version 1.13, 2019/11/04 15:34:27 |
version 1.14, 2019/11/18 11:34:41 |
|
|
static CMS_ReceiptRequest *make_receipt_request( |
static CMS_ReceiptRequest *make_receipt_request( |
STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, |
STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, |
STACK_OF(OPENSSL_STRING) *rr_from); |
STACK_OF(OPENSSL_STRING) *rr_from); |
|
static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, |
|
STACK_OF(OPENSSL_STRING) *param); |
|
|
#define SMIME_OP 0x10 |
#define SMIME_OP 0x10 |
#define SMIME_IP 0x20 |
#define SMIME_IP 0x20 |
|
|
|
|
int verify_err = 0; |
int verify_err = 0; |
|
|
|
typedef struct cms_key_param_st cms_key_param; |
|
|
|
struct cms_key_param_st { |
|
int idx; |
|
STACK_OF(OPENSSL_STRING) *param; |
|
cms_key_param *next; |
|
}; |
|
|
int |
int |
cms_main(int argc, char **argv) |
cms_main(int argc, char **argv) |
{ |
{ |
|
|
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; |
unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; |
size_t secret_keylen = 0, secret_keyidlen = 0; |
size_t secret_keylen = 0, secret_keyidlen = 0; |
|
|
|
cms_key_param *key_first = NULL, *key_param = NULL; |
|
|
ASN1_OBJECT *econtent_type = NULL; |
ASN1_OBJECT *econtent_type = NULL; |
|
|
X509_VERIFY_PARAM *vpm = NULL; |
X509_VERIFY_PARAM *vpm = NULL; |
|
|
} else if (!strcmp(*args, "-recip")) { |
} else if (!strcmp(*args, "-recip")) { |
if (!args[1]) |
if (!args[1]) |
goto argerr; |
goto argerr; |
recipfile = *++args; |
if (operation == SMIME_ENCRYPT) { |
|
if (encerts == NULL && |
|
(encerts = sk_X509_new_null()) == NULL) |
|
goto end; |
|
cert = load_cert(bio_err, *++args, FORMAT_PEM, |
|
NULL, "recipient certificate file"); |
|
if (cert == NULL) |
|
goto end; |
|
sk_X509_push(encerts, cert); |
|
cert = NULL; |
|
} else { |
|
recipfile = *++args; |
|
} |
} else if (!strcmp(*args, "-certsout")) { |
} else if (!strcmp(*args, "-certsout")) { |
if (!args[1]) |
if (!args[1]) |
goto argerr; |
goto argerr; |
|
|
if (!args[1]) |
if (!args[1]) |
goto argerr; |
goto argerr; |
keyform = str2fmt(*++args); |
keyform = str2fmt(*++args); |
|
} else if (!strcmp (*args, "-keyopt")) { |
|
int keyidx = -1; |
|
if (!args[1]) |
|
goto argerr; |
|
if (operation == SMIME_ENCRYPT) { |
|
if (encerts != NULL) |
|
keyidx += sk_X509_num(encerts); |
|
} else { |
|
if (keyfile != NULL || signerfile != NULL) |
|
keyidx++; |
|
if (skkeys != NULL) |
|
keyidx += sk_OPENSSL_STRING_num(skkeys); |
|
} |
|
if (keyidx < 0) { |
|
BIO_printf(bio_err, "No key specified\n"); |
|
goto argerr; |
|
} |
|
if (key_param == NULL || key_param->idx != keyidx) { |
|
cms_key_param *nparam; |
|
if ((nparam = malloc(sizeof(cms_key_param))) == NULL) |
|
goto end; |
|
nparam->idx = keyidx; |
|
if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) |
|
goto end; |
|
nparam->next = NULL; |
|
if (key_first == NULL) |
|
key_first = nparam; |
|
else |
|
key_param->next = nparam; |
|
key_param = nparam; |
|
} |
|
sk_OPENSSL_STRING_push(key_param->param, *++args); |
} else if (!strcmp(*args, "-rctform")) { |
} else if (!strcmp(*args, "-rctform")) { |
if (!args[1]) |
if (!args[1]) |
goto argerr; |
goto argerr; |
|
|
badarg = 1; |
badarg = 1; |
} |
} |
} else if (operation == SMIME_ENCRYPT) { |
} else if (operation == SMIME_ENCRYPT) { |
if (!*args && !secret_key && !pwri_pass) { |
if (!*args && !secret_key && !pwri_pass && !encerts) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"No recipient(s) certificate(s) specified\n"); |
"No recipient(s) certificate(s) specified\n"); |
badarg = 1; |
badarg = 1; |
|
|
BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); |
BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); |
BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); |
BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n"); |
BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n"); |
BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n"); |
|
BIO_printf (bio_err, "-keyopt nm:v set public key parameters\n"); |
BIO_printf(bio_err, "-out file output file\n"); |
BIO_printf(bio_err, "-out file output file\n"); |
BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); |
BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); |
BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); |
BIO_printf(bio_err, "-content file supply or override content for detached signature\n"); |
|
|
BIO_printf(bio_err, "No secret key id\n"); |
BIO_printf(bio_err, "No secret key id\n"); |
goto end; |
goto end; |
} |
} |
if (*args) |
if (*args && !encerts) |
encerts = sk_X509_new_null(); |
encerts = sk_X509_new_null(); |
while (*args) { |
while (*args) { |
if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, |
if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, |
|
|
} else if (operation == SMIME_COMPRESS) { |
} else if (operation == SMIME_COMPRESS) { |
cms = CMS_compress(in, -1, flags); |
cms = CMS_compress(in, -1, flags); |
} else if (operation == SMIME_ENCRYPT) { |
} else if (operation == SMIME_ENCRYPT) { |
|
int i; |
flags |= CMS_PARTIAL; |
flags |= CMS_PARTIAL; |
cms = CMS_encrypt(encerts, in, cipher, flags); |
cms = CMS_encrypt(NULL, in, cipher, flags); |
if (!cms) |
if (cms == NULL) |
goto end; |
goto end; |
|
for (i = 0; i < sk_X509_num(encerts); i++) { |
|
CMS_RecipientInfo *ri; |
|
cms_key_param *kparam; |
|
int tflags = flags; |
|
X509 *x = sk_X509_value(encerts, i); |
|
for (kparam = key_first; kparam; kparam = kparam->next) { |
|
if (kparam->idx == i) { |
|
tflags |= CMS_KEY_PARAM; |
|
break; |
|
} |
|
} |
|
ri = CMS_add1_recipient_cert(cms, x, tflags); |
|
if (ri == NULL) |
|
goto end; |
|
if (kparam != NULL) { |
|
EVP_PKEY_CTX *pctx; |
|
pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); |
|
if (!cms_set_pkey_param(pctx, kparam->param)) |
|
goto end; |
|
} |
|
} |
|
|
if (secret_key) { |
if (secret_key) { |
if (!CMS_add0_recipient_key(cms, NID_undef, secret_key, |
if (!CMS_add0_recipient_key(cms, NID_undef, secret_key, |
secret_keylen, secret_keyid, secret_keyidlen, |
secret_keylen, secret_keyid, secret_keyidlen, |
|
|
flags |= CMS_REUSE_DIGEST; |
flags |= CMS_REUSE_DIGEST; |
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { |
for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { |
CMS_SignerInfo *si; |
CMS_SignerInfo *si; |
|
cms_key_param *kparam; |
|
int tflags = flags; |
signerfile = sk_OPENSSL_STRING_value(sksigners, i); |
signerfile = sk_OPENSSL_STRING_value(sksigners, i); |
keyfile = sk_OPENSSL_STRING_value(skkeys, i); |
keyfile = sk_OPENSSL_STRING_value(skkeys, i); |
|
|
signer = load_cert(bio_err, signerfile, FORMAT_PEM, |
signer = load_cert(bio_err, signerfile, FORMAT_PEM, |
NULL, "signer certificate"); |
NULL, "signer certificate"); |
if (!signer) |
if (!signer) |
|
|
"signing key file"); |
"signing key file"); |
if (!key) |
if (!key) |
goto end; |
goto end; |
si = CMS_add1_signer(cms, signer, key, sign_md, flags); |
for (kparam = key_first; kparam; kparam = kparam->next) { |
if (!si) |
if (kparam->idx == i) { |
|
tflags |= CMS_KEY_PARAM; |
|
break; |
|
} |
|
} |
|
si = CMS_add1_signer(cms, signer, key, sign_md, tflags); |
|
if (si == NULL) |
goto end; |
goto end; |
|
if (kparam != NULL) { |
|
EVP_PKEY_CTX *pctx; |
|
pctx = CMS_SignerInfo_get0_pkey_ctx(si); |
|
if (!cms_set_pkey_param(pctx, kparam->param)) |
|
goto end; |
|
} |
if (rr && !CMS_add1_ReceiptRequest(si, rr)) |
if (rr && !CMS_add1_ReceiptRequest(si, rr)) |
goto end; |
goto end; |
X509_free(signer); |
X509_free(signer); |
|
|
CMS_ReceiptRequest_free(rr); |
CMS_ReceiptRequest_free(rr); |
sk_OPENSSL_STRING_free(rr_to); |
sk_OPENSSL_STRING_free(rr_to); |
sk_OPENSSL_STRING_free(rr_from); |
sk_OPENSSL_STRING_free(rr_from); |
|
for (key_param = key_first; key_param;) { |
|
cms_key_param *tparam; |
|
sk_OPENSSL_STRING_free(key_param->param); |
|
tparam = key_param->next; |
|
free(key_param); |
|
key_param = tparam; |
|
} |
X509_STORE_free(store); |
X509_STORE_free(store); |
X509_free(cert); |
X509_free(cert); |
X509_free(recip); |
X509_free(recip); |
|
|
|
|
err: |
err: |
return NULL; |
return NULL; |
|
} |
|
|
|
static int |
|
cms_set_pkey_param(EVP_PKEY_CTX *pctx, STACK_OF(OPENSSL_STRING) *param) |
|
{ |
|
char *keyopt; |
|
int i; |
|
if (sk_OPENSSL_STRING_num(param) <= 0) |
|
return 1; |
|
for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) { |
|
keyopt = sk_OPENSSL_STRING_value(param, i); |
|
if (pkey_ctrl_string(pctx, keyopt) <= 0) { |
|
BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt); |
|
ERR_print_errors(bio_err); |
|
return 0; |
|
} |
|
} |
|
return 1; |
} |
} |
|
|
#endif |
#endif |