]> git.ipfire.org Git - thirdparty/openssl.git/blob - apps/cms.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright years on all files merged since Jan 1st 2018
[thirdparty/openssl.git] / apps / cms.c
1 /*
2 * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* CMS utility function */
11
12 #include <stdio.h>
13 #include <string.h>
14 #include "apps.h"
15
16 #ifndef OPENSSL_NO_CMS
17
18 # include <openssl/crypto.h>
19 # include <openssl/pem.h>
20 # include <openssl/err.h>
21 # include <openssl/x509_vfy.h>
22 # include <openssl/x509v3.h>
23 # include <openssl/cms.h>
24
25 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
26 static int cms_cb(int ok, X509_STORE_CTX *ctx);
27 static void receipt_request_print(CMS_ContentInfo *cms);
28 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
29 *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
30 *rr_from);
31 static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
32 STACK_OF(OPENSSL_STRING) *param);
33
34 # define SMIME_OP 0x10
35 # define SMIME_IP 0x20
36 # define SMIME_SIGNERS 0x40
37 # define SMIME_ENCRYPT (1 | SMIME_OP)
38 # define SMIME_DECRYPT (2 | SMIME_IP)
39 # define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
40 # define SMIME_VERIFY (4 | SMIME_IP)
41 # define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
42 # define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
43 # define SMIME_DATAOUT (7 | SMIME_IP)
44 # define SMIME_DATA_CREATE (8 | SMIME_OP)
45 # define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
46 # define SMIME_DIGEST_CREATE (10 | SMIME_OP)
47 # define SMIME_UNCOMPRESS (11 | SMIME_IP)
48 # define SMIME_COMPRESS (12 | SMIME_OP)
49 # define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
50 # define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
51 # define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
52 # define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
53
54 static int verify_err = 0;
55
56 typedef struct cms_key_param_st cms_key_param;
57
58 struct cms_key_param_st {
59 int idx;
60 STACK_OF(OPENSSL_STRING) *param;
61 cms_key_param *next;
62 };
63
64 typedef enum OPTION_choice {
65 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
66 OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
67 OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
68 OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
69 OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
70 OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
71 OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT,
72 OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
73 OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
74 OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
75 OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
76 OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
77 OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
78 OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
79 OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
80 OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
81 OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
82 OPT_3DES_WRAP, OPT_ENGINE,
83 OPT_R_ENUM,
84 OPT_V_ENUM,
85 OPT_CIPHER
86 } OPTION_CHOICE;
87
88 const OPTIONS cms_options[] = {
89 {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
90 {OPT_HELP_STR, 1, '-',
91 " cert.pem... recipient certs for encryption\n"},
92 {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
93 {"help", OPT_HELP, '-', "Display this summary"},
94 {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
95 {"outform", OPT_OUTFORM, 'c',
96 "Output format SMIME (default), PEM or DER"},
97 {"in", OPT_IN, '<', "Input file"},
98 {"out", OPT_OUT, '>', "Output file"},
99 {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
100 {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
101 {"sign", OPT_SIGN, '-', "Sign message"},
102 {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
103 {"resign", OPT_RESIGN, '-', "Resign a signed message"},
104 {"verify", OPT_VERIFY, '-', "Verify signed message"},
105 {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
106 {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
107 {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
108 {"data_out", OPT_DATA_OUT, '-'},
109 {"data_create", OPT_DATA_CREATE, '-'},
110 {"digest_verify", OPT_DIGEST_VERIFY, '-'},
111 {"digest_create", OPT_DIGEST_CREATE, '-'},
112 {"compress", OPT_COMPRESS, '-'},
113 {"uncompress", OPT_UNCOMPRESS, '-'},
114 {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'},
115 {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'},
116 {"debug_decrypt", OPT_DEBUG_DECRYPT, '-'},
117 {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
118 {"asciicrlf", OPT_ASCIICRLF, '-'},
119 {"nointern", OPT_NOINTERN, '-',
120 "Don't search certificates in message for signer"},
121 {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
122 {"nocerts", OPT_NOCERTS, '-',
123 "Don't include signers certificate when signing"},
124 {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
125 {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
126 {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
127 {"binary", OPT_BINARY, '-', "Don't translate message to text"},
128 {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
129 {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
130 {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
131 {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
132 {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
133 {"indef", OPT_INDEF, '-', "Same as -stream"},
134 {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
135 {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
136 {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
137 {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
138 {"receipt_request_all", OPT_RR_ALL, '-'},
139 {"receipt_request_first", OPT_RR_FIRST, '-'},
140 {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
141 {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
142 {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
143 {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
144 {"no-CAfile", OPT_NOCAFILE, '-',
145 "Do not load the default certificates file"},
146 {"no-CApath", OPT_NOCAPATH, '-',
147 "Do not load certificates from the default certificates directory"},
148 {"content", OPT_CONTENT, '<',
149 "Supply or override content for detached signature"},
150 {"print", OPT_PRINT, '-',
151 "For the -cmsout operation print out all fields of the CMS structure"},
152 {"secretkey", OPT_SECRETKEY, 's'},
153 {"secretkeyid", OPT_SECRETKEYID, 's'},
154 {"pwri_password", OPT_PWRI_PASSWORD, 's'},
155 {"econtent_type", OPT_ECONTENT_TYPE, 's'},
156 {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
157 {"to", OPT_TO, 's', "To address"},
158 {"from", OPT_FROM, 's', "From address"},
159 {"subject", OPT_SUBJECT, 's', "Subject"},
160 {"signer", OPT_SIGNER, 's', "Signer certificate file"},
161 {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
162 {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
163 {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
164 {"inkey", OPT_INKEY, 's',
165 "Input private key (if not signer or recipient)"},
166 {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
167 {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
168 {"receipt_request_from", OPT_RR_FROM, 's'},
169 {"receipt_request_to", OPT_RR_TO, 's'},
170 {"", OPT_CIPHER, '-', "Any supported cipher"},
171 OPT_R_OPTIONS,
172 OPT_V_OPTIONS,
173 {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
174 {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
175 {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
176 # ifndef OPENSSL_NO_DES
177 {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
178 # endif
179 # ifndef OPENSSL_NO_ENGINE
180 {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
181 # endif
182 {NULL}
183 };
184
185 int cms_main(int argc, char **argv)
186 {
187 ASN1_OBJECT *econtent_type = NULL;
188 BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
189 CMS_ContentInfo *cms = NULL, *rcms = NULL;
190 CMS_ReceiptRequest *rr = NULL;
191 ENGINE *e = NULL;
192 EVP_PKEY *key = NULL;
193 const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
194 const EVP_MD *sign_md = NULL;
195 STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
196 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
197 STACK_OF(X509) *encerts = NULL, *other = NULL;
198 X509 *cert = NULL, *recip = NULL, *signer = NULL;
199 X509_STORE *store = NULL;
200 X509_VERIFY_PARAM *vpm = NULL;
201 char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
202 const char *CAfile = NULL, *CApath = NULL;
203 char *certsoutfile = NULL;
204 int noCAfile = 0, noCApath = 0;
205 char *infile = NULL, *outfile = NULL, *rctfile = NULL;
206 char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL;
207 char *to = NULL, *from = NULL, *subject = NULL, *prog;
208 cms_key_param *key_first = NULL, *key_param = NULL;
209 int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
210 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
211 int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
212 int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
213 size_t secret_keylen = 0, secret_keyidlen = 0;
214 unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
215 unsigned char *secret_key = NULL, *secret_keyid = NULL;
216 long ltmp;
217 const char *mime_eol = "\n";
218 OPTION_CHOICE o;
219
220 if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
221 return 1;
222
223 prog = opt_init(argc, argv, cms_options);
224 while ((o = opt_next()) != OPT_EOF) {
225 switch (o) {
226 case OPT_EOF:
227 case OPT_ERR:
228 opthelp:
229 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
230 goto end;
231 case OPT_HELP:
232 opt_help(cms_options);
233 ret = 0;
234 goto end;
235 case OPT_INFORM:
236 if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
237 goto opthelp;
238 break;
239 case OPT_OUTFORM:
240 if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
241 goto opthelp;
242 break;
243 case OPT_OUT:
244 outfile = opt_arg();
245 break;
246 case OPT_ENCRYPT:
247 operation = SMIME_ENCRYPT;
248 break;
249 case OPT_DECRYPT:
250 operation = SMIME_DECRYPT;
251 break;
252 case OPT_SIGN:
253 operation = SMIME_SIGN;
254 break;
255 case OPT_SIGN_RECEIPT:
256 operation = SMIME_SIGN_RECEIPT;
257 break;
258 case OPT_RESIGN:
259 operation = SMIME_RESIGN;
260 break;
261 case OPT_VERIFY:
262 operation = SMIME_VERIFY;
263 break;
264 case OPT_VERIFY_RETCODE:
265 verify_retcode = 1;
266 break;
267 case OPT_VERIFY_RECEIPT:
268 operation = SMIME_VERIFY_RECEIPT;
269 rctfile = opt_arg();
270 break;
271 case OPT_CMSOUT:
272 operation = SMIME_CMSOUT;
273 break;
274 case OPT_DATA_OUT:
275 operation = SMIME_DATAOUT;
276 break;
277 case OPT_DATA_CREATE:
278 operation = SMIME_DATA_CREATE;
279 break;
280 case OPT_DIGEST_VERIFY:
281 operation = SMIME_DIGEST_VERIFY;
282 break;
283 case OPT_DIGEST_CREATE:
284 operation = SMIME_DIGEST_CREATE;
285 break;
286 case OPT_COMPRESS:
287 operation = SMIME_COMPRESS;
288 break;
289 case OPT_UNCOMPRESS:
290 operation = SMIME_UNCOMPRESS;
291 break;
292 case OPT_ED_DECRYPT:
293 operation = SMIME_ENCRYPTED_DECRYPT;
294 break;
295 case OPT_ED_ENCRYPT:
296 operation = SMIME_ENCRYPTED_ENCRYPT;
297 break;
298 case OPT_DEBUG_DECRYPT:
299 flags |= CMS_DEBUG_DECRYPT;
300 break;
301 case OPT_TEXT:
302 flags |= CMS_TEXT;
303 break;
304 case OPT_ASCIICRLF:
305 flags |= CMS_ASCIICRLF;
306 break;
307 case OPT_NOINTERN:
308 flags |= CMS_NOINTERN;
309 break;
310 case OPT_NOVERIFY:
311 flags |= CMS_NO_SIGNER_CERT_VERIFY;
312 break;
313 case OPT_NOCERTS:
314 flags |= CMS_NOCERTS;
315 break;
316 case OPT_NOATTR:
317 flags |= CMS_NOATTR;
318 break;
319 case OPT_NODETACH:
320 flags &= ~CMS_DETACHED;
321 break;
322 case OPT_NOSMIMECAP:
323 flags |= CMS_NOSMIMECAP;
324 break;
325 case OPT_BINARY:
326 flags |= CMS_BINARY;
327 break;
328 case OPT_KEYID:
329 flags |= CMS_USE_KEYID;
330 break;
331 case OPT_NOSIGS:
332 flags |= CMS_NOSIGS;
333 break;
334 case OPT_NO_CONTENT_VERIFY:
335 flags |= CMS_NO_CONTENT_VERIFY;
336 break;
337 case OPT_NO_ATTR_VERIFY:
338 flags |= CMS_NO_ATTR_VERIFY;
339 break;
340 case OPT_INDEF:
341 flags |= CMS_STREAM;
342 break;
343 case OPT_NOINDEF:
344 flags &= ~CMS_STREAM;
345 break;
346 case OPT_CRLFEOL:
347 mime_eol = "\r\n";
348 flags |= CMS_CRLFEOL;
349 break;
350 case OPT_NOOUT:
351 noout = 1;
352 break;
353 case OPT_RR_PRINT:
354 rr_print = 1;
355 break;
356 case OPT_RR_ALL:
357 rr_allorfirst = 0;
358 break;
359 case OPT_RR_FIRST:
360 rr_allorfirst = 1;
361 break;
362 case OPT_RCTFORM:
363 if (rctformat == FORMAT_SMIME)
364 rcms = SMIME_read_CMS(rctin, NULL);
365 else if (rctformat == FORMAT_PEM)
366 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
367 else if (rctformat == FORMAT_ASN1)
368 if (!opt_format(opt_arg(),
369 OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
370 goto opthelp;
371 break;
372 case OPT_CERTFILE:
373 certfile = opt_arg();
374 break;
375 case OPT_CAFILE:
376 CAfile = opt_arg();
377 break;
378 case OPT_CAPATH:
379 CApath = opt_arg();
380 break;
381 case OPT_NOCAFILE:
382 noCAfile = 1;
383 break;
384 case OPT_NOCAPATH:
385 noCApath = 1;
386 break;
387 case OPT_IN:
388 infile = opt_arg();
389 break;
390 case OPT_CONTENT:
391 contfile = opt_arg();
392 break;
393 case OPT_RR_FROM:
394 if (rr_from == NULL
395 && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
396 goto end;
397 sk_OPENSSL_STRING_push(rr_from, opt_arg());
398 break;
399 case OPT_RR_TO:
400 if (rr_to == NULL
401 && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
402 goto end;
403 sk_OPENSSL_STRING_push(rr_to, opt_arg());
404 break;
405 case OPT_PRINT:
406 noout = print = 1;
407 break;
408 case OPT_SECRETKEY:
409 if (secret_key != NULL) {
410 BIO_printf(bio_err, "Invalid key (supplied twice) %s\n",
411 opt_arg());
412 goto opthelp;
413 }
414 secret_key = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
415 if (secret_key == NULL) {
416 BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
417 goto end;
418 }
419 secret_keylen = (size_t)ltmp;
420 break;
421 case OPT_SECRETKEYID:
422 if (secret_keyid != NULL) {
423 BIO_printf(bio_err, "Invalid id (supplied twice) %s\n",
424 opt_arg());
425 goto opthelp;
426 }
427 secret_keyid = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
428 if (secret_keyid == NULL) {
429 BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
430 goto opthelp;
431 }
432 secret_keyidlen = (size_t)ltmp;
433 break;
434 case OPT_PWRI_PASSWORD:
435 pwri_pass = (unsigned char *)opt_arg();
436 break;
437 case OPT_ECONTENT_TYPE:
438 if (econtent_type != NULL) {
439 BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n",
440 opt_arg());
441 goto opthelp;
442 }
443 econtent_type = OBJ_txt2obj(opt_arg(), 0);
444 if (econtent_type == NULL) {
445 BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());
446 goto opthelp;
447 }
448 break;
449 case OPT_ENGINE:
450 e = setup_engine(opt_arg(), 0);
451 break;
452 case OPT_PASSIN:
453 passinarg = opt_arg();
454 break;
455 case OPT_TO:
456 to = opt_arg();
457 break;
458 case OPT_FROM:
459 from = opt_arg();
460 break;
461 case OPT_SUBJECT:
462 subject = opt_arg();
463 break;
464 case OPT_CERTSOUT:
465 certsoutfile = opt_arg();
466 break;
467 case OPT_MD:
468 if (!opt_md(opt_arg(), &sign_md))
469 goto end;
470 break;
471 case OPT_SIGNER:
472 /* If previous -signer argument add signer to list */
473 if (signerfile != NULL) {
474 if (sksigners == NULL
475 && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
476 goto end;
477 sk_OPENSSL_STRING_push(sksigners, signerfile);
478 if (keyfile == NULL)
479 keyfile = signerfile;
480 if (skkeys == NULL
481 && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
482 goto end;
483 sk_OPENSSL_STRING_push(skkeys, keyfile);
484 keyfile = NULL;
485 }
486 signerfile = opt_arg();
487 break;
488 case OPT_INKEY:
489 /* If previous -inkey argument add signer to list */
490 if (keyfile != NULL) {
491 if (signerfile == NULL) {
492 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
493 goto end;
494 }
495 if (sksigners == NULL
496 && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
497 goto end;
498 sk_OPENSSL_STRING_push(sksigners, signerfile);
499 signerfile = NULL;
500 if (skkeys == NULL
501 && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
502 goto end;
503 sk_OPENSSL_STRING_push(skkeys, keyfile);
504 }
505 keyfile = opt_arg();
506 break;
507 case OPT_KEYFORM:
508 if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
509 goto opthelp;
510 break;
511 case OPT_RECIP:
512 if (operation == SMIME_ENCRYPT) {
513 if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
514 goto end;
515 cert = load_cert(opt_arg(), FORMAT_PEM,
516 "recipient certificate file");
517 if (cert == NULL)
518 goto end;
519 sk_X509_push(encerts, cert);
520 cert = NULL;
521 } else {
522 recipfile = opt_arg();
523 }
524 break;
525 case OPT_CIPHER:
526 if (!opt_cipher(opt_unknown(), &cipher))
527 goto end;
528 break;
529 case OPT_KEYOPT:
530 keyidx = -1;
531 if (operation == SMIME_ENCRYPT) {
532 if (encerts != NULL)
533 keyidx += sk_X509_num(encerts);
534 } else {
535 if (keyfile != NULL || signerfile != NULL)
536 keyidx++;
537 if (skkeys != NULL)
538 keyidx += sk_OPENSSL_STRING_num(skkeys);
539 }
540 if (keyidx < 0) {
541 BIO_printf(bio_err, "No key specified\n");
542 goto opthelp;
543 }
544 if (key_param == NULL || key_param->idx != keyidx) {
545 cms_key_param *nparam;
546 nparam = app_malloc(sizeof(*nparam), "key param buffer");
547 nparam->idx = keyidx;
548 if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
549 goto end;
550 nparam->next = NULL;
551 if (key_first == NULL)
552 key_first = nparam;
553 else
554 key_param->next = nparam;
555 key_param = nparam;
556 }
557 sk_OPENSSL_STRING_push(key_param->param, opt_arg());
558 break;
559 case OPT_V_CASES:
560 if (!opt_verify(o, vpm))
561 goto end;
562 vpmtouched++;
563 break;
564 case OPT_R_CASES:
565 if (!opt_rand(o))
566 goto end;
567 break;
568 case OPT_3DES_WRAP:
569 # ifndef OPENSSL_NO_DES
570 wrap_cipher = EVP_des_ede3_wrap();
571 # endif
572 break;
573 case OPT_AES128_WRAP:
574 wrap_cipher = EVP_aes_128_wrap();
575 break;
576 case OPT_AES192_WRAP:
577 wrap_cipher = EVP_aes_192_wrap();
578 break;
579 case OPT_AES256_WRAP:
580 wrap_cipher = EVP_aes_256_wrap();
581 break;
582 }
583 }
584 argc = opt_num_rest();
585 argv = opt_rest();
586
587 if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) {
588 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
589 goto opthelp;
590 }
591
592 if (!(operation & SMIME_SIGNERS) && (rr_to != NULL || rr_from != NULL)) {
593 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
594 goto opthelp;
595 }
596 if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
597 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
598 goto opthelp;
599 }
600
601 if (operation & SMIME_SIGNERS) {
602 if (keyfile != NULL && signerfile == NULL) {
603 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
604 goto opthelp;
605 }
606 /* Check to see if any final signer needs to be appended */
607 if (signerfile != NULL) {
608 if (sksigners == NULL
609 && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
610 goto end;
611 sk_OPENSSL_STRING_push(sksigners, signerfile);
612 if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
613 goto end;
614 if (keyfile == NULL)
615 keyfile = signerfile;
616 sk_OPENSSL_STRING_push(skkeys, keyfile);
617 }
618 if (sksigners == NULL) {
619 BIO_printf(bio_err, "No signer certificate specified\n");
620 goto opthelp;
621 }
622 signerfile = NULL;
623 keyfile = NULL;
624 } else if (operation == SMIME_DECRYPT) {
625 if (recipfile == NULL && keyfile == NULL
626 && secret_key == NULL && pwri_pass == NULL) {
627 BIO_printf(bio_err,
628 "No recipient certificate or key specified\n");
629 goto opthelp;
630 }
631 } else if (operation == SMIME_ENCRYPT) {
632 if (*argv == NULL && secret_key == NULL
633 && pwri_pass == NULL && encerts == NULL) {
634 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
635 goto opthelp;
636 }
637 } else if (!operation) {
638 goto opthelp;
639 }
640
641 if (!app_passwd(passinarg, NULL, &passin, NULL)) {
642 BIO_printf(bio_err, "Error getting password\n");
643 goto end;
644 }
645
646 ret = 2;
647
648 if (!(operation & SMIME_SIGNERS))
649 flags &= ~CMS_DETACHED;
650
651 if (!(operation & SMIME_OP))
652 if (flags & CMS_BINARY)
653 outformat = FORMAT_BINARY;
654
655 if (!(operation & SMIME_IP))
656 if (flags & CMS_BINARY)
657 informat = FORMAT_BINARY;
658
659 if (operation == SMIME_ENCRYPT) {
660 if (!cipher) {
661 # ifndef OPENSSL_NO_DES
662 cipher = EVP_des_ede3_cbc();
663 # else
664 BIO_printf(bio_err, "No cipher selected\n");
665 goto end;
666 # endif
667 }
668
669 if (secret_key && !secret_keyid) {
670 BIO_printf(bio_err, "No secret key id\n");
671 goto end;
672 }
673
674 if (*argv && encerts == NULL)
675 if ((encerts = sk_X509_new_null()) == NULL)
676 goto end;
677 while (*argv) {
678 if ((cert = load_cert(*argv, FORMAT_PEM,
679 "recipient certificate file")) == NULL)
680 goto end;
681 sk_X509_push(encerts, cert);
682 cert = NULL;
683 argv++;
684 }
685 }
686
687 if (certfile != NULL) {
688 if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
689 "certificate file")) {
690 ERR_print_errors(bio_err);
691 goto end;
692 }
693 }
694
695 if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
696 if ((recip = load_cert(recipfile, FORMAT_PEM,
697 "recipient certificate file")) == NULL) {
698 ERR_print_errors(bio_err);
699 goto end;
700 }
701 }
702
703 if (operation == SMIME_SIGN_RECEIPT) {
704 if ((signer = load_cert(signerfile, FORMAT_PEM,
705 "receipt signer certificate file")) == NULL) {
706 ERR_print_errors(bio_err);
707 goto end;
708 }
709 }
710
711 if (operation == SMIME_DECRYPT) {
712 if (keyfile == NULL)
713 keyfile = recipfile;
714 } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) {
715 if (keyfile == NULL)
716 keyfile = signerfile;
717 } else {
718 keyfile = NULL;
719 }
720
721 if (keyfile != NULL) {
722 key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
723 if (key == NULL)
724 goto end;
725 }
726
727 in = bio_open_default(infile, 'r', informat);
728 if (in == NULL)
729 goto end;
730
731 if (operation & SMIME_IP) {
732 if (informat == FORMAT_SMIME) {
733 cms = SMIME_read_CMS(in, &indata);
734 } else if (informat == FORMAT_PEM) {
735 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
736 } else if (informat == FORMAT_ASN1) {
737 cms = d2i_CMS_bio(in, NULL);
738 } else {
739 BIO_printf(bio_err, "Bad input format for CMS file\n");
740 goto end;
741 }
742
743 if (cms == NULL) {
744 BIO_printf(bio_err, "Error reading S/MIME message\n");
745 goto end;
746 }
747 if (contfile != NULL) {
748 BIO_free(indata);
749 if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
750 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
751 goto end;
752 }
753 }
754 if (certsoutfile != NULL) {
755 STACK_OF(X509) *allcerts;
756 allcerts = CMS_get1_certs(cms);
757 if (!save_certs(certsoutfile, allcerts)) {
758 BIO_printf(bio_err,
759 "Error writing certs to %s\n", certsoutfile);
760 ret = 5;
761 goto end;
762 }
763 sk_X509_pop_free(allcerts, X509_free);
764 }
765 }
766
767 if (rctfile != NULL) {
768 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
769 if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
770 BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
771 goto end;
772 }
773
774 if (rctformat == FORMAT_SMIME) {
775 rcms = SMIME_read_CMS(rctin, NULL);
776 } else if (rctformat == FORMAT_PEM) {
777 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
778 } else if (rctformat == FORMAT_ASN1) {
779 rcms = d2i_CMS_bio(rctin, NULL);
780 } else {
781 BIO_printf(bio_err, "Bad input format for receipt\n");
782 goto end;
783 }
784
785 if (rcms == NULL) {
786 BIO_printf(bio_err, "Error reading receipt\n");
787 goto end;
788 }
789 }
790
791 out = bio_open_default(outfile, 'w', outformat);
792 if (out == NULL)
793 goto end;
794
795 if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
796 if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
797 goto end;
798 X509_STORE_set_verify_cb(store, cms_cb);
799 if (vpmtouched)
800 X509_STORE_set1_param(store, vpm);
801 }
802
803 ret = 3;
804
805 if (operation == SMIME_DATA_CREATE) {
806 cms = CMS_data_create(in, flags);
807 } else if (operation == SMIME_DIGEST_CREATE) {
808 cms = CMS_digest_create(in, sign_md, flags);
809 } else if (operation == SMIME_COMPRESS) {
810 cms = CMS_compress(in, -1, flags);
811 } else if (operation == SMIME_ENCRYPT) {
812 int i;
813 flags |= CMS_PARTIAL;
814 cms = CMS_encrypt(NULL, in, cipher, flags);
815 if (cms == NULL)
816 goto end;
817 for (i = 0; i < sk_X509_num(encerts); i++) {
818 CMS_RecipientInfo *ri;
819 cms_key_param *kparam;
820 int tflags = flags;
821 X509 *x = sk_X509_value(encerts, i);
822 for (kparam = key_first; kparam; kparam = kparam->next) {
823 if (kparam->idx == i) {
824 tflags |= CMS_KEY_PARAM;
825 break;
826 }
827 }
828 ri = CMS_add1_recipient_cert(cms, x, tflags);
829 if (ri == NULL)
830 goto end;
831 if (kparam != NULL) {
832 EVP_PKEY_CTX *pctx;
833 pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
834 if (!cms_set_pkey_param(pctx, kparam->param))
835 goto end;
836 }
837 if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE
838 && wrap_cipher) {
839 EVP_CIPHER_CTX *wctx;
840 wctx = CMS_RecipientInfo_kari_get0_ctx(ri);
841 EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL);
842 }
843 }
844
845 if (secret_key != NULL) {
846 if (!CMS_add0_recipient_key(cms, NID_undef,
847 secret_key, secret_keylen,
848 secret_keyid, secret_keyidlen,
849 NULL, NULL, NULL))
850 goto end;
851 /* NULL these because call absorbs them */
852 secret_key = NULL;
853 secret_keyid = NULL;
854 }
855 if (pwri_pass != NULL) {
856 pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass);
857 if (pwri_tmp == NULL)
858 goto end;
859 if (CMS_add0_recipient_password(cms,
860 -1, NID_undef, NID_undef,
861 pwri_tmp, -1, NULL) == NULL)
862 goto end;
863 pwri_tmp = NULL;
864 }
865 if (!(flags & CMS_STREAM)) {
866 if (!CMS_final(cms, in, NULL, flags))
867 goto end;
868 }
869 } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
870 cms = CMS_EncryptedData_encrypt(in, cipher,
871 secret_key, secret_keylen, flags);
872
873 } else if (operation == SMIME_SIGN_RECEIPT) {
874 CMS_ContentInfo *srcms = NULL;
875 STACK_OF(CMS_SignerInfo) *sis;
876 CMS_SignerInfo *si;
877 sis = CMS_get0_SignerInfos(cms);
878 if (sis == NULL)
879 goto end;
880 si = sk_CMS_SignerInfo_value(sis, 0);
881 srcms = CMS_sign_receipt(si, signer, key, other, flags);
882 if (srcms == NULL)
883 goto end;
884 CMS_ContentInfo_free(cms);
885 cms = srcms;
886 } else if (operation & SMIME_SIGNERS) {
887 int i;
888 /*
889 * If detached data content we enable streaming if S/MIME output
890 * format.
891 */
892 if (operation == SMIME_SIGN) {
893
894 if (flags & CMS_DETACHED) {
895 if (outformat == FORMAT_SMIME)
896 flags |= CMS_STREAM;
897 }
898 flags |= CMS_PARTIAL;
899 cms = CMS_sign(NULL, NULL, other, in, flags);
900 if (cms == NULL)
901 goto end;
902 if (econtent_type != NULL)
903 CMS_set1_eContentType(cms, econtent_type);
904
905 if (rr_to != NULL) {
906 rr = make_receipt_request(rr_to, rr_allorfirst, rr_from);
907 if (rr == NULL) {
908 BIO_puts(bio_err,
909 "Signed Receipt Request Creation Error\n");
910 goto end;
911 }
912 }
913 } else {
914 flags |= CMS_REUSE_DIGEST;
915 }
916 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
917 CMS_SignerInfo *si;
918 cms_key_param *kparam;
919 int tflags = flags;
920 signerfile = sk_OPENSSL_STRING_value(sksigners, i);
921 keyfile = sk_OPENSSL_STRING_value(skkeys, i);
922
923 signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
924 if (signer == NULL) {
925 ret = 2;
926 goto end;
927 }
928 key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
929 if (key == NULL) {
930 ret = 2;
931 goto end;
932 }
933 for (kparam = key_first; kparam; kparam = kparam->next) {
934 if (kparam->idx == i) {
935 tflags |= CMS_KEY_PARAM;
936 break;
937 }
938 }
939 si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
940 if (si == NULL)
941 goto end;
942 if (kparam != NULL) {
943 EVP_PKEY_CTX *pctx;
944 pctx = CMS_SignerInfo_get0_pkey_ctx(si);
945 if (!cms_set_pkey_param(pctx, kparam->param))
946 goto end;
947 }
948 if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr))
949 goto end;
950 X509_free(signer);
951 signer = NULL;
952 EVP_PKEY_free(key);
953 key = NULL;
954 }
955 /* If not streaming or resigning finalize structure */
956 if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
957 if (!CMS_final(cms, in, NULL, flags))
958 goto end;
959 }
960 }
961
962 if (cms == NULL) {
963 BIO_printf(bio_err, "Error creating CMS structure\n");
964 goto end;
965 }
966
967 ret = 4;
968 if (operation == SMIME_DECRYPT) {
969 if (flags & CMS_DEBUG_DECRYPT)
970 CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
971
972 if (secret_key != NULL) {
973 if (!CMS_decrypt_set1_key(cms,
974 secret_key, secret_keylen,
975 secret_keyid, secret_keyidlen)) {
976 BIO_puts(bio_err, "Error decrypting CMS using secret key\n");
977 goto end;
978 }
979 }
980
981 if (key != NULL) {
982 if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
983 BIO_puts(bio_err, "Error decrypting CMS using private key\n");
984 goto end;
985 }
986 }
987
988 if (pwri_pass != NULL) {
989 if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
990 BIO_puts(bio_err, "Error decrypting CMS using password\n");
991 goto end;
992 }
993 }
994
995 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
996 BIO_printf(bio_err, "Error decrypting CMS structure\n");
997 goto end;
998 }
999 } else if (operation == SMIME_DATAOUT) {
1000 if (!CMS_data(cms, out, flags))
1001 goto end;
1002 } else if (operation == SMIME_UNCOMPRESS) {
1003 if (!CMS_uncompress(cms, indata, out, flags))
1004 goto end;
1005 } else if (operation == SMIME_DIGEST_VERIFY) {
1006 if (CMS_digest_verify(cms, indata, out, flags) > 0) {
1007 BIO_printf(bio_err, "Verification successful\n");
1008 } else {
1009 BIO_printf(bio_err, "Verification failure\n");
1010 goto end;
1011 }
1012 } else if (operation == SMIME_ENCRYPTED_DECRYPT) {
1013 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
1014 indata, out, flags))
1015 goto end;
1016 } else if (operation == SMIME_VERIFY) {
1017 if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
1018 BIO_printf(bio_err, "Verification successful\n");
1019 } else {
1020 BIO_printf(bio_err, "Verification failure\n");
1021 if (verify_retcode)
1022 ret = verify_err + 32;
1023 goto end;
1024 }
1025 if (signerfile != NULL) {
1026 STACK_OF(X509) *signers;
1027 signers = CMS_get0_signers(cms);
1028 if (!save_certs(signerfile, signers)) {
1029 BIO_printf(bio_err,
1030 "Error writing signers to %s\n", signerfile);
1031 ret = 5;
1032 goto end;
1033 }
1034 sk_X509_free(signers);
1035 }
1036 if (rr_print)
1037 receipt_request_print(cms);
1038
1039 } else if (operation == SMIME_VERIFY_RECEIPT) {
1040 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) {
1041 BIO_printf(bio_err, "Verification successful\n");
1042 } else {
1043 BIO_printf(bio_err, "Verification failure\n");
1044 goto end;
1045 }
1046 } else {
1047 if (noout) {
1048 if (print)
1049 CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
1050 } else if (outformat == FORMAT_SMIME) {
1051 if (to)
1052 BIO_printf(out, "To: %s%s", to, mime_eol);
1053 if (from)
1054 BIO_printf(out, "From: %s%s", from, mime_eol);
1055 if (subject)
1056 BIO_printf(out, "Subject: %s%s", subject, mime_eol);
1057 if (operation == SMIME_RESIGN)
1058 ret = SMIME_write_CMS(out, cms, indata, flags);
1059 else
1060 ret = SMIME_write_CMS(out, cms, in, flags);
1061 } else if (outformat == FORMAT_PEM) {
1062 ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
1063 } else if (outformat == FORMAT_ASN1) {
1064 ret = i2d_CMS_bio_stream(out, cms, in, flags);
1065 } else {
1066 BIO_printf(bio_err, "Bad output format for CMS file\n");
1067 goto end;
1068 }
1069 if (ret <= 0) {
1070 ret = 6;
1071 goto end;
1072 }
1073 }
1074 ret = 0;
1075 end:
1076 if (ret)
1077 ERR_print_errors(bio_err);
1078 sk_X509_pop_free(encerts, X509_free);
1079 sk_X509_pop_free(other, X509_free);
1080 X509_VERIFY_PARAM_free(vpm);
1081 sk_OPENSSL_STRING_free(sksigners);
1082 sk_OPENSSL_STRING_free(skkeys);
1083 OPENSSL_free(secret_key);
1084 OPENSSL_free(secret_keyid);
1085 OPENSSL_free(pwri_tmp);
1086 ASN1_OBJECT_free(econtent_type);
1087 CMS_ReceiptRequest_free(rr);
1088 sk_OPENSSL_STRING_free(rr_to);
1089 sk_OPENSSL_STRING_free(rr_from);
1090 for (key_param = key_first; key_param;) {
1091 cms_key_param *tparam;
1092 sk_OPENSSL_STRING_free(key_param->param);
1093 tparam = key_param->next;
1094 OPENSSL_free(key_param);
1095 key_param = tparam;
1096 }
1097 X509_STORE_free(store);
1098 X509_free(cert);
1099 X509_free(recip);
1100 X509_free(signer);
1101 EVP_PKEY_free(key);
1102 CMS_ContentInfo_free(cms);
1103 CMS_ContentInfo_free(rcms);
1104 release_engine(e);
1105 BIO_free(rctin);
1106 BIO_free(in);
1107 BIO_free(indata);
1108 BIO_free_all(out);
1109 OPENSSL_free(passin);
1110 return ret;
1111 }
1112
1113 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
1114 {
1115 int i;
1116 BIO *tmp;
1117 if (signerfile == NULL)
1118 return 1;
1119 tmp = BIO_new_file(signerfile, "w");
1120 if (tmp == NULL)
1121 return 0;
1122 for (i = 0; i < sk_X509_num(signers); i++)
1123 PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
1124 BIO_free(tmp);
1125 return 1;
1126 }
1127
1128 /* Minimal callback just to output policy info (if any) */
1129
1130 static int cms_cb(int ok, X509_STORE_CTX *ctx)
1131 {
1132 int error;
1133
1134 error = X509_STORE_CTX_get_error(ctx);
1135
1136 verify_err = error;
1137
1138 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
1139 && ((error != X509_V_OK) || (ok != 2)))
1140 return ok;
1141
1142 policies_print(ctx);
1143
1144 return ok;
1145
1146 }
1147
1148 static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns)
1149 {
1150 STACK_OF(GENERAL_NAME) *gens;
1151 GENERAL_NAME *gen;
1152 int i, j;
1153
1154 for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
1155 gens = sk_GENERAL_NAMES_value(gns, i);
1156 for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
1157 gen = sk_GENERAL_NAME_value(gens, j);
1158 BIO_puts(bio_err, " ");
1159 GENERAL_NAME_print(bio_err, gen);
1160 BIO_puts(bio_err, "\n");
1161 }
1162 }
1163 return;
1164 }
1165
1166 static void receipt_request_print(CMS_ContentInfo *cms)
1167 {
1168 STACK_OF(CMS_SignerInfo) *sis;
1169 CMS_SignerInfo *si;
1170 CMS_ReceiptRequest *rr;
1171 int allorfirst;
1172 STACK_OF(GENERAL_NAMES) *rto, *rlist;
1173 ASN1_STRING *scid;
1174 int i, rv;
1175 sis = CMS_get0_SignerInfos(cms);
1176 for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
1177 si = sk_CMS_SignerInfo_value(sis, i);
1178 rv = CMS_get1_ReceiptRequest(si, &rr);
1179 BIO_printf(bio_err, "Signer %d:\n", i + 1);
1180 if (rv == 0) {
1181 BIO_puts(bio_err, " No Receipt Request\n");
1182 } else if (rv < 0) {
1183 BIO_puts(bio_err, " Receipt Request Parse Error\n");
1184 ERR_print_errors(bio_err);
1185 } else {
1186 const char *id;
1187 int idlen;
1188 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1189 &rlist, &rto);
1190 BIO_puts(bio_err, " Signed Content ID:\n");
1191 idlen = ASN1_STRING_length(scid);
1192 id = (const char *)ASN1_STRING_get0_data(scid);
1193 BIO_dump_indent(bio_err, id, idlen, 4);
1194 BIO_puts(bio_err, " Receipts From");
1195 if (rlist != NULL) {
1196 BIO_puts(bio_err, " List:\n");
1197 gnames_stack_print(rlist);
1198 } else if (allorfirst == 1) {
1199 BIO_puts(bio_err, ": First Tier\n");
1200 } else if (allorfirst == 0) {
1201 BIO_puts(bio_err, ": All\n");
1202 } else {
1203 BIO_printf(bio_err, " Unknown (%d)\n", allorfirst);
1204 }
1205 BIO_puts(bio_err, " Receipts To:\n");
1206 gnames_stack_print(rto);
1207 }
1208 CMS_ReceiptRequest_free(rr);
1209 }
1210 }
1211
1212 static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1213 {
1214 int i;
1215 STACK_OF(GENERAL_NAMES) *ret;
1216 GENERAL_NAMES *gens = NULL;
1217 GENERAL_NAME *gen = NULL;
1218 ret = sk_GENERAL_NAMES_new_null();
1219 if (ret == NULL)
1220 goto err;
1221 for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
1222 char *str = sk_OPENSSL_STRING_value(ns, i);
1223 gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
1224 if (gen == NULL)
1225 goto err;
1226 gens = GENERAL_NAMES_new();
1227 if (gens == NULL)
1228 goto err;
1229 if (!sk_GENERAL_NAME_push(gens, gen))
1230 goto err;
1231 gen = NULL;
1232 if (!sk_GENERAL_NAMES_push(ret, gens))
1233 goto err;
1234 gens = NULL;
1235 }
1236
1237 return ret;
1238
1239 err:
1240 sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
1241 GENERAL_NAMES_free(gens);
1242 GENERAL_NAME_free(gen);
1243 return NULL;
1244 }
1245
1246 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
1247 *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
1248 *rr_from)
1249 {
1250 STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
1251 CMS_ReceiptRequest *rr;
1252 rct_to = make_names_stack(rr_to);
1253 if (rct_to == NULL)
1254 goto err;
1255 if (rr_from != NULL) {
1256 rct_from = make_names_stack(rr_from);
1257 if (rct_from == NULL)
1258 goto err;
1259 } else {
1260 rct_from = NULL;
1261 }
1262 rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1263 rct_to);
1264 return rr;
1265 err:
1266 sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
1267 return NULL;
1268 }
1269
1270 static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
1271 STACK_OF(OPENSSL_STRING) *param)
1272 {
1273 char *keyopt;
1274 int i;
1275 if (sk_OPENSSL_STRING_num(param) <= 0)
1276 return 1;
1277 for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) {
1278 keyopt = sk_OPENSSL_STRING_value(param, i);
1279 if (pkey_ctrl_string(pctx, keyopt) <= 0) {
1280 BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt);
1281 ERR_print_errors(bio_err);
1282 return 0;
1283 }
1284 }
1285 return 1;
1286 }
1287
1288 #endif
A mirror of the official openssl repository