src/usr.bin/openssl/cms.c - diff

Return to cms.c CVS log

Up to [local] / src / usr.bin / openssl

Diff for /src/usr.bin/openssl/cms.c between version 1.32 and 1.33

version 1.32, 2023/03/05 13:08:22

version 1.33, 2023/03/06 14:32:05

Line 149

char *to;

int verify_retcode;

X509_VERIFY_PARAM *vpm;

} cms_config;

} cfg;

static const EVP_CIPHER *

get_cipher_by_name(char *name)

Line 198

if (*name++ != '-')

return (1);

if ((cms_config.cipher = get_cipher_by_name(name)) == NULL)

if ((cfg.cipher = get_cipher_by_name(name)) == NULL)

if ((cms_config.cipher = EVP_get_cipherbyname(name)) == NULL)

if ((cfg.cipher = EVP_get_cipherbyname(name)) == NULL)

return (1);

*argsused = 1;

Line 209

static int

cms_opt_econtent_type(char *arg)

{

ASN1_OBJECT_free(cms_config.econtent_type);

ASN1_OBJECT_free(cfg.econtent_type);

if ((cms_config.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) {

if ((cfg.econtent_type = OBJ_txt2obj(arg, 0)) == NULL) {

BIO_printf(bio_err, "Invalid OID %s\n", arg);

return (1);

}

Line 221

static int

cms_opt_inkey(char *arg)

{

if (cms_config.keyfile == NULL) {

if (cfg.keyfile == NULL) {

cms_config.keyfile = arg;

cfg.keyfile = arg;

return (0);

}

if (cms_config.signerfile == NULL) {

if (cfg.signerfile == NULL) {

BIO_puts(bio_err, "Illegal -inkey without -signer\n");

return (1);

}

if (cms_config.sksigners == NULL)

if (cfg.sksigners == NULL)

cms_config.sksigners = sk_OPENSSL_STRING_new_null();

cfg.sksigners = sk_OPENSSL_STRING_new_null();

if (cms_config.sksigners == NULL)

if (cfg.sksigners == NULL)

return (1);

if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile))

if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile))

return (1);

cms_config.signerfile = NULL;

cfg.signerfile = NULL;

if (cms_config.skkeys == NULL)

if (cfg.skkeys == NULL)

cms_config.skkeys = sk_OPENSSL_STRING_new_null();

cfg.skkeys = sk_OPENSSL_STRING_new_null();

if (cms_config.skkeys == NULL)

if (cfg.skkeys == NULL)

return (1);

if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile))

if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))

return (1);

cms_config.keyfile = arg;

cfg.keyfile = arg;

return (0);

}

Line 256

{

int keyidx = -1;

if (cms_config.operation == SMIME_ENCRYPT) {

if (cfg.operation == SMIME_ENCRYPT) {

if (cms_config.encerts != NULL)

if (cfg.encerts != NULL)

keyidx += sk_X509_num(cms_config.encerts);

keyidx += sk_X509_num(cfg.encerts);

} else {

if (cms_config.keyfile != NULL || cms_config.signerfile != NULL)

if (cfg.keyfile != NULL || cfg.signerfile != NULL)

keyidx++;

if (cms_config.skkeys != NULL)

if (cfg.skkeys != NULL)

keyidx += sk_OPENSSL_STRING_num(cms_config.skkeys);

keyidx += sk_OPENSSL_STRING_num(cfg.skkeys);

}

if (keyidx < 0) {

Line 271

return (1);

}

if (cms_config.key_param == NULL ||

if (cfg.key_param == NULL ||

cms_config.key_param->idx != keyidx) {

cfg.key_param->idx != keyidx) {

struct cms_key_param *nparam;

if ((nparam = calloc(1, sizeof(struct cms_key_param))) == NULL)

Line 285

}

nparam->next = NULL;

if (cms_config.key_first == NULL)

if (cfg.key_first == NULL)

cms_config.key_first = nparam;

cfg.key_first = nparam;

else

cms_config.key_param->next = nparam;

cfg.key_param->next = nparam;

cms_config.key_param = nparam;

cfg.key_param = nparam;

}

if (!sk_OPENSSL_STRING_push(cms_config.key_param->param, arg))

if (!sk_OPENSSL_STRING_push(cfg.key_param->param, arg))

return (1);

return (0);

Line 302

static int

cms_opt_md(char *arg)

{

if ((cms_config.sign_md = EVP_get_digestbyname(arg)) == NULL) {

if ((cfg.sign_md = EVP_get_digestbyname(arg)) == NULL) {

BIO_printf(bio_err, "Unknown digest %s\n", arg);

return (1);

}

Line 312

static int

cms_opt_print(void)

{

cms_config.noout = 1;

cfg.noout = 1;

cms_config.print = 1;

cfg.print = 1;

return (0);

}

static int

cms_opt_pwri_pass(char *arg)

{

cms_config.pwri_pass = (unsigned char *)arg;

cfg.pwri_pass = (unsigned char *)arg;

return (0);

}

static int

cms_opt_recip(char *arg)

{

if (cms_config.operation == SMIME_ENCRYPT) {

if (cfg.operation == SMIME_ENCRYPT) {

if (cms_config.encerts == NULL) {

if (cfg.encerts == NULL) {

if ((cms_config.encerts = sk_X509_new_null()) == NULL)

if ((cfg.encerts = sk_X509_new_null()) == NULL)

return (1);

}

cms_config.cert = load_cert(bio_err, arg, FORMAT_PEM,

cfg.cert = load_cert(bio_err, arg, FORMAT_PEM,

NULL, "recipient certificate file");

if (cms_config.cert == NULL)

if (cfg.cert == NULL)

return (1);

if (!sk_X509_push(cms_config.encerts, cms_config.cert))

if (!sk_X509_push(cfg.encerts, cfg.cert))

return (1);

cms_config.cert = NULL;

cfg.cert = NULL;

} else {

cms_config.recipfile = arg;

cfg.recipfile = arg;

}

return (0);

}

Line 351

static int

cms_opt_receipt_request_from(char *arg)

{

if (cms_config.rr_from == NULL)

if (cfg.rr_from == NULL)

cms_config.rr_from = sk_OPENSSL_STRING_new_null();

cfg.rr_from = sk_OPENSSL_STRING_new_null();

if (cms_config.rr_from == NULL)

if (cfg.rr_from == NULL)

return (1);

if (!sk_OPENSSL_STRING_push(cms_config.rr_from, arg))

if (!sk_OPENSSL_STRING_push(cfg.rr_from, arg))

return (1);

return (0);

Line 364

static int

cms_opt_receipt_request_to(char *arg)

{

if (cms_config.rr_to == NULL)

if (cfg.rr_to == NULL)

cms_config.rr_to = sk_OPENSSL_STRING_new_null();

cfg.rr_to = sk_OPENSSL_STRING_new_null();

if (cms_config.rr_to == NULL)

if (cfg.rr_to == NULL)

return (1);

if (!sk_OPENSSL_STRING_push(cms_config.rr_to, arg))

if (!sk_OPENSSL_STRING_push(cfg.rr_to, arg))

return (1);

return (0);

Line 379

{

long ltmp;

free(cms_config.secret_key);

free(cfg.secret_key);

if ((cms_config.secret_key = string_to_hex(arg, &ltmp)) == NULL) {

if ((cfg.secret_key = string_to_hex(arg, &ltmp)) == NULL) {

BIO_printf(bio_err, "Invalid key %s\n", arg);

return (1);

}

cms_config.secret_keylen = (size_t)ltmp;

cfg.secret_keylen = (size_t)ltmp;

return (0);

}

Line 394

{

long ltmp;

free(cms_config.secret_keyid);

free(cfg.secret_keyid);

if ((cms_config.secret_keyid = string_to_hex(arg, &ltmp)) == NULL) {

if ((cfg.secret_keyid = string_to_hex(arg, &ltmp)) == NULL) {

BIO_printf(bio_err, "Invalid id %s\n", arg);

return (1);

}

cms_config.secret_keyidlen = (size_t)ltmp;

cfg.secret_keyidlen = (size_t)ltmp;

return (0);

}

static int

cms_opt_signer(char *arg)

{

if (cms_config.signerfile == NULL) {

if (cfg.signerfile == NULL) {

cms_config.signerfile = arg;

cfg.signerfile = arg;

return (0);

}

if (cms_config.sksigners == NULL)

if (cfg.sksigners == NULL)

cms_config.sksigners = sk_OPENSSL_STRING_new_null();

cfg.sksigners = sk_OPENSSL_STRING_new_null();

if (cms_config.sksigners == NULL)

if (cfg.sksigners == NULL)

return (1);

if (!sk_OPENSSL_STRING_push(cms_config.sksigners, cms_config.signerfile))

if (!sk_OPENSSL_STRING_push(cfg.sksigners, cfg.signerfile))

return (1);

if (cms_config.keyfile == NULL)

if (cfg.keyfile == NULL)

cms_config.keyfile = cms_config.signerfile;

cfg.keyfile = cfg.signerfile;

if (cms_config.skkeys == NULL)

if (cfg.skkeys == NULL)

cms_config.skkeys = sk_OPENSSL_STRING_new_null();

cfg.skkeys = sk_OPENSSL_STRING_new_null();

if (cms_config.skkeys == NULL)

if (cfg.skkeys == NULL)

return (1);

if (!sk_OPENSSL_STRING_push(cms_config.skkeys, cms_config.keyfile))

if (!sk_OPENSSL_STRING_push(cfg.skkeys, cfg.keyfile))

return (1);

cms_config.keyfile = NULL;

cfg.keyfile = NULL;

cms_config.signerfile = arg;

cfg.signerfile = arg;

return (0);

}

Line 441

int oargc = argc;

int badarg = 0;

if (!args_verify(&argv, &argc, &badarg, bio_err, &cms_config.vpm))

if (!args_verify(&argv, &argc, &badarg, bio_err, &cfg.vpm))

return (1);

if (badarg)

return (1);

Line 454

static int

cms_opt_verify_receipt(char *arg)

{

cms_config.operation = SMIME_VERIFY_RECEIPT;

cfg.operation = SMIME_VERIFY_RECEIPT;

cms_config.rctfile = arg;

cfg.rctfile = arg;

return (0);

}

Line 539

.argname = "file",

.desc = "Certificate Authority file",

.type = OPTION_ARG,

.opt.arg = &cms_config.CAfile,

.opt.arg = &cfg.CAfile,

{

.name = "CApath",

.argname = "path",

.desc = "Certificate Authority path",

.type = OPTION_ARG,

.opt.arg = &cms_config.CApath,

.opt.arg = &cfg.CApath,

{

.name = "binary",

.desc = "Do not translate message to text",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_BINARY,

{

Line 560

.argname = "file",

.desc = "Other certificates file",

.type = OPTION_ARG,

.opt.arg = &cms_config.certfile,

.opt.arg = &cfg.certfile,

{

.name = "certsout",

.argname = "file",

.desc = "Certificate output file",

.type = OPTION_ARG,

.opt.arg = &cms_config.certsoutfile,

.opt.arg = &cfg.certsoutfile,

{

.name = "cmsout",

.desc = "Output CMS structure",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_CMSOUT,

{

.name = "compress",

.desc = "Create CMS CompressedData type",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_COMPRESS,

{

Line 588

.argname = "file",

.desc = "Supply or override content for detached signature",

.type = OPTION_ARG,

.opt.arg = &cms_config.contfile,

.opt.arg = &cfg.contfile,

{

.name = "crlfeol",

.desc = "Use CRLF as EOL termination instead of CR only",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_CRLFEOL,

{

.name = "data_create",

.desc = "Create CMS Data type",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_DATA_CREATE,

{

.name = "data_out",

.desc = "Output content from the input CMS Data type",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_DATAOUT,

{

.name = "debug_decrypt",

.desc = "Set the CMS_DEBUG_DECRYPT flag when decrypting",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_DEBUG_DECRYPT,

{

.name = "decrypt",

.desc = "Decrypt encrypted message",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_DECRYPT,

{

.name = "digest_create",

.desc = "Create CMS DigestedData type",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_DIGEST_CREATE,

{

.name = "digest_verify",

.desc = "Verify CMS DigestedData type and output the content",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_DIGEST_VERIFY,

{

Line 650

.name = "encrypt",

.desc = "Encrypt message",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_ENCRYPT,

{

.name = "EncryptedData_decrypt",

.desc = "Decrypt CMS EncryptedData",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_ENCRYPTED_DECRYPT,

{

.name = "EncryptedData_encrypt",

.desc = "Encrypt content using supplied symmetric key and algorithm",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_ENCRYPTED_ENCRYPT,

{

Line 672

.argname = "addr",

.desc = "From address",

.type = OPTION_ARG,

.opt.arg = &cms_config.from,

.opt.arg = &cfg.from,

{

.name = "in",

.argname = "file",

.desc = "Input file",

.type = OPTION_ARG,

.opt.arg = &cms_config.infile,

.opt.arg = &cfg.infile,

{

.name = "indef",

.desc = "Same as -stream",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_STREAM,

{

Line 693

.argname = "fmt",

.desc = "Input format (DER, PEM or SMIME (default))",

.type = OPTION_ARG_FORMAT,

.opt.value = &cms_config.informat,

.opt.value = &cfg.informat,

{

.name = "inkey",

Line 707

.argname = "fmt",

.desc = "Input key format (DER or PEM (default))",

.type = OPTION_ARG_FORMAT,

.opt.value = &cms_config.keyform,

.opt.value = &cfg.keyform,

{

.name = "keyid",

.desc = "Use subject key identifier",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_USE_KEYID,

{

Line 734

.name = "no_attr_verify",

.desc = "Do not verify the signer's attribute of a signature",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NO_ATTR_VERIFY,

{

.name = "no_content_verify",

.desc = "Do not verify the content of a signed message",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NO_CONTENT_VERIFY,

{

.name = "no_signer_cert_verify",

.desc = "Do not verify the signer's certificate",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NO_SIGNER_CERT_VERIFY,

{

.name = "noattr",

.desc = "Do not include any signed attributes",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NOATTR,

{

.name = "nocerts",

.desc = "Do not include signer's certificate when signing",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NOCERTS,

{

.name = "nodetach",

.desc = "Use opaque signing",

.type = OPTION_VALUE_AND,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = ~CMS_DETACHED,

{

.name = "noindef",

.desc = "Disable CMS streaming",

.type = OPTION_VALUE_AND,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = ~CMS_STREAM,

{

.name = "nointern",

.desc = "Do not search certificates in message for signer",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NOINTERN,

{

.name = "nooldmime",

.desc = "Output old S/MIME content type",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NOOLDMIMETYPE,

{

.name = "noout",

.desc = "Do not output the parsed CMS structure",

.type = OPTION_FLAG,

.opt.flag = &cms_config.noout,

.opt.flag = &cfg.noout,

{

.name = "nosigs",

.desc = "Do not verify message signature",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NOSIGS,

{

.name = "nosmimecap",

.desc = "Omit the SMIMECapabilities attribute",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NOSMIMECAP,

{

.name = "noverify",

.desc = "Do not verify signer's certificate",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_NO_SIGNER_CERT_VERIFY,

{

Line 825

.argname = "file",

.desc = "Output file",

.type = OPTION_ARG,

.opt.arg = &cms_config.outfile,

.opt.arg = &cfg.outfile,

{

.name = "outform",

.argname = "fmt",

.desc = "Output format (DER, PEM or SMIME (default))",

.type = OPTION_ARG_FORMAT,

.opt.value = &cms_config.outformat,

.opt.value = &cfg.outformat,

{

.name = "passin",

.argname = "src",

.desc = "Private key password source",

.type = OPTION_ARG,

.opt.arg = &cms_config.passargin,

.opt.arg = &cfg.passargin,

{

.name = "print",

Line 859

.argname = "fmt",

.desc = "Receipt file format (DER, PEM or SMIME (default))",

.type = OPTION_ARG_FORMAT,

.opt.value = &cms_config.rctformat,

.opt.value = &cfg.rctformat,

{

.name = "receipt_request_all",

.desc = "Indicate requests should be provided by all recipients",

.type = OPTION_VALUE,

.opt.value = &cms_config.rr_allorfirst,

.opt.value = &cfg.rr_allorfirst,

.value = 0,

{

.name = "receipt_request_first",

.desc = "Indicate requests should be provided by first tier recipient",

.type = OPTION_VALUE,

.opt.value = &cms_config.rr_allorfirst,

.opt.value = &cfg.rr_allorfirst,

.value = 1,

{

Line 886

.name = "receipt_request_print",

.desc = "Print out the contents of any signed receipt requests",

.type = OPTION_FLAG,

.opt.flag = &cms_config.rr_print,

.opt.flag = &cfg.rr_print,

{

.name = "receipt_request_to",

Line 906

.name = "resign",

.desc = "Resign a signed message",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_RESIGN,

{

Line 927

.name = "sign",

.desc = "Sign message",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_SIGN,

{

.name = "sign_receipt",

.desc = "Generate a signed receipt for the message",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_SIGN_RECEIPT,

{

Line 948

.name = "stream",

.desc = "Enable CMS streaming",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_STREAM,

{

Line 956

.argname = "s",

.desc = "Subject",

.type = OPTION_ARG,

.opt.arg = &cms_config.subject,

.opt.arg = &cfg.subject,

{

.name = "text",

.desc = "Include or delete text MIME headers",

.type = OPTION_VALUE_OR,

.opt.value = &cms_config.flags,

.opt.value = &cfg.flags,

.value = CMS_TEXT,

{

Line 970

.argname = "addr",

.desc = "To address",

.type = OPTION_ARG,

.opt.arg = &cms_config.to,

.opt.arg = &cfg.to,

{

.name = "uncompress",

.desc = "Uncompress CMS CompressedData type",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_UNCOMPRESS,

{

.name = "verify",

.desc = "Verify signed message",

.type = OPTION_VALUE,

.opt.value = &cms_config.operation,

.opt.value = &cfg.operation,

.value = SMIME_VERIFY,

{

Line 997

.name = "verify_retcode",

.desc = "Set verification error code to exit code",

.type = OPTION_FLAG,

.opt.flag = &cms_config.verify_retcode,

.opt.flag = &cfg.verify_retcode,

{

.name = "check_ss_sig",

Line 1170

exit(1);

}

memset(&cms_config, 0, sizeof(cms_config));

memset(&cfg, 0, sizeof(cfg));

cms_config.flags = CMS_DETACHED;

cfg.flags = CMS_DETACHED;

cms_config.rr_allorfirst = -1;

cfg.rr_allorfirst = -1;

cms_config.informat = FORMAT_SMIME;

cfg.informat = FORMAT_SMIME;

cms_config.outformat = FORMAT_SMIME;

cfg.outformat = FORMAT_SMIME;

cms_config.rctformat = FORMAT_SMIME;

cfg.rctformat = FORMAT_SMIME;

cms_config.keyform = FORMAT_PEM;

cfg.keyform = FORMAT_PEM;

if (options_parse(argc, argv, cms_options, NULL, &argsused) != 0) {

goto argerr;

}

args = argv + argsused;

ret = 1;

if (((cms_config.rr_allorfirst != -1) || cms_config.rr_from != NULL) &&

if (((cfg.rr_allorfirst != -1) || cfg.rr_from != NULL) &&

cms_config.rr_to == NULL) {

cfg.rr_to == NULL) {

BIO_puts(bio_err, "No Signed Receipts Recipients\n");

goto argerr;

}

if (!(cms_config.operation & SMIME_SIGNERS) &&

if (!(cfg.operation & SMIME_SIGNERS) &&

(cms_config.rr_to != NULL || cms_config.rr_from != NULL)) {

(cfg.rr_to != NULL || cfg.rr_from != NULL)) {

BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");

goto argerr;

}

if (!(cms_config.operation & SMIME_SIGNERS) &&

if (!(cfg.operation & SMIME_SIGNERS) &&

(cms_config.skkeys != NULL || cms_config.sksigners != NULL)) {

(cfg.skkeys != NULL || cfg.sksigners != NULL)) {

BIO_puts(bio_err, "Multiple signers or keys not allowed\n");

goto argerr;

}

if (cms_config.operation & SMIME_SIGNERS) {

if (cfg.operation & SMIME_SIGNERS) {

if (cms_config.keyfile != NULL &&

if (cfg.keyfile != NULL &&

cms_config.signerfile == NULL) {

cfg.signerfile == NULL) {

BIO_puts(bio_err, "Illegal -inkey without -signer\n");

goto argerr;

}

/* Check to see if any final signer needs to be appended */

if (cms_config.signerfile != NULL) {

if (cfg.signerfile != NULL) {

if (cms_config.sksigners == NULL &&

if (cfg.sksigners == NULL &&

(cms_config.sksigners =

(cfg.sksigners =

sk_OPENSSL_STRING_new_null()) == NULL)

goto end;

if (!sk_OPENSSL_STRING_push(cms_config.sksigners,

if (!sk_OPENSSL_STRING_push(cfg.sksigners,

cms_config.signerfile))

cfg.signerfile))

goto end;

if (cms_config.skkeys == NULL &&

if (cfg.skkeys == NULL &&

(cms_config.skkeys =

(cfg.skkeys =

sk_OPENSSL_STRING_new_null()) == NULL)

goto end;

if (cms_config.keyfile == NULL)

if (cfg.keyfile == NULL)

cms_config.keyfile = cms_config.signerfile;

cfg.keyfile = cfg.signerfile;

if (!sk_OPENSSL_STRING_push(cms_config.skkeys,

if (!sk_OPENSSL_STRING_push(cfg.skkeys,

cms_config.keyfile))

cfg.keyfile))

goto end;

}

if (cms_config.sksigners == NULL) {

if (cfg.sksigners == NULL) {

BIO_printf(bio_err,

"No signer certificate specified\n");

badarg = 1;

}

cms_config.signerfile = NULL;

cfg.signerfile = NULL;

cms_config.keyfile = NULL;

cfg.keyfile = NULL;

} else if (cms_config.operation == SMIME_DECRYPT) {

} else if (cfg.operation == SMIME_DECRYPT) {

if (cms_config.recipfile == NULL &&

if (cfg.recipfile == NULL &&

cms_config.keyfile == NULL &&

cfg.keyfile == NULL &&

cms_config.secret_key == NULL &&

cfg.secret_key == NULL &&

cms_config.pwri_pass == NULL) {

cfg.pwri_pass == NULL) {

BIO_printf(bio_err,

"No recipient certificate or key specified\n");

badarg = 1;

}

} else if (cms_config.operation == SMIME_ENCRYPT) {

} else if (cfg.operation == SMIME_ENCRYPT) {

if (*args == NULL && cms_config.secret_key == NULL &&

if (*args == NULL && cfg.secret_key == NULL &&

cms_config.pwri_pass == NULL &&

cfg.pwri_pass == NULL &&

cms_config.encerts == NULL) {

cfg.encerts == NULL) {

BIO_printf(bio_err,

"No recipient(s) certificate(s) specified\n");

badarg = 1;

}

} else if (!cms_config.operation) {

} else if (!cfg.operation) {

badarg = 1;

}

Line 1257

goto end;

}

if (!app_passwd(bio_err, cms_config.passargin, NULL, &passin, NULL)) {

if (!app_passwd(bio_err, cfg.passargin, NULL, &passin, NULL)) {

BIO_printf(bio_err, "Error getting password\n");

goto end;

}

ret = 2;

if (!(cms_config.operation & SMIME_SIGNERS))

if (!(cfg.operation & SMIME_SIGNERS))

cms_config.flags &= ~CMS_DETACHED;

cfg.flags &= ~CMS_DETACHED;

if (cms_config.operation & SMIME_OP) {

if (cfg.operation & SMIME_OP) {

if (cms_config.outformat == FORMAT_ASN1)

if (cfg.outformat == FORMAT_ASN1)

outmode = "wb";

} else {

if (cms_config.flags & CMS_BINARY)

if (cfg.flags & CMS_BINARY)

outmode = "wb";

}

if (cms_config.operation & SMIME_IP) {

if (cfg.operation & SMIME_IP) {

if (cms_config.informat == FORMAT_ASN1)

if (cfg.informat == FORMAT_ASN1)

inmode = "rb";

} else {

if (cms_config.flags & CMS_BINARY)

if (cfg.flags & CMS_BINARY)

inmode = "rb";

}

if (cms_config.operation == SMIME_ENCRYPT) {

if (cfg.operation == SMIME_ENCRYPT) {

if (cms_config.cipher == NULL) {

if (cfg.cipher == NULL) {

#ifndef OPENSSL_NO_DES

cms_config.cipher = EVP_des_ede3_cbc();

cfg.cipher = EVP_des_ede3_cbc();

#else

BIO_printf(bio_err, "No cipher selected\n");

goto end;

#endif

}

if (cms_config.secret_key != NULL &&

if (cfg.secret_key != NULL &&

cms_config.secret_keyid == NULL) {

cfg.secret_keyid == NULL) {

BIO_printf(bio_err, "No secret key id\n");

goto end;

}

if (*args != NULL && cms_config.encerts == NULL)

if (*args != NULL && cfg.encerts == NULL)

if ((cms_config.encerts = sk_X509_new_null()) == NULL)

if ((cfg.encerts = sk_X509_new_null()) == NULL)

goto end;

while (*args) {

if ((cms_config.cert = load_cert(bio_err, *args,

if ((cfg.cert = load_cert(bio_err, *args,

FORMAT_PEM, NULL,

"recipient certificate file")) == NULL)

goto end;

if (!sk_X509_push(cms_config.encerts, cms_config.cert))

if (!sk_X509_push(cfg.encerts, cfg.cert))

goto end;

cms_config.cert = NULL;

cfg.cert = NULL;

args++;

}

if (cms_config.certfile != NULL) {

if (cfg.certfile != NULL) {

if ((other = load_certs(bio_err, cms_config.certfile,

if ((other = load_certs(bio_err, cfg.certfile,

FORMAT_PEM, NULL, "certificate file")) == NULL) {

ERR_print_errors(bio_err);

goto end;

}

if (cms_config.recipfile != NULL &&

if (cfg.recipfile != NULL &&

(cms_config.operation == SMIME_DECRYPT)) {

(cfg.operation == SMIME_DECRYPT)) {

if ((recip = load_cert(bio_err, cms_config.recipfile,

if ((recip = load_cert(bio_err, cfg.recipfile,

FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {

ERR_print_errors(bio_err);

goto end;

}

if (cms_config.operation == SMIME_SIGN_RECEIPT) {

if (cfg.operation == SMIME_SIGN_RECEIPT) {

if ((signer = load_cert(bio_err, cms_config.signerfile,

if ((signer = load_cert(bio_err, cfg.signerfile,

FORMAT_PEM, NULL,

"receipt signer certificate file")) == NULL) {

ERR_print_errors(bio_err);

goto end;

}

if (cms_config.operation == SMIME_DECRYPT) {

if (cfg.operation == SMIME_DECRYPT) {

if (cms_config.keyfile == NULL)

if (cfg.keyfile == NULL)

cms_config.keyfile = cms_config.recipfile;

cfg.keyfile = cfg.recipfile;

} else if ((cms_config.operation == SMIME_SIGN) ||

} else if ((cfg.operation == SMIME_SIGN) ||

(cms_config.operation == SMIME_SIGN_RECEIPT)) {

(cfg.operation == SMIME_SIGN_RECEIPT)) {

if (cms_config.keyfile == NULL)

if (cfg.keyfile == NULL)

cms_config.keyfile = cms_config.signerfile;

cfg.keyfile = cfg.signerfile;

} else {

cms_config.keyfile = NULL;

cfg.keyfile = NULL;

}

if (cms_config.keyfile != NULL) {

if (cfg.keyfile != NULL) {

key = load_key(bio_err, cms_config.keyfile, cms_config.keyform,

key = load_key(bio_err, cfg.keyfile, cfg.keyform,

0, passin, "signing key file");

if (key == NULL)

goto end;

}

if (cms_config.infile != NULL) {

if (cfg.infile != NULL) {

if ((in = BIO_new_file(cms_config.infile, inmode)) == NULL) {

if ((in = BIO_new_file(cfg.infile, inmode)) == NULL) {

BIO_printf(bio_err,

"Can't open input file %s\n", cms_config.infile);

"Can't open input file %s\n", cfg.infile);

goto end;

}

} else {

Line 1361

goto end;

}

if (cms_config.operation & SMIME_IP) {

if (cfg.operation & SMIME_IP) {

if (cms_config.informat == FORMAT_SMIME)

if (cfg.informat == FORMAT_SMIME)

cms = SMIME_read_CMS(in, &indata);

else if (cms_config.informat == FORMAT_PEM)

else if (cfg.informat == FORMAT_PEM)

cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);

else if (cms_config.informat == FORMAT_ASN1)

else if (cfg.informat == FORMAT_ASN1)

cms = d2i_CMS_bio(in, NULL);

else {

BIO_printf(bio_err, "Bad input format for CMS file\n");

Line 1377

BIO_printf(bio_err, "Error reading S/MIME message\n");

goto end;

}

if (cms_config.contfile != NULL) {

if (cfg.contfile != NULL) {

BIO_free(indata);

if ((indata = BIO_new_file(cms_config.contfile,

if ((indata = BIO_new_file(cfg.contfile,

"rb")) == NULL) {

BIO_printf(bio_err,

"Can't read content file %s\n",

cms_config.contfile);

cfg.contfile);

goto end;

}

if (cms_config.certsoutfile != NULL) {

if (cfg.certsoutfile != NULL) {

STACK_OF(X509) *allcerts;

if ((allcerts = CMS_get1_certs(cms)) == NULL)

goto end;

if (!save_certs(cms_config.certsoutfile, allcerts)) {

if (!save_certs(cfg.certsoutfile, allcerts)) {

BIO_printf(bio_err,

"Error writing certs to %s\n",

cms_config.certsoutfile);

cfg.certsoutfile);

sk_X509_pop_free(allcerts, X509_free);

ret = 5;

goto end;

Line 1402

sk_X509_pop_free(allcerts, X509_free);

}

if (cms_config.rctfile != NULL) {

if (cfg.rctfile != NULL) {

char *rctmode = (cms_config.rctformat == FORMAT_ASN1) ?

char *rctmode = (cfg.rctformat == FORMAT_ASN1) ?

"rb" : "r";

if ((rctin = BIO_new_file(cms_config.rctfile, rctmode)) == NULL) {

if ((rctin = BIO_new_file(cfg.rctfile, rctmode)) == NULL) {

BIO_printf(bio_err,

"Can't open receipt file %s\n", cms_config.rctfile);

"Can't open receipt file %s\n", cfg.rctfile);

goto end;

}

if (cms_config.rctformat == FORMAT_SMIME)

if (cfg.rctformat == FORMAT_SMIME)

rcms = SMIME_read_CMS(rctin, NULL);

else if (cms_config.rctformat == FORMAT_PEM)

else if (cfg.rctformat == FORMAT_PEM)

rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);

else if (cms_config.rctformat == FORMAT_ASN1)

else if (cfg.rctformat == FORMAT_ASN1)

rcms = d2i_CMS_bio(rctin, NULL);

else {

BIO_printf(bio_err, "Bad input format for receipt\n");

Line 1426

goto end;

}

if (cms_config.outfile != NULL) {

if (cfg.outfile != NULL) {

if ((out = BIO_new_file(cms_config.outfile, outmode)) == NULL) {

if ((out = BIO_new_file(cfg.outfile, outmode)) == NULL) {

BIO_printf(bio_err,

"Can't open output file %s\n", cms_config.outfile);

"Can't open output file %s\n", cfg.outfile);

goto end;

}

} else {

Line 1437

goto end;

}

if ((cms_config.operation == SMIME_VERIFY) ||

if ((cfg.operation == SMIME_VERIFY) ||

(cms_config.operation == SMIME_VERIFY_RECEIPT)) {

(cfg.operation == SMIME_VERIFY_RECEIPT)) {

if ((store = setup_verify(bio_err, cms_config.CAfile,

if ((store = setup_verify(bio_err, cfg.CAfile,

cms_config.CApath)) == NULL)

cfg.CApath)) == NULL)

goto end;

X509_STORE_set_verify_cb(store, cms_cb);

if (cms_config.vpm != NULL) {

if (cfg.vpm != NULL) {

if (!X509_STORE_set1_param(store, cms_config.vpm))

if (!X509_STORE_set1_param(store, cfg.vpm))

goto end;

}

ret = 3;

if (cms_config.operation == SMIME_DATA_CREATE) {

if (cfg.operation == SMIME_DATA_CREATE) {

cms = CMS_data_create(in, cms_config.flags);

cms = CMS_data_create(in, cfg.flags);

} else if (cms_config.operation == SMIME_DIGEST_CREATE) {

} else if (cfg.operation == SMIME_DIGEST_CREATE) {

cms = CMS_digest_create(in, cms_config.sign_md,

cms = CMS_digest_create(in, cfg.sign_md,

cms_config.flags);

cfg.flags);

} else if (cms_config.operation == SMIME_COMPRESS) {

} else if (cfg.operation == SMIME_COMPRESS) {

cms = CMS_compress(in, -1, cms_config.flags);

cms = CMS_compress(in, -1, cfg.flags);

} else if (cms_config.operation == SMIME_ENCRYPT) {

} else if (cfg.operation == SMIME_ENCRYPT) {

int i;

cms_config.flags |= CMS_PARTIAL;

cfg.flags |= CMS_PARTIAL;

cms = CMS_encrypt(NULL, in, cms_config.cipher,

cms = CMS_encrypt(NULL, in, cfg.cipher,

cms_config.flags);

cfg.flags);

if (cms == NULL)

goto end;

for (i = 0; i < sk_X509_num(cms_config.encerts); i++) {

for (i = 0; i < sk_X509_num(cfg.encerts); i++) {

CMS_RecipientInfo *ri;

struct cms_key_param *kparam;

int tflags = cms_config.flags;

int tflags = cfg.flags;

X509 *x;

if ((x = sk_X509_value(cms_config.encerts, i)) == NULL)

if ((x = sk_X509_value(cfg.encerts, i)) == NULL)

goto end;

for (kparam = cms_config.key_first; kparam != NULL;

for (kparam = cfg.key_first; kparam != NULL;

kparam = kparam->next) {

if (kparam->idx == i) {

tflags |= CMS_KEY_PARAM;

Line 1492

}

if (cms_config.secret_key != NULL) {

if (cfg.secret_key != NULL) {

if (CMS_add0_recipient_key(cms, NID_undef,

cms_config.secret_key, cms_config.secret_keylen,

cfg.secret_key, cfg.secret_keylen,

cms_config.secret_keyid, cms_config.secret_keyidlen,

cfg.secret_keyid, cfg.secret_keyidlen,

NULL, NULL, NULL) == NULL)

goto end;

/* NULL these because call absorbs them */

cms_config.secret_key = NULL;

cfg.secret_key = NULL;

cms_config.secret_keyid = NULL;

cfg.secret_keyid = NULL;

}

if (cms_config.pwri_pass != NULL) {

if (cfg.pwri_pass != NULL) {

pwri_tmp = strdup(cms_config.pwri_pass);

pwri_tmp = strdup(cfg.pwri_pass);

if (pwri_tmp == NULL)

goto end;

if (CMS_add0_recipient_password(cms, -1, NID_undef,

Line 1511

goto end;

pwri_tmp = NULL;

}

if (!(cms_config.flags & CMS_STREAM)) {

if (!(cfg.flags & CMS_STREAM)) {

if (!CMS_final(cms, in, NULL, cms_config.flags))

if (!CMS_final(cms, in, NULL, cfg.flags))

goto end;

}

} else if (cms_config.operation == SMIME_ENCRYPTED_ENCRYPT) {

} else if (cfg.operation == SMIME_ENCRYPTED_ENCRYPT) {

cms = CMS_EncryptedData_encrypt(in, cms_config.cipher,

cms = CMS_EncryptedData_encrypt(in, cfg.cipher,

cms_config.secret_key, cms_config.secret_keylen,

cfg.secret_key, cfg.secret_keylen,

cms_config.flags);

cfg.flags);

} else if (cms_config.operation == SMIME_SIGN_RECEIPT) {

} else if (cfg.operation == SMIME_SIGN_RECEIPT) {

CMS_ContentInfo *srcms = NULL;

STACK_OF(CMS_SignerInfo) *sis;

CMS_SignerInfo *si;

Line 1531

if (si == NULL)

goto end;

srcms = CMS_sign_receipt(si, signer, key, other,

cms_config.flags);

cfg.flags);

if (srcms == NULL)

goto end;

CMS_ContentInfo_free(cms);

cms = srcms;

} else if (cms_config.operation & SMIME_SIGNERS) {

} else if (cfg.operation & SMIME_SIGNERS) {

int i;

* If detached data content we enable streaming if S/MIME

* output format.

if (cms_config.operation == SMIME_SIGN) {

if (cfg.operation == SMIME_SIGN) {

if (cms_config.flags & CMS_DETACHED) {

if (cfg.flags & CMS_DETACHED) {

if (cms_config.outformat == FORMAT_SMIME)

if (cfg.outformat == FORMAT_SMIME)

cms_config.flags |= CMS_STREAM;

cfg.flags |= CMS_STREAM;

}

cms_config.flags |= CMS_PARTIAL;

cfg.flags |= CMS_PARTIAL;

cms = CMS_sign(NULL, NULL, other, in, cms_config.flags);

cms = CMS_sign(NULL, NULL, other, in, cfg.flags);

if (cms == NULL)

goto end;

if (cms_config.econtent_type != NULL)

if (cfg.econtent_type != NULL)

if (!CMS_set1_eContentType(cms,

cms_config.econtent_type))

cfg.econtent_type))

goto end;

if (cms_config.rr_to != NULL) {

if (cfg.rr_to != NULL) {

rr = make_receipt_request(cms_config.rr_to,

rr = make_receipt_request(cfg.rr_to,

cms_config.rr_allorfirst,

cfg.rr_allorfirst,

cms_config.rr_from);

cfg.rr_from);

if (rr == NULL) {

BIO_puts(bio_err,

"Signed Receipt Request Creation Error\n");

Line 1568

}

} else {

cms_config.flags |= CMS_REUSE_DIGEST;

cfg.flags |= CMS_REUSE_DIGEST;

}

for (i = 0; i < sk_OPENSSL_STRING_num(cms_config.sksigners); i++) {

for (i = 0; i < sk_OPENSSL_STRING_num(cfg.sksigners); i++) {

CMS_SignerInfo *si;

struct cms_key_param *kparam;

int tflags = cms_config.flags;

int tflags = cfg.flags;

cms_config.signerfile = sk_OPENSSL_STRING_value(

cfg.signerfile = sk_OPENSSL_STRING_value(

cms_config.sksigners, i);

cfg.sksigners, i);

cms_config.keyfile = sk_OPENSSL_STRING_value(

cfg.keyfile = sk_OPENSSL_STRING_value(

cms_config.skkeys, i);

cfg.skkeys, i);

signer = load_cert(bio_err, cms_config.signerfile,

signer = load_cert(bio_err, cfg.signerfile,

FORMAT_PEM, NULL, "signer certificate");

if (signer == NULL)

goto end;

key = load_key(bio_err, cms_config.keyfile,

key = load_key(bio_err, cfg.keyfile,

cms_config.keyform, 0, passin, "signing key file");

cfg.keyform, 0, passin, "signing key file");

if (key == NULL)

goto end;

for (kparam = cms_config.key_first; kparam != NULL;

for (kparam = cfg.key_first; kparam != NULL;

kparam = kparam->next) {

if (kparam->idx == i) {

tflags |= CMS_KEY_PARAM;

Line 1597

}

si = CMS_add1_signer(cms, signer, key,

cms_config.sign_md, tflags);

cfg.sign_md, tflags);

if (si == NULL)

goto end;

if (kparam != NULL) {

Line 1616

key = NULL;

}

/* If not streaming or resigning finalize structure */

if ((cms_config.operation == SMIME_SIGN) &&

if ((cfg.operation == SMIME_SIGN) &&

!(cms_config.flags & CMS_STREAM)) {

!(cfg.flags & CMS_STREAM)) {

if (!CMS_final(cms, in, NULL, cms_config.flags))

if (!CMS_final(cms, in, NULL, cfg.flags))

goto end;

}

Line 1627

goto end;

}

ret = 4;

if (cms_config.operation == SMIME_DECRYPT) {

if (cfg.operation == SMIME_DECRYPT) {

if (cms_config.flags & CMS_DEBUG_DECRYPT)

if (cfg.flags & CMS_DEBUG_DECRYPT)

CMS_decrypt(cms, NULL, NULL, NULL, NULL,

cms_config.flags);

cfg.flags);

if (cms_config.secret_key != NULL) {

if (cfg.secret_key != NULL) {

if (!CMS_decrypt_set1_key(cms, cms_config.secret_key,

if (!CMS_decrypt_set1_key(cms, cfg.secret_key,

cms_config.secret_keylen, cms_config.secret_keyid,

cfg.secret_keylen, cfg.secret_keyid,

cms_config.secret_keyidlen)) {

cfg.secret_keyidlen)) {

BIO_puts(bio_err,

"Error decrypting CMS using secret key\n");

goto end;

Line 1648

goto end;

}

if (cms_config.pwri_pass != NULL) {

if (cfg.pwri_pass != NULL) {

if (!CMS_decrypt_set1_password(cms,

cms_config.pwri_pass, -1)) {

cfg.pwri_pass, -1)) {

BIO_puts(bio_err,

"Error decrypting CMS using password\n");

goto end;

}

if (!CMS_decrypt(cms, NULL, NULL, indata, out,

cms_config.flags)) {

cfg.flags)) {

BIO_printf(bio_err, "Error decrypting CMS structure\n");

goto end;

}

} else if (cms_config.operation == SMIME_DATAOUT) {

} else if (cfg.operation == SMIME_DATAOUT) {

if (!CMS_data(cms, out, cms_config.flags))

if (!CMS_data(cms, out, cfg.flags))

goto end;

} else if (cms_config.operation == SMIME_UNCOMPRESS) {

} else if (cfg.operation == SMIME_UNCOMPRESS) {

if (!CMS_uncompress(cms, indata, out, cms_config.flags))

if (!CMS_uncompress(cms, indata, out, cfg.flags))

goto end;

} else if (cms_config.operation == SMIME_DIGEST_VERIFY) {

} else if (cfg.operation == SMIME_DIGEST_VERIFY) {

if (CMS_digest_verify(cms, indata, out, cms_config.flags) > 0)

if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0)

BIO_printf(bio_err, "Verification successful\n");

else {

BIO_printf(bio_err, "Verification failure\n");

goto end;

}

} else if (cms_config.operation == SMIME_ENCRYPTED_DECRYPT) {

} else if (cfg.operation == SMIME_ENCRYPTED_DECRYPT) {

if (!CMS_EncryptedData_decrypt(cms, cms_config.secret_key,

if (!CMS_EncryptedData_decrypt(cms, cfg.secret_key,

cms_config.secret_keylen, indata, out, cms_config.flags))

cfg.secret_keylen, indata, out, cfg.flags))

goto end;

} else if (cms_config.operation == SMIME_VERIFY) {

} else if (cfg.operation == SMIME_VERIFY) {

if (CMS_verify(cms, other, store, indata, out,

cms_config.flags) > 0) {

cfg.flags) > 0) {

BIO_printf(bio_err, "Verification successful\n");

} else {

BIO_printf(bio_err, "Verification failure\n");

if (cms_config.verify_retcode)

if (cfg.verify_retcode)

ret = verify_err + 32;

goto end;

}

if (cms_config.signerfile != NULL) {

if (cfg.signerfile != NULL) {

STACK_OF(X509) *signers;

if ((signers = CMS_get0_signers(cms)) == NULL)

goto end;

if (!save_certs(cms_config.signerfile, signers)) {

if (!save_certs(cfg.signerfile, signers)) {

BIO_printf(bio_err,

"Error writing signers to %s\n",

cms_config.signerfile);

cfg.signerfile);

sk_X509_free(signers);

ret = 5;

goto end;

}

sk_X509_free(signers);

}

if (cms_config.rr_print)

if (cfg.rr_print)

receipt_request_print(bio_err, cms);

} else if (cms_config.operation == SMIME_VERIFY_RECEIPT) {

} else if (cfg.operation == SMIME_VERIFY_RECEIPT) {

if (CMS_verify_receipt(rcms, cms, other, store,

cms_config.flags) > 0) {

cfg.flags) > 0) {

BIO_printf(bio_err, "Verification successful\n");

} else {

BIO_printf(bio_err, "Verification failure\n");

goto end;

}

} else {

if (cms_config.noout) {

if (cfg.noout) {

if (cms_config.print &&

if (cfg.print &&

!CMS_ContentInfo_print_ctx(out, cms, 0, NULL))

goto end;

} else if (cms_config.outformat == FORMAT_SMIME) {

} else if (cfg.outformat == FORMAT_SMIME) {

if (cms_config.to != NULL)

if (cfg.to != NULL)

BIO_printf(out, "To: %s\n", cms_config.to);

BIO_printf(out, "To: %s\n", cfg.to);

if (cms_config.from != NULL)

if (cfg.from != NULL)

BIO_printf(out, "From: %s\n", cms_config.from);

BIO_printf(out, "From: %s\n", cfg.from);

if (cms_config.subject != NULL)

if (cfg.subject != NULL)

BIO_printf(out, "Subject: %s\n",

cms_config.subject);

cfg.subject);

if (cms_config.operation == SMIME_RESIGN)

if (cfg.operation == SMIME_RESIGN)

ret = SMIME_write_CMS(out, cms, indata,

cms_config.flags);

cfg.flags);

else

ret = SMIME_write_CMS(out, cms, in,

cms_config.flags);

cfg.flags);

} else if (cms_config.outformat == FORMAT_PEM) {

} else if (cfg.outformat == FORMAT_PEM) {

ret = PEM_write_bio_CMS_stream(out, cms, in,

cms_config.flags);

cfg.flags);

} else if (cms_config.outformat == FORMAT_ASN1) {

} else if (cfg.outformat == FORMAT_ASN1) {

ret = i2d_CMS_bio_stream(out, cms, in, cms_config.flags);

ret = i2d_CMS_bio_stream(out, cms, in, cfg.flags);

} else {

BIO_printf(bio_err, "Bad output format for CMS file\n");

goto end;

Line 1752

if (ret)

ERR_print_errors(bio_err);

sk_X509_pop_free(cms_config.encerts, X509_free);

sk_X509_pop_free(cfg.encerts, X509_free);

sk_X509_pop_free(other, X509_free);

X509_VERIFY_PARAM_free(cms_config.vpm);

X509_VERIFY_PARAM_free(cfg.vpm);

sk_OPENSSL_STRING_free(cms_config.sksigners);

sk_OPENSSL_STRING_free(cfg.sksigners);

sk_OPENSSL_STRING_free(cms_config.skkeys);

sk_OPENSSL_STRING_free(cfg.skkeys);

free(cms_config.secret_key);

free(cfg.secret_key);

free(cms_config.secret_keyid);

free(cfg.secret_keyid);

free(pwri_tmp);

ASN1_OBJECT_free(cms_config.econtent_type);

ASN1_OBJECT_free(cfg.econtent_type);

CMS_ReceiptRequest_free(rr);

sk_OPENSSL_STRING_free(cms_config.rr_to);

sk_OPENSSL_STRING_free(cfg.rr_to);

sk_OPENSSL_STRING_free(cms_config.rr_from);

sk_OPENSSL_STRING_free(cfg.rr_from);

for (cms_config.key_param = cms_config.key_first; cms_config.key_param;) {

for (cfg.key_param = cfg.key_first; cfg.key_param;) {

struct cms_key_param *tparam;

sk_OPENSSL_STRING_free(cms_config.key_param->param);

sk_OPENSSL_STRING_free(cfg.key_param->param);

tparam = cms_config.key_param->next;

tparam = cfg.key_param->next;

free(cms_config.key_param);

free(cfg.key_param);

cms_config.key_param = tparam;

cfg.key_param = tparam;

}

X509_STORE_free(store);

X509_free(cms_config.cert);

X509_free(cfg.cert);

X509_free(recip);

X509_free(signer);

EVP_PKEY_free(key);