr; 1205 goto argerr;
1206 } 1206 }
1207 /* Check to see if any final signer needs to be appended */ 1207 /* Check to see if any final signer needs to be appended */
1208 if (cms_config.signerfile != NULL) { 1208 if (cfg.signerfile != NULL) {
1209 if (cms_config.sksigners == NULL && 1209 if (cfg.sksigners == NULL &&
1210 (cms_config.sksigners = 1210 (cfg.sksigners =
1211 sk_OPENSSL_STRING_new_null()) == NULL) 1211 sk_OPENSSL_STRING_new_null()) == NULL)
1212 goto end; 1212 goto end;
1213 if (!sk_OPENSSL_STRING_push(cms_config.sksigners, 1213 if (!sk_OPENSSL_STRING_push(cfg.sksigners,
1214 cms_config.signerfile)) 1214 cfg.signerfile))
1215 goto end; 1215 goto end;
1216 if (cms_config.skkeys == NULL && 1216 if (cfg.skkeys == NULL &&
1217 (cms_config.skkeys = 1217 (cfg.skkeys =
1218 sk_OPENSSL_STRING_new_null()) == NULL) 1218 sk_OPENSSL_STRING_new_null()) == NULL)
1219 goto end; 1219 goto end;
1220 if (cms_config.keyfile == NULL) 1220 if (cfg.keyfile == NULL)
1221 cms_config.keyfile = cms_config.signerfile; 1221 cfg.keyfile = cfg.signerfile;
1222 if (!sk_OPENSSL_STRING_push(cms_config.skkeys, 1222 if (!sk_OPENSSL_STRING_push(cfg.skkeys,
1223 cms_config.keyfile)) 1223 cfg.keyfile))
1224 goto end; 1224 goto end;
1225 } 1225 }
1226 if (cms_config.sksigners == NULL) { 1226 if (cfg.sksigners == NULL) {
1227 BIO_printf(bio_err, 1227 BIO_printf(bio_err,
1228 "No signer certificate specified\n"); 1228 "No signer certificate specified\n");
1229 badarg = 1; 1229 badarg = 1;
1230 } 1230 }
1231 cms_config.signerfile = NULL; 1231 cfg.signerfile = NULL;
1232 cms_config.keyfile = NULL; 1232 cfg.keyfile = NULL;
1233 } else if (cms_config.operation == SMIME_DECRYPT) { 1233 } else if (cfg.operation == SMIME_DECRYPT) {
1234 if (cms_config.recipfile == NULL && 1234 if (cfg.recipfile == NULL &&
1235 cms_config.keyfile == NULL && 1235 cfg.keyfile == NULL &&
1236 cms_config.secret_key == NULL && 1236 cfg.secret_key == NULL &&
1237 cms_config.pwri_pass == NULL) { 1237 cfg.pwri_pass == NULL) {
1238 BIO_printf(bio_err, 1238 BIO_printf(bio_err,
1239 "No recipient certificate or key specified\n"); 1239 "No recipient certificate or key specified\n");
1240 badarg = 1; 1240 badarg = 1;
1241 } 1241 }
1242 } else if (cms_config.operation == SMIME_ENCRYPT) { 1242 } else if (cfg.operation == SMIME_ENCRYPT) {
1243 if (*args == NULL && cms_config.secret_key == NULL && 1243 if (*args == NULL && cfg.secret_key == NULL &&
1244 cms_config.pwri_pass == NULL && 1244 cfg.pwri_pass == NULL &&
1245 cms_config.encerts == NULL) { 1245 cfg.encerts == NULL) {
1246 BIO_printf(bio_err, 1246 BIO_printf(bio_err,
1247 "No recipient(s) certificate(s) specified\n"); 1247 "No recipient(s) certificate(s) specified\n");
1248 badarg = 1; 1248 badarg = 1;
1249 } 1249 }
1250 } else if (!cms_config.operation) { 1250 } else if (!cfg.operation) {
1251 badarg = 1; 1251 badarg = 1;
1252 } 1252 }
1253 1253
@@ -1257,103 +1257,103 @@ cms_main(int argc, char **argv)
1257 goto end; 1257 goto end;
1258 } 1258 }
1259 1259
1260 if (!app_passwd(bio_err, cms_config.passargin, NULL, &passin, NULL)) { 1260 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
1261 BIO_printf(bio_err, "Error getting password\n"); 1261 BIO_printf(bio_err, "Error getting password\n");
1262 goto end; 1262 goto end;
1263 } 1263 }
1264 ret = 2; 1264 ret = 2;
1265 1265
1266 if (!(cms_config.operation & SMIME_SIGNERS)) 1266 if (!(cfg.operation & SMIME_SIGNERS))
1267 cms_config.flags &= ~CMS_DETACHED; 1267 cfg.flags &= ~CMS_DETACHED;
1268 1268
1269 if (cms_config.operation & SMIME_OP) { 1269 if (cfg.operation & SMIME_OP) {
1270 if (cms_config.outformat == FORMAT_ASN1) 1270 if (cfg.outformat == FORMAT_ASN1)
1271 outmode = "wb"; 1271 outmode = "wb";
1272 } else { 1272 } else {
1273 if (cms_config.flags & CMS_BINARY) 1273 if (cfg.flags & CMS_BINARY)
1274 outmode = "wb"; 1274 outmode = "wb";
1275 } 1275 }
1276 1276
1277 if (cms_config.operation & SMIME_IP) { 1277 if (cfg.operation & SMIME_IP) {
1278 if (cms_config.informat == FORMAT_ASN1) 1278 if (cfg.informat == FORMAT_ASN1)
1279 inmode = "rb"; 1279 inmode = "rb";
1280 } else { 1280 } else {
1281 if (cms_config.flags & CMS_BINARY) 1281 if (cfg.flags & CMS_BINARY)
1282 inmode = "rb"; 1282 inmode = "rb";
1283 } 1283 }
1284 1284
1285 if (cms_config.operation == SMIME_ENCRYPT) { 1285 if (cfg.operation == SMIME_ENCRYPT) {
1286 if (cms_config.cipher == NULL) { 1286 if (cfg.cipher == NULL) {
1287#ifndef OPENSSL_NO_DES 1287#ifndef OPENSSL_NO_DES
1288 cms_config.cipher = EVP_des_ede3_cbc(); 1288 cfg.cipher = EVP_des_ede3_cbc();
1289#else 1289#else
1290 BIO_printf(bio_err, "No cipher selected\n"); 1290 BIO_printf(bio_err, "No cipher selected\n");
1291 goto end; 1291 goto end;
1292#endif 1292#endif
1293 } 1293 }
1294 if (cms_config.secret_key != NULL && 1294 if (cfg.secret_key != NULL &&
1295 cms_config.secret_keyid == NULL) { 1295 cfg.secret_keyid == NULL) {
1296 BIO_printf(bio_err, "No secret key id\n"); 1296 BIO_printf(bio_err, "No secret key id\n");
1297 goto end; 1297 goto end;
1298 } 1298 }
1299 if (*args != NULL && cms_config.encerts == NULL) 1299 if (*args != NULL && cfg.encerts == NULL)
1300 if ((cms_config.encerts = sk_X509_new_null()) == NULL) 1300 if ((cfg.encerts = sk_X509_new_null()) == NULL)
1301 goto end; 1301 goto end;
1302 while (*args) { 1302 while (*args) {
1303 if ((cms_config.cert = load_cert(bio_err, *args, 1303 if ((cfg.cert = load_cert(bio_err, *args,
1304 FORMAT_PEM, NULL, 1304 FORMAT_PEM, NULL,
1305 "recipient certificate file")) == NULL) 1305 "recipient certificate file")) == NULL)
1306 goto end; 1306 goto end;
1307 if (!sk_X509_push(cms_config.encerts, cms_config.cert)) 1307 if (!sk_X509_push(cfg.encerts, cfg.cert))
1308 goto end; 1308 goto end;
1309 cms_config.cert = NULL; 1309 cfg.cert = NULL;
1310 args++; 1310 args++;
1311 } 1311 }
1312 } 1312 }
1313 if (cms_config.certfile != NULL) { 1313 if (cfg.certfile != NULL) {
1314 if ((other = load_certs(bio_err, cms_config.certfile, 1314 if ((other = load_certs(bio_err, cfg.certfile,
1315 FORMAT_PEM, NULL, "certificate file")) == NULL) { 1315 FORMAT_PEM, NULL, "certificate file")) == NULL) {
1316 ERR_print_errors(bio_err); 1316 ERR_print_errors(bio_err);
1317 goto end; 1317 goto end;
1318 } 1318 }
1319 } 1319 }
1320 if (cms_config.recipfile != NULL && 1320 if (cfg.recipfile != NULL &&
1321 (cms_config.operation == SMIME_DECRYPT)) { 1321 (cfg.operation == SMIME_DECRYPT)) {
1322 if ((recip = load_cert(bio_err, cms_config.recipfile, 1322 if ((recip = load_cert(bio_err, cfg.recipfile,
1323 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { 1323 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {
1324 ERR_print_errors(bio_err); 1324 ERR_print_errors(bio_err);
1325 goto end; 1325 goto end;
1326 } 1326 }
1327 } 1327 }
1328 if (cms_config.operation == SMIME_SIGN_RECEIPT) { 1328 if (cfg.operation == SMIME_SIGN_RECEIPT) {
1329 if ((signer = load_cert(bio_err, cms_config.signerfile, 1329 if ((signer = load_cert(bio_err, cfg.signerfile,
1330 FORMAT_PEM, NULL, 1330 FORMAT_PEM, NULL,
1331 "receipt signer certificate file")) == NULL) { 1331 "receipt signer certificate file")) == NULL) {
1332 ERR_print_errors(bio_err); 1332 ERR_print_errors(bio_err);
1333 goto end; 1333 goto end;
1334 } 1334 }
1335 } 1335 }
1336 if (cms_config.operation == SMIME_DECRYPT) { 1336 if (cfg.operation == SMIME_DECRYPT) {
1337 if (cms_config.keyfile == NULL) 1337 if (cfg.keyfile == NULL)
1338 cms_config.keyfile = cms_config.recipfile; 1338 cfg.keyfile = cfg.recipfile;
1339 } else if ((cms_config.operation == SMIME_SIGN) || 1339 } else if ((cfg.operation == SMIME_SIGN) ||
1340 (cms_config.operation == SMIME_SIGN_RECEIPT)) { 1340 (cfg.operation == SMIME_SIGN_RECEIPT)) {
1341 if (cms_config.keyfile == NULL) 1341 if (cfg.keyfile == NULL)
1342 cms_config.keyfile = cms_config.signerfile; 1342 cfg.keyfile = cfg.signerfile;
1343 } else { 1343 } else {
1344 cms_config.keyfile = NULL; 1344 cfg.keyfile = NULL;
1345 } 1345 }
1346 1346
1347 if (cms_config.keyfile != NULL) { 1347 if (cfg.keyfile != NULL) {
1348 key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, 1348 key = load_key(bio_err, cfg.keyfile, cfg.keyform,
1349 0, passin, "signing key file"); 1349 0, passin, "signing key file");
1350 if (key == NULL) 1350 if (key == NULL)
1351 goto end; 1351 goto end;
1352 } 1352 }
1353 if (cms_config.infile != NULL) { 1353 if (cfg.infile != NULL) {
1354 if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL) { 1354 if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) {
1355 BIO_printf(bio_err, 1355 BIO_printf(bio_err,
1356 "Can't open input file %s\n", cms_config.infile); 1356 "Can't open input file %s\n", cfg.infile);
1357 goto end; 1357 goto end;
1358 } 1358 }
1359 } else { 1359 } else {
@@ -1361,12 +1361,12 @@ cms_main(int argc, char **argv)
1361 goto end; 1361 goto end;
1362 } 1362 }
1363 1363
1364 if (cms_config.operation & SMIME_IP) { 1364 if (cfg.operation & SMIME_IP) {
1365 if (cms_config.informat == FORMAT_SMIME) 1365 if (cfg.informat == FORMAT_SMIME)
1366 cms = SMIME_read_CMS(in, &indata); 1366 cms = SMIME_read_CMS(in, &indata);
1367 else if (cms_config.informat == FORMAT_PEM) 1367 else if (cfg.informat == FORMAT_PEM)
1368 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); 1368 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
1369 else if (cms_config.informat == FORMAT_ASN1) 1369 else if (cfg.informat == FORMAT_ASN1)
1370 cms = d2i_CMS_bio(in, NULL); 1370 cms = d2i_CMS_bio(in, NULL);
1371 else { 1371 else {
1372 BIO_printf(bio_err, "Bad input format for CMS file\n"); 1372 BIO_printf(bio_err, "Bad input format for CMS file\n");
@@ -1377,24 +1377,24 @@ cms_main(int argc, char **argv)
1377 BIO_printf(bio_err, "Error reading S/MIME message\n"); 1377 BIO_printf(bio_err, "Error reading S/MIME message\n");
1378 goto end; 1378 goto end;
1379 } 1379 }
1380 if (cms_config.contfile != NULL) { 1380 if (cfg.contfile != NULL) {
1381 BIO_free(indata); 1381 BIO_free(indata);
1382 if ((indata = BIO_new_file(cms_config.contfile, 1382 if ((indata = BIO_new_file(cfg.contfile,
1383 "rb")) == NULL) { 1383 "rb")) == NULL) {
1384 BIO_printf(bio_err, 1384 BIO_printf(bio_err,
1385 "Can't read content file %s\n", 1385 "Can't read content file %s\n",
1386 cms_config.contfile); 1386 cfg.contfile);
1387 goto end; 1387 goto end;
1388 } 1388 }
1389 } 1389 }
1390 if (cms_config.certsoutfile != NULL) { 1390 if (cfg.certsoutfile != NULL) {
1391 STACK_OF(X509) *allcerts; 1391 STACK_OF(X509) *allcerts;
1392 if ((allcerts = CMS_get1_certs(cms)) == NULL) 1392 if ((allcerts = CMS_get1_certs(cms)) == NULL)
1393 goto end; 1393 goto end;
1394 if (!save_certs(cms_config.certsoutfile, allcerts)) { 1394 if (!save_certs(cfg.certsoutfile, allcerts)) {
1395 BIO_printf(bio_err, 1395 BIO_printf(bio_err,
1396 "Error writing certs to %s\n", 1396 "Error writing certs to %s\n",
1397 cms_config.certsoutfile); 1397 cfg.certsoutfile);
1398 sk_X509_pop_free(allcerts, X509_free); 1398 sk_X509_pop_free(allcerts, X509_free);
1399 ret = 5; 1399 ret = 5;
1400 goto end; 1400 goto end;
@@ -1402,19 +1402,19 @@ cms_main(int argc, char **argv)
1402 sk_X509_pop_free(allcerts, X509_free); 1402 sk_X509_pop_free(allcerts, X509_free);
1403 } 1403 }
1404 } 1404 }
1405 if (cms_config.rctfile != NULL) { 1405 if (cfg.rctfile != NULL) {
1406 char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ? 1406 char *rctmode = (cfg.rctformat == FORMAT_ASN1) ?
1407 "rb" : "r"; 1407 "rb" : "r";
1408 if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) { 1408 if ((rctin = BIO_new_file(cfg.rctfile, rctmode)) == NULL) {
1409 BIO_printf(bio_err, 1409 BIO_printf(bio_err,
1410 "Can't open receipt file %s\n", cms_config.rctfile); 1410 "Can't open receipt file %s\n", cfg.rctfile);
1411 goto end; 1411 goto end;
1412 } 1412 }
1413 if (cms_config.rctformat == FORMAT_SMIME) 1413 if (cfg.rctformat == FORMAT_SMIME)
1414 rcms = SMIME_read_CMS(rctin, NULL); 1414 rcms = SMIME_read_CMS(rctin, NULL);
1415 else if (cms_config.rctformat == FORMAT_PEM) 1415 else if (cfg.rctformat == FORMAT_PEM)
1416 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); 1416 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
1417 else if (cms_config.rctformat == FORMAT_ASN1) 1417 else if (cfg.rctformat == FORMAT_ASN1)
1418 rcms = d2i_CMS_bio(rctin, NULL); 1418 rcms = d2i_CMS_bio(rctin, NULL);
1419 else { 1419 else {
1420 BIO_printf(bio_err, "Bad input format for receipt\n"); 1420 BIO_printf(bio_err, "Bad input format for receipt\n");
@@ -1426,10 +1426,10 @@ cms_main(int argc, char **argv)
1426 goto end; 1426 goto end;
1427 } 1427 }
1428 } 1428 }
1429 if (cms_config.outfile != NULL) { 1429 if (cfg.outfile != NULL) {
1430 if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL) { 1430 if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) {
1431 BIO_printf(bio_err, 1431 BIO_printf(bio_err,
1432 "Can't open output file %s\n", cms_config.outfile); 1432 "Can't open output file %s\n", cfg.outfile);
1433 goto end; 1433 goto end;
1434 } 1434 }
1435 } else { 1435 } else {
@@ -1437,42 +1437,42 @@ cms_main(int argc, char **argv)
1437 goto end; 1437 goto end;
1438 } 1438 }
1439 1439
1440 if ((cms_config.operation == SMIME_VERIFY) || 1440 if ((cfg.operation == SMIME_VERIFY) ||
1441 (cms_config.operation == SMIME_VERIFY_RECEIPT)) { 1441 (cfg.operation == SMIME_VERIFY_RECEIPT)) {
1442 if ((store = setup_verify(bio_err, cms_config.CAfile, 1442 if ((store = setup_verify(bio_err, cfg.CAfile,
1443 cms_config.CApath)) == NULL) 1443 cfg.CApath)) == NULL)
1444 goto end; 1444 goto end;
1445 X509_STORE_set_verify_cb(store, cms_cb); 1445 X509_STORE_set_verify_cb(store, cms_cb);
1446 if (cms_config.vpm != NULL) { 1446 if (cfg.vpm != NULL) {
1447 if (!X509_STORE_set1_param(store, cms_config.vpm)) 1447 if (!X509_STORE_set1_param(store, cfg.vpm))
1448 goto end; 1448 goto end;
1449 } 1449 }
1450 } 1450 }
1451 ret = 3; 1451 ret = 3;
1452 1452
1453 if (cms_config.operation == SMIME_DATA_CREATE) { 1453 if (cfg.operation == SMIME_DATA_CREATE) {
1454 cms = CMS_data_create(in, cms_config.flags); 1454 cms = CMS_data_create(in, cfg.flags);
1455 } else if (cms_config.operation == SMIME_DIGEST_CREATE) { 1455 } else if (cfg.operation == SMIME_DIGEST_CREATE) {
1456 cms = CMS_digest_create(in, cms_config.sign_md, 1456 cms = CMS_digest_create(in, cfg.sign_md,
1457 cms_config.flags); 1457 cfg.flags);
1458 } else if (cms_config.operation == SMIME_COMPRESS) { 1458 } else if (cfg.operation == SMIME_COMPRESS) {
1459 cms = CMS_compress(in, -1, cms_config.flags); 1459 cms = CMS_compress(in, -1, cfg.flags);
1460 } else if (cms_config.operation == SMIME_ENCRYPT) { 1460 } else if (cfg.operation == SMIME_ENCRYPT) {
1461 int i; 1461 int i;
1462 cms_config.flags |= CMS_PARTIAL; 1462 cfg.flags |= CMS_PARTIAL;
1463 cms = CMS_encrypt(NULL, in, cms_config.cipher, 1463 cms = CMS_encrypt(NULL, in, cfg.cipher,
1464 cms_config.flags); 1464 cfg.flags);
1465 if (cms == NULL) 1465 if (cms == NULL)
1466 goto end; 1466 goto end;
1467 for (i = 0; i < sk_X509_num(cms_config.encerts); i++) { 1467 for (i = 0; i < sk_X509_num(cfg.encerts); i++) {
1468 CMS_RecipientInfo *ri; 1468 CMS_RecipientInfo *ri;
1469 struct cms_key_param *kparam; 1469 struct cms_key_param *kparam;
1470 int tflags = cms_config.flags; 1470 int tflags = cfg.flags;
1471 X509 *x; 1471 X509 *x;
1472 1472
1473 if ((x = sk_X509_value(cms_config.encerts, i)) == NULL) 1473 if ((x = sk_X509_value(cfg.encerts, i)) == NULL)
1474 goto end; 1474 goto end;
1475 for (kparam = cms_config.key_first; kparam != NULL; 1475 for (kparam = cfg.key_first; kparam != NULL;
1476 kparam = kparam->next) { 1476 kparam = kparam->next) {
1477 if (kparam->idx == i) { 1477 if (kparam->idx == i) {
1478 tflags |= CMS_KEY_PARAM; 1478 tflags |= CMS_KEY_PARAM;
@@ -1492,18 +1492,18 @@ cms_main(int argc, char **argv)
1492 } 1492 }
1493 } 1493 }
1494 1494
1495 if (cms_config.secret_key != NULL) { 1495 if (cfg.secret_key != NULL) {
1496 if (CMS_add0_recipient_key(cms, NID_undef, 1496 if (CMS_add0_recipient_key(cms, NID_undef,
1497 cms_config.secret_key, cms_config.secret_keylen, 1497 cfg.secret_key, cfg.secret_keylen,
1498 cms_config.secret_keyid, cms_config.secret_keyidlen, 1498 cfg.secret_keyid, cfg.secret_keyidlen,
1499 NULL, NULL, NULL) == NULL) 1499 NULL, NULL, NULL) == NULL)
1500 goto end; 1500 goto end;
1501 /* NULL these because call absorbs them */ 1501 /* NULL these because call absorbs them */
1502 cms_config.secret_key = NULL; 1502 cfg.secret_key = NULL;
1503 cms_config.secret_keyid = NULL; 1503 cfg.secret_keyid = NULL;
1504 } 1504 }
1505 if (cms_config.pwri_pass != NULL) { 1505 if (cfg.pwri_pass != NULL) {
1506 pwri_tmp = strdup(cms_config.pwri_pass); 1506 pwri_tmp = strdup(cfg.pwri_pass);
1507 if (pwri_tmp == NULL) 1507 if (pwri_tmp == NULL)
1508 goto end; 1508 goto end;
1509 if (CMS_add0_recipient_password(cms, -1, NID_undef, 1509 if (CMS_add0_recipient_password(cms, -1, NID_undef,
@@ -1511,16 +1511,16 @@ cms_main(int argc, char **argv)
1511 goto end; 1511 goto end;
1512 pwri_tmp = NULL; 1512 pwri_tmp = NULL;
1513 } 1513 }
1514 if (!(cms_config.flags & CMS_STREAM)) { 1514 if (!(cfg.flags & CMS_STREAM)) {
1515 if (!CMS_final(cms, in, NULL, cms_config.flags)) 1515 if (!CMS_final(cms, in, NULL, cfg.flags))
1516 goto end; 1516 goto end;
1517 } 1517 }
1518 } else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) { 1518 } else if (cfg.operation == SMIME_ENCRYPTED_ENCRYPT) {
1519 cms = CMS_EncryptedData_encrypt(in, cms_config.cipher, 1519 cms = CMS_EncryptedData_encrypt(in, cfg.cipher,
1520 cms_config.secret_key, cms_config.secret_keylen, 1520 cfg.secret_key, cfg.secret_keylen,
1521 cms_config.flags); 1521 cfg.flags);
1522 1522
1523 } else if (cms_config.operation == SMIME_SIGN_RECEIPT) { 1523 } else if (cfg.operation == SMIME_SIGN_RECEIPT) {
1524 CMS_ContentInfo *srcms = NULL; 1524 CMS_ContentInfo *srcms = NULL;
1525 STACK_OF(CMS_SignerInfo) *sis; 1525 STACK_OF(CMS_SignerInfo) *sis;
1526 CMS_SignerInfo *si; 1526 CMS_SignerInfo *si;
@@ -1531,36 +1531,36 @@ cms_main(int argc, char **argv)
1531 if (si == NULL) 1531 if (si == NULL)
1532 goto end; 1532 goto end;
1533 srcms = CMS_sign_receipt(si, signer, key, other, 1533 srcms = CMS_sign_receipt(si, signer, key, other,
1534 cms_config.flags); 1534 cfg.flags);
1535 if (srcms == NULL) 1535 if (srcms == NULL)
1536 goto end; 1536 goto end;
1537 CMS_ContentInfo_free(cms); 1537 CMS_ContentInfo_free(cms);
1538 cms = srcms; 1538 cms = srcms;
1539 } else if (cms_config.operation & SMIME_SIGNERS) { 1539 } else if (cfg.operation & SMIME_SIGNERS) {
1540 int i; 1540 int i;
1541 /* 1541 /*
1542 * If detached data content we enable streaming if S/MIME 1542 * If detached data content we enable streaming if S/MIME
1543 * output format. 1543 * output format.
1544 */ 1544 */
1545 if (cms_config.operation == SMIME_SIGN) { 1545 if (cfg.operation == SMIME_SIGN) {
1546 1546
1547 if (cms_config.flags & CMS_DETACHED) { 1547 if (cfg.flags & CMS_DETACHED) {
1548 if (cms_config.outformat == FORMAT_SMIME) 1548 if (cfg.outformat == FORMAT_SMIME)
1549 cms_config.flags |= CMS_STREAM; 1549 cfg.flags |= CMS_STREAM;
1550 } 1550 }
1551 cms_config.flags |= CMS_PARTIAL; 1551 cfg.flags |= CMS_PARTIAL;
1552 cms = CMS_sign(NULL, NULL, other, in, cms_config.flags); 1552 cms = CMS_sign(NULL, NULL, other, in, cfg.flags);
1553 if (cms == NULL) 1553 if (cms == NULL)
1554 goto end; 1554 goto end;
1555 if (cms_config.econtent_type != NULL) 1555 if (cfg.econtent_type != NULL)
1556 if (!CMS_set1_eContentType(cms, 1556 if (!CMS_set1_eContentType(cms,
1557 cms_config.econtent_type)) 1557 cfg.econtent_type))
1558 goto end; 1558 goto end;
1559 1559
1560 if (cms_config.rr_to != NULL) { 1560 if (cfg.rr_to != NULL) {
1561 rr = make_receipt_request(cms_config.rr_to, 1561 rr = make_receipt_request(cfg.rr_to,
1562 cms_config.rr_allorfirst, 1562 cfg.rr_allorfirst,
1563 cms_config.rr_from); 1563 cfg.rr_from);
1564 if (rr == NULL) { 1564 if (rr == NULL) {
1565 BIO_puts(bio_err, 1565 BIO_puts(bio_err,
1566 "Signed Receipt Request Creation Error\n"); 1566 "Signed Receipt Request Creation Error\n");
@@ -1568,28 +1568,28 @@ cms_main(int argc, char **argv)
1568 } 1568 }
1569 } 1569 }
1570 } else { 1570 } else {
1571 cms_config.flags |= CMS_REUSE_DIGEST; 1571 cfg.flags |= CMS_REUSE_DIGEST;
1572 } 1572 }
1573 1573
1574 for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) { 1574 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) {
1575 CMS_SignerInfo *si; 1575 CMS_SignerInfo *si;
1576 struct cms_key_param *kparam; 1576 struct cms_key_param *kparam;
1577 int tflags = cms_config.flags; 1577 int tflags = cfg.flags;
1578 1578
1579 cms_config.signerfile = sk_OPENSSL_STRING_value( 1579 cfg.signerfile = sk_OPENSSL_STRING_value(
1580 cms_config.sksigners, i); 1580 cfg.sksigners, i);
1581 cms_config.keyfile = sk_OPENSSL_STRING_value( 1581 cfg.keyfile = sk_OPENSSL_STRING_value(
1582 cms_config.skkeys, i); 1582 cfg.skkeys, i);
1583 1583
1584 signer = load_cert(bio_err, cms_config.signerfile, 1584 signer = load_cert(bio_err, cfg.signerfile,
1585 FORMAT_PEM, NULL, "signer certificate"); 1585 FORMAT_PEM, NULL, "signer certificate");
1586 if (signer == NULL) 1586 if (signer == NULL)
1587 goto end; 1587 goto end;
1588 key = load_key(bio_err, cms_config.keyfile, 1588 key = load_key(bio_err, cfg.keyfile,
1589 cms_config.keyform, 0, passin, "signing key file"); 1589 cfg.keyform, 0, passin, "signing key file");
1590 if (key == NULL) 1590 if (key == NULL)
1591 goto end; 1591 goto end;
1592 for (kparam = cms_config.key_first; kparam != NULL; 1592 for (kparam = cfg.key_first; kparam != NULL;
1593 kparam = kparam->next) { 1593 kparam = kparam->next) {
1594 if (kparam->idx == i) { 1594 if (kparam->idx == i) {
1595 tflags |= CMS_KEY_PARAM; 1595 tflags |= CMS_KEY_PARAM;
@@ -1597,7 +1597,7 @@ cms_main(int argc, char **argv)
1597 } 1597 }
1598 } 1598 }
1599 si = CMS_add1_signer(cms, signer, key, 1599 si = CMS_add1_signer(cms, signer, key,
1600 cms_config.sign_md, tflags); 1600 cfg.sign_md, tflags);
1601 if (si == NULL) 1601 if (si == NULL)
1602 goto end; 1602 goto end;
1603 if (kparam != NULL) { 1603 if (kparam != NULL) {
@@ -1616,9 +1616,9 @@ cms_main(int argc, char **argv)
1616 key = NULL; 1616 key = NULL;
1617 } 1617 }
1618 /* If not streaming or resigning finalize structure */ 1618 /* If not streaming or resigning finalize structure */
1619 if ((cms_config.operation == SMIME_SIGN) && 1619 if ((cfg.operation == SMIME_SIGN) &&
1620 !(cms_config.flags & CMS_STREAM)) { 1620 !(cfg.flags & CMS_STREAM)) {
1621 if (!CMS_final(cms, in, NULL, cms_config.flags)) 1621 if (!CMS_final(cms, in, NULL, cfg.flags))
1622 goto end; 1622 goto end;
1623 } 1623 }
1624 } 1624 }
@@ -1627,15 +1627,15 @@ cms_main(int argc, char **argv)
1627 goto end; 1627 goto end;
1628 } 1628 }
1629 ret = 4; 1629 ret = 4;
1630 if (cms_config.operation == SMIME_DECRYPT) { 1630 if (cfg.operation == SMIME_DECRYPT) {
1631 if (cms_config.flags & CMS_DEBUG_DECRYPT) 1631 if (cfg.flags & CMS_DEBUG_DECRYPT)
1632 CMS_decrypt(cms, NULL, NULL, NULL, NULL, 1632 CMS_decrypt(cms, NULL, NULL, NULL, NULL,
1633 cms_config.flags); 1633 cfg.flags);
1634 1634
1635 if (cms_config.secret_key != NULL) { 1635 if (cfg.secret_key != NULL) {
1636 if (!CMS_decrypt_set1_key(cms, cms_config.secret_key, 1636 if (!CMS_decrypt_set1_key(cms, cfg.secret_key,
1637 cms_config.secret_keylen, cms_config.secret_keyid, 1637 cfg.secret_keylen, cfg.secret_keyid,
1638 cms_config.secret_keyidlen)) { 1638 cfg.secret_keyidlen)) {
1639 BIO_puts(bio_err, 1639 BIO_puts(bio_err,
1640 "Error decrypting CMS using secret key\n"); 1640 "Error decrypting CMS using secret key\n");
1641 goto end; 1641 goto end;
@@ -1648,95 +1648,95 @@ cms_main(int argc, char **argv)
1648 goto end; 1648 goto end;
1649 } 1649 }
1650 } 1650 }
1651 if (cms_config.pwri_pass != NULL) { 1651 if (cfg.pwri_pass != NULL) {
1652 if (!CMS_decrypt_set1_password(cms, 1652 if (!CMS_decrypt_set1_password(cms,
1653 cms_config.pwri_pass, -1)) { 1653 cfg.pwri_pass, -1)) {
1654 BIO_puts(bio_err, 1654 BIO_puts(bio_err,
1655 "Error decrypting CMS using password\n"); 1655 "Error decrypting CMS using password\n");
1656 goto end; 1656 goto end;
1657 } 1657 }
1658 } 1658 }
1659 if (!CMS_decrypt(cms, NULL, NULL, indata, out, 1659 if (!CMS_decrypt(cms, NULL, NULL, indata, out,
1660 cms_config.flags)) { 1660 cfg.flags)) {
1661 BIO_printf(bio_err, "Error decrypting CMS structure\n"); 1661 BIO_printf(bio_err, "Error decrypting CMS structure\n");
1662 goto end; 1662 goto end;
1663 } 1663 }
1664 } else if (cms_config.operation == SMIME_DATAOUT) { 1664 } else if (cfg.operation == SMIME_DATAOUT) {
1665 if (!CMS_data(cms, out, cms_config.flags)) 1665 if (!CMS_data(cms, out, cfg.flags))
1666 goto end; 1666 goto end;
1667 } else if (cms_config.operation == SMIME_UNCOMPRESS) { 1667 } else if (cfg.operation == SMIME_UNCOMPRESS) {
1668 if (!CMS_uncompress(cms, indata, out, cms_config.flags)) 1668 if (!CMS_uncompress(cms, indata, out, cfg.flags))
1669 goto end; 1669 goto end;
1670 } else if (cms_config.operation == SMIME_DIGEST_VERIFY) { 1670 } else if (cfg.operation == SMIME_DIGEST_VERIFY) {
1671 if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0) 1671 if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0)
1672 BIO_printf(bio_err, "Verification successful\n"); 1672 BIO_printf(bio_err, "Verification successful\n");
1673 else { 1673 else {
1674 BIO_printf(bio_err, "Verification failure\n"); 1674 BIO_printf(bio_err, "Verification failure\n");
1675 goto end; 1675 goto end;
1676 } 1676 }
1677 } else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) { 1677 } else if (cfg.operation == SMIME_ENCRYPTED_DECRYPT) {
1678 if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key, 1678 if (!CMS_EncryptedData_decrypt(cms, cfg.secret_key,
1679 cms_config.secret_keylen, indata, out, cms_config.flags)) 1679 cfg.secret_keylen, indata, out, cfg.flags))
1680 goto end; 1680 goto end;
1681 } else if (cms_config.operation == SMIME_VERIFY) { 1681 } else if (cfg.operation == SMIME_VERIFY) {
1682 if (CMS_verify(cms, other, store, indata, out, 1682 if (CMS_verify(cms, other, store, indata, out,
1683 cms_config.flags) > 0) { 1683 cfg.flags) > 0) {
1684 BIO_printf(bio_err, "Verification successful\n"); 1684 BIO_printf(bio_err, "Verification successful\n");
1685 } else { 1685 } else {
1686 BIO_printf(bio_err, "Verification failure\n"); 1686 BIO_printf(bio_err, "Verification failure\n");
1687 if (cms_config.verify_retcode) 1687 if (cfg.verify_retcode)
1688 ret = verify_err + 32; 1688 ret = verify_err + 32;
1689 goto end; 1689 goto end;
1690 } 1690 }
1691 if (cms_config.signerfile != NULL) { 1691 if (cfg.signerfile != NULL) {
1692 STACK_OF(X509) *signers; 1692 STACK_OF(X509) *signers;
1693 if ((signers = CMS_get0_signers(cms)) == NULL) 1693 if ((signers = CMS_get0_signers(cms)) == NULL)
1694 goto end; 1694 goto end;
1695 if (!save_certs(cms_config.signerfile, signers)) { 1695 if (!save_certs(cfg.signerfile, signers)) {
1696 BIO_printf(bio_err, 1696 BIO_printf(bio_err,
1697 "Error writing signers to %s\n", 1697 "Error writing signers to %s\n",
1698 cms_config.signerfile); 1698 cfg.signerfile);
1699 sk_X509_free(signers); 1699 sk_X509_free(signers);
1700 ret = 5; 1700 ret = 5;
1701 goto end; 1701 goto end;
1702 } 1702 }
1703 sk_X509_free(signers); 1703 sk_X509_free(signers);
1704 } 1704 }
1705 if (cms_config.rr_print) 1705 if (cfg.rr_print)
1706 receipt_request_print(bio_err, cms); 1706 receipt_request_print(bio_err, cms);
1707 1707
1708 } else if (cms_config.operation == SMIME_VERIFY_RECEIPT) { 1708 } else if (cfg.operation == SMIME_VERIFY_RECEIPT) {
1709 if (CMS_verify_receipt(rcms, cms, other, store, 1709 if (CMS_verify_receipt(rcms, cms, other, store,
1710 cms_config.flags) > 0) { 1710 cfg.flags) > 0) {
1711 BIO_printf(bio_err, "Verification successful\n"); 1711 BIO_printf(bio_err, "Verification successful\n");
1712 } else { 1712 } else {
1713 BIO_printf(bio_err, "Verification failure\n"); 1713 BIO_printf(bio_err, "Verification failure\n");
1714 goto end; 1714 goto end;
1715 } 1715 }
1716 } else { 1716 } else {
1717 if (cms_config.noout) { 1717 if (cfg.noout) {
1718 if (cms_config.print && 1718 if (cfg.print &&
1719 !CMS_ContentInfo_print_ctx(out, cms, 0, NULL)) 1719 !CMS_ContentInfo_print_ctx(out, cms, 0, NULL))
1720 goto end; 1720 goto end;
1721 } else if (cms_config.outformat == FORMAT_SMIME) { 1721 } else if (cfg.outformat == FORMAT_SMIME) {
1722 if (cms_config.to != NULL) 1722 if (cfg.to != NULL)
1723 BIO_printf(out, "To: %s\n", cms_config.to); 1723 BIO_printf(out, "To: %s\n", cfg.to);
1724 if (cms_config.from != NULL) 1724 if (cfg.from != NULL)
1725 BIO_printf(out, "From: %s\n", cms_config.from); 1725 BIO_printf(out, "From: %s\n", cfg.from);
1726 if (cms_config.subject != NULL) 1726 if (cfg.subject != NULL)
1727 BIO_printf(out, "Subject: %s\n", 1727 BIO_printf(out, "Subject: %s\n",
1728 cms_config.subject); 1728 cfg.subject);
1729 if (cms_config.operation == SMIME_RESIGN) 1729 if (cfg.operation == SMIME_RESIGN)
1730 ret = SMIME_write_CMS(out, cms, indata, 1730 ret = SMIME_write_CMS(out, cms, indata,
1731 cms_config.flags); 1731 cfg.flags);
1732 else 1732 else
1733 ret = SMIME_write_CMS(out, cms, in, 1733 ret = SMIME_write_CMS(out, cms, in,
1734 cms_config.flags); 1734 cfg.flags);
1735 } else if (cms_config.outformat == FORMAT_PEM) { 1735 } else if (cfg.outformat == FORMAT_PEM) {
1736 ret = PEM_write_bio_CMS_stream(out, cms, in, 1736 ret = PEM_write_bio_CMS_stream(out, cms, in,
1737 cms_config.flags); 1737 cfg.flags);
1738 } else if (cms_config.outformat == FORMAT_ASN1) { 1738 } else if (cfg.outformat == FORMAT_ASN1) {
1739 ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags); 1739 ret = i2d_CMS_bio_stream(out, cms, in, cfg.flags);
1740 } else { 1740 } else {
1741 BIO_printf(bio_err, "Bad output format for CMS file\n"); 1741 BIO_printf(bio_err, "Bad output format for CMS file\n");
1742 goto end; 1742 goto end;
@@ -1752,27 +1752,27 @@ cms_main(int argc, char **argv)
1752 if (ret) 1752 if (ret)
1753 ERR_print_errors(bio_err); 1753 ERR_print_errors(bio_err);
1754 1754
1755 sk_X509_pop_free(cms_config.encerts, X509_free); 1755 sk_X509_pop_free(cfg.encerts, X509_free);
1756 sk_X509_pop_free(other, X509_free); 1756 sk_X509_pop_free(other, X509_free);
1757 X509_VERIFY_PARAM_free(cms_config.vpm); 1757 X509_VERIFY_PARAM_free(cfg.vpm);
1758 sk_OPENSSL_STRING_free(cms_config.sksigners); 1758 sk_OPENSSL_STRING_free(cfg.sksigners);
1759 sk_OPENSSL_STRING_free(cms_config.skkeys); 1759 sk_OPENSSL_STRING_free(cfg.skkeys);
1760 free(cms_config.secret_key); 1760 free(cfg.secret_key);
1761 free(cms_config.secret_keyid); 1761 free(cfg.secret_keyid);
1762 free(pwri_tmp); 1762 free(pwri_tmp);
1763 ASN1_OBJECT_free(cms_config.econtent_type); 1763 ASN1_OBJECT_free(cfg.econtent_type);
1764 CMS_ReceiptRequest_free(rr); 1764 CMS_ReceiptRequest_free(rr);
1765 sk_OPENSSL_STRING_free(cms_config.rr_to); 1765 sk_OPENSSL_STRING_free(cfg.rr_to);
1766 sk_OPENSSL_STRING_free(cms_config.rr_from); 1766 sk_OPENSSL_STRING_free(cfg.rr_from);
1767 for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) { 1767 for (cfg.key_param = cfg.key_first; cfg.key_param;) {
1768 struct cms_key_param *tparam; 1768 struct cms_key_param *tparam;
1769 sk_OPENSSL_STRING_free(cms_config.key_param->param); 1769 sk_OPENSSL_STRING_free(cfg.key_param->param);
1770 tparam = cms_config.key_param->next; 1770 tparam = cfg.key_param->next;
1771 free(cms_config.key_param); 1771 free(cfg.key_param);
1772 cms_config.key_param = tparam; 1772 cfg.key_param = tparam;
1773 } 1773 }
1774 X509_STORE_free(store); 1774 X509_STORE_free(store);
1775 X509_free(cms_config.cert); 1775 X509_free(cfg.cert);
1776 X509_free(recip); 1776 X509_free(recip);
1777 X509_free(signer); 1777 X509_free(signer);
1778 EVP_PKEY_free(key); 1778 EVP_PKEY_free(key);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 07:15:15 +0000