version 1.32, 2023/03/05 13:08:22 |
version 1.33, 2023/03/06 14:32:05 |
|
|
char *to; |
char *to; |
int verify_retcode; |
int verify_retcode; |
X509_VERIFY_PARAM *vpm; |
X509_VERIFY_PARAM *vpm; |
} cms_config; |
} cfg; |
|
|
static const EVP_CIPHER * |
static const EVP_CIPHER * |
get_cipher_by_name(char *name) |
get_cipher_by_name(char *name) |
|
|
if (*name++ != '-') |
if (*name++ != '-') |
return (1); |
return (1); |
|
|
if ((cms_config.cipher = get_cipher_by_name(name)) == NULL) |
if ((cfg.cipher = get_cipher_by_name(name)) == NULL) |
if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL) |
if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL) |
return (1); |
return (1); |
|
|
*argsused = 1; |
*argsused = 1; |
|
|
static int |
static int |
cms_opt_econtent_type(char *arg) |
cms_opt_econtent_type(char *arg) |
{ |
{ |
ASN1_OBJECT_free(cms_config.econtent_type); |
ASN1_OBJECT_free(cfg.econtent_type); |
|
|
if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { |
if ((cfg.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) { |
BIO_printf(bio_err, "Invalid OID %s\n", arg); |
BIO_printf(bio_err, "Invalid OID %s\n", arg); |
return (1); |
return (1); |
} |
} |
|
|
static int |
static int |
cms_opt_inkey(char *arg) |
cms_opt_inkey(char *arg) |
{ |
{ |
if (cms_config.keyfile == NULL) { |
if (cfg.keyfile == NULL) { |
cms_config.keyfile = arg; |
cfg.keyfile = arg; |
return (0); |
return (0); |
} |
} |
|
|
if (cms_config.signerfile == NULL) { |
if (cfg.signerfile == NULL) { |
BIO_puts(bio_err, "Illegal -inkey without -signer\n"); |
BIO_puts(bio_err, "Illegal -inkey without -signer\n"); |
return (1); |
return (1); |
} |
} |
|
|
if (cms_config.sksigners == NULL) |
if (cfg.sksigners == NULL) |
cms_config.sksigners = sk_OPENSSL_STRING_new_null(); |
cfg.sksigners = sk_OPENSSL_STRING_new_null(); |
if (cms_config.sksigners == NULL) |
if (cfg.sksigners == NULL) |
return (1); |
return (1); |
if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) |
if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile)) |
return (1); |
return (1); |
|
|
cms_config.signerfile = NULL; |
cfg.signerfile = NULL; |
|
|
if (cms_config.skkeys == NULL) |
if (cfg.skkeys == NULL) |
cms_config.skkeys = sk_OPENSSL_STRING_new_null(); |
cfg.skkeys = sk_OPENSSL_STRING_new_null(); |
if (cms_config.skkeys == NULL) |
if (cfg.skkeys == NULL) |
return (1); |
return (1); |
if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) |
if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) |
return (1); |
return (1); |
|
|
cms_config.keyfile = arg; |
cfg.keyfile = arg; |
return (0); |
return (0); |
} |
} |
|
|
|
|
{ |
{ |
int keyidx = -1; |
int keyidx = -1; |
|
|
if (cms_config.operation == SMIME_ENCRYPT) { |
if (cfg.operation == SMIME_ENCRYPT) { |
if (cms_config.encerts != NULL) |
if (cfg.encerts != NULL) |
keyidx += sk_X509_num(cms_config.encerts); |
keyidx += sk_X509_num(cfg.encerts); |
} else { |
} else { |
if (cms_config.keyfile != NULL || cms_config.signerfile != NULL) |
if (cfg.keyfile != NULL || cfg.signerfile != NULL) |
keyidx++; |
keyidx++; |
if (cms_config.skkeys != NULL) |
if (cfg.skkeys != NULL) |
keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys); |
keyidx += sk_OPENSSL_STRING_num(cfg.skkeys); |
} |
} |
|
|
if (keyidx < 0) { |
if (keyidx < 0) { |
|
|
return (1); |
return (1); |
} |
} |
|
|
if (cms_config.key_param == NULL || |
if (cfg.key_param == NULL || |
cms_config.key_param->idx != keyidx) { |
cfg.key_param->idx != keyidx) { |
struct cms_key_param *nparam; |
struct cms_key_param *nparam; |
|
|
if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL) |
if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL) |
|
|
} |
} |
|
|
nparam->next = NULL; |
nparam->next = NULL; |
if (cms_config.key_first == NULL) |
if (cfg.key_first == NULL) |
cms_config.key_first = nparam; |
cfg.key_first = nparam; |
else |
else |
cms_config.key_param->next = nparam; |
cfg.key_param->next = nparam; |
|
|
cms_config.key_param = nparam; |
cfg.key_param = nparam; |
} |
} |
|
|
if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg)) |
if (!sk_OPENSSL_STRING_push(cfg.key_param->param, arg)) |
return (1); |
return (1); |
|
|
return (0); |
return (0); |
|
|
static int |
static int |
cms_opt_md(char *arg) |
cms_opt_md(char *arg) |
{ |
{ |
if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL) { |
if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) { |
BIO_printf(bio_err, "Unknown digest %s\n", arg); |
BIO_printf(bio_err, "Unknown digest %s\n", arg); |
return (1); |
return (1); |
} |
} |
|
|
static int |
static int |
cms_opt_print(void) |
cms_opt_print(void) |
{ |
{ |
cms_config.noout = 1; |
cfg.noout = 1; |
cms_config.print = 1; |
cfg.print = 1; |
return (0); |
return (0); |
} |
} |
|
|
static int |
static int |
cms_opt_pwri_pass(char *arg) |
cms_opt_pwri_pass(char *arg) |
{ |
{ |
cms_config.pwri_pass = (unsigned char *)arg; |
cfg.pwri_pass = (unsigned char *)arg; |
return (0); |
return (0); |
} |
} |
|
|
static int |
static int |
cms_opt_recip(char *arg) |
cms_opt_recip(char *arg) |
{ |
{ |
if (cms_config.operation == SMIME_ENCRYPT) { |
if (cfg.operation == SMIME_ENCRYPT) { |
if (cms_config.encerts == NULL) { |
if (cfg.encerts == NULL) { |
if ((cms_config.encerts = sk_X509_new_null()) == NULL) |
if ((cfg.encerts = sk_X509_new_null()) == NULL) |
return (1); |
return (1); |
} |
} |
|
|
cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM, |
cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, |
NULL, "recipient certificate file"); |
NULL, "recipient certificate file"); |
if (cms_config.cert == NULL) |
if (cfg.cert == NULL) |
return (1); |
return (1); |
|
|
if (!sk_X509_push(cms_config.encerts, cms_config.cert)) |
if (!sk_X509_push(cfg.encerts, cfg.cert)) |
return (1); |
return (1); |
|
|
cms_config.cert = NULL; |
cfg.cert = NULL; |
} else { |
} else { |
cms_config.recipfile = arg; |
cfg.recipfile = arg; |
} |
} |
return (0); |
return (0); |
} |
} |
|
|
static int |
static int |
cms_opt_receipt_request_from(char *arg) |
cms_opt_receipt_request_from(char *arg) |
{ |
{ |
if (cms_config.rr_from == NULL) |
if (cfg.rr_from == NULL) |
cms_config.rr_from = sk_OPENSSL_STRING_new_null(); |
cfg.rr_from = sk_OPENSSL_STRING_new_null(); |
if (cms_config.rr_from == NULL) |
if (cfg.rr_from == NULL) |
return (1); |
return (1); |
if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg)) |
if (!sk_OPENSSL_STRING_push(cfg.rr_from, arg)) |
return (1); |
return (1); |
|
|
return (0); |
return (0); |
|
|
static int |
static int |
cms_opt_receipt_request_to(char *arg) |
cms_opt_receipt_request_to(char *arg) |
{ |
{ |
if (cms_config.rr_to == NULL) |
if (cfg.rr_to == NULL) |
cms_config.rr_to = sk_OPENSSL_STRING_new_null(); |
cfg.rr_to = sk_OPENSSL_STRING_new_null(); |
if (cms_config.rr_to == NULL) |
if (cfg.rr_to == NULL) |
return (1); |
return (1); |
if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg)) |
if (!sk_OPENSSL_STRING_push(cfg.rr_to, arg)) |
return (1); |
return (1); |
|
|
return (0); |
return (0); |
|
|
{ |
{ |
long ltmp; |
long ltmp; |
|
|
free(cms_config.secret_key); |
free(cfg.secret_key); |
|
|
if ((cms_config.secret_key = string_to_hex(arg, <mp)) == NULL) { |
if ((cfg.secret_key = string_to_hex(arg, <mp)) == NULL) { |
BIO_printf(bio_err, "Invalid key %s\n", arg); |
BIO_printf(bio_err, "Invalid key %s\n", arg); |
return (1); |
return (1); |
} |
} |
cms_config.secret_keylen = (size_t)ltmp; |
cfg.secret_keylen = (size_t)ltmp; |
return (0); |
return (0); |
} |
} |
|
|
|
|
{ |
{ |
long ltmp; |
long ltmp; |
|
|
free(cms_config.secret_keyid); |
free(cfg.secret_keyid); |
|
|
if ((cms_config.secret_keyid = string_to_hex(arg, <mp)) == NULL) { |
if ((cfg.secret_keyid = string_to_hex(arg, <mp)) == NULL) { |
BIO_printf(bio_err, "Invalid id %s\n", arg); |
BIO_printf(bio_err, "Invalid id %s\n", arg); |
return (1); |
return (1); |
} |
} |
cms_config.secret_keyidlen = (size_t)ltmp; |
cfg.secret_keyidlen = (size_t)ltmp; |
return (0); |
return (0); |
} |
} |
|
|
static int |
static int |
cms_opt_signer(char *arg) |
cms_opt_signer(char *arg) |
{ |
{ |
if (cms_config.signerfile == NULL) { |
if (cfg.signerfile == NULL) { |
cms_config.signerfile = arg; |
cfg.signerfile = arg; |
return (0); |
return (0); |
} |
} |
|
|
if (cms_config.sksigners == NULL) |
if (cfg.sksigners == NULL) |
cms_config.sksigners = sk_OPENSSL_STRING_new_null(); |
cfg.sksigners = sk_OPENSSL_STRING_new_null(); |
if (cms_config.sksigners == NULL) |
if (cfg.sksigners == NULL) |
return (1); |
return (1); |
if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile)) |
if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile)) |
return (1); |
return (1); |
|
|
if (cms_config.keyfile == NULL) |
if (cfg.keyfile == NULL) |
cms_config.keyfile = cms_config.signerfile; |
cfg.keyfile = cfg.signerfile; |
|
|
if (cms_config.skkeys == NULL) |
if (cfg.skkeys == NULL) |
cms_config.skkeys = sk_OPENSSL_STRING_new_null(); |
cfg.skkeys = sk_OPENSSL_STRING_new_null(); |
if (cms_config.skkeys == NULL) |
if (cfg.skkeys == NULL) |
return (1); |
return (1); |
if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile)) |
if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile)) |
return (1); |
return (1); |
|
|
cms_config.keyfile = NULL; |
cfg.keyfile = NULL; |
|
|
cms_config.signerfile = arg; |
cfg.signerfile = arg; |
return (0); |
return (0); |
} |
} |
|
|
|
|
int oargc = argc; |
int oargc = argc; |
int badarg = 0; |
int badarg = 0; |
|
|
if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm)) |
if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm)) |
return (1); |
return (1); |
if (badarg) |
if (badarg) |
return (1); |
return (1); |
|
|
static int |
static int |
cms_opt_verify_receipt(char *arg) |
cms_opt_verify_receipt(char *arg) |
{ |
{ |
cms_config.operation = SMIME_VERIFY_RECEIPT; |
cfg.operation = SMIME_VERIFY_RECEIPT; |
cms_config.rctfile = arg; |
cfg.rctfile = arg; |
return (0); |
return (0); |
} |
} |
|
|
|
|
.argname = "file", |
.argname = "file", |
.desc = "Certificate Authority file", |
.desc = "Certificate Authority file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.CAfile, |
.opt.arg = &cfg.CAfile, |
}, |
}, |
{ |
{ |
.name = "CApath", |
.name = "CApath", |
.argname = "path", |
.argname = "path", |
.desc = "Certificate Authority path", |
.desc = "Certificate Authority path", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.CApath, |
.opt.arg = &cfg.CApath, |
}, |
}, |
{ |
{ |
.name = "binary", |
.name = "binary", |
.desc = "Do not translate message to text", |
.desc = "Do not translate message to text", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_BINARY, |
.value = CMS_BINARY, |
}, |
}, |
{ |
{ |
|
|
.argname = "file", |
.argname = "file", |
.desc = "Other certificates file", |
.desc = "Other certificates file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.certfile, |
.opt.arg = &cfg.certfile, |
}, |
}, |
{ |
{ |
.name = "certsout", |
.name = "certsout", |
.argname = "file", |
.argname = "file", |
.desc = "Certificate output file", |
.desc = "Certificate output file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.certsoutfile, |
.opt.arg = &cfg.certsoutfile, |
}, |
}, |
{ |
{ |
.name = "cmsout", |
.name = "cmsout", |
.desc = "Output CMS structure", |
.desc = "Output CMS structure", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_CMSOUT, |
.value = SMIME_CMSOUT, |
}, |
}, |
{ |
{ |
.name = "compress", |
.name = "compress", |
.desc = "Create CMS CompressedData type", |
.desc = "Create CMS CompressedData type", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_COMPRESS, |
.value = SMIME_COMPRESS, |
}, |
}, |
{ |
{ |
|
|
.argname = "file", |
.argname = "file", |
.desc = "Supply or override content for detached signature", |
.desc = "Supply or override content for detached signature", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.contfile, |
.opt.arg = &cfg.contfile, |
}, |
}, |
{ |
{ |
.name = "crlfeol", |
.name = "crlfeol", |
.desc = "Use CRLF as EOL termination instead of CR only", |
.desc = "Use CRLF as EOL termination instead of CR only", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_CRLFEOL, |
.value = CMS_CRLFEOL, |
}, |
}, |
{ |
{ |
.name = "data_create", |
.name = "data_create", |
.desc = "Create CMS Data type", |
.desc = "Create CMS Data type", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_DATA_CREATE, |
.value = SMIME_DATA_CREATE, |
}, |
}, |
{ |
{ |
.name = "data_out", |
.name = "data_out", |
.desc = "Output content from the input CMS Data type", |
.desc = "Output content from the input CMS Data type", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_DATAOUT, |
.value = SMIME_DATAOUT, |
}, |
}, |
{ |
{ |
.name = "debug_decrypt", |
.name = "debug_decrypt", |
.desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", |
.desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_DEBUG_DECRYPT, |
.value = CMS_DEBUG_DECRYPT, |
}, |
}, |
{ |
{ |
.name = "decrypt", |
.name = "decrypt", |
.desc = "Decrypt encrypted message", |
.desc = "Decrypt encrypted message", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_DECRYPT, |
.value = SMIME_DECRYPT, |
}, |
}, |
{ |
{ |
.name = "digest_create", |
.name = "digest_create", |
.desc = "Create CMS DigestedData type", |
.desc = "Create CMS DigestedData type", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_DIGEST_CREATE, |
.value = SMIME_DIGEST_CREATE, |
}, |
}, |
{ |
{ |
.name = "digest_verify", |
.name = "digest_verify", |
.desc = "Verify CMS DigestedData type and output the content", |
.desc = "Verify CMS DigestedData type and output the content", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_DIGEST_VERIFY, |
.value = SMIME_DIGEST_VERIFY, |
}, |
}, |
{ |
{ |
|
|
.name = "encrypt", |
.name = "encrypt", |
.desc = "Encrypt message", |
.desc = "Encrypt message", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_ENCRYPT, |
.value = SMIME_ENCRYPT, |
}, |
}, |
{ |
{ |
.name = "EncryptedData_decrypt", |
.name = "EncryptedData_decrypt", |
.desc = "Decrypt CMS EncryptedData", |
.desc = "Decrypt CMS EncryptedData", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_ENCRYPTED_DECRYPT, |
.value = SMIME_ENCRYPTED_DECRYPT, |
}, |
}, |
{ |
{ |
.name = "EncryptedData_encrypt", |
.name = "EncryptedData_encrypt", |
.desc = "Encrypt content using supplied symmetric key and algorithm", |
.desc = "Encrypt content using supplied symmetric key and algorithm", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_ENCRYPTED_ENCRYPT, |
.value = SMIME_ENCRYPTED_ENCRYPT, |
}, |
}, |
{ |
{ |
|
|
.argname = "addr", |
.argname = "addr", |
.desc = "From address", |
.desc = "From address", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.from, |
.opt.arg = &cfg.from, |
}, |
}, |
{ |
{ |
.name = "in", |
.name = "in", |
.argname = "file", |
.argname = "file", |
.desc = "Input file", |
.desc = "Input file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.infile, |
.opt.arg = &cfg.infile, |
}, |
}, |
{ |
{ |
.name = "indef", |
.name = "indef", |
.desc = "Same as -stream", |
.desc = "Same as -stream", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_STREAM, |
.value = CMS_STREAM, |
}, |
}, |
{ |
{ |
|
|
.argname = "fmt", |
.argname = "fmt", |
.desc = "Input format (DER, PEM or SMIME (default))", |
.desc = "Input format (DER, PEM or SMIME (default))", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &cms_config.informat, |
.opt.value = &cfg.informat, |
}, |
}, |
{ |
{ |
.name = "inkey", |
.name = "inkey", |
|
|
.argname = "fmt", |
.argname = "fmt", |
.desc = "Input key format (DER or PEM (default))", |
.desc = "Input key format (DER or PEM (default))", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &cms_config.keyform, |
.opt.value = &cfg.keyform, |
}, |
}, |
{ |
{ |
.name = "keyid", |
.name = "keyid", |
.desc = "Use subject key identifier", |
.desc = "Use subject key identifier", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_USE_KEYID, |
.value = CMS_USE_KEYID, |
}, |
}, |
{ |
{ |
|
|
.name = "no_attr_verify", |
.name = "no_attr_verify", |
.desc = "Do not verify the signer's attribute of a signature", |
.desc = "Do not verify the signer's attribute of a signature", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NO_ATTR_VERIFY, |
.value = CMS_NO_ATTR_VERIFY, |
}, |
}, |
{ |
{ |
.name = "no_content_verify", |
.name = "no_content_verify", |
.desc = "Do not verify the content of a signed message", |
.desc = "Do not verify the content of a signed message", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NO_CONTENT_VERIFY, |
.value = CMS_NO_CONTENT_VERIFY, |
}, |
}, |
{ |
{ |
.name = "no_signer_cert_verify", |
.name = "no_signer_cert_verify", |
.desc = "Do not verify the signer's certificate", |
.desc = "Do not verify the signer's certificate", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NO_SIGNER_CERT_VERIFY, |
.value = CMS_NO_SIGNER_CERT_VERIFY, |
}, |
}, |
{ |
{ |
.name = "noattr", |
.name = "noattr", |
.desc = "Do not include any signed attributes", |
.desc = "Do not include any signed attributes", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NOATTR, |
.value = CMS_NOATTR, |
}, |
}, |
{ |
{ |
.name = "nocerts", |
.name = "nocerts", |
.desc = "Do not include signer's certificate when signing", |
.desc = "Do not include signer's certificate when signing", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NOCERTS, |
.value = CMS_NOCERTS, |
}, |
}, |
{ |
{ |
.name = "nodetach", |
.name = "nodetach", |
.desc = "Use opaque signing", |
.desc = "Use opaque signing", |
.type = OPTION_VALUE_AND, |
.type = OPTION_VALUE_AND, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = ~CMS_DETACHED, |
.value = ~CMS_DETACHED, |
}, |
}, |
{ |
{ |
.name = "noindef", |
.name = "noindef", |
.desc = "Disable CMS streaming", |
.desc = "Disable CMS streaming", |
.type = OPTION_VALUE_AND, |
.type = OPTION_VALUE_AND, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = ~CMS_STREAM, |
.value = ~CMS_STREAM, |
}, |
}, |
{ |
{ |
.name = "nointern", |
.name = "nointern", |
.desc = "Do not search certificates in message for signer", |
.desc = "Do not search certificates in message for signer", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NOINTERN, |
.value = CMS_NOINTERN, |
}, |
}, |
{ |
{ |
.name = "nooldmime", |
.name = "nooldmime", |
.desc = "Output old S/MIME content type", |
.desc = "Output old S/MIME content type", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NOOLDMIMETYPE, |
.value = CMS_NOOLDMIMETYPE, |
}, |
}, |
{ |
{ |
.name = "noout", |
.name = "noout", |
.desc = "Do not output the parsed CMS structure", |
.desc = "Do not output the parsed CMS structure", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &cms_config.noout, |
.opt.flag = &cfg.noout, |
}, |
}, |
{ |
{ |
.name = "nosigs", |
.name = "nosigs", |
.desc = "Do not verify message signature", |
.desc = "Do not verify message signature", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NOSIGS, |
.value = CMS_NOSIGS, |
}, |
}, |
{ |
{ |
.name = "nosmimecap", |
.name = "nosmimecap", |
.desc = "Omit the SMIMECapabilities attribute", |
.desc = "Omit the SMIMECapabilities attribute", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NOSMIMECAP, |
.value = CMS_NOSMIMECAP, |
}, |
}, |
{ |
{ |
.name = "noverify", |
.name = "noverify", |
.desc = "Do not verify signer's certificate", |
.desc = "Do not verify signer's certificate", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_NO_SIGNER_CERT_VERIFY, |
.value = CMS_NO_SIGNER_CERT_VERIFY, |
}, |
}, |
{ |
{ |
|
|
.argname = "file", |
.argname = "file", |
.desc = "Output file", |
.desc = "Output file", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.outfile, |
.opt.arg = &cfg.outfile, |
}, |
}, |
{ |
{ |
.name = "outform", |
.name = "outform", |
.argname = "fmt", |
.argname = "fmt", |
.desc = "Output format (DER, PEM or SMIME (default))", |
.desc = "Output format (DER, PEM or SMIME (default))", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &cms_config.outformat, |
.opt.value = &cfg.outformat, |
}, |
}, |
{ |
{ |
.name = "passin", |
.name = "passin", |
.argname = "src", |
.argname = "src", |
.desc = "Private key password source", |
.desc = "Private key password source", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.passargin, |
.opt.arg = &cfg.passargin, |
}, |
}, |
{ |
{ |
.name = "print", |
.name = "print", |
|
|
.argname = "fmt", |
.argname = "fmt", |
.desc = "Receipt file format (DER, PEM or SMIME (default))", |
.desc = "Receipt file format (DER, PEM or SMIME (default))", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &cms_config.rctformat, |
.opt.value = &cfg.rctformat, |
}, |
}, |
{ |
{ |
.name = "receipt_request_all", |
.name = "receipt_request_all", |
.desc = "Indicate requests should be provided by all recipients", |
.desc = "Indicate requests should be provided by all recipients", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.rr_allorfirst, |
.opt.value = &cfg.rr_allorfirst, |
.value = 0, |
.value = 0, |
}, |
}, |
{ |
{ |
.name = "receipt_request_first", |
.name = "receipt_request_first", |
.desc = "Indicate requests should be provided by first tier recipient", |
.desc = "Indicate requests should be provided by first tier recipient", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.rr_allorfirst, |
.opt.value = &cfg.rr_allorfirst, |
.value = 1, |
.value = 1, |
}, |
}, |
{ |
{ |
|
|
.name = "receipt_request_print", |
.name = "receipt_request_print", |
.desc = "Print out the contents of any signed receipt requests", |
.desc = "Print out the contents of any signed receipt requests", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &cms_config.rr_print, |
.opt.flag = &cfg.rr_print, |
}, |
}, |
{ |
{ |
.name = "receipt_request_to", |
.name = "receipt_request_to", |
|
|
.name = "resign", |
.name = "resign", |
.desc = "Resign a signed message", |
.desc = "Resign a signed message", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_RESIGN, |
.value = SMIME_RESIGN, |
}, |
}, |
{ |
{ |
|
|
.name = "sign", |
.name = "sign", |
.desc = "Sign message", |
.desc = "Sign message", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_SIGN, |
.value = SMIME_SIGN, |
}, |
}, |
{ |
{ |
.name = "sign_receipt", |
.name = "sign_receipt", |
.desc = "Generate a signed receipt for the message", |
.desc = "Generate a signed receipt for the message", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_SIGN_RECEIPT, |
.value = SMIME_SIGN_RECEIPT, |
}, |
}, |
{ |
{ |
|
|
.name = "stream", |
.name = "stream", |
.desc = "Enable CMS streaming", |
.desc = "Enable CMS streaming", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_STREAM, |
.value = CMS_STREAM, |
}, |
}, |
{ |
{ |
|
|
.argname = "s", |
.argname = "s", |
.desc = "Subject", |
.desc = "Subject", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.subject, |
.opt.arg = &cfg.subject, |
}, |
}, |
{ |
{ |
.name = "text", |
.name = "text", |
.desc = "Include or delete text MIME headers", |
.desc = "Include or delete text MIME headers", |
.type = OPTION_VALUE_OR, |
.type = OPTION_VALUE_OR, |
.opt.value = &cms_config.flags, |
.opt.value = &cfg.flags, |
.value = CMS_TEXT, |
.value = CMS_TEXT, |
}, |
}, |
{ |
{ |
|
|
.argname = "addr", |
.argname = "addr", |
.desc = "To address", |
.desc = "To address", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &cms_config.to, |
.opt.arg = &cfg.to, |
}, |
}, |
{ |
{ |
.name = "uncompress", |
.name = "uncompress", |
.desc = "Uncompress CMS CompressedData type", |
.desc = "Uncompress CMS CompressedData type", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_UNCOMPRESS, |
.value = SMIME_UNCOMPRESS, |
}, |
}, |
{ |
{ |
.name = "verify", |
.name = "verify", |
.desc = "Verify signed message", |
.desc = "Verify signed message", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.opt.value = &cms_config.operation, |
.opt.value = &cfg.operation, |
.value = SMIME_VERIFY, |
.value = SMIME_VERIFY, |
}, |
}, |
{ |
{ |
|
|
.name = "verify_retcode", |
.name = "verify_retcode", |
.desc = "Set verification error code to exit code", |
.desc = "Set verification error code to exit code", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &cms_config.verify_retcode, |
.opt.flag = &cfg.verify_retcode, |
}, |
}, |
{ |
{ |
.name = "check_ss_sig", |
.name = "check_ss_sig", |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
memset(&cms_config, 0, sizeof(cms_config)); |
memset(&cfg, 0, sizeof(cfg)); |
cms_config.flags = CMS_DETACHED; |
cfg.flags = CMS_DETACHED; |
cms_config.rr_allorfirst = -1; |
cfg.rr_allorfirst = -1; |
cms_config.informat = FORMAT_SMIME; |
cfg.informat = FORMAT_SMIME; |
cms_config.outformat = FORMAT_SMIME; |
cfg.outformat = FORMAT_SMIME; |
cms_config.rctformat = FORMAT_SMIME; |
cfg.rctformat = FORMAT_SMIME; |
cms_config.keyform = FORMAT_PEM; |
cfg.keyform = FORMAT_PEM; |
if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) { |
if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) { |
goto argerr; |
goto argerr; |
} |
} |
args = argv + argsused; |
args = argv + argsused; |
ret = 1; |
ret = 1; |
|
|
if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) && |
if (((cfg.rr_allorfirst != -1) || cfg.rr_from != NULL) && |
cms_config.rr_to == NULL) { |
cfg.rr_to == NULL) { |
BIO_puts(bio_err, "No Signed Receipts Recipients\n"); |
BIO_puts(bio_err, "No Signed Receipts Recipients\n"); |
goto argerr; |
goto argerr; |
} |
} |
if (!(cms_config.operation & SMIME_SIGNERS) && |
if (!(cfg.operation & SMIME_SIGNERS) && |
(cms_config.rr_to != NULL || cms_config.rr_from != NULL)) { |
(cfg.rr_to != NULL || cfg.rr_from != NULL)) { |
BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); |
BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); |
goto argerr; |
goto argerr; |
} |
} |
if (!(cms_config.operation & SMIME_SIGNERS) && |
if (!(cfg.operation & SMIME_SIGNERS) && |
(cms_config.skkeys != NULL || cms_config.sksigners != NULL)) { |
(cfg.skkeys != NULL || cfg.sksigners != NULL)) { |
BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); |
BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); |
goto argerr; |
goto argerr; |
} |
} |
if (cms_config.operation & SMIME_SIGNERS) { |
if (cfg.operation & SMIME_SIGNERS) { |
if (cms_config.keyfile != NULL && |
if (cfg.keyfile != NULL && |
cms_config.signerfile == NULL) { |
cfg.signerfile == NULL) { |
BIO_puts(bio_err, "Illegal -inkey without -signer\n"); |
BIO_puts(bio_err, "Illegal -inkey without -signer\n"); |
goto argerr; |
goto argerr; |
} |
} |
/* Check to see if any final signer needs to be appended */ |
/* Check to see if any final signer needs to be appended */ |
if (cms_config.signerfile != NULL) { |
if (cfg.signerfile != NULL) { |
if (cms_config.sksigners == NULL && |
if (cfg.sksigners == NULL && |
(cms_config.sksigners = |
(cfg.sksigners = |
sk_OPENSSL_STRING_new_null()) == NULL) |
sk_OPENSSL_STRING_new_null()) == NULL) |
goto end; |
goto end; |
if (!sk_OPENSSL_STRING_push(cms_config.sksigners, |
if (!sk_OPENSSL_STRING_push(cfg.sksigners, |
cms_config.signerfile)) |
cfg.signerfile)) |
goto end; |
goto end; |
if (cms_config.skkeys == NULL && |
if (cfg.skkeys == NULL && |
(cms_config.skkeys = |
(cfg.skkeys = |
sk_OPENSSL_STRING_new_null()) == NULL) |
sk_OPENSSL_STRING_new_null()) == NULL) |
goto end; |
goto end; |
if (cms_config.keyfile == NULL) |
if (cfg.keyfile == NULL) |
cms_config.keyfile = cms_config.signerfile; |
cfg.keyfile = cfg.signerfile; |
if (!sk_OPENSSL_STRING_push(cms_config.skkeys, |
if (!sk_OPENSSL_STRING_push(cfg.skkeys, |
cms_config.keyfile)) |
cfg.keyfile)) |
goto end; |
goto end; |
} |
} |
if (cms_config.sksigners == NULL) { |
if (cfg.sksigners == NULL) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"No signer certificate specified\n"); |
"No signer certificate specified\n"); |
badarg = 1; |
badarg = 1; |
} |
} |
cms_config.signerfile = NULL; |
cfg.signerfile = NULL; |
cms_config.keyfile = NULL; |
cfg.keyfile = NULL; |
} else if (cms_config.operation == SMIME_DECRYPT) { |
} else if (cfg.operation == SMIME_DECRYPT) { |
if (cms_config.recipfile == NULL && |
if (cfg.recipfile == NULL && |
cms_config.keyfile == NULL && |
cfg.keyfile == NULL && |
cms_config.secret_key == NULL && |
cfg.secret_key == NULL && |
cms_config.pwri_pass == NULL) { |
cfg.pwri_pass == NULL) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"No recipient certificate or key specified\n"); |
"No recipient certificate or key specified\n"); |
badarg = 1; |
badarg = 1; |
} |
} |
} else if (cms_config.operation == SMIME_ENCRYPT) { |
} else if (cfg.operation == SMIME_ENCRYPT) { |
if (*args == NULL && cms_config.secret_key == NULL && |
if (*args == NULL && cfg.secret_key == NULL && |
cms_config.pwri_pass == NULL && |
cfg.pwri_pass == NULL && |
cms_config.encerts == NULL) { |
cfg.encerts == NULL) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"No recipient(s) certificate(s) specified\n"); |
"No recipient(s) certificate(s) specified\n"); |
badarg = 1; |
badarg = 1; |
} |
} |
} else if (!cms_config.operation) { |
} else if (!cfg.operation) { |
badarg = 1; |
badarg = 1; |
} |
} |
|
|
|
|
goto end; |
goto end; |
} |
} |
|
|
if (!app_passwd(bio_err, cms_config.passargin, NULL, &passin, NULL)) { |
if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) { |
BIO_printf(bio_err, "Error getting password\n"); |
BIO_printf(bio_err, "Error getting password\n"); |
goto end; |
goto end; |
} |
} |
ret = 2; |
ret = 2; |
|
|
if (!(cms_config.operation & SMIME_SIGNERS)) |
if (!(cfg.operation & SMIME_SIGNERS)) |
cms_config.flags &= ~CMS_DETACHED; |
cfg.flags &= ~CMS_DETACHED; |
|
|
if (cms_config.operation & SMIME_OP) { |
if (cfg.operation & SMIME_OP) { |
if (cms_config.outformat == FORMAT_ASN1) |
if (cfg.outformat == FORMAT_ASN1) |
outmode = "wb"; |
outmode = "wb"; |
} else { |
} else { |
if (cms_config.flags & CMS_BINARY) |
if (cfg.flags & CMS_BINARY) |
outmode = "wb"; |
outmode = "wb"; |
} |
} |
|
|
if (cms_config.operation & SMIME_IP) { |
if (cfg.operation & SMIME_IP) { |
if (cms_config.informat == FORMAT_ASN1) |
if (cfg.informat == FORMAT_ASN1) |
inmode = "rb"; |
inmode = "rb"; |
} else { |
} else { |
if (cms_config.flags & CMS_BINARY) |
if (cfg.flags & CMS_BINARY) |
inmode = "rb"; |
inmode = "rb"; |
} |
} |
|
|
if (cms_config.operation == SMIME_ENCRYPT) { |
if (cfg.operation == SMIME_ENCRYPT) { |
if (cms_config.cipher == NULL) { |
if (cfg.cipher == NULL) { |
#ifndef OPENSSL_NO_DES |
#ifndef OPENSSL_NO_DES |
cms_config.cipher = EVP_des_ede3_cbc(); |
cfg.cipher = EVP_des_ede3_cbc(); |
#else |
#else |
BIO_printf(bio_err, "No cipher selected\n"); |
BIO_printf(bio_err, "No cipher selected\n"); |
goto end; |
goto end; |
#endif |
#endif |
} |
} |
if (cms_config.secret_key != NULL && |
if (cfg.secret_key != NULL && |
cms_config.secret_keyid == NULL) { |
cfg.secret_keyid == NULL) { |
BIO_printf(bio_err, "No secret key id\n"); |
BIO_printf(bio_err, "No secret key id\n"); |
goto end; |
goto end; |
} |
} |
if (*args != NULL && cms_config.encerts == NULL) |
if (*args != NULL && cfg.encerts == NULL) |
if ((cms_config.encerts = sk_X509_new_null()) == NULL) |
if ((cfg.encerts = sk_X509_new_null()) == NULL) |
goto end; |
goto end; |
while (*args) { |
while (*args) { |
if ((cms_config.cert = load_cert(bio_err, *args, |
if ((cfg.cert = load_cert(bio_err, *args, |
FORMAT_PEM, NULL, |
FORMAT_PEM, NULL, |
"recipient certificate file")) == NULL) |
"recipient certificate file")) == NULL) |
goto end; |
goto end; |
if (!sk_X509_push(cms_config.encerts, cms_config.cert)) |
if (!sk_X509_push(cfg.encerts, cfg.cert)) |
goto end; |
goto end; |
cms_config.cert = NULL; |
cfg.cert = NULL; |
args++; |
args++; |
} |
} |
} |
} |
if (cms_config.certfile != NULL) { |
if (cfg.certfile != NULL) { |
if ((other = load_certs(bio_err, cms_config.certfile, |
if ((other = load_certs(bio_err, cfg.certfile, |
FORMAT_PEM, NULL, "certificate file")) == NULL) { |
FORMAT_PEM, NULL, "certificate file")) == NULL) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
} |
} |
if (cms_config.recipfile != NULL && |
if (cfg.recipfile != NULL && |
(cms_config.operation == SMIME_DECRYPT)) { |
(cfg.operation == SMIME_DECRYPT)) { |
if ((recip = load_cert(bio_err, cms_config.recipfile, |
if ((recip = load_cert(bio_err, cfg.recipfile, |
FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { |
FORMAT_PEM, NULL, "recipient certificate file")) == NULL) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
} |
} |
if (cms_config.operation == SMIME_SIGN_RECEIPT) { |
if (cfg.operation == SMIME_SIGN_RECEIPT) { |
if ((signer = load_cert(bio_err, cms_config.signerfile, |
if ((signer = load_cert(bio_err, cfg.signerfile, |
FORMAT_PEM, NULL, |
FORMAT_PEM, NULL, |
"receipt signer certificate file")) == NULL) { |
"receipt signer certificate file")) == NULL) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
} |
} |
if (cms_config.operation == SMIME_DECRYPT) { |
if (cfg.operation == SMIME_DECRYPT) { |
if (cms_config.keyfile == NULL) |
if (cfg.keyfile == NULL) |
cms_config.keyfile = cms_config.recipfile; |
cfg.keyfile = cfg.recipfile; |
} else if ((cms_config.operation == SMIME_SIGN) || |
} else if ((cfg.operation == SMIME_SIGN) || |
(cms_config.operation == SMIME_SIGN_RECEIPT)) { |
(cfg.operation == SMIME_SIGN_RECEIPT)) { |
if (cms_config.keyfile == NULL) |
if (cfg.keyfile == NULL) |
cms_config.keyfile = cms_config.signerfile; |
cfg.keyfile = cfg.signerfile; |
} else { |
} else { |
cms_config.keyfile = NULL; |
cfg.keyfile = NULL; |
} |
} |
|
|
if (cms_config.keyfile != NULL) { |
if (cfg.keyfile != NULL) { |
key = load_key(bio_err, cms_config.keyfile, cms_config.keyform, |
key = load_key(bio_err, cfg.keyfile, cfg.keyform, |
0, passin, "signing key file"); |
0, passin, "signing key file"); |
if (key == NULL) |
if (key == NULL) |
goto end; |
goto end; |
} |
} |
if (cms_config.infile != NULL) { |
if (cfg.infile != NULL) { |
if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL) { |
if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Can't open input file %s\n", cms_config.infile); |
"Can't open input file %s\n", cfg.infile); |
goto end; |
goto end; |
} |
} |
} else { |
} else { |
|
|
goto end; |
goto end; |
} |
} |
|
|
if (cms_config.operation & SMIME_IP) { |
if (cfg.operation & SMIME_IP) { |
if (cms_config.informat == FORMAT_SMIME) |
if (cfg.informat == FORMAT_SMIME) |
cms = SMIME_read_CMS(in, &indata); |
cms = SMIME_read_CMS(in, &indata); |
else if (cms_config.informat == FORMAT_PEM) |
else if (cfg.informat == FORMAT_PEM) |
cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); |
cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); |
else if (cms_config.informat == FORMAT_ASN1) |
else if (cfg.informat == FORMAT_ASN1) |
cms = d2i_CMS_bio(in, NULL); |
cms = d2i_CMS_bio(in, NULL); |
else { |
else { |
BIO_printf(bio_err, "Bad input format for CMS file\n"); |
BIO_printf(bio_err, "Bad input format for CMS file\n"); |
|
|
BIO_printf(bio_err, "Error reading S/MIME message\n"); |
BIO_printf(bio_err, "Error reading S/MIME message\n"); |
goto end; |
goto end; |
} |
} |
if (cms_config.contfile != NULL) { |
if (cfg.contfile != NULL) { |
BIO_free(indata); |
BIO_free(indata); |
if ((indata = BIO_new_file(cms_config.contfile, |
if ((indata = BIO_new_file(cfg.contfile, |
"rb")) == NULL) { |
"rb")) == NULL) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Can't read content file %s\n", |
"Can't read content file %s\n", |
cms_config.contfile); |
cfg.contfile); |
goto end; |
goto end; |
} |
} |
} |
} |
if (cms_config.certsoutfile != NULL) { |
if (cfg.certsoutfile != NULL) { |
STACK_OF(X509) *allcerts; |
STACK_OF(X509) *allcerts; |
if ((allcerts = CMS_get1_certs(cms)) == NULL) |
if ((allcerts = CMS_get1_certs(cms)) == NULL) |
goto end; |
goto end; |
if (!save_certs(cms_config.certsoutfile, allcerts)) { |
if (!save_certs(cfg.certsoutfile, allcerts)) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Error writing certs to %s\n", |
"Error writing certs to %s\n", |
cms_config.certsoutfile); |
cfg.certsoutfile); |
sk_X509_pop_free(allcerts, X509_free); |
sk_X509_pop_free(allcerts, X509_free); |
ret = 5; |
ret = 5; |
goto end; |
goto end; |
|
|
sk_X509_pop_free(allcerts, X509_free); |
sk_X509_pop_free(allcerts, X509_free); |
} |
} |
} |
} |
if (cms_config.rctfile != NULL) { |
if (cfg.rctfile != NULL) { |
char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ? |
char *rctmode = (cfg.rctformat == FORMAT_ASN1) ? |
"rb" : "r"; |
"rb" : "r"; |
if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) { |
if ((rctin = BIO_new_file(cfg.rctfile, rctmode)) == NULL) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Can't open receipt file %s\n", cms_config.rctfile); |
"Can't open receipt file %s\n", cfg.rctfile); |
goto end; |
goto end; |
} |
} |
if (cms_config.rctformat == FORMAT_SMIME) |
if (cfg.rctformat == FORMAT_SMIME) |
rcms = SMIME_read_CMS(rctin, NULL); |
rcms = SMIME_read_CMS(rctin, NULL); |
else if (cms_config.rctformat == FORMAT_PEM) |
else if (cfg.rctformat == FORMAT_PEM) |
rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); |
rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); |
else if (cms_config.rctformat == FORMAT_ASN1) |
else if (cfg.rctformat == FORMAT_ASN1) |
rcms = d2i_CMS_bio(rctin, NULL); |
rcms = d2i_CMS_bio(rctin, NULL); |
else { |
else { |
BIO_printf(bio_err, "Bad input format for receipt\n"); |
BIO_printf(bio_err, "Bad input format for receipt\n"); |
|
|
goto end; |
goto end; |
} |
} |
} |
} |
if (cms_config.outfile != NULL) { |
if (cfg.outfile != NULL) { |
if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL) { |
if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Can't open output file %s\n", cms_config.outfile); |
"Can't open output file %s\n", cfg.outfile); |
goto end; |
goto end; |
} |
} |
} else { |
} else { |
|
|
goto end; |
goto end; |
} |
} |
|
|
if ((cms_config.operation == SMIME_VERIFY) || |
if ((cfg.operation == SMIME_VERIFY) || |
(cms_config.operation == SMIME_VERIFY_RECEIPT)) { |
(cfg.operation == SMIME_VERIFY_RECEIPT)) { |
if ((store = setup_verify(bio_err, cms_config.CAfile, |
if ((store = setup_verify(bio_err, cfg.CAfile, |
cms_config.CApath)) == NULL) |
cfg.CApath)) == NULL) |
goto end; |
goto end; |
X509_STORE_set_verify_cb(store, cms_cb); |
X509_STORE_set_verify_cb(store, cms_cb); |
if (cms_config.vpm != NULL) { |
if (cfg.vpm != NULL) { |
if (!X509_STORE_set1_param(store, cms_config.vpm)) |
if (!X509_STORE_set1_param(store, cfg.vpm)) |
goto end; |
goto end; |
} |
} |
} |
} |
ret = 3; |
ret = 3; |
|
|
if (cms_config.operation == SMIME_DATA_CREATE) { |
if (cfg.operation == SMIME_DATA_CREATE) { |
cms = CMS_data_create(in, cms_config.flags); |
cms = CMS_data_create(in, cfg.flags); |
} else if (cms_config.operation == SMIME_DIGEST_CREATE) { |
} else if (cfg.operation == SMIME_DIGEST_CREATE) { |
cms = CMS_digest_create(in, cms_config.sign_md, |
cms = CMS_digest_create(in, cfg.sign_md, |
cms_config.flags); |
cfg.flags); |
} else if (cms_config.operation == SMIME_COMPRESS) { |
} else if (cfg.operation == SMIME_COMPRESS) { |
cms = CMS_compress(in, -1, cms_config.flags); |
cms = CMS_compress(in, -1, cfg.flags); |
} else if (cms_config.operation == SMIME_ENCRYPT) { |
} else if (cfg.operation == SMIME_ENCRYPT) { |
int i; |
int i; |
cms_config.flags |= CMS_PARTIAL; |
cfg.flags |= CMS_PARTIAL; |
cms = CMS_encrypt(NULL, in, cms_config.cipher, |
cms = CMS_encrypt(NULL, in, cfg.cipher, |
cms_config.flags); |
cfg.flags); |
if (cms == NULL) |
if (cms == NULL) |
goto end; |
goto end; |
for (i = 0; i < sk_X509_num(cms_config.encerts); i++) { |
for (i = 0; i < sk_X509_num(cfg.encerts); i++) { |
CMS_RecipientInfo *ri; |
CMS_RecipientInfo *ri; |
struct cms_key_param *kparam; |
struct cms_key_param *kparam; |
int tflags = cms_config.flags; |
int tflags = cfg.flags; |
X509 *x; |
X509 *x; |
|
|
if ((x = sk_X509_value(cms_config.encerts, i)) == NULL) |
if ((x = sk_X509_value(cfg.encerts, i)) == NULL) |
goto end; |
goto end; |
for (kparam = cms_config.key_first; kparam != NULL; |
for (kparam = cfg.key_first; kparam != NULL; |
kparam = kparam->next) { |
kparam = kparam->next) { |
if (kparam->idx == i) { |
if (kparam->idx == i) { |
tflags |= CMS_KEY_PARAM; |
tflags |= CMS_KEY_PARAM; |
|
|
} |
} |
} |
} |
|
|
if (cms_config.secret_key != NULL) { |
if (cfg.secret_key != NULL) { |
if (CMS_add0_recipient_key(cms, NID_undef, |
if (CMS_add0_recipient_key(cms, NID_undef, |
cms_config.secret_key, cms_config.secret_keylen, |
cfg.secret_key, cfg.secret_keylen, |
cms_config.secret_keyid, cms_config.secret_keyidlen, |
cfg.secret_keyid, cfg.secret_keyidlen, |
NULL, NULL, NULL) == NULL) |
NULL, NULL, NULL) == NULL) |
goto end; |
goto end; |
/* NULL these because call absorbs them */ |
/* NULL these because call absorbs them */ |
cms_config.secret_key = NULL; |
cfg.secret_key = NULL; |
cms_config.secret_keyid = NULL; |
cfg.secret_keyid = NULL; |
} |
} |
if (cms_config.pwri_pass != NULL) { |
if (cfg.pwri_pass != NULL) { |
pwri_tmp = strdup(cms_config.pwri_pass); |
pwri_tmp = strdup(cfg.pwri_pass); |
if (pwri_tmp == NULL) |
if (pwri_tmp == NULL) |
goto end; |
goto end; |
if (CMS_add0_recipient_password(cms, -1, NID_undef, |
if (CMS_add0_recipient_password(cms, -1, NID_undef, |
|
|
goto end; |
goto end; |
pwri_tmp = NULL; |
pwri_tmp = NULL; |
} |
} |
if (!(cms_config.flags & CMS_STREAM)) { |
if (!(cfg.flags & CMS_STREAM)) { |
if (!CMS_final(cms, in, NULL, cms_config.flags)) |
if (!CMS_final(cms, in, NULL, cfg.flags)) |
goto end; |
goto end; |
} |
} |
} else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) { |
} else if (cfg.operation == SMIME_ENCRYPTED_ENCRYPT) { |
cms = CMS_EncryptedData_encrypt(in, cms_config.cipher, |
cms = CMS_EncryptedData_encrypt(in, cfg.cipher, |
cms_config.secret_key, cms_config.secret_keylen, |
cfg.secret_key, cfg.secret_keylen, |
cms_config.flags); |
cfg.flags); |
|
|
} else if (cms_config.operation == SMIME_SIGN_RECEIPT) { |
} else if (cfg.operation == SMIME_SIGN_RECEIPT) { |
CMS_ContentInfo *srcms = NULL; |
CMS_ContentInfo *srcms = NULL; |
STACK_OF(CMS_SignerInfo) *sis; |
STACK_OF(CMS_SignerInfo) *sis; |
CMS_SignerInfo *si; |
CMS_SignerInfo *si; |
|
|
if (si == NULL) |
if (si == NULL) |
goto end; |
goto end; |
srcms = CMS_sign_receipt(si, signer, key, other, |
srcms = CMS_sign_receipt(si, signer, key, other, |
cms_config.flags); |
cfg.flags); |
if (srcms == NULL) |
if (srcms == NULL) |
goto end; |
goto end; |
CMS_ContentInfo_free(cms); |
CMS_ContentInfo_free(cms); |
cms = srcms; |
cms = srcms; |
} else if (cms_config.operation & SMIME_SIGNERS) { |
} else if (cfg.operation & SMIME_SIGNERS) { |
int i; |
int i; |
/* |
/* |
* If detached data content we enable streaming if S/MIME |
* If detached data content we enable streaming if S/MIME |
* output format. |
* output format. |
*/ |
*/ |
if (cms_config.operation == SMIME_SIGN) { |
if (cfg.operation == SMIME_SIGN) { |
|
|
if (cms_config.flags & CMS_DETACHED) { |
if (cfg.flags & CMS_DETACHED) { |
if (cms_config.outformat == FORMAT_SMIME) |
if (cfg.outformat == FORMAT_SMIME) |
cms_config.flags |= CMS_STREAM; |
cfg.flags |= CMS_STREAM; |
} |
} |
cms_config.flags |= CMS_PARTIAL; |
cfg.flags |= CMS_PARTIAL; |
cms = CMS_sign(NULL, NULL, other, in, cms_config.flags); |
cms = CMS_sign(NULL, NULL, other, in, cfg.flags); |
if (cms == NULL) |
if (cms == NULL) |
goto end; |
goto end; |
if (cms_config.econtent_type != NULL) |
if (cfg.econtent_type != NULL) |
if (!CMS_set1_eContentType(cms, |
if (!CMS_set1_eContentType(cms, |
cms_config.econtent_type)) |
cfg.econtent_type)) |
goto end; |
goto end; |
|
|
if (cms_config.rr_to != NULL) { |
if (cfg.rr_to != NULL) { |
rr = make_receipt_request(cms_config.rr_to, |
rr = make_receipt_request(cfg.rr_to, |
cms_config.rr_allorfirst, |
cfg.rr_allorfirst, |
cms_config.rr_from); |
cfg.rr_from); |
if (rr == NULL) { |
if (rr == NULL) { |
BIO_puts(bio_err, |
BIO_puts(bio_err, |
"Signed Receipt Request Creation Error\n"); |
"Signed Receipt Request Creation Error\n"); |
|
|
} |
} |
} |
} |
} else { |
} else { |
cms_config.flags |= CMS_REUSE_DIGEST; |
cfg.flags |= CMS_REUSE_DIGEST; |
} |
} |
|
|
for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) { |
for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) { |
CMS_SignerInfo *si; |
CMS_SignerInfo *si; |
struct cms_key_param *kparam; |
struct cms_key_param *kparam; |
int tflags = cms_config.flags; |
int tflags = cfg.flags; |
|
|
cms_config.signerfile = sk_OPENSSL_STRING_value( |
cfg.signerfile = sk_OPENSSL_STRING_value( |
cms_config.sksigners, i); |
cfg.sksigners, i); |
cms_config.keyfile = sk_OPENSSL_STRING_value( |
cfg.keyfile = sk_OPENSSL_STRING_value( |
cms_config.skkeys, i); |
cfg.skkeys, i); |
|
|
signer = load_cert(bio_err, cms_config.signerfile, |
signer = load_cert(bio_err, cfg.signerfile, |
FORMAT_PEM, NULL, "signer certificate"); |
FORMAT_PEM, NULL, "signer certificate"); |
if (signer == NULL) |
if (signer == NULL) |
goto end; |
goto end; |
key = load_key(bio_err, cms_config.keyfile, |
key = load_key(bio_err, cfg.keyfile, |
cms_config.keyform, 0, passin, "signing key file"); |
cfg.keyform, 0, passin, "signing key file"); |
if (key == NULL) |
if (key == NULL) |
goto end; |
goto end; |
for (kparam = cms_config.key_first; kparam != NULL; |
for (kparam = cfg.key_first; kparam != NULL; |
kparam = kparam->next) { |
kparam = kparam->next) { |
if (kparam->idx == i) { |
if (kparam->idx == i) { |
tflags |= CMS_KEY_PARAM; |
tflags |= CMS_KEY_PARAM; |
|
|
} |
} |
} |
} |
si = CMS_add1_signer(cms, signer, key, |
si = CMS_add1_signer(cms, signer, key, |
cms_config.sign_md, tflags); |
cfg.sign_md, tflags); |
if (si == NULL) |
if (si == NULL) |
goto end; |
goto end; |
if (kparam != NULL) { |
if (kparam != NULL) { |
|
|
key = NULL; |
key = NULL; |
} |
} |
/* If not streaming or resigning finalize structure */ |
/* If not streaming or resigning finalize structure */ |
if ((cms_config.operation == SMIME_SIGN) && |
if ((cfg.operation == SMIME_SIGN) && |
!(cms_config.flags & CMS_STREAM)) { |
!(cfg.flags & CMS_STREAM)) { |
if (!CMS_final(cms, in, NULL, cms_config.flags)) |
if (!CMS_final(cms, in, NULL, cfg.flags)) |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
goto end; |
goto end; |
} |
} |
ret = 4; |
ret = 4; |
if (cms_config.operation == SMIME_DECRYPT) { |
if (cfg.operation == SMIME_DECRYPT) { |
if (cms_config.flags & CMS_DEBUG_DECRYPT) |
if (cfg.flags & CMS_DEBUG_DECRYPT) |
CMS_decrypt(cms, NULL, NULL, NULL, NULL, |
CMS_decrypt(cms, NULL, NULL, NULL, NULL, |
cms_config.flags); |
cfg.flags); |
|
|
if (cms_config.secret_key != NULL) { |
if (cfg.secret_key != NULL) { |
if (!CMS_decrypt_set1_key(cms, cms_config.secret_key, |
if (!CMS_decrypt_set1_key(cms, cfg.secret_key, |
cms_config.secret_keylen, cms_config.secret_keyid, |
cfg.secret_keylen, cfg.secret_keyid, |
cms_config.secret_keyidlen)) { |
cfg.secret_keyidlen)) { |
BIO_puts(bio_err, |
BIO_puts(bio_err, |
"Error decrypting CMS using secret key\n"); |
"Error decrypting CMS using secret key\n"); |
goto end; |
goto end; |
|
|
goto end; |
goto end; |
} |
} |
} |
} |
if (cms_config.pwri_pass != NULL) { |
if (cfg.pwri_pass != NULL) { |
if (!CMS_decrypt_set1_password(cms, |
if (!CMS_decrypt_set1_password(cms, |
cms_config.pwri_pass, -1)) { |
cfg.pwri_pass, -1)) { |
BIO_puts(bio_err, |
BIO_puts(bio_err, |
"Error decrypting CMS using password\n"); |
"Error decrypting CMS using password\n"); |
goto end; |
goto end; |
} |
} |
} |
} |
if (!CMS_decrypt(cms, NULL, NULL, indata, out, |
if (!CMS_decrypt(cms, NULL, NULL, indata, out, |
cms_config.flags)) { |
cfg.flags)) { |
BIO_printf(bio_err, "Error decrypting CMS structure\n"); |
BIO_printf(bio_err, "Error decrypting CMS structure\n"); |
goto end; |
goto end; |
} |
} |
} else if (cms_config.operation == SMIME_DATAOUT) { |
} else if (cfg.operation == SMIME_DATAOUT) { |
if (!CMS_data(cms, out, cms_config.flags)) |
if (!CMS_data(cms, out, cfg.flags)) |
goto end; |
goto end; |
} else if (cms_config.operation == SMIME_UNCOMPRESS) { |
} else if (cfg.operation == SMIME_UNCOMPRESS) { |
if (!CMS_uncompress(cms, indata, out, cms_config.flags)) |
if (!CMS_uncompress(cms, indata, out, cfg.flags)) |
goto end; |
goto end; |
} else if (cms_config.operation == SMIME_DIGEST_VERIFY) { |
} else if (cfg.operation == SMIME_DIGEST_VERIFY) { |
if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0) |
if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0) |
BIO_printf(bio_err, "Verification successful\n"); |
BIO_printf(bio_err, "Verification successful\n"); |
else { |
else { |
BIO_printf(bio_err, "Verification failure\n"); |
BIO_printf(bio_err, "Verification failure\n"); |
goto end; |
goto end; |
} |
} |
} else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) { |
} else if (cfg.operation == SMIME_ENCRYPTED_DECRYPT) { |
if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key, |
if (!CMS_EncryptedData_decrypt(cms, cfg.secret_key, |
cms_config.secret_keylen, indata, out, cms_config.flags)) |
cfg.secret_keylen, indata, out, cfg.flags)) |
goto end; |
goto end; |
} else if (cms_config.operation == SMIME_VERIFY) { |
} else if (cfg.operation == SMIME_VERIFY) { |
if (CMS_verify(cms, other, store, indata, out, |
if (CMS_verify(cms, other, store, indata, out, |
cms_config.flags) > 0) { |
cfg.flags) > 0) { |
BIO_printf(bio_err, "Verification successful\n"); |
BIO_printf(bio_err, "Verification successful\n"); |
} else { |
} else { |
BIO_printf(bio_err, "Verification failure\n"); |
BIO_printf(bio_err, "Verification failure\n"); |
if (cms_config.verify_retcode) |
if (cfg.verify_retcode) |
ret = verify_err + 32; |
ret = verify_err + 32; |
goto end; |
goto end; |
} |
} |
if (cms_config.signerfile != NULL) { |
if (cfg.signerfile != NULL) { |
STACK_OF(X509) *signers; |
STACK_OF(X509) *signers; |
if ((signers = CMS_get0_signers(cms)) == NULL) |
if ((signers = CMS_get0_signers(cms)) == NULL) |
goto end; |
goto end; |
if (!save_certs(cms_config.signerfile, signers)) { |
if (!save_certs(cfg.signerfile, signers)) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Error writing signers to %s\n", |
"Error writing signers to %s\n", |
cms_config.signerfile); |
cfg.signerfile); |
sk_X509_free(signers); |
sk_X509_free(signers); |
ret = 5; |
ret = 5; |
goto end; |
goto end; |
} |
} |
sk_X509_free(signers); |
sk_X509_free(signers); |
} |
} |
if (cms_config.rr_print) |
if (cfg.rr_print) |
receipt_request_print(bio_err, cms); |
receipt_request_print(bio_err, cms); |
|
|
} else if (cms_config.operation == SMIME_VERIFY_RECEIPT) { |
} else if (cfg.operation == SMIME_VERIFY_RECEIPT) { |
if (CMS_verify_receipt(rcms, cms, other, store, |
if (CMS_verify_receipt(rcms, cms, other, store, |
cms_config.flags) > 0) { |
cfg.flags) > 0) { |
BIO_printf(bio_err, "Verification successful\n"); |
BIO_printf(bio_err, "Verification successful\n"); |
} else { |
} else { |
BIO_printf(bio_err, "Verification failure\n"); |
BIO_printf(bio_err, "Verification failure\n"); |
goto end; |
goto end; |
} |
} |
} else { |
} else { |
if (cms_config.noout) { |
if (cfg.noout) { |
if (cms_config.print && |
if (cfg.print && |
!CMS_ContentInfo_print_ctx(out, cms, 0, NULL)) |
!CMS_ContentInfo_print_ctx(out, cms, 0, NULL)) |
goto end; |
goto end; |
} else if (cms_config.outformat == FORMAT_SMIME) { |
} else if (cfg.outformat == FORMAT_SMIME) { |
if (cms_config.to != NULL) |
if (cfg.to != NULL) |
BIO_printf(out, "To: %s\n", cms_config.to); |
BIO_printf(out, "To: %s\n", cfg.to); |
if (cms_config.from != NULL) |
if (cfg.from != NULL) |
BIO_printf(out, "From: %s\n", cms_config.from); |
BIO_printf(out, "From: %s\n", cfg.from); |
if (cms_config.subject != NULL) |
if (cfg.subject != NULL) |
BIO_printf(out, "Subject: %s\n", |
BIO_printf(out, "Subject: %s\n", |
cms_config.subject); |
cfg.subject); |
if (cms_config.operation == SMIME_RESIGN) |
if (cfg.operation == SMIME_RESIGN) |
ret = SMIME_write_CMS(out, cms, indata, |
ret = SMIME_write_CMS(out, cms, indata, |
cms_config.flags); |
cfg.flags); |
else |
else |
ret = SMIME_write_CMS(out, cms, in, |
ret = SMIME_write_CMS(out, cms, in, |
cms_config.flags); |
cfg.flags); |
} else if (cms_config.outformat == FORMAT_PEM) { |
} else if (cfg.outformat == FORMAT_PEM) { |
ret = PEM_write_bio_CMS_stream(out, cms, in, |
ret = PEM_write_bio_CMS_stream(out, cms, in, |
cms_config.flags); |
cfg.flags); |
} else if (cms_config.outformat == FORMAT_ASN1) { |
} else if (cfg.outformat == FORMAT_ASN1) { |
ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags); |
ret = i2d_CMS_bio_stream(out, cms, in, cfg.flags); |
} else { |
} else { |
BIO_printf(bio_err, "Bad output format for CMS file\n"); |
BIO_printf(bio_err, "Bad output format for CMS file\n"); |
goto end; |
goto end; |
|
|
if (ret) |
if (ret) |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
|
|
sk_X509_pop_free(cms_config.encerts, X509_free); |
sk_X509_pop_free(cfg.encerts, X509_free); |
sk_X509_pop_free(other, X509_free); |
sk_X509_pop_free(other, X509_free); |
X509_VERIFY_PARAM_free(cms_config.vpm); |
X509_VERIFY_PARAM_free(cfg.vpm); |
sk_OPENSSL_STRING_free(cms_config.sksigners); |
sk_OPENSSL_STRING_free(cfg.sksigners); |
sk_OPENSSL_STRING_free(cms_config.skkeys); |
sk_OPENSSL_STRING_free(cfg.skkeys); |
free(cms_config.secret_key); |
free(cfg.secret_key); |
free(cms_config.secret_keyid); |
free(cfg.secret_keyid); |
free(pwri_tmp); |
free(pwri_tmp); |
ASN1_OBJECT_free(cms_config.econtent_type); |
ASN1_OBJECT_free(cfg.econtent_type); |
CMS_ReceiptRequest_free(rr); |
CMS_ReceiptRequest_free(rr); |
sk_OPENSSL_STRING_free(cms_config.rr_to); |
sk_OPENSSL_STRING_free(cfg.rr_to); |
sk_OPENSSL_STRING_free(cms_config.rr_from); |
sk_OPENSSL_STRING_free(cfg.rr_from); |
for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) { |
for (cfg.key_param = cfg.key_first; cfg.key_param;) { |
struct cms_key_param *tparam; |
struct cms_key_param *tparam; |
sk_OPENSSL_STRING_free(cms_config.key_param->param); |
sk_OPENSSL_STRING_free(cfg.key_param->param); |
tparam = cms_config.key_param->next; |
tparam = cfg.key_param->next; |
free(cms_config.key_param); |
free(cfg.key_param); |
cms_config.key_param = tparam; |
cfg.key_param = tparam; |
} |
} |
X509_STORE_free(store); |
X509_STORE_free(store); |
X509_free(cms_config.cert); |
X509_free(cfg.cert); |
X509_free(recip); |
X509_free(recip); |
X509_free(signer); |
X509_free(signer); |
EVP_PKEY_free(key); |
EVP_PKEY_free(key); |