OLD | NEW |
1 /* smime.c */ | 1 /* smime.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project. | 3 * project. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
66 #include <openssl/err.h> | 66 #include <openssl/err.h> |
67 #include <openssl/x509_vfy.h> | 67 #include <openssl/x509_vfy.h> |
68 #include <openssl/x509v3.h> | 68 #include <openssl/x509v3.h> |
69 | 69 |
70 #undef PROG | 70 #undef PROG |
71 #define PROG smime_main | 71 #define PROG smime_main |
72 static int save_certs(char *signerfile, STACK_OF(X509) *signers); | 72 static int save_certs(char *signerfile, STACK_OF(X509) *signers); |
73 static int smime_cb(int ok, X509_STORE_CTX *ctx); | 73 static int smime_cb(int ok, X509_STORE_CTX *ctx); |
74 | 74 |
75 #define SMIME_OP 0x10 | 75 #define SMIME_OP 0x10 |
| 76 #define SMIME_IP 0x20 |
| 77 #define SMIME_SIGNERS 0x40 |
76 #define SMIME_ENCRYPT (1 | SMIME_OP) | 78 #define SMIME_ENCRYPT (1 | SMIME_OP) |
77 #define SMIME_DECRYPT» 2 | 79 #define SMIME_DECRYPT» (2 | SMIME_IP) |
78 #define SMIME_SIGN» (3 | SMIME_OP) | 80 #define SMIME_SIGN» (3 | SMIME_OP | SMIME_SIGNERS) |
79 #define SMIME_VERIFY» 4 | 81 #define SMIME_VERIFY» (4 | SMIME_IP) |
80 #define SMIME_PK7OUT» 5 | 82 #define SMIME_PK7OUT» (5 | SMIME_IP | SMIME_OP) |
| 83 #define SMIME_RESIGN» (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) |
81 | 84 |
82 int MAIN(int, char **); | 85 int MAIN(int, char **); |
83 | 86 |
84 int MAIN(int argc, char **argv) | 87 int MAIN(int argc, char **argv) |
85 { | 88 { |
86 ENGINE *e = NULL; | 89 ENGINE *e = NULL; |
87 int operation = 0; | 90 int operation = 0; |
88 int ret = 0; | 91 int ret = 0; |
89 char **args; | 92 char **args; |
90 const char *inmode = "r", *outmode = "w"; | 93 const char *inmode = "r", *outmode = "w"; |
91 char *infile = NULL, *outfile = NULL; | 94 char *infile = NULL, *outfile = NULL; |
92 char *signerfile = NULL, *recipfile = NULL; | 95 char *signerfile = NULL, *recipfile = NULL; |
| 96 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; |
93 char *certfile = NULL, *keyfile = NULL, *contfile=NULL; | 97 char *certfile = NULL, *keyfile = NULL, *contfile=NULL; |
94 const EVP_CIPHER *cipher = NULL; | 98 const EVP_CIPHER *cipher = NULL; |
95 PKCS7 *p7 = NULL; | 99 PKCS7 *p7 = NULL; |
96 X509_STORE *store = NULL; | 100 X509_STORE *store = NULL; |
97 X509 *cert = NULL, *recip = NULL, *signer = NULL; | 101 X509 *cert = NULL, *recip = NULL, *signer = NULL; |
98 EVP_PKEY *key = NULL; | 102 EVP_PKEY *key = NULL; |
99 STACK_OF(X509) *encerts = NULL, *other = NULL; | 103 STACK_OF(X509) *encerts = NULL, *other = NULL; |
100 BIO *in = NULL, *out = NULL, *indata = NULL; | 104 BIO *in = NULL, *out = NULL, *indata = NULL; |
101 int badarg = 0; | 105 int badarg = 0; |
102 int flags = PKCS7_DETACHED; | 106 int flags = PKCS7_DETACHED; |
103 char *to = NULL, *from = NULL, *subject = NULL; | 107 char *to = NULL, *from = NULL, *subject = NULL; |
104 char *CAfile = NULL, *CApath = NULL; | 108 char *CAfile = NULL, *CApath = NULL; |
105 char *passargin = NULL, *passin = NULL; | 109 char *passargin = NULL, *passin = NULL; |
106 char *inrand = NULL; | 110 char *inrand = NULL; |
107 int need_rand = 0; | 111 int need_rand = 0; |
| 112 int indef = 0; |
| 113 const EVP_MD *sign_md = NULL; |
108 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; | 114 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; |
109 int keyform = FORMAT_PEM; | 115 int keyform = FORMAT_PEM; |
110 #ifndef OPENSSL_NO_ENGINE | 116 #ifndef OPENSSL_NO_ENGINE |
111 char *engine=NULL; | 117 char *engine=NULL; |
112 #endif | 118 #endif |
113 | 119 |
114 X509_VERIFY_PARAM *vpm = NULL; | 120 X509_VERIFY_PARAM *vpm = NULL; |
115 | 121 |
116 args = argv + 1; | 122 args = argv + 1; |
117 ret = 1; | 123 ret = 1; |
(...skipping 10 matching lines...) Expand all Loading... |
128 goto end; | 134 goto end; |
129 | 135 |
130 while (!badarg && *args && *args[0] == '-') | 136 while (!badarg && *args && *args[0] == '-') |
131 { | 137 { |
132 if (!strcmp (*args, "-encrypt")) | 138 if (!strcmp (*args, "-encrypt")) |
133 operation = SMIME_ENCRYPT; | 139 operation = SMIME_ENCRYPT; |
134 else if (!strcmp (*args, "-decrypt")) | 140 else if (!strcmp (*args, "-decrypt")) |
135 operation = SMIME_DECRYPT; | 141 operation = SMIME_DECRYPT; |
136 else if (!strcmp (*args, "-sign")) | 142 else if (!strcmp (*args, "-sign")) |
137 operation = SMIME_SIGN; | 143 operation = SMIME_SIGN; |
| 144 else if (!strcmp (*args, "-resign")) |
| 145 operation = SMIME_RESIGN; |
138 else if (!strcmp (*args, "-verify")) | 146 else if (!strcmp (*args, "-verify")) |
139 operation = SMIME_VERIFY; | 147 operation = SMIME_VERIFY; |
140 else if (!strcmp (*args, "-pk7out")) | 148 else if (!strcmp (*args, "-pk7out")) |
141 operation = SMIME_PK7OUT; | 149 operation = SMIME_PK7OUT; |
142 #ifndef OPENSSL_NO_DES | 150 #ifndef OPENSSL_NO_DES |
143 else if (!strcmp (*args, "-des3")) | 151 else if (!strcmp (*args, "-des3")) |
144 cipher = EVP_des_ede3_cbc(); | 152 cipher = EVP_des_ede3_cbc(); |
145 else if (!strcmp (*args, "-des")) | 153 else if (!strcmp (*args, "-des")) |
146 cipher = EVP_des_cbc(); | 154 cipher = EVP_des_cbc(); |
147 #endif | 155 #endif |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
186 else if (!strcmp (*args, "-noattr")) | 194 else if (!strcmp (*args, "-noattr")) |
187 flags |= PKCS7_NOATTR; | 195 flags |= PKCS7_NOATTR; |
188 else if (!strcmp (*args, "-nodetach")) | 196 else if (!strcmp (*args, "-nodetach")) |
189 flags &= ~PKCS7_DETACHED; | 197 flags &= ~PKCS7_DETACHED; |
190 else if (!strcmp (*args, "-nosmimecap")) | 198 else if (!strcmp (*args, "-nosmimecap")) |
191 flags |= PKCS7_NOSMIMECAP; | 199 flags |= PKCS7_NOSMIMECAP; |
192 else if (!strcmp (*args, "-binary")) | 200 else if (!strcmp (*args, "-binary")) |
193 flags |= PKCS7_BINARY; | 201 flags |= PKCS7_BINARY; |
194 else if (!strcmp (*args, "-nosigs")) | 202 else if (!strcmp (*args, "-nosigs")) |
195 flags |= PKCS7_NOSIGS; | 203 flags |= PKCS7_NOSIGS; |
| 204 else if (!strcmp (*args, "-stream")) |
| 205 indef = 1; |
| 206 else if (!strcmp (*args, "-indef")) |
| 207 indef = 1; |
| 208 else if (!strcmp (*args, "-noindef")) |
| 209 indef = 0; |
196 else if (!strcmp (*args, "-nooldmime")) | 210 else if (!strcmp (*args, "-nooldmime")) |
197 flags |= PKCS7_NOOLDMIMETYPE; | 211 flags |= PKCS7_NOOLDMIMETYPE; |
198 else if (!strcmp (*args, "-crlfeol")) | 212 else if (!strcmp (*args, "-crlfeol")) |
199 flags |= PKCS7_CRLFEOL; | 213 flags |= PKCS7_CRLFEOL; |
200 else if (!strcmp(*args,"-rand")) | 214 else if (!strcmp(*args,"-rand")) |
201 { | 215 { |
202 » » » if (args[1]) | 216 » » » if (!args[1]) |
203 » » » » { | 217 » » » » goto argerr; |
204 » » » » args++; | 218 » » » args++; |
205 » » » » inrand = *args; | 219 » » » inrand = *args; |
206 » » » » } | |
207 » » » else | |
208 » » » » badarg = 1; | |
209 need_rand = 1; | 220 need_rand = 1; |
210 } | 221 } |
211 #ifndef OPENSSL_NO_ENGINE | 222 #ifndef OPENSSL_NO_ENGINE |
212 else if (!strcmp(*args,"-engine")) | 223 else if (!strcmp(*args,"-engine")) |
213 { | 224 { |
214 » » » if (args[1]) | 225 » » » if (!args[1]) |
215 » » » » { | 226 » » » » goto argerr; |
216 » » » » args++; | 227 » » » engine = *++args; |
217 » » » » engine = *args; | |
218 » » » » } | |
219 » » » else badarg = 1; | |
220 } | 228 } |
221 #endif | 229 #endif |
222 else if (!strcmp(*args,"-passin")) | 230 else if (!strcmp(*args,"-passin")) |
223 { | 231 { |
224 » » » if (args[1]) | 232 » » » if (!args[1]) |
| 233 » » » » goto argerr; |
| 234 » » » passargin = *++args; |
| 235 » » » } |
| 236 » » else if (!strcmp (*args, "-to")) |
| 237 » » » { |
| 238 » » » if (!args[1]) |
| 239 » » » » goto argerr; |
| 240 » » » to = *++args; |
| 241 » » » } |
| 242 » » else if (!strcmp (*args, "-from")) |
| 243 » » » { |
| 244 » » » if (!args[1]) |
| 245 » » » » goto argerr; |
| 246 » » » from = *++args; |
| 247 » » » } |
| 248 » » else if (!strcmp (*args, "-subject")) |
| 249 » » » { |
| 250 » » » if (!args[1]) |
| 251 » » » » goto argerr; |
| 252 » » » subject = *++args; |
| 253 » » » } |
| 254 » » else if (!strcmp (*args, "-signer")) |
| 255 » » » { |
| 256 » » » if (!args[1]) |
| 257 » » » » goto argerr; |
| 258 » » » /* If previous -signer argument add signer to list */ |
| 259 |
| 260 » » » if (signerfile) |
225 { | 261 { |
226 » » » » args++; | 262 » » » » if (!sksigners) |
227 » » » » passargin = *args; | 263 » » » » » sksigners = sk_OPENSSL_STRING_new_null()
; |
| 264 » » » » sk_OPENSSL_STRING_push(sksigners, signerfile); |
| 265 » » » » if (!keyfile) |
| 266 » » » » » keyfile = signerfile; |
| 267 » » » » if (!skkeys) |
| 268 » » » » » skkeys = sk_OPENSSL_STRING_new_null(); |
| 269 » » » » sk_OPENSSL_STRING_push(skkeys, keyfile); |
| 270 » » » » keyfile = NULL; |
228 } | 271 } |
229 » » » else | 272 » » » signerfile = *++args; |
230 » » » » badarg = 1; | 273 » » » } |
231 » » » } | 274 » » else if (!strcmp (*args, "-recip")) |
232 » » else if (!strcmp (*args, "-to")) | 275 » » » { |
233 » » » { | 276 » » » if (!args[1]) |
234 » » » if (args[1]) | 277 » » » » goto argerr; |
| 278 » » » recipfile = *++args; |
| 279 » » » } |
| 280 » » else if (!strcmp (*args, "-md")) |
| 281 » » » { |
| 282 » » » if (!args[1]) |
| 283 » » » » goto argerr; |
| 284 » » » sign_md = EVP_get_digestbyname(*++args); |
| 285 » » » if (sign_md == NULL) |
235 { | 286 { |
236 » » » » args++; | 287 » » » » BIO_printf(bio_err, "Unknown digest %s\n", |
237 » » » » to = *args; | 288 » » » » » » » *args); |
| 289 » » » » goto argerr; |
238 } | 290 } |
239 » » » else | 291 » » » } |
240 » » » » badarg = 1; | 292 » » else if (!strcmp (*args, "-inkey")) |
241 » » » } | 293 » » » { |
242 » » else if (!strcmp (*args, "-from")) | 294 » » » if (!args[1])» |
243 » » » { | 295 » » » » goto argerr; |
244 » » » if (args[1]) | 296 » » » /* If previous -inkey arument add signer to list */ |
| 297 » » » if (keyfile) |
245 { | 298 { |
246 » » » » args++; | 299 » » » » if (!signerfile) |
247 » » » » from = *args; | 300 » » » » » { |
| 301 » » » » » BIO_puts(bio_err, "Illegal -inkey withou
t -signer\n"); |
| 302 » » » » » goto argerr; |
| 303 » » » » » } |
| 304 » » » » if (!sksigners) |
| 305 » » » » » sksigners = sk_OPENSSL_STRING_new_null()
; |
| 306 » » » » sk_OPENSSL_STRING_push(sksigners, signerfile); |
| 307 » » » » signerfile = NULL; |
| 308 » » » » if (!skkeys) |
| 309 » » » » » skkeys = sk_OPENSSL_STRING_new_null(); |
| 310 » » » » sk_OPENSSL_STRING_push(skkeys, keyfile); |
248 } | 311 } |
249 » » » else badarg = 1; | 312 » » » keyfile = *++args; |
250 » » » } | 313 » » » } |
251 » » else if (!strcmp (*args, "-subject")) | |
252 » » » { | |
253 » » » if (args[1]) | |
254 » » » » { | |
255 » » » » args++; | |
256 » » » » subject = *args; | |
257 » » » » } | |
258 » » » else | |
259 » » » » badarg = 1; | |
260 » » » } | |
261 » » else if (!strcmp (*args, "-signer")) | |
262 » » » { | |
263 » » » if (args[1]) | |
264 » » » » { | |
265 » » » » args++; | |
266 » » » » signerfile = *args; | |
267 » » » » } | |
268 » » » else | |
269 » » » » badarg = 1; | |
270 » » » } | |
271 » » else if (!strcmp (*args, "-recip")) | |
272 » » » { | |
273 » » » if (args[1]) | |
274 » » » » { | |
275 » » » » args++; | |
276 » » » » recipfile = *args; | |
277 » » » » } | |
278 » » » else badarg = 1; | |
279 » » » } | |
280 » » else if (!strcmp (*args, "-inkey")) | |
281 » » » { | |
282 » » » if (args[1]) | |
283 » » » » { | |
284 » » » » args++; | |
285 » » » » keyfile = *args; | |
286 » » » » } | |
287 » » » else | |
288 » » » » badarg = 1; | |
289 » » } | |
290 else if (!strcmp (*args, "-keyform")) | 314 else if (!strcmp (*args, "-keyform")) |
291 { | 315 { |
292 » » » if (args[1]) | 316 » » » if (!args[1]) |
293 » » » » { | 317 » » » » goto argerr; |
294 » » » » args++; | 318 » » » keyform = str2fmt(*++args); |
295 » » » » keyform = str2fmt(*args); | |
296 » » » » } | |
297 » » » else | |
298 » » » » badarg = 1; | |
299 } | 319 } |
300 else if (!strcmp (*args, "-certfile")) | 320 else if (!strcmp (*args, "-certfile")) |
301 { | 321 { |
302 » » » if (args[1]) | 322 » » » if (!args[1]) |
303 » » » » { | 323 » » » » goto argerr; |
304 » » » » args++; | 324 » » » certfile = *++args; |
305 » » » » certfile = *args; | |
306 » » » » } | |
307 » » » else | |
308 » » » » badarg = 1; | |
309 } | 325 } |
310 else if (!strcmp (*args, "-CAfile")) | 326 else if (!strcmp (*args, "-CAfile")) |
311 { | 327 { |
312 » » » if (args[1]) | 328 » » » if (!args[1]) |
313 » » » » { | 329 » » » » goto argerr; |
314 » » » » args++; | 330 » » » CAfile = *++args; |
315 » » » » CAfile = *args; | |
316 » » » » } | |
317 » » » else | |
318 » » » » badarg = 1; | |
319 } | 331 } |
320 else if (!strcmp (*args, "-CApath")) | 332 else if (!strcmp (*args, "-CApath")) |
321 { | 333 { |
322 » » » if (args[1]) | 334 » » » if (!args[1]) |
323 » » » » { | 335 » » » » goto argerr; |
324 » » » » args++; | 336 » » » CApath = *++args; |
325 » » » » CApath = *args; | |
326 » » » » } | |
327 » » » else | |
328 » » » » badarg = 1; | |
329 } | 337 } |
330 else if (!strcmp (*args, "-in")) | 338 else if (!strcmp (*args, "-in")) |
331 { | 339 { |
332 » » » if (args[1]) | 340 » » » if (!args[1]) |
333 » » » » { | 341 » » » » goto argerr; |
334 » » » » args++; | 342 » » » infile = *++args; |
335 » » » » infile = *args; | |
336 » » » » } | |
337 » » » else | |
338 » » » » badarg = 1; | |
339 } | 343 } |
340 else if (!strcmp (*args, "-inform")) | 344 else if (!strcmp (*args, "-inform")) |
341 { | 345 { |
342 » » » if (args[1]) | 346 » » » if (!args[1]) |
343 » » » » { | 347 » » » » goto argerr; |
344 » » » » args++; | 348 » » » informat = str2fmt(*++args); |
345 » » » » informat = str2fmt(*args); | |
346 » » » » } | |
347 » » » else | |
348 » » » » badarg = 1; | |
349 } | 349 } |
350 else if (!strcmp (*args, "-outform")) | 350 else if (!strcmp (*args, "-outform")) |
351 { | 351 { |
352 » » » if (args[1]) | 352 » » » if (!args[1]) |
353 » » » » { | 353 » » » » goto argerr; |
354 » » » » args++; | 354 » » » outformat = str2fmt(*++args); |
355 » » » » outformat = str2fmt(*args); | |
356 » » » » } | |
357 » » » else | |
358 » » » » badarg = 1; | |
359 } | 355 } |
360 else if (!strcmp (*args, "-out")) | 356 else if (!strcmp (*args, "-out")) |
361 { | 357 { |
362 » » » if (args[1]) | 358 » » » if (!args[1]) |
363 » » » » { | 359 » » » » goto argerr; |
364 » » » » args++; | 360 » » » outfile = *++args; |
365 » » » » outfile = *args; | |
366 » » » » } | |
367 » » » else | |
368 » » » » badarg = 1; | |
369 } | 361 } |
370 else if (!strcmp (*args, "-content")) | 362 else if (!strcmp (*args, "-content")) |
371 { | 363 { |
372 » » » if (args[1]) | 364 » » » if (!args[1]) |
373 » » » » { | 365 » » » » goto argerr; |
374 » » » » args++; | 366 » » » contfile = *++args; |
375 » » » » contfile = *args; | |
376 » » » » } | |
377 » » » else | |
378 » » » » badarg = 1; | |
379 } | 367 } |
380 else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) | 368 else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) |
381 continue; | 369 continue; |
382 » » else | 370 » » else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) |
383 badarg = 1; | 371 badarg = 1; |
384 args++; | 372 args++; |
385 } | 373 } |
386 | 374 |
| 375 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) |
| 376 { |
| 377 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); |
| 378 goto argerr; |
| 379 } |
387 | 380 |
388 » if (operation == SMIME_SIGN) | 381 » if (operation & SMIME_SIGNERS) |
389 { | 382 { |
390 » » if (!signerfile) | 383 » » /* Check to see if any final signer needs to be appended */ |
| 384 » » if (keyfile && !signerfile) |
| 385 » » » { |
| 386 » » » BIO_puts(bio_err, "Illegal -inkey without -signer\n"); |
| 387 » » » goto argerr; |
| 388 » » » } |
| 389 » » if (signerfile) |
| 390 » » » { |
| 391 » » » if (!sksigners) |
| 392 » » » » sksigners = sk_OPENSSL_STRING_new_null(); |
| 393 » » » sk_OPENSSL_STRING_push(sksigners, signerfile); |
| 394 » » » if (!skkeys) |
| 395 » » » » skkeys = sk_OPENSSL_STRING_new_null(); |
| 396 » » » if (!keyfile) |
| 397 » » » » keyfile = signerfile; |
| 398 » » » sk_OPENSSL_STRING_push(skkeys, keyfile); |
| 399 » » » } |
| 400 » » if (!sksigners) |
391 { | 401 { |
392 BIO_printf(bio_err, "No signer certificate specified\n")
; | 402 BIO_printf(bio_err, "No signer certificate specified\n")
; |
393 badarg = 1; | 403 badarg = 1; |
394 } | 404 } |
| 405 signerfile = NULL; |
| 406 keyfile = NULL; |
395 need_rand = 1; | 407 need_rand = 1; |
396 } | 408 } |
397 else if (operation == SMIME_DECRYPT) | 409 else if (operation == SMIME_DECRYPT) |
398 { | 410 { |
399 if (!recipfile && !keyfile) | 411 if (!recipfile && !keyfile) |
400 { | 412 { |
401 BIO_printf(bio_err, "No recipient certificate or key spe
cified\n"); | 413 BIO_printf(bio_err, "No recipient certificate or key spe
cified\n"); |
402 badarg = 1; | 414 badarg = 1; |
403 } | 415 } |
404 } | 416 } |
405 else if (operation == SMIME_ENCRYPT) | 417 else if (operation == SMIME_ENCRYPT) |
406 { | 418 { |
407 if (!*args) | 419 if (!*args) |
408 { | 420 { |
409 BIO_printf(bio_err, "No recipient(s) certificate(s) spec
ified\n"); | 421 BIO_printf(bio_err, "No recipient(s) certificate(s) spec
ified\n"); |
410 badarg = 1; | 422 badarg = 1; |
411 } | 423 } |
412 need_rand = 1; | 424 need_rand = 1; |
413 } | 425 } |
414 else if (!operation) | 426 else if (!operation) |
415 badarg = 1; | 427 badarg = 1; |
416 | 428 |
417 if (badarg) | 429 if (badarg) |
418 { | 430 { |
| 431 argerr: |
419 BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); | 432 BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); |
420 BIO_printf (bio_err, "where options are\n"); | 433 BIO_printf (bio_err, "where options are\n"); |
421 BIO_printf (bio_err, "-encrypt encrypt message\n"); | 434 BIO_printf (bio_err, "-encrypt encrypt message\n"); |
422 BIO_printf (bio_err, "-decrypt decrypt encrypted message\n
"); | 435 BIO_printf (bio_err, "-decrypt decrypt encrypted message\n
"); |
423 BIO_printf (bio_err, "-sign sign message\n"); | 436 BIO_printf (bio_err, "-sign sign message\n"); |
424 BIO_printf (bio_err, "-verify verify signed message\n"); | 437 BIO_printf (bio_err, "-verify verify signed message\n"); |
425 BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n")
; | 438 BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n")
; |
426 #ifndef OPENSSL_NO_DES | 439 #ifndef OPENSSL_NO_DES |
427 BIO_printf (bio_err, "-des3 encrypt with triple DES\n")
; | 440 BIO_printf (bio_err, "-des3 encrypt with triple DES\n")
; |
428 BIO_printf (bio_err, "-des encrypt with DES\n"); | 441 BIO_printf (bio_err, "-des encrypt with DES\n"); |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
492 if (need_rand) | 505 if (need_rand) |
493 { | 506 { |
494 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); | 507 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); |
495 if (inrand != NULL) | 508 if (inrand != NULL) |
496 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", | 509 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", |
497 app_RAND_load_files(inrand)); | 510 app_RAND_load_files(inrand)); |
498 } | 511 } |
499 | 512 |
500 ret = 2; | 513 ret = 2; |
501 | 514 |
502 » if (operation != SMIME_SIGN) | 515 » if (!(operation & SMIME_SIGNERS)) |
503 flags &= ~PKCS7_DETACHED; | 516 flags &= ~PKCS7_DETACHED; |
504 | 517 |
505 if (operation & SMIME_OP) | 518 if (operation & SMIME_OP) |
506 { | 519 { |
507 if (flags & PKCS7_BINARY) | |
508 inmode = "rb"; | |
509 if (outformat == FORMAT_ASN1) | 520 if (outformat == FORMAT_ASN1) |
510 outmode = "wb"; | 521 outmode = "wb"; |
511 } | 522 } |
512 else | 523 else |
513 { | 524 { |
514 if (flags & PKCS7_BINARY) | 525 if (flags & PKCS7_BINARY) |
515 outmode = "wb"; | 526 outmode = "wb"; |
| 527 } |
| 528 |
| 529 if (operation & SMIME_IP) |
| 530 { |
516 if (informat == FORMAT_ASN1) | 531 if (informat == FORMAT_ASN1) |
517 inmode = "rb"; | 532 inmode = "rb"; |
518 } | 533 } |
| 534 else |
| 535 { |
| 536 if (flags & PKCS7_BINARY) |
| 537 inmode = "rb"; |
| 538 } |
519 | 539 |
520 if (operation == SMIME_ENCRYPT) | 540 if (operation == SMIME_ENCRYPT) |
521 { | 541 { |
522 if (!cipher) | 542 if (!cipher) |
523 { | 543 { |
524 #ifndef OPENSSL_NO_RC2 | 544 #ifndef OPENSSL_NO_RC2 |
525 cipher = EVP_rc2_40_cbc(); | 545 cipher = EVP_rc2_40_cbc(); |
526 #else | 546 #else |
527 BIO_printf(bio_err, "No cipher selected\n"); | 547 BIO_printf(bio_err, "No cipher selected\n"); |
528 goto end; | 548 goto end; |
529 #endif | 549 #endif |
530 } | 550 } |
531 encerts = sk_X509_new_null(); | 551 encerts = sk_X509_new_null(); |
532 while (*args) | 552 while (*args) |
533 { | 553 { |
534 if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, | 554 if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, |
535 NULL, e, "recipient certificate file"))) | 555 NULL, e, "recipient certificate file"))) |
536 { | 556 { |
537 #if 0 /* An appropriate message is already printed */ | 557 #if 0 /* An appropriate message is already printed */ |
538 BIO_printf(bio_err, "Can't read recipient certif
icate file %s\n", *args); | 558 BIO_printf(bio_err, "Can't read recipient certif
icate file %s\n", *args); |
539 #endif | 559 #endif |
540 goto end; | 560 goto end; |
541 } | 561 } |
542 sk_X509_push(encerts, cert); | 562 sk_X509_push(encerts, cert); |
543 cert = NULL; | 563 cert = NULL; |
544 args++; | 564 args++; |
545 } | 565 } |
546 } | 566 } |
547 | 567 |
548 if (signerfile && (operation == SMIME_SIGN)) | |
549 { | |
550 if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, | |
551 e, "signer certificate"))) | |
552 { | |
553 #if 0 /* An appropri message has already been printed */ | |
554 BIO_printf(bio_err, "Can't read signer certificate file
%s\n", signerfile); | |
555 #endif | |
556 goto end; | |
557 } | |
558 } | |
559 | |
560 if (certfile) | 568 if (certfile) |
561 { | 569 { |
562 if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, | 570 if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, |
563 e, "certificate file"))) | 571 e, "certificate file"))) |
564 { | 572 { |
565 #if 0 /* An appropriate message has already been printed */ | |
566 BIO_printf(bio_err, "Can't read certificate file %s\n",
certfile); | |
567 #endif | |
568 ERR_print_errors(bio_err); | 573 ERR_print_errors(bio_err); |
569 goto end; | 574 goto end; |
570 } | 575 } |
571 } | 576 } |
572 | 577 |
573 if (recipfile && (operation == SMIME_DECRYPT)) | 578 if (recipfile && (operation == SMIME_DECRYPT)) |
574 { | 579 { |
575 if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, | 580 if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, |
576 e, "recipient certificate file"))) | 581 e, "recipient certificate file"))) |
577 { | 582 { |
578 #if 0 /* An appropriate message has alrady been printed */ | |
579 BIO_printf(bio_err, "Can't read recipient certificate fi
le %s\n", recipfile); | |
580 #endif | |
581 ERR_print_errors(bio_err); | 583 ERR_print_errors(bio_err); |
582 goto end; | 584 goto end; |
583 } | 585 } |
584 } | 586 } |
585 | 587 |
586 if (operation == SMIME_DECRYPT) | 588 if (operation == SMIME_DECRYPT) |
587 { | 589 { |
588 if (!keyfile) | 590 if (!keyfile) |
589 keyfile = recipfile; | 591 keyfile = recipfile; |
590 } | 592 } |
(...skipping 17 matching lines...) Expand all Loading... |
608 if (!(in = BIO_new_file(infile, inmode))) | 610 if (!(in = BIO_new_file(infile, inmode))) |
609 { | 611 { |
610 BIO_printf (bio_err, | 612 BIO_printf (bio_err, |
611 "Can't open input file %s\n", infile); | 613 "Can't open input file %s\n", infile); |
612 goto end; | 614 goto end; |
613 } | 615 } |
614 } | 616 } |
615 else | 617 else |
616 in = BIO_new_fp(stdin, BIO_NOCLOSE); | 618 in = BIO_new_fp(stdin, BIO_NOCLOSE); |
617 | 619 |
| 620 if (operation & SMIME_IP) |
| 621 { |
| 622 if (informat == FORMAT_SMIME) |
| 623 p7 = SMIME_read_PKCS7(in, &indata); |
| 624 else if (informat == FORMAT_PEM) |
| 625 p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); |
| 626 else if (informat == FORMAT_ASN1) |
| 627 p7 = d2i_PKCS7_bio(in, NULL); |
| 628 else |
| 629 { |
| 630 BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"
); |
| 631 goto end; |
| 632 } |
| 633 |
| 634 if (!p7) |
| 635 { |
| 636 BIO_printf(bio_err, "Error reading S/MIME message\n"); |
| 637 goto end; |
| 638 } |
| 639 if (contfile) |
| 640 { |
| 641 BIO_free(indata); |
| 642 if (!(indata = BIO_new_file(contfile, "rb"))) |
| 643 { |
| 644 BIO_printf(bio_err, "Can't read content file %s\
n", contfile); |
| 645 goto end; |
| 646 } |
| 647 } |
| 648 } |
| 649 |
618 if (outfile) | 650 if (outfile) |
619 { | 651 { |
620 if (!(out = BIO_new_file(outfile, outmode))) | 652 if (!(out = BIO_new_file(outfile, outmode))) |
621 { | 653 { |
622 BIO_printf (bio_err, | 654 BIO_printf (bio_err, |
623 "Can't open output file %s\n", outfile); | 655 "Can't open output file %s\n", outfile); |
624 goto end; | 656 goto end; |
625 } | 657 } |
626 } | 658 } |
627 else | 659 else |
628 { | 660 { |
629 out = BIO_new_fp(stdout, BIO_NOCLOSE); | 661 out = BIO_new_fp(stdout, BIO_NOCLOSE); |
630 #ifdef OPENSSL_SYS_VMS | 662 #ifdef OPENSSL_SYS_VMS |
631 { | 663 { |
632 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); | 664 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
633 out = BIO_push(tmpbio, out); | 665 out = BIO_push(tmpbio, out); |
634 } | 666 } |
635 #endif | 667 #endif |
636 } | 668 } |
637 | 669 |
638 if (operation == SMIME_VERIFY) | 670 if (operation == SMIME_VERIFY) |
639 { | 671 { |
640 if (!(store = setup_verify(bio_err, CAfile, CApath))) | 672 if (!(store = setup_verify(bio_err, CAfile, CApath))) |
641 goto end; | 673 goto end; |
642 » » X509_STORE_set_verify_cb_func(store, smime_cb); | 674 » » X509_STORE_set_verify_cb(store, smime_cb); |
643 if (vpm) | 675 if (vpm) |
644 X509_STORE_set1_param(store, vpm); | 676 X509_STORE_set1_param(store, vpm); |
645 } | 677 } |
646 | 678 |
647 | 679 |
648 ret = 3; | 680 ret = 3; |
649 | 681 |
650 if (operation == SMIME_ENCRYPT) | 682 if (operation == SMIME_ENCRYPT) |
| 683 { |
| 684 if (indef) |
| 685 flags |= PKCS7_STREAM; |
651 p7 = PKCS7_encrypt(encerts, in, cipher, flags); | 686 p7 = PKCS7_encrypt(encerts, in, cipher, flags); |
652 » else if (operation == SMIME_SIGN) | 687 » » } |
| 688 » else if (operation & SMIME_SIGNERS) |
653 { | 689 { |
654 » » /* If detached data and SMIME output enable partial | 690 » » int i; |
655 » » * signing. | 691 » » /* If detached data content we only enable streaming if |
| 692 » » * S/MIME output format. |
656 */ | 693 */ |
657 » » if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) | 694 » » if (operation == SMIME_SIGN) |
658 » » » flags |= PKCS7_STREAM; | 695 » » » { |
659 » » p7 = PKCS7_sign(signer, key, other, in, flags); | 696 » » » if (flags & PKCS7_DETACHED) |
660 » » } | 697 » » » » { |
661 » else | 698 » » » » if (outformat == FORMAT_SMIME) |
662 » » { | 699 » » » » » flags |= PKCS7_STREAM; |
663 » » if (informat == FORMAT_SMIME) | 700 » » » » } |
664 » » » p7 = SMIME_read_PKCS7(in, &indata); | 701 » » » else if (indef) |
665 » » else if (informat == FORMAT_PEM) | 702 » » » » flags |= PKCS7_STREAM; |
666 » » » p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); | 703 » » » flags |= PKCS7_PARTIAL; |
667 » » else if (informat == FORMAT_ASN1) | 704 » » » p7 = PKCS7_sign(NULL, NULL, other, in, flags); |
668 » » » p7 = d2i_PKCS7_bio(in, NULL); | 705 » » » if (!p7) |
| 706 » » » » goto end; |
| 707 » » » } |
669 else | 708 else |
| 709 flags |= PKCS7_REUSE_DIGEST; |
| 710 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) |
670 { | 711 { |
671 » » » BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"
); | 712 » » » signerfile = sk_OPENSSL_STRING_value(sksigners, i); |
672 » » » goto end; | 713 » » » keyfile = sk_OPENSSL_STRING_value(skkeys, i); |
| 714 » » » signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, |
| 715 » » » » » e, "signer certificate"); |
| 716 » » » if (!signer) |
| 717 » » » » goto end; |
| 718 » » » key = load_key(bio_err, keyfile, keyform, 0, passin, e, |
| 719 » » » "signing key file"); |
| 720 » » » if (!key) |
| 721 » » » » goto end; |
| 722 » » » if (!PKCS7_sign_add_signer(p7, signer, key, |
| 723 » » » » » » sign_md, flags)) |
| 724 » » » » goto end; |
| 725 » » » X509_free(signer); |
| 726 » » » signer = NULL; |
| 727 » » » EVP_PKEY_free(key); |
| 728 » » » key = NULL; |
673 } | 729 } |
674 | 730 » » /* If not streaming or resigning finalize structure */ |
675 » » if (!p7) | 731 » » if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) |
676 { | 732 { |
677 » » » BIO_printf(bio_err, "Error reading S/MIME message\n"); | 733 » » » if (!PKCS7_final(p7, in, flags)) |
678 » » » goto end; | |
679 » » » } | |
680 » » if (contfile) | |
681 » » » { | |
682 » » » BIO_free(indata); | |
683 » » » if (!(indata = BIO_new_file(contfile, "rb"))) | |
684 » » » » { | |
685 » » » » BIO_printf(bio_err, "Can't read content file %s\
n", contfile); | |
686 goto end; | 734 goto end; |
687 } | |
688 } | 735 } |
689 } | 736 } |
690 | 737 |
691 if (!p7) | 738 if (!p7) |
692 { | 739 { |
693 BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); | 740 BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); |
694 goto end; | 741 goto end; |
695 } | 742 } |
696 | 743 |
697 ret = 4; | 744 ret = 4; |
(...skipping 29 matching lines...) Expand all Loading... |
727 PEM_write_bio_PKCS7(out, p7); | 774 PEM_write_bio_PKCS7(out, p7); |
728 else | 775 else |
729 { | 776 { |
730 if (to) | 777 if (to) |
731 BIO_printf(out, "To: %s\n", to); | 778 BIO_printf(out, "To: %s\n", to); |
732 if (from) | 779 if (from) |
733 BIO_printf(out, "From: %s\n", from); | 780 BIO_printf(out, "From: %s\n", from); |
734 if (subject) | 781 if (subject) |
735 BIO_printf(out, "Subject: %s\n", subject); | 782 BIO_printf(out, "Subject: %s\n", subject); |
736 if (outformat == FORMAT_SMIME) | 783 if (outformat == FORMAT_SMIME) |
737 » » » SMIME_write_PKCS7(out, p7, in, flags); | 784 » » » { |
| 785 » » » if (operation == SMIME_RESIGN) |
| 786 » » » » SMIME_write_PKCS7(out, p7, indata, flags); |
| 787 » » » else |
| 788 » » » » SMIME_write_PKCS7(out, p7, in, flags); |
| 789 » » » } |
738 else if (outformat == FORMAT_PEM) | 790 else if (outformat == FORMAT_PEM) |
739 » » » PEM_write_bio_PKCS7(out,p7); | 791 » » » PEM_write_bio_PKCS7_stream(out, p7, in, flags); |
740 else if (outformat == FORMAT_ASN1) | 792 else if (outformat == FORMAT_ASN1) |
741 » » » i2d_PKCS7_bio(out,p7); | 793 » » » i2d_PKCS7_bio_stream(out,p7, in, flags); |
742 else | 794 else |
743 { | 795 { |
744 BIO_printf(bio_err, "Bad output format for PKCS#7 file\n
"); | 796 BIO_printf(bio_err, "Bad output format for PKCS#7 file\n
"); |
745 goto end; | 797 goto end; |
746 } | 798 } |
747 } | 799 } |
748 ret = 0; | 800 ret = 0; |
749 end: | 801 end: |
750 if (need_rand) | 802 if (need_rand) |
751 app_RAND_write_file(NULL, bio_err); | 803 app_RAND_write_file(NULL, bio_err); |
752 if (ret) ERR_print_errors(bio_err); | 804 if (ret) ERR_print_errors(bio_err); |
753 sk_X509_pop_free(encerts, X509_free); | 805 sk_X509_pop_free(encerts, X509_free); |
754 sk_X509_pop_free(other, X509_free); | 806 sk_X509_pop_free(other, X509_free); |
755 if (vpm) | 807 if (vpm) |
756 X509_VERIFY_PARAM_free(vpm); | 808 X509_VERIFY_PARAM_free(vpm); |
| 809 if (sksigners) |
| 810 sk_OPENSSL_STRING_free(sksigners); |
| 811 if (skkeys) |
| 812 sk_OPENSSL_STRING_free(skkeys); |
757 X509_STORE_free(store); | 813 X509_STORE_free(store); |
758 X509_free(cert); | 814 X509_free(cert); |
759 X509_free(recip); | 815 X509_free(recip); |
760 X509_free(signer); | 816 X509_free(signer); |
761 EVP_PKEY_free(key); | 817 EVP_PKEY_free(key); |
762 PKCS7_free(p7); | 818 PKCS7_free(p7); |
763 BIO_free(in); | 819 BIO_free(in); |
764 BIO_free(indata); | 820 BIO_free(indata); |
765 BIO_free_all(out); | 821 BIO_free_all(out); |
766 if (passin) OPENSSL_free(passin); | 822 if (passin) OPENSSL_free(passin); |
(...skipping 25 matching lines...) Expand all Loading... |
792 | 848 |
793 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) | 849 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) |
794 && ((error != X509_V_OK) || (ok != 2))) | 850 && ((error != X509_V_OK) || (ok != 2))) |
795 return ok; | 851 return ok; |
796 | 852 |
797 policies_print(NULL, ctx); | 853 policies_print(NULL, ctx); |
798 | 854 |
799 return ok; | 855 return ok; |
800 | 856 |
801 } | 857 } |
OLD | NEW |