| version 1.13, 2019/11/04 15:34:27 |
version 1.14, 2019/11/18 11:34:41 |
|
|
| static CMS_ReceiptRequest *make_receipt_request( |
static CMS_ReceiptRequest *make_receipt_request( |
| STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, |
STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, |
| STACK_OF(OPENSSL_STRING) *rr_from); |
STACK_OF(OPENSSL_STRING) *rr_from); |
| |
static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, |
| |
STACK_OF(OPENSSL_STRING) *param); |
| |
|
| #define SMIME_OP 0x10 |
#define SMIME_OP 0x10 |
| #define SMIME_IP 0x20 |
#define SMIME_IP 0x20 |
|
|
| |
|
| int verify_err = 0; |
int verify_err = 0; |
| |
|
| |
typedef struct cms_key_param_st cms_key_param; |
| |
|
| |
struct cms_key_param_st { |
| |
int idx; |
| |
STACK_OF(OPENSSL_STRING) *param; |
| |
cms_key_param *next; |
| |
}; |
| |
|
| int |
int |
| cms_main(int argc, char **argv) |
cms_main(int argc, char **argv) |
| { |
{ |
|
|
| unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; |
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; |
| size_t secret_keylen = 0, secret_keyidlen = 0; |
size_t secret_keylen = 0, secret_keyidlen = 0; |
| |
|
| |
cms_key_param *key_first = NULL, *key_param = NULL; |
| |
|
| ASN1_OBJECT *econtent_type = NULL; |
ASN1_OBJECT *econtent_type = NULL; |
| |
|
| X509_VERIFY_PARAM *vpm = NULL; |
X509_VERIFY_PARAM *vpm = NULL; |
|
|
| } else if (!strcmp(*args, "-recip")) { |
} else if (!strcmp(*args, "-recip")) { |
| if (!args[1]) |
if (!args[1]) |
| goto argerr; |
goto argerr; |
| recipfile = *++args; |
if (operation == SMIME_ENCRYPT) { |
| |
if (encerts == NULL && |
| |
(encerts = sk_X509_new_null()) == NULL) |
| |
goto end; |
| |
cert = load_cert(bio_err, *++args, FORMAT_PEM, |
| |
NULL, "recipient certificate file"); |
| |
if (cert == NULL) |
| |
goto end; |
| |
sk_X509_push(encerts, cert); |
| |
cert = NULL; |
| |
} else { |
| |
recipfile = *++args; |
| |
} |
| } else if (!strcmp(*args, "-certsout")) { |
} else if (!strcmp(*args, "-certsout")) { |
| if (!args[1]) |
if (!args[1]) |
| goto argerr; |
goto argerr; |
|
|
| if (!args[1]) |
if (!args[1]) |
| goto argerr; |
goto argerr; |
| keyform = str2fmt(*++args); |
keyform = str2fmt(*++args); |
| |
} else if (!strcmp (*args, "-keyopt")) { |
| |
int keyidx = -1; |
| |
if (!args[1]) |
| |
goto argerr; |
| |
if (operation == SMIME_ENCRYPT) { |
| |
if (encerts != NULL) |
| |
keyidx += sk_X509_num(encerts); |
| |
} else { |
| |
if (keyfile != NULL || signerfile != NULL) |
| |
keyidx++; |
| |
if (skkeys != NULL) |
| |
keyidx += sk_OPENSSL_STRING_num(skkeys); |
| |
} |
| |
if (keyidx < 0) { |
| |
BIO_printf(bio_err, "No key specified\n"); |
| |
goto argerr; |
| |
} |
| |
if (key_param == NULL || key_param->idx != keyidx) { |
| |
cms_key_param *nparam; |
| |
if ((nparam = malloc(sizeof(cms_key_param))) == NULL) |
| |
goto end; |
| |
nparam->idx = keyidx; |
| |
if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) |
| |
goto end; |
| |
nparam->next = NULL; |
| |
if (key_first == NULL) |
| |
key_first = nparam; |
| |
else |
| |
key_param->next = nparam; |
| |
key_param = nparam; |
| |
} |
| |
sk_OPENSSL_STRING_push(key_param->param, *++args); |
| } else if (!strcmp(*args, "-rctform")) { |
} else if (!strcmp(*args, "-rctform")) { |
| if (!args[1]) |
if (!args[1]) |
| goto argerr; |
goto argerr; |
|
|
| badarg = 1; |
badarg = 1; |
| } |
} |
| } else if (operation == SMIME_ENCRYPT) { |
} else if (operation == SMIME_ENCRYPT) { |
| if (!*args && !secret_key && !pwri_pass) { |
if (!*args && !secret_key && !pwri_pass && !encerts) { |
| BIO_printf(bio_err, |
BIO_printf(bio_err, |
| "No recipient(s) certificate(s) specified\n"); |
"No recipient(s) certificate(s) specified\n"); |
| badarg = 1; |
badarg = 1; |
|
|
| BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); |
BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); |
| BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); |
BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); |
| BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n"); |
BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n"); |
| |
BIO_printf (bio_err, "-keyopt nm:v set public key parameters\n"); |
| BIO_printf(bio_err, "-out file output file\n"); |
BIO_printf(bio_err, "-out file output file\n"); |
| BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); |
BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); |
| BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); |
BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); |
|
|
| BIO_printf(bio_err, "No secret key id\n"); |
BIO_printf(bio_err, "No secret key id\n"); |
| goto end; |
goto end; |
| } |
} |
| if (*args) |
if (*args && !encerts) |
| encerts = sk_X509_new_null(); |
encerts = sk_X509_new_null(); |
| while (*args) { |
while (*args) { |
| if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, |
if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, |
|
|
| } else if (operation == SMIME_COMPRESS) { |
} else if (operation == SMIME_COMPRESS) { |
| cms = CMS_compress(in, -1, flags); |
cms = CMS_compress(in, -1, flags); |
| } else if (operation == SMIME_ENCRYPT) { |
} else if (operation == SMIME_ENCRYPT) { |
| |
int i; |
| flags |= CMS_PARTIAL; |
flags |= CMS_PARTIAL; |
| cms = CMS_encrypt(encerts, in, cipher, flags); |
cms = CMS_encrypt(NULL, in, cipher, flags); |
| if (!cms) |
if (cms == NULL) |
| goto end; |
goto end; |
| |
for (i = 0; i < sk_X509_num(encerts); i++) { |
| |
CMS_RecipientInfo *ri; |
| |
cms_key_param *kparam; |
| |
int tflags = flags; |
| |
X509 *x = sk_X509_value(encerts, i); |
| |
for (kparam = key_first; kparam; kparam = kparam->next) { |
| |
if (kparam->idx == i) { |
| |
tflags |= CMS_KEY_PARAM; |
| |
break; |
| |
} |
| |
} |
| |
ri = CMS_add1_recipient_cert(cms, x, tflags); |
| |
if (ri == NULL) |
| |
goto end; |
| |
if (kparam != NULL) { |
| |
EVP_PKEY_CTX *pctx; |
| |
pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); |
| |
if (!cms_set_pkey_param(pctx, kparam->param)) |
| |
goto end; |
| |
} |
| |
} |
| |
|
| if (secret_key) { |
if (secret_key) { |
| if (!CMS_add0_recipient_key(cms, NID_undef, secret_key, |
if (!CMS_add0_recipient_key(cms, NID_undef, secret_key, |
| secret_keylen, secret_keyid, secret_keyidlen, |
secret_keylen, secret_keyid, secret_keyidlen, |
|
|
| flags |= CMS_REUSE_DIGEST; |
flags |= CMS_REUSE_DIGEST; |
| for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { |
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { |
| CMS_SignerInfo *si; |
CMS_SignerInfo *si; |
| |
cms_key_param *kparam; |
| |
int tflags = flags; |
| signerfile = sk_OPENSSL_STRING_value(sksigners, i); |
signerfile = sk_OPENSSL_STRING_value(sksigners, i); |
| keyfile = sk_OPENSSL_STRING_value(skkeys, i); |
keyfile = sk_OPENSSL_STRING_value(skkeys, i); |
| |
|
| signer = load_cert(bio_err, signerfile, FORMAT_PEM, |
signer = load_cert(bio_err, signerfile, FORMAT_PEM, |
| NULL, "signer certificate"); |
NULL, "signer certificate"); |
| if (!signer) |
if (!signer) |
|
|
| "signing key file"); |
"signing key file"); |
| if (!key) |
if (!key) |
| goto end; |
goto end; |
| si = CMS_add1_signer(cms, signer, key, sign_md, flags); |
for (kparam = key_first; kparam; kparam = kparam->next) { |
| if (!si) |
if (kparam->idx == i) { |
| |
tflags |= CMS_KEY_PARAM; |
| |
break; |
| |
} |
| |
} |
| |
si = CMS_add1_signer(cms, signer, key, sign_md, tflags); |
| |
if (si == NULL) |
| goto end; |
goto end; |
| |
if (kparam != NULL) { |
| |
EVP_PKEY_CTX *pctx; |
| |
pctx = CMS_SignerInfo_get0_pkey_ctx(si); |
| |
if (!cms_set_pkey_param(pctx, kparam->param)) |
| |
goto end; |
| |
} |
| if (rr && !CMS_add1_ReceiptRequest(si, rr)) |
if (rr && !CMS_add1_ReceiptRequest(si, rr)) |
| goto end; |
goto end; |
| X509_free(signer); |
X509_free(signer); |
|
|
| CMS_ReceiptRequest_free(rr); |
CMS_ReceiptRequest_free(rr); |
| sk_OPENSSL_STRING_free(rr_to); |
sk_OPENSSL_STRING_free(rr_to); |
| sk_OPENSSL_STRING_free(rr_from); |
sk_OPENSSL_STRING_free(rr_from); |
| |
for (key_param = key_first; key_param;) { |
| |
cms_key_param *tparam; |
| |
sk_OPENSSL_STRING_free(key_param->param); |
| |
tparam = key_param->next; |
| |
free(key_param); |
| |
key_param = tparam; |
| |
} |
| X509_STORE_free(store); |
X509_STORE_free(store); |
| X509_free(cert); |
X509_free(cert); |
| X509_free(recip); |
X509_free(recip); |
|
|
| |
|
| err: |
err: |
| return NULL; |
return NULL; |
| |
} |
| |
|
| |
static int |
| |
cms_set_pkey_param(EVP_PKEY_CTX *pctx, STACK_OF(OPENSSL_STRING) *param) |
| |
{ |
| |
char *keyopt; |
| |
int i; |
| |
if (sk_OPENSSL_STRING_num(param) <= 0) |
| |
return 1; |
| |
for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) { |
| |
keyopt = sk_OPENSSL_STRING_value(param, i); |
| |
if (pkey_ctrl_string(pctx, keyopt) <= 0) { |
| |
BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt); |
| |
ERR_print_errors(bio_err); |
| |
return 0; |
| |
} |
| |
} |
| |
return 1; |
| } |
} |
| |
|
| #endif |
#endif |
![[BACK]](/icons/back.gif){kind=icon}
Return to cms.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl