summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/cms.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/cms.c')
-rw-r--r--src/usr.bin/openssl/cms.c53
1 files changed, 13 insertions, 40 deletions
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index 8e5015feba..7430f4c935 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms.c,v 1.37 2025/05/10 05:25:43 tb Exp $ */ 1/* $OpenBSD: cms.c,v 1.40 2025/12/20 07:02:37 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -89,12 +89,10 @@ static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
89#define SMIME_DATA_CREATE (8 | SMIME_OP) 89#define SMIME_DATA_CREATE (8 | SMIME_OP)
90#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) 90#define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
91#define SMIME_DIGEST_CREATE (10 | SMIME_OP) 91#define SMIME_DIGEST_CREATE (10 | SMIME_OP)
92#define SMIME_UNCOMPRESS (11 | SMIME_IP) 92#define SMIME_ENCRYPTED_DECRYPT (11 | SMIME_IP)
93#define SMIME_COMPRESS (12 | SMIME_OP) 93#define SMIME_ENCRYPTED_ENCRYPT (12 | SMIME_OP)
94#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) 94#define SMIME_SIGN_RECEIPT (13 | SMIME_IP | SMIME_OP)
95#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) 95#define SMIME_VERIFY_RECEIPT (14 | SMIME_IP)
96#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
97#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
98 96
99int verify_err = 0; 97int verify_err = 0;
100 98
@@ -493,7 +491,7 @@ static const struct option cms_options[] = {
493 }, 491 },
494 { 492 {
495 .name = "aes256", 493 .name = "aes256",
496 .desc = "Encrypt PEM output with CBC AES", 494 .desc = "Encrypt PEM output with CBC AES (default)",
497 .type = OPTION_ARGV_FUNC, 495 .type = OPTION_ARGV_FUNC,
498 .opt.argvfunc = cms_opt_cipher, 496 .opt.argvfunc = cms_opt_cipher,
499 }, 497 },
@@ -527,7 +525,7 @@ static const struct option cms_options[] = {
527 }, 525 },
528 { 526 {
529 .name = "des3", 527 .name = "des3",
530 .desc = "Encrypt with triple DES (default)", 528 .desc = "Encrypt with triple DES",
531 .type = OPTION_ARGV_FUNC, 529 .type = OPTION_ARGV_FUNC,
532 .opt.argvfunc = cms_opt_cipher, 530 .opt.argvfunc = cms_opt_cipher,
533 }, 531 },
@@ -602,13 +600,6 @@ static const struct option cms_options[] = {
602 .value = SMIME_CMSOUT, 600 .value = SMIME_CMSOUT,
603 }, 601 },
604 { 602 {
605 .name = "compress",
606 .desc = "Create CMS CompressedData type",
607 .type = OPTION_VALUE,
608 .opt.value = &cfg.operation,
609 .value = SMIME_COMPRESS,
610 },
611 {
612 .name = "content", 603 .name = "content",
613 .argname = "file", 604 .argname = "file",
614 .desc = "Supply or override content for detached signature", 605 .desc = "Supply or override content for detached signature",
@@ -998,13 +989,6 @@ static const struct option cms_options[] = {
998 .opt.arg = &cfg.to, 989 .opt.arg = &cfg.to,
999 }, 990 },
1000 { 991 {
1001 .name = "uncompress",
1002 .desc = "Uncompress CMS CompressedData type",
1003 .type = OPTION_VALUE,
1004 .opt.value = &cfg.operation,
1005 .value = SMIME_UNCOMPRESS,
1006 },
1007 {
1008 .name = "verify", 992 .name = "verify",
1009 .desc = "Verify signed message", 993 .desc = "Verify signed message",
1010 .type = OPTION_VALUE, 994 .type = OPTION_VALUE,
@@ -1138,7 +1122,7 @@ cms_usage(void)
1138 " -camellia192 | -camellia256 | -des | -des3 |\n" 1122 " -camellia192 | -camellia256 | -des | -des3 |\n"
1139 " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n" 1123 " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n"
1140 " [-CApath directory] [-CRLfile file] [-binary]\n" 1124 " [-CApath directory] [-CRLfile file] [-binary]\n"
1141 " [-certfile file] [-certsout file] [-cmsout] [-compress]\n" 1125 " [-certfile file] [-certsout file] [-cmsout]\n"
1142 " [-content file] [-crlfeol] [-data_create] [-data_out]\n" 1126 " [-content file] [-crlfeol] [-data_create] [-data_out]\n"
1143 " [-debug_decrypt] [-decrypt] [-digest_create] [-digest_verify]\n" 1127 " [-debug_decrypt] [-decrypt] [-digest_create] [-digest_verify]\n"
1144 " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n" 1128 " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n"
@@ -1156,7 +1140,7 @@ cms_usage(void)
1156 " [-receipt_request_to addr] [-recip file] [-resign]\n" 1140 " [-receipt_request_to addr] [-recip file] [-resign]\n"
1157 " [-secretkey key] [-secretkeyid id] [-sign] [-sign_receipt]\n" 1141 " [-secretkey key] [-secretkeyid id] [-sign] [-sign_receipt]\n"
1158 " [-signer file] [-stream | -indef | -noindef] [-subject s]\n" 1142 " [-signer file] [-stream | -indef | -noindef] [-subject s]\n"
1159 " [-text] [-to addr] [-uncompress] [-verify]\n" 1143 " [-text] [-to addr] [-verify]\n"
1160 " [-verify_receipt file] [-verify_retcode] [cert.pem ...]\n\n"); 1144 " [-verify_receipt file] [-verify_retcode] [cert.pem ...]\n\n");
1161 1145
1162 options_usage(cms_options); 1146 options_usage(cms_options);
@@ -1309,14 +1293,8 @@ cms_main(int argc, char **argv)
1309 } 1293 }
1310 1294
1311 if (cfg.operation == SMIME_ENCRYPT) { 1295 if (cfg.operation == SMIME_ENCRYPT) {
1312 if (cfg.cipher == NULL) { 1296 if (cfg.cipher == NULL)
1313#ifndef OPENSSL_NO_DES 1297 cfg.cipher = EVP_aes_256_cbc();
1314 cfg.cipher = EVP_des_ede3_cbc();
1315#else
1316 BIO_printf(bio_err, "No cipher selected\n");
1317 goto end;
1318#endif
1319 }
1320 if (cfg.secret_key != NULL && 1298 if (cfg.secret_key != NULL &&
1321 cfg.secret_keyid == NULL) { 1299 cfg.secret_keyid == NULL) {
1322 BIO_printf(bio_err, "No secret key id\n"); 1300 BIO_printf(bio_err, "No secret key id\n");
@@ -1488,8 +1466,6 @@ cms_main(int argc, char **argv)
1488 } else if (cfg.operation == SMIME_DIGEST_CREATE) { 1466 } else if (cfg.operation == SMIME_DIGEST_CREATE) {
1489 cms = CMS_digest_create(in, cfg.sign_md, 1467 cms = CMS_digest_create(in, cfg.sign_md,
1490 cfg.flags); 1468 cfg.flags);
1491 } else if (cfg.operation == SMIME_COMPRESS) {
1492 cms = CMS_compress(in, -1, cfg.flags);
1493 } else if (cfg.operation == SMIME_ENCRYPT) { 1469 } else if (cfg.operation == SMIME_ENCRYPT) {
1494 int i; 1470 int i;
1495 cfg.flags |= CMS_PARTIAL; 1471 cfg.flags |= CMS_PARTIAL;
@@ -1697,9 +1673,6 @@ cms_main(int argc, char **argv)
1697 } else if (cfg.operation == SMIME_DATAOUT) { 1673 } else if (cfg.operation == SMIME_DATAOUT) {
1698 if (!CMS_data(cms, out, cfg.flags)) 1674 if (!CMS_data(cms, out, cfg.flags))
1699 goto end; 1675 goto end;
1700 } else if (cfg.operation == SMIME_UNCOMPRESS) {
1701 if (!CMS_uncompress(cms, indata, out, cfg.flags))
1702 goto end;
1703 } else if (cfg.operation == SMIME_DIGEST_VERIFY) { 1676 } else if (cfg.operation == SMIME_DIGEST_VERIFY) {
1704 if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0) 1677 if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0)
1705 BIO_printf(bio_err, "Verification successful\n"); 1678 BIO_printf(bio_err, "Verification successful\n");
@@ -1890,14 +1863,14 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1890 BIO_puts(bio_err, " Receipt Request Parse Error\n"); 1863 BIO_puts(bio_err, " Receipt Request Parse Error\n");
1891 ERR_print_errors(bio_err); 1864 ERR_print_errors(bio_err);
1892 } else { 1865 } else {
1893 char *id; 1866 const char *id;
1894 int idlen; 1867 int idlen;
1895 1868
1896 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, 1869 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1897 &rlist, &rto); 1870 &rlist, &rto);
1898 BIO_puts(out, " Signed Content ID:\n"); 1871 BIO_puts(out, " Signed Content ID:\n");
1899 idlen = ASN1_STRING_length(scid); 1872 idlen = ASN1_STRING_length(scid);
1900 id = (char *) ASN1_STRING_data(scid); 1873 id = (const char *) ASN1_STRING_get0_data(scid);
1901 BIO_dump_indent(out, id, idlen, 4); 1874 BIO_dump_indent(out, id, idlen, 4);
1902 BIO_puts(out, " Receipts From"); 1875 BIO_puts(out, " Receipts From");
1903 if (rlist != NULL) { 1876 if (rlist != NULL) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-13 18:10:24 +0000