summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/smime.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl/smime.c')
-rw-r--r--src/usr.bin/openssl/smime.c384
1 files changed, 192 insertions, 192 deletions
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c
index 37375c1600..e54c8d0b84 100644
--- a/src/usr.bin/openssl/smime.c
+++ b/src/usr.bin/openssl/smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: smime.c,v 1.18 2022/11/11 17:07:39 joshua Exp $ */ 1/* $OpenBSD: smime.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -107,7 +107,7 @@ static struct {
107 char *subject; 107 char *subject;
108 char *to; 108 char *to;
109 X509_VERIFY_PARAM *vpm; 109 X509_VERIFY_PARAM *vpm;
110} smime_config; 110} cfg;
111 111
112static const EVP_CIPHER * 112static const EVP_CIPHER *
113get_cipher_by_name(char *name) 113get_cipher_by_name(char *name)
@@ -156,8 +156,8 @@ smime_opt_cipher(int argc, char **argv, int *argsused)
156 if (*name++ != '-') 156 if (*name++ != '-')
157 return (1); 157 return (1);
158 158
159 if ((smime_config.cipher = get_cipher_by_name(name)) == NULL) 159 if ((cfg.cipher = get_cipher_by_name(name)) == NULL)
160 if ((smime_config.cipher = EVP_get_cipherbyname(name)) == NULL) 160 if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL)
161 return (1); 161 return (1);
162 162
163 *argsused = 1; 163 *argsused = 1;
@@ -167,41 +167,41 @@ smime_opt_cipher(int argc, char **argv, int *argsused)
167static int 167static int
168smime_opt_inkey(char *arg) 168smime_opt_inkey(char *arg)
169{ 169{
170 if (smime_config.keyfile == NULL) { 170 if (cfg.keyfile == NULL) {
171 smime_config.keyfile = arg; 171 cfg.keyfile = arg;
172 return (0); 172 return (0);
173 } 173 }
174 174
175 if (smime_config.signerfile == NULL) { 175 if (cfg.signerfile == NULL) {
176 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 176 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
177 return (1); 177 return (1);
178 } 178 }
179 179
180 if (smime_config.sksigners == NULL) { 180 if (cfg.sksigners == NULL) {
181 if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) 181 if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
182 return (1); 182 return (1);
183 } 183 }
184 if (!sk_OPENSSL_STRING_push(smime_config.sksigners, 184 if (!sk_OPENSSL_STRING_push(cfg.sksigners,
185 smime_config.signerfile)) 185 cfg.signerfile))
186 return (1); 186 return (1);
187 187
188 smime_config.signerfile = NULL; 188 cfg.signerfile = NULL;
189 189
190 if (smime_config.skkeys == NULL) { 190 if (cfg.skkeys == NULL) {
191 if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) 191 if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
192 return (1); 192 return (1);
193 } 193 }
194 if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) 194 if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
195 return (1); 195 return (1);
196 196
197 smime_config.keyfile = arg; 197 cfg.keyfile = arg;
198 return (0); 198 return (0);
199} 199}
200 200
201static int 201static int
202smime_opt_md(char *arg) 202smime_opt_md(char *arg)
203{ 203{
204 if ((smime_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { 204 if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) {
205 BIO_printf(bio_err, "Unknown digest %s\n", arg); 205 BIO_printf(bio_err, "Unknown digest %s\n", arg);
206 return (1); 206 return (1);
207 } 207 }
@@ -211,32 +211,32 @@ smime_opt_md(char *arg)
211static int 211static int
212smime_opt_signer(char *arg) 212smime_opt_signer(char *arg)
213{ 213{
214 if (smime_config.signerfile == NULL) { 214 if (cfg.signerfile == NULL) {
215 smime_config.signerfile = arg; 215 cfg.signerfile = arg;
216 return (0); 216 return (0);
217 } 217 }
218 218
219 if (smime_config.sksigners == NULL) { 219 if (cfg.sksigners == NULL) {
220 if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL) 220 if ((cfg.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
221 return (1); 221 return (1);
222 } 222 }
223 if (!sk_OPENSSL_STRING_push(smime_config.sksigners, 223 if (!sk_OPENSSL_STRING_push(cfg.sksigners,
224 smime_config.signerfile)) 224 cfg.signerfile))
225 return (1); 225 return (1);
226 226
227 if (smime_config.keyfile == NULL) 227 if (cfg.keyfile == NULL)
228 smime_config.keyfile = smime_config.signerfile; 228 cfg.keyfile = cfg.signerfile;
229 229
230 if (smime_config.skkeys == NULL) { 230 if (cfg.skkeys == NULL) {
231 if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL) 231 if ((cfg.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
232 return (1); 232 return (1);
233 } 233 }
234 if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile)) 234 if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))
235 return (1); 235 return (1);
236 236
237 smime_config.keyfile = NULL; 237 cfg.keyfile = NULL;
238 238
239 smime_config.signerfile = arg; 239 cfg.signerfile = arg;
240 return (0); 240 return (0);
241} 241}
242 242
@@ -246,7 +246,7 @@ smime_opt_verify_param(int argc, char **argv, int *argsused)
246 int oargc = argc; 246 int oargc = argc;
247 int badarg = 0; 247 int badarg = 0;
248 248
249 if (!args_verify(&argv, &argc, &badarg, bio_err, &smime_config.vpm)) 249 if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))
250 return (1); 250 return (1);
251 if (badarg) 251 if (badarg)
252 return (1); 252 return (1);
@@ -336,20 +336,20 @@ static const struct option smime_options[] = {
336 .argname = "file", 336 .argname = "file",
337 .desc = "Certificate Authority file", 337 .desc = "Certificate Authority file",
338 .type = OPTION_ARG, 338 .type = OPTION_ARG,
339 .opt.arg = &smime_config.CAfile, 339 .opt.arg = &cfg.CAfile,
340 }, 340 },
341 { 341 {
342 .name = "CApath", 342 .name = "CApath",
343 .argname = "path", 343 .argname = "path",
344 .desc = "Certificate Authority path", 344 .desc = "Certificate Authority path",
345 .type = OPTION_ARG, 345 .type = OPTION_ARG,
346 .opt.arg = &smime_config.CApath, 346 .opt.arg = &cfg.CApath,
347 }, 347 },
348 { 348 {
349 .name = "binary", 349 .name = "binary",
350 .desc = "Do not translate message to text", 350 .desc = "Do not translate message to text",
351 .type = OPTION_VALUE_OR, 351 .type = OPTION_VALUE_OR,
352 .opt.value = &smime_config.flags, 352 .opt.value = &cfg.flags,
353 .value = PKCS7_BINARY, 353 .value = PKCS7_BINARY,
354 }, 354 },
355 { 355 {
@@ -357,34 +357,34 @@ static const struct option smime_options[] = {
357 .argname = "file", 357 .argname = "file",
358 .desc = "Other certificates file", 358 .desc = "Other certificates file",
359 .type = OPTION_ARG, 359 .type = OPTION_ARG,
360 .opt.arg = &smime_config.certfile, 360 .opt.arg = &cfg.certfile,
361 }, 361 },
362 { 362 {
363 .name = "content", 363 .name = "content",
364 .argname = "file", 364 .argname = "file",
365 .desc = "Supply or override content for detached signature", 365 .desc = "Supply or override content for detached signature",
366 .type = OPTION_ARG, 366 .type = OPTION_ARG,
367 .opt.arg = &smime_config.contfile, 367 .opt.arg = &cfg.contfile,
368 }, 368 },
369 { 369 {
370 .name = "crlfeol", 370 .name = "crlfeol",
371 .desc = "Use CRLF as EOL termination instead of CR only", 371 .desc = "Use CRLF as EOL termination instead of CR only",
372 .type = OPTION_VALUE_OR, 372 .type = OPTION_VALUE_OR,
373 .opt.value = &smime_config.flags, 373 .opt.value = &cfg.flags,
374 .value = PKCS7_CRLFEOL, 374 .value = PKCS7_CRLFEOL,
375 }, 375 },
376 { 376 {
377 .name = "decrypt", 377 .name = "decrypt",
378 .desc = "Decrypt encrypted message", 378 .desc = "Decrypt encrypted message",
379 .type = OPTION_VALUE, 379 .type = OPTION_VALUE,
380 .opt.value = &smime_config.operation, 380 .opt.value = &cfg.operation,
381 .value = SMIME_DECRYPT, 381 .value = SMIME_DECRYPT,
382 }, 382 },
383 { 383 {
384 .name = "encrypt", 384 .name = "encrypt",
385 .desc = "Encrypt message", 385 .desc = "Encrypt message",
386 .type = OPTION_VALUE, 386 .type = OPTION_VALUE,
387 .opt.value = &smime_config.operation, 387 .opt.value = &cfg.operation,
388 .value = SMIME_ENCRYPT, 388 .value = SMIME_ENCRYPT,
389 }, 389 },
390 { 390 {
@@ -392,20 +392,20 @@ static const struct option smime_options[] = {
392 .argname = "addr", 392 .argname = "addr",
393 .desc = "From address", 393 .desc = "From address",
394 .type = OPTION_ARG, 394 .type = OPTION_ARG,
395 .opt.arg = &smime_config.from, 395 .opt.arg = &cfg.from,
396 }, 396 },
397 { 397 {
398 .name = "in", 398 .name = "in",
399 .argname = "file", 399 .argname = "file",
400 .desc = "Input file", 400 .desc = "Input file",
401 .type = OPTION_ARG, 401 .type = OPTION_ARG,
402 .opt.arg = &smime_config.infile, 402 .opt.arg = &cfg.infile,
403 }, 403 },
404 { 404 {
405 .name = "indef", 405 .name = "indef",
406 .desc = "Same as -stream", 406 .desc = "Same as -stream",
407 .type = OPTION_VALUE, 407 .type = OPTION_VALUE,
408 .opt.value = &smime_config.indef, 408 .opt.value = &cfg.indef,
409 .value = 1, 409 .value = 1,
410 }, 410 },
411 { 411 {
@@ -413,7 +413,7 @@ static const struct option smime_options[] = {
413 .argname = "fmt", 413 .argname = "fmt",
414 .desc = "Input format (DER, PEM or SMIME (default))", 414 .desc = "Input format (DER, PEM or SMIME (default))",
415 .type = OPTION_ARG_FORMAT, 415 .type = OPTION_ARG_FORMAT,
416 .opt.value = &smime_config.informat, 416 .opt.value = &cfg.informat,
417 }, 417 },
418 { 418 {
419 .name = "inkey", 419 .name = "inkey",
@@ -427,7 +427,7 @@ static const struct option smime_options[] = {
427 .argname = "fmt", 427 .argname = "fmt",
428 .desc = "Input key format (DER or PEM (default))", 428 .desc = "Input key format (DER or PEM (default))",
429 .type = OPTION_ARG_FORMAT, 429 .type = OPTION_ARG_FORMAT,
430 .opt.value = &smime_config.keyform, 430 .opt.value = &cfg.keyform,
431 }, 431 },
432 { 432 {
433 .name = "md", 433 .name = "md",
@@ -440,70 +440,70 @@ static const struct option smime_options[] = {
440 .name = "noattr", 440 .name = "noattr",
441 .desc = "Do not include any signed attributes", 441 .desc = "Do not include any signed attributes",
442 .type = OPTION_VALUE_OR, 442 .type = OPTION_VALUE_OR,
443 .opt.value = &smime_config.flags, 443 .opt.value = &cfg.flags,
444 .value = PKCS7_NOATTR, 444 .value = PKCS7_NOATTR,
445 }, 445 },
446 { 446 {
447 .name = "nocerts", 447 .name = "nocerts",
448 .desc = "Do not include signer's certificate when signing", 448 .desc = "Do not include signer's certificate when signing",
449 .type = OPTION_VALUE_OR, 449 .type = OPTION_VALUE_OR,
450 .opt.value = &smime_config.flags, 450 .opt.value = &cfg.flags,
451 .value = PKCS7_NOCERTS, 451 .value = PKCS7_NOCERTS,
452 }, 452 },
453 { 453 {
454 .name = "nochain", 454 .name = "nochain",
455 .desc = "Do not chain verification of signer's certificates", 455 .desc = "Do not chain verification of signer's certificates",
456 .type = OPTION_VALUE_OR, 456 .type = OPTION_VALUE_OR,
457 .opt.value = &smime_config.flags, 457 .opt.value = &cfg.flags,
458 .value = PKCS7_NOCHAIN, 458 .value = PKCS7_NOCHAIN,
459 }, 459 },
460 { 460 {
461 .name = "nodetach", 461 .name = "nodetach",
462 .desc = "Use opaque signing", 462 .desc = "Use opaque signing",
463 .type = OPTION_VALUE_AND, 463 .type = OPTION_VALUE_AND,
464 .opt.value = &smime_config.flags, 464 .opt.value = &cfg.flags,
465 .value = ~PKCS7_DETACHED, 465 .value = ~PKCS7_DETACHED,
466 }, 466 },
467 { 467 {
468 .name = "noindef", 468 .name = "noindef",
469 .desc = "Disable streaming I/O", 469 .desc = "Disable streaming I/O",
470 .type = OPTION_VALUE, 470 .type = OPTION_VALUE,
471 .opt.value = &smime_config.indef, 471 .opt.value = &cfg.indef,
472 .value = 0, 472 .value = 0,
473 }, 473 },
474 { 474 {
475 .name = "nointern", 475 .name = "nointern",
476 .desc = "Do not search certificates in message for signer", 476 .desc = "Do not search certificates in message for signer",
477 .type = OPTION_VALUE_OR, 477 .type = OPTION_VALUE_OR,
478 .opt.value = &smime_config.flags, 478 .opt.value = &cfg.flags,
479 .value = PKCS7_NOINTERN, 479 .value = PKCS7_NOINTERN,
480 }, 480 },
481 { 481 {
482 .name = "nooldmime", 482 .name = "nooldmime",
483 .desc = "Output old S/MIME content type", 483 .desc = "Output old S/MIME content type",
484 .type = OPTION_VALUE_OR, 484 .type = OPTION_VALUE_OR,
485 .opt.value = &smime_config.flags, 485 .opt.value = &cfg.flags,
486 .value = PKCS7_NOOLDMIMETYPE, 486 .value = PKCS7_NOOLDMIMETYPE,
487 }, 487 },
488 { 488 {
489 .name = "nosigs", 489 .name = "nosigs",
490 .desc = "Do not verify message signature", 490 .desc = "Do not verify message signature",
491 .type = OPTION_VALUE_OR, 491 .type = OPTION_VALUE_OR,
492 .opt.value = &smime_config.flags, 492 .opt.value = &cfg.flags,
493 .value = PKCS7_NOSIGS, 493 .value = PKCS7_NOSIGS,
494 }, 494 },
495 { 495 {
496 .name = "nosmimecap", 496 .name = "nosmimecap",
497 .desc = "Omit the SMIMECapabilities attribute", 497 .desc = "Omit the SMIMECapabilities attribute",
498 .type = OPTION_VALUE_OR, 498 .type = OPTION_VALUE_OR,
499 .opt.value = &smime_config.flags, 499 .opt.value = &cfg.flags,
500 .value = PKCS7_NOSMIMECAP, 500 .value = PKCS7_NOSMIMECAP,
501 }, 501 },
502 { 502 {
503 .name = "noverify", 503 .name = "noverify",
504 .desc = "Do not verify signer's certificate", 504 .desc = "Do not verify signer's certificate",
505 .type = OPTION_VALUE_OR, 505 .type = OPTION_VALUE_OR,
506 .opt.value = &smime_config.flags, 506 .opt.value = &cfg.flags,
507 .value = PKCS7_NOVERIFY, 507 .value = PKCS7_NOVERIFY,
508 }, 508 },
509 { 509 {
@@ -511,27 +511,27 @@ static const struct option smime_options[] = {
511 .argname = "file", 511 .argname = "file",
512 .desc = "Output file", 512 .desc = "Output file",
513 .type = OPTION_ARG, 513 .type = OPTION_ARG,
514 .opt.arg = &smime_config.outfile, 514 .opt.arg = &cfg.outfile,
515 }, 515 },
516 { 516 {
517 .name = "outform", 517 .name = "outform",
518 .argname = "fmt", 518 .argname = "fmt",
519 .desc = "Output format (DER, PEM or SMIME (default))", 519 .desc = "Output format (DER, PEM or SMIME (default))",
520 .type = OPTION_ARG_FORMAT, 520 .type = OPTION_ARG_FORMAT,
521 .opt.value = &smime_config.outformat, 521 .opt.value = &cfg.outformat,
522 }, 522 },
523 { 523 {
524 .name = "passin", 524 .name = "passin",
525 .argname = "src", 525 .argname = "src",
526 .desc = "Private key password source", 526 .desc = "Private key password source",
527 .type = OPTION_ARG, 527 .type = OPTION_ARG,
528 .opt.arg = &smime_config.passargin, 528 .opt.arg = &cfg.passargin,
529 }, 529 },
530 { 530 {
531 .name = "pk7out", 531 .name = "pk7out",
532 .desc = "Output PKCS#7 structure", 532 .desc = "Output PKCS#7 structure",
533 .type = OPTION_VALUE, 533 .type = OPTION_VALUE,
534 .opt.value = &smime_config.operation, 534 .opt.value = &cfg.operation,
535 .value = SMIME_PK7OUT, 535 .value = SMIME_PK7OUT,
536 }, 536 },
537 { 537 {
@@ -539,20 +539,20 @@ static const struct option smime_options[] = {
539 .argname = "file", 539 .argname = "file",
540 .desc = "Recipient certificate file for decryption", 540 .desc = "Recipient certificate file for decryption",
541 .type = OPTION_ARG, 541 .type = OPTION_ARG,
542 .opt.arg = &smime_config.recipfile, 542 .opt.arg = &cfg.recipfile,
543 }, 543 },
544 { 544 {
545 .name = "resign", 545 .name = "resign",
546 .desc = "Resign a signed message", 546 .desc = "Resign a signed message",
547 .type = OPTION_VALUE, 547 .type = OPTION_VALUE,
548 .opt.value = &smime_config.operation, 548 .opt.value = &cfg.operation,
549 .value = SMIME_RESIGN, 549 .value = SMIME_RESIGN,
550 }, 550 },
551 { 551 {
552 .name = "sign", 552 .name = "sign",
553 .desc = "Sign message", 553 .desc = "Sign message",
554 .type = OPTION_VALUE, 554 .type = OPTION_VALUE,
555 .opt.value = &smime_config.operation, 555 .opt.value = &cfg.operation,
556 .value = SMIME_SIGN, 556 .value = SMIME_SIGN,
557 }, 557 },
558 { 558 {
@@ -566,7 +566,7 @@ static const struct option smime_options[] = {
566 .name = "stream", 566 .name = "stream",
567 .desc = "Enable streaming I/O", 567 .desc = "Enable streaming I/O",
568 .type = OPTION_VALUE, 568 .type = OPTION_VALUE,
569 .opt.value = &smime_config.indef, 569 .opt.value = &cfg.indef,
570 .value = 1, 570 .value = 1,
571 }, 571 },
572 { 572 {
@@ -574,13 +574,13 @@ static const struct option smime_options[] = {
574 .argname = "s", 574 .argname = "s",
575 .desc = "Subject", 575 .desc = "Subject",
576 .type = OPTION_ARG, 576 .type = OPTION_ARG,
577 .opt.arg = &smime_config.subject, 577 .opt.arg = &cfg.subject,
578 }, 578 },
579 { 579 {
580 .name = "text", 580 .name = "text",
581 .desc = "Include or delete text MIME headers", 581 .desc = "Include or delete text MIME headers",
582 .type = OPTION_VALUE_OR, 582 .type = OPTION_VALUE_OR,
583 .opt.value = &smime_config.flags, 583 .opt.value = &cfg.flags,
584 .value = PKCS7_TEXT, 584 .value = PKCS7_TEXT,
585 }, 585 },
586 { 586 {
@@ -588,13 +588,13 @@ static const struct option smime_options[] = {
588 .argname = "addr", 588 .argname = "addr",
589 .desc = "To address", 589 .desc = "To address",
590 .type = OPTION_ARG, 590 .type = OPTION_ARG,
591 .opt.arg = &smime_config.to, 591 .opt.arg = &cfg.to,
592 }, 592 },
593 { 593 {
594 .name = "verify", 594 .name = "verify",
595 .desc = "Verify signed message", 595 .desc = "Verify signed message",
596 .type = OPTION_VALUE, 596 .type = OPTION_VALUE,
597 .opt.value = &smime_config.operation, 597 .opt.value = &cfg.operation,
598 .value = SMIME_VERIFY, 598 .value = SMIME_VERIFY,
599 }, 599 },
600 { 600 {
@@ -727,70 +727,70 @@ smime_main(int argc, char **argv)
727 exit(1); 727 exit(1);
728 } 728 }
729 729
730 memset(&smime_config, 0, sizeof(smime_config)); 730 memset(&cfg, 0, sizeof(cfg));
731 smime_config.flags = PKCS7_DETACHED; 731 cfg.flags = PKCS7_DETACHED;
732 smime_config.informat = FORMAT_SMIME; 732 cfg.informat = FORMAT_SMIME;
733 smime_config.outformat = FORMAT_SMIME; 733 cfg.outformat = FORMAT_SMIME;
734 smime_config.keyform = FORMAT_PEM; 734 cfg.keyform = FORMAT_PEM;
735 if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) { 735 if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) {
736 goto argerr; 736 goto argerr;
737 } 737 }
738 args = argv + argsused; 738 args = argv + argsused;
739 ret = 1; 739 ret = 1;
740 740
741 if (!(smime_config.operation & SMIME_SIGNERS) && 741 if (!(cfg.operation & SMIME_SIGNERS) &&
742 (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) { 742 (cfg.skkeys != NULL || cfg.sksigners != NULL)) {
743 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 743 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
744 goto argerr; 744 goto argerr;
745 } 745 }
746 if (smime_config.operation & SMIME_SIGNERS) { 746 if (cfg.operation & SMIME_SIGNERS) {
747 /* Check to see if any final signer needs to be appended */ 747 /* Check to see if any final signer needs to be appended */
748 if (smime_config.keyfile != NULL && 748 if (cfg.keyfile != NULL &&
749 smime_config.signerfile == NULL) { 749 cfg.signerfile == NULL) {
750 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 750 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
751 goto argerr; 751 goto argerr;
752 } 752 }
753 if (smime_config.signerfile != NULL) { 753 if (cfg.signerfile != NULL) {
754 if (smime_config.sksigners == NULL) { 754 if (cfg.sksigners == NULL) {
755 if ((smime_config.sksigners = 755 if ((cfg.sksigners =
756 sk_OPENSSL_STRING_new_null()) == NULL) 756 sk_OPENSSL_STRING_new_null()) == NULL)
757 goto end; 757 goto end;
758 } 758 }
759 if (!sk_OPENSSL_STRING_push(smime_config.sksigners, 759 if (!sk_OPENSSL_STRING_push(cfg.sksigners,
760 smime_config.signerfile)) 760 cfg.signerfile))
761 goto end; 761 goto end;
762 if (smime_config.skkeys == NULL) { 762 if (cfg.skkeys == NULL) {
763 if ((smime_config.skkeys = 763 if ((cfg.skkeys =
764 sk_OPENSSL_STRING_new_null()) == NULL) 764 sk_OPENSSL_STRING_new_null()) == NULL)
765 goto end; 765 goto end;
766 } 766 }
767 if (smime_config.keyfile == NULL) 767 if (cfg.keyfile == NULL)
768 smime_config.keyfile = smime_config.signerfile; 768 cfg.keyfile = cfg.signerfile;
769 if (!sk_OPENSSL_STRING_push(smime_config.skkeys, 769 if (!sk_OPENSSL_STRING_push(cfg.skkeys,
770 smime_config.keyfile)) 770 cfg.keyfile))
771 goto end; 771 goto end;
772 } 772 }
773 if (smime_config.sksigners == NULL) { 773 if (cfg.sksigners == NULL) {
774 BIO_printf(bio_err, 774 BIO_printf(bio_err,
775 "No signer certificate specified\n"); 775 "No signer certificate specified\n");
776 badarg = 1; 776 badarg = 1;
777 } 777 }
778 smime_config.signerfile = NULL; 778 cfg.signerfile = NULL;
779 smime_config.keyfile = NULL; 779 cfg.keyfile = NULL;
780 } else if (smime_config.operation == SMIME_DECRYPT) { 780 } else if (cfg.operation == SMIME_DECRYPT) {
781 if (smime_config.recipfile == NULL && 781 if (cfg.recipfile == NULL &&
782 smime_config.keyfile == NULL) { 782 cfg.keyfile == NULL) {
783 BIO_printf(bio_err, 783 BIO_printf(bio_err,
784 "No recipient certificate or key specified\n"); 784 "No recipient certificate or key specified\n");
785 badarg = 1; 785 badarg = 1;
786 } 786 }
787 } else if (smime_config.operation == SMIME_ENCRYPT) { 787 } else if (cfg.operation == SMIME_ENCRYPT) {
788 if (*args == NULL) { 788 if (*args == NULL) {
789 BIO_printf(bio_err, 789 BIO_printf(bio_err,
790 "No recipient(s) certificate(s) specified\n"); 790 "No recipient(s) certificate(s) specified\n");
791 badarg = 1; 791 badarg = 1;
792 } 792 }
793 } else if (!smime_config.operation) { 793 } else if (!cfg.operation) {
794 badarg = 1; 794 badarg = 1;
795 } 795 }
796 796
@@ -800,35 +800,35 @@ smime_main(int argc, char **argv)
800 goto end; 800 goto end;
801 } 801 }
802 802
803 if (!app_passwd(bio_err, smime_config.passargin, NULL, &passin, NULL)) { 803 if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {
804 BIO_printf(bio_err, "Error getting password\n"); 804 BIO_printf(bio_err, "Error getting password\n");
805 goto end; 805 goto end;
806 } 806 }
807 ret = 2; 807 ret = 2;
808 808
809 if (!(smime_config.operation & SMIME_SIGNERS)) 809 if (!(cfg.operation & SMIME_SIGNERS))
810 smime_config.flags &= ~PKCS7_DETACHED; 810 cfg.flags &= ~PKCS7_DETACHED;
811 811
812 if (smime_config.operation & SMIME_OP) { 812 if (cfg.operation & SMIME_OP) {
813 if (smime_config.outformat == FORMAT_ASN1) 813 if (cfg.outformat == FORMAT_ASN1)
814 outmode = "wb"; 814 outmode = "wb";
815 } else { 815 } else {
816 if (smime_config.flags & PKCS7_BINARY) 816 if (cfg.flags & PKCS7_BINARY)
817 outmode = "wb"; 817 outmode = "wb";
818 } 818 }
819 819
820 if (smime_config.operation & SMIME_IP) { 820 if (cfg.operation & SMIME_IP) {
821 if (smime_config.informat == FORMAT_ASN1) 821 if (cfg.informat == FORMAT_ASN1)
822 inmode = "rb"; 822 inmode = "rb";
823 } else { 823 } else {
824 if (smime_config.flags & PKCS7_BINARY) 824 if (cfg.flags & PKCS7_BINARY)
825 inmode = "rb"; 825 inmode = "rb";
826 } 826 }
827 827
828 if (smime_config.operation == SMIME_ENCRYPT) { 828 if (cfg.operation == SMIME_ENCRYPT) {
829 if (smime_config.cipher == NULL) { 829 if (cfg.cipher == NULL) {
830#ifndef OPENSSL_NO_RC2 830#ifndef OPENSSL_NO_RC2
831 smime_config.cipher = EVP_rc2_40_cbc(); 831 cfg.cipher = EVP_rc2_40_cbc();
832#else 832#else
833 BIO_printf(bio_err, "No cipher selected\n"); 833 BIO_printf(bio_err, "No cipher selected\n");
834 goto end; 834 goto end;
@@ -847,41 +847,41 @@ smime_main(int argc, char **argv)
847 args++; 847 args++;
848 } 848 }
849 } 849 }
850 if (smime_config.certfile != NULL) { 850 if (cfg.certfile != NULL) {
851 if ((other = load_certs(bio_err, smime_config.certfile, 851 if ((other = load_certs(bio_err, cfg.certfile,
852 FORMAT_PEM, NULL, "certificate file")) == NULL) { 852 FORMAT_PEM, NULL, "certificate file")) == NULL) {
853 ERR_print_errors(bio_err); 853 ERR_print_errors(bio_err);
854 goto end; 854 goto end;
855 } 855 }
856 } 856 }
857 if (smime_config.recipfile != NULL && 857 if (cfg.recipfile != NULL &&
858 (smime_config.operation == SMIME_DECRYPT)) { 858 (cfg.operation == SMIME_DECRYPT)) {
859 if ((recip = load_cert(bio_err, smime_config.recipfile, 859 if ((recip = load_cert(bio_err, cfg.recipfile,
860 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { 860 FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {
861 ERR_print_errors(bio_err); 861 ERR_print_errors(bio_err);
862 goto end; 862 goto end;
863 } 863 }
864 } 864 }
865 if (smime_config.operation == SMIME_DECRYPT) { 865 if (cfg.operation == SMIME_DECRYPT) {
866 if (smime_config.keyfile == NULL) 866 if (cfg.keyfile == NULL)
867 smime_config.keyfile = smime_config.recipfile; 867 cfg.keyfile = cfg.recipfile;
868 } else if (smime_config.operation == SMIME_SIGN) { 868 } else if (cfg.operation == SMIME_SIGN) {
869 if (smime_config.keyfile == NULL) 869 if (cfg.keyfile == NULL)
870 smime_config.keyfile = smime_config.signerfile; 870 cfg.keyfile = cfg.signerfile;
871 } else { 871 } else {
872 smime_config.keyfile = NULL; 872 cfg.keyfile = NULL;
873 } 873 }
874 874
875 if (smime_config.keyfile != NULL) { 875 if (cfg.keyfile != NULL) {
876 key = load_key(bio_err, smime_config.keyfile, 876 key = load_key(bio_err, cfg.keyfile,
877 smime_config.keyform, 0, passin, "signing key file"); 877 cfg.keyform, 0, passin, "signing key file");
878 if (key == NULL) 878 if (key == NULL)
879 goto end; 879 goto end;
880 } 880 }
881 if (smime_config.infile != NULL) { 881 if (cfg.infile != NULL) {
882 if ((in = BIO_new_file(smime_config.infile, inmode)) == NULL) { 882 if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) {
883 BIO_printf(bio_err, 883 BIO_printf(bio_err,
884 "Can't open input file %s\n", smime_config.infile); 884 "Can't open input file %s\n", cfg.infile);
885 goto end; 885 goto end;
886 } 886 }
887 } else { 887 } else {
@@ -889,12 +889,12 @@ smime_main(int argc, char **argv)
889 goto end; 889 goto end;
890 } 890 }
891 891
892 if (smime_config.operation & SMIME_IP) { 892 if (cfg.operation & SMIME_IP) {
893 if (smime_config.informat == FORMAT_SMIME) 893 if (cfg.informat == FORMAT_SMIME)
894 p7 = SMIME_read_PKCS7(in, &indata); 894 p7 = SMIME_read_PKCS7(in, &indata);
895 else if (smime_config.informat == FORMAT_PEM) 895 else if (cfg.informat == FORMAT_PEM)
896 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); 896 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
897 else if (smime_config.informat == FORMAT_ASN1) 897 else if (cfg.informat == FORMAT_ASN1)
898 p7 = d2i_PKCS7_bio(in, NULL); 898 p7 = d2i_PKCS7_bio(in, NULL);
899 else { 899 else {
900 BIO_printf(bio_err, 900 BIO_printf(bio_err,
@@ -906,22 +906,22 @@ smime_main(int argc, char **argv)
906 BIO_printf(bio_err, "Error reading S/MIME message\n"); 906 BIO_printf(bio_err, "Error reading S/MIME message\n");
907 goto end; 907 goto end;
908 } 908 }
909 if (smime_config.contfile != NULL) { 909 if (cfg.contfile != NULL) {
910 BIO_free(indata); 910 BIO_free(indata);
911 if ((indata = BIO_new_file(smime_config.contfile, 911 if ((indata = BIO_new_file(cfg.contfile,
912 "rb")) == NULL) { 912 "rb")) == NULL) {
913 BIO_printf(bio_err, 913 BIO_printf(bio_err,
914 "Can't read content file %s\n", 914 "Can't read content file %s\n",
915 smime_config.contfile); 915 cfg.contfile);
916 goto end; 916 goto end;
917 } 917 }
918 } 918 }
919 } 919 }
920 if (smime_config.outfile != NULL) { 920 if (cfg.outfile != NULL) {
921 if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) { 921 if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) {
922 BIO_printf(bio_err, 922 BIO_printf(bio_err,
923 "Can't open output file %s\n", 923 "Can't open output file %s\n",
924 smime_config.outfile); 924 cfg.outfile);
925 goto end; 925 goto end;
926 } 926 }
927 } else { 927 } else {
@@ -929,60 +929,60 @@ smime_main(int argc, char **argv)
929 goto end; 929 goto end;
930 } 930 }
931 931
932 if (smime_config.operation == SMIME_VERIFY) { 932 if (cfg.operation == SMIME_VERIFY) {
933 if ((store = setup_verify(bio_err, smime_config.CAfile, 933 if ((store = setup_verify(bio_err, cfg.CAfile,
934 smime_config.CApath)) == NULL) 934 cfg.CApath)) == NULL)
935 goto end; 935 goto end;
936 X509_STORE_set_verify_cb(store, smime_cb); 936 X509_STORE_set_verify_cb(store, smime_cb);
937 if (smime_config.vpm != NULL) { 937 if (cfg.vpm != NULL) {
938 if (!X509_STORE_set1_param(store, smime_config.vpm)) 938 if (!X509_STORE_set1_param(store, cfg.vpm))
939 goto end; 939 goto end;
940 } 940 }
941 } 941 }
942 ret = 3; 942 ret = 3;
943 943
944 if (smime_config.operation == SMIME_ENCRYPT) { 944 if (cfg.operation == SMIME_ENCRYPT) {
945 if (smime_config.indef) 945 if (cfg.indef)
946 smime_config.flags |= PKCS7_STREAM; 946 cfg.flags |= PKCS7_STREAM;
947 p7 = PKCS7_encrypt(encerts, in, smime_config.cipher, 947 p7 = PKCS7_encrypt(encerts, in, cfg.cipher,
948 smime_config.flags); 948 cfg.flags);
949 } else if (smime_config.operation & SMIME_SIGNERS) { 949 } else if (cfg.operation & SMIME_SIGNERS) {
950 int i; 950 int i;
951 /* 951 /*
952 * If detached data content we only enable streaming if 952 * If detached data content we only enable streaming if
953 * S/MIME output format. 953 * S/MIME output format.
954 */ 954 */
955 if (smime_config.operation == SMIME_SIGN) { 955 if (cfg.operation == SMIME_SIGN) {
956 if (smime_config.flags & PKCS7_DETACHED) { 956 if (cfg.flags & PKCS7_DETACHED) {
957 if (smime_config.outformat == FORMAT_SMIME) 957 if (cfg.outformat == FORMAT_SMIME)
958 smime_config.flags |= PKCS7_STREAM; 958 cfg.flags |= PKCS7_STREAM;
959 } else if (smime_config.indef) { 959 } else if (cfg.indef) {
960 smime_config.flags |= PKCS7_STREAM; 960 cfg.flags |= PKCS7_STREAM;
961 } 961 }
962 smime_config.flags |= PKCS7_PARTIAL; 962 cfg.flags |= PKCS7_PARTIAL;
963 p7 = PKCS7_sign(NULL, NULL, other, in, 963 p7 = PKCS7_sign(NULL, NULL, other, in,
964 smime_config.flags); 964 cfg.flags);
965 if (p7 == NULL) 965 if (p7 == NULL)
966 goto end; 966 goto end;
967 } else { 967 } else {
968 smime_config.flags |= PKCS7_REUSE_DIGEST; 968 cfg.flags |= PKCS7_REUSE_DIGEST;
969 } 969 }
970 for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) { 970 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) {
971 smime_config.signerfile = 971 cfg.signerfile =
972 sk_OPENSSL_STRING_value(smime_config.sksigners, i); 972 sk_OPENSSL_STRING_value(cfg.sksigners, i);
973 smime_config.keyfile = 973 cfg.keyfile =
974 sk_OPENSSL_STRING_value(smime_config.skkeys, i); 974 sk_OPENSSL_STRING_value(cfg.skkeys, i);
975 signer = load_cert(bio_err, smime_config.signerfile, 975 signer = load_cert(bio_err, cfg.signerfile,
976 FORMAT_PEM, NULL, "signer certificate"); 976 FORMAT_PEM, NULL, "signer certificate");
977 if (signer == NULL) 977 if (signer == NULL)
978 goto end; 978 goto end;
979 key = load_key(bio_err, smime_config.keyfile, 979 key = load_key(bio_err, cfg.keyfile,
980 smime_config.keyform, 0, passin, 980 cfg.keyform, 0, passin,
981 "signing key file"); 981 "signing key file");
982 if (key == NULL) 982 if (key == NULL)
983 goto end; 983 goto end;
984 if (PKCS7_sign_add_signer(p7, signer, key, 984 if (PKCS7_sign_add_signer(p7, signer, key,
985 smime_config.sign_md, smime_config.flags) == NULL) 985 cfg.sign_md, cfg.flags) == NULL)
986 goto end; 986 goto end;
987 X509_free(signer); 987 X509_free(signer);
988 signer = NULL; 988 signer = NULL;
@@ -990,9 +990,9 @@ smime_main(int argc, char **argv)
990 key = NULL; 990 key = NULL;
991 } 991 }
992 /* If not streaming or resigning finalize structure */ 992 /* If not streaming or resigning finalize structure */
993 if ((smime_config.operation == SMIME_SIGN) && 993 if ((cfg.operation == SMIME_SIGN) &&
994 !(smime_config.flags & PKCS7_STREAM)) { 994 !(cfg.flags & PKCS7_STREAM)) {
995 if (!PKCS7_final(p7, in, smime_config.flags)) 995 if (!PKCS7_final(p7, in, cfg.flags))
996 goto end; 996 goto end;
997 } 997 }
998 } 998 }
@@ -1002,58 +1002,58 @@ smime_main(int argc, char **argv)
1002 } 1002 }
1003 ret = 4; 1003 ret = 4;
1004 1004
1005 if (smime_config.operation == SMIME_DECRYPT) { 1005 if (cfg.operation == SMIME_DECRYPT) {
1006 if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) { 1006 if (!PKCS7_decrypt(p7, key, recip, out, cfg.flags)) {
1007 BIO_printf(bio_err, 1007 BIO_printf(bio_err,
1008 "Error decrypting PKCS#7 structure\n"); 1008 "Error decrypting PKCS#7 structure\n");
1009 goto end; 1009 goto end;
1010 } 1010 }
1011 } else if (smime_config.operation == SMIME_VERIFY) { 1011 } else if (cfg.operation == SMIME_VERIFY) {
1012 STACK_OF(X509) *signers; 1012 STACK_OF(X509) *signers;
1013 if (PKCS7_verify(p7, other, store, indata, out, 1013 if (PKCS7_verify(p7, other, store, indata, out,
1014 smime_config.flags)) { 1014 cfg.flags)) {
1015 BIO_printf(bio_err, "Verification successful\n"); 1015 BIO_printf(bio_err, "Verification successful\n");
1016 } else { 1016 } else {
1017 BIO_printf(bio_err, "Verification failure\n"); 1017 BIO_printf(bio_err, "Verification failure\n");
1018 goto end; 1018 goto end;
1019 } 1019 }
1020 if ((signers = PKCS7_get0_signers(p7, other, 1020 if ((signers = PKCS7_get0_signers(p7, other,
1021 smime_config.flags)) == NULL) 1021 cfg.flags)) == NULL)
1022 goto end; 1022 goto end;
1023 if (!save_certs(smime_config.signerfile, signers)) { 1023 if (!save_certs(cfg.signerfile, signers)) {
1024 BIO_printf(bio_err, "Error writing signers to %s\n", 1024 BIO_printf(bio_err, "Error writing signers to %s\n",
1025 smime_config.signerfile); 1025 cfg.signerfile);
1026 sk_X509_free(signers); 1026 sk_X509_free(signers);
1027 ret = 5; 1027 ret = 5;
1028 goto end; 1028 goto end;
1029 } 1029 }
1030 sk_X509_free(signers); 1030 sk_X509_free(signers);
1031 } else if (smime_config.operation == SMIME_PK7OUT) { 1031 } else if (cfg.operation == SMIME_PK7OUT) {
1032 PEM_write_bio_PKCS7(out, p7); 1032 PEM_write_bio_PKCS7(out, p7);
1033 } else { 1033 } else {
1034 if (smime_config.to != NULL) 1034 if (cfg.to != NULL)
1035 BIO_printf(out, "To: %s\n", smime_config.to); 1035 BIO_printf(out, "To: %s\n", cfg.to);
1036 if (smime_config.from != NULL) 1036 if (cfg.from != NULL)
1037 BIO_printf(out, "From: %s\n", smime_config.from); 1037 BIO_printf(out, "From: %s\n", cfg.from);
1038 if (smime_config.subject != NULL) 1038 if (cfg.subject != NULL)
1039 BIO_printf(out, "Subject: %s\n", smime_config.subject); 1039 BIO_printf(out, "Subject: %s\n", cfg.subject);
1040 if (smime_config.outformat == FORMAT_SMIME) { 1040 if (cfg.outformat == FORMAT_SMIME) {
1041 if (smime_config.operation == SMIME_RESIGN) { 1041 if (cfg.operation == SMIME_RESIGN) {
1042 if (!SMIME_write_PKCS7(out, p7, indata, 1042 if (!SMIME_write_PKCS7(out, p7, indata,
1043 smime_config.flags)) 1043 cfg.flags))
1044 goto end; 1044 goto end;
1045 } else { 1045 } else {
1046 if (!SMIME_write_PKCS7(out, p7, in, 1046 if (!SMIME_write_PKCS7(out, p7, in,
1047 smime_config.flags)) 1047 cfg.flags))
1048 goto end; 1048 goto end;
1049 } 1049 }
1050 } else if (smime_config.outformat == FORMAT_PEM) { 1050 } else if (cfg.outformat == FORMAT_PEM) {
1051 if (!PEM_write_bio_PKCS7_stream(out, p7, in, 1051 if (!PEM_write_bio_PKCS7_stream(out, p7, in,
1052 smime_config.flags)) 1052 cfg.flags))
1053 goto end; 1053 goto end;
1054 } else if (smime_config.outformat == FORMAT_ASN1) { 1054 } else if (cfg.outformat == FORMAT_ASN1) {
1055 if (!i2d_PKCS7_bio_stream(out, p7, in, 1055 if (!i2d_PKCS7_bio_stream(out, p7, in,
1056 smime_config.flags)) 1056 cfg.flags))
1057 goto end; 1057 goto end;
1058 } else { 1058 } else {
1059 BIO_printf(bio_err, 1059 BIO_printf(bio_err,
@@ -1069,9 +1069,9 @@ smime_main(int argc, char **argv)
1069 ERR_print_errors(bio_err); 1069 ERR_print_errors(bio_err);
1070 sk_X509_pop_free(encerts, X509_free); 1070 sk_X509_pop_free(encerts, X509_free);
1071 sk_X509_pop_free(other, X509_free); 1071 sk_X509_pop_free(other, X509_free);
1072 X509_VERIFY_PARAM_free(smime_config.vpm); 1072 X509_VERIFY_PARAM_free(cfg.vpm);
1073 sk_OPENSSL_STRING_free(smime_config.sksigners); 1073 sk_OPENSSL_STRING_free(cfg.sksigners);
1074 sk_OPENSSL_STRING_free(smime_config.skkeys); 1074 sk_OPENSSL_STRING_free(cfg.skkeys);
1075 X509_STORE_free(store); 1075 X509_STORE_free(store);
1076 X509_free(cert); 1076 X509_free(cert);
1077 X509_free(recip); 1077 X509_free(recip);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 20:13:59 +0000