diff options
Diffstat (limited to 'src/usr.bin/openssl/cms.c')
| -rw-r--r-- | src/usr.bin/openssl/cms.c | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c index b94e14675b..7420d0ab8c 100644 --- a/src/usr.bin/openssl/cms.c +++ b/src/usr.bin/openssl/cms.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: cms.c,v 1.35 2023/11/21 17:56:19 tb Exp $ */ | 1 | /* $OpenBSD: cms.c,v 1.36 2024/08/12 15:34:58 job Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project. | 3 | * project. |
| 4 | */ | 4 | */ |
| @@ -110,6 +110,7 @@ static struct { | |||
| 110 | X509 *cert; | 110 | X509 *cert; |
| 111 | char *certfile; | 111 | char *certfile; |
| 112 | char *certsoutfile; | 112 | char *certsoutfile; |
| 113 | char *crlfile; | ||
| 113 | const EVP_CIPHER *cipher; | 114 | const EVP_CIPHER *cipher; |
| 114 | char *contfile; | 115 | char *contfile; |
| 115 | ASN1_OBJECT *econtent_type; | 116 | ASN1_OBJECT *econtent_type; |
| @@ -548,6 +549,13 @@ static const struct option cms_options[] = { | |||
| 548 | .opt.arg = &cfg.CApath, | 549 | .opt.arg = &cfg.CApath, |
| 549 | }, | 550 | }, |
| 550 | { | 551 | { |
| 552 | .name = "CRLfile", | ||
| 553 | .argname = "file", | ||
| 554 | .desc = "Other certificate revocation lists file", | ||
| 555 | .type = OPTION_ARG, | ||
| 556 | .opt.arg = &cfg.crlfile, | ||
| 557 | }, | ||
| 558 | { | ||
| 551 | .name = "binary", | 559 | .name = "binary", |
| 552 | .desc = "Do not translate message to text", | 560 | .desc = "Do not translate message to text", |
| 553 | .type = OPTION_VALUE_OR, | 561 | .type = OPTION_VALUE_OR, |
| @@ -1111,10 +1119,10 @@ cms_usage(void) | |||
| 1111 | "[-aes128 | -aes192 | -aes256 | -camellia128 |\n" | 1119 | "[-aes128 | -aes192 | -aes256 | -camellia128 |\n" |
| 1112 | " -camellia192 | -camellia256 | -des | -des3 |\n" | 1120 | " -camellia192 | -camellia256 | -des | -des3 |\n" |
| 1113 | " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n" | 1121 | " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n" |
| 1114 | " [-CApath directory] [-binary] [-certfile file]\n" | 1122 | " [-CApath directory] [-CRLfile file] [-binary]\n" |
| 1115 | " [-certsout file] [-cmsout] [-compress] [-content file]\n" | 1123 | " [-certfile file] [-certsout file] [-cmsout] [-compress]\n" |
| 1116 | " [-crlfeol] [-data_create] [-data_out] [-debug_decrypt]\n" | 1124 | " [-content file] [-crlfeol] [-data_create] [-data_out]\n" |
| 1117 | " [-decrypt] [-digest_create] [-digest_verify]\n" | 1125 | " [-debug_decrypt] [-decrypt] [-digest_create] [-digest_verify]\n" |
| 1118 | " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n" | 1126 | " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n" |
| 1119 | " [-EncryptedData_encrypt] [-from addr] [-in file]\n" | 1127 | " [-EncryptedData_encrypt] [-from addr] [-in file]\n" |
| 1120 | " [-inform der | pem | smime] [-inkey file]\n" | 1128 | " [-inform der | pem | smime] [-inkey file]\n" |
| @@ -1158,6 +1166,7 @@ cms_main(int argc, char **argv) | |||
| 1158 | X509 *recip = NULL, *signer = NULL; | 1166 | X509 *recip = NULL, *signer = NULL; |
| 1159 | EVP_PKEY *key = NULL; | 1167 | EVP_PKEY *key = NULL; |
| 1160 | STACK_OF(X509) *other = NULL; | 1168 | STACK_OF(X509) *other = NULL; |
| 1169 | STACK_OF(X509_CRL) *crls = NULL; | ||
| 1161 | BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; | 1170 | BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; |
| 1162 | int badarg = 0; | 1171 | int badarg = 0; |
| 1163 | CMS_ReceiptRequest *rr = NULL; | 1172 | CMS_ReceiptRequest *rr = NULL; |
| @@ -1316,6 +1325,14 @@ cms_main(int argc, char **argv) | |||
| 1316 | goto end; | 1325 | goto end; |
| 1317 | } | 1326 | } |
| 1318 | } | 1327 | } |
| 1328 | |||
| 1329 | if (cfg.crlfile != NULL) { | ||
| 1330 | crls = load_crls(bio_err, cfg.crlfile, FORMAT_PEM, NULL, | ||
| 1331 | "other CRLs"); | ||
| 1332 | if (crls == NULL) | ||
| 1333 | goto end; | ||
| 1334 | } | ||
| 1335 | |||
| 1319 | if (cfg.recipfile != NULL && | 1336 | if (cfg.recipfile != NULL && |
| 1320 | (cfg.operation == SMIME_DECRYPT)) { | 1337 | (cfg.operation == SMIME_DECRYPT)) { |
| 1321 | if ((recip = load_cert(bio_err, cfg.recipfile, | 1338 | if ((recip = load_cert(bio_err, cfg.recipfile, |
| @@ -1677,6 +1694,15 @@ cms_main(int argc, char **argv) | |||
| 1677 | cfg.secret_keylen, indata, out, cfg.flags)) | 1694 | cfg.secret_keylen, indata, out, cfg.flags)) |
| 1678 | goto end; | 1695 | goto end; |
| 1679 | } else if (cfg.operation == SMIME_VERIFY) { | 1696 | } else if (cfg.operation == SMIME_VERIFY) { |
| 1697 | if (cfg.crlfile != NULL) { | ||
| 1698 | int i; | ||
| 1699 | |||
| 1700 | for (i = 0; i < sk_X509_CRL_num(crls); i++) { | ||
| 1701 | X509_CRL *crl = sk_X509_CRL_value(crls, i); | ||
| 1702 | if (!CMS_add1_crl(cms, crl)) | ||
| 1703 | goto end; | ||
| 1704 | } | ||
| 1705 | } | ||
| 1680 | if (CMS_verify(cms, other, store, indata, out, | 1706 | if (CMS_verify(cms, other, store, indata, out, |
| 1681 | cfg.flags) > 0) { | 1707 | cfg.flags) > 0) { |
| 1682 | BIO_printf(bio_err, "Verification successful\n"); | 1708 | BIO_printf(bio_err, "Verification successful\n"); |
| @@ -1752,6 +1778,7 @@ cms_main(int argc, char **argv) | |||
| 1752 | 1778 | ||
| 1753 | sk_X509_pop_free(cfg.encerts, X509_free); | 1779 | sk_X509_pop_free(cfg.encerts, X509_free); |
| 1754 | sk_X509_pop_free(other, X509_free); | 1780 | sk_X509_pop_free(other, X509_free); |
| 1781 | sk_X509_CRL_pop_free(crls, X509_CRL_free); | ||
| 1755 | X509_VERIFY_PARAM_free(cfg.vpm); | 1782 | X509_VERIFY_PARAM_free(cfg.vpm); |
| 1756 | sk_OPENSSL_STRING_free(cfg.sksigners); | 1783 | sk_OPENSSL_STRING_free(cfg.sksigners); |
| 1757 | sk_OPENSSL_STRING_free(cfg.skkeys); | 1784 | sk_OPENSSL_STRING_free(cfg.skkeys); |