diff options
Diffstat (limited to 'lib/libssl/src/apps/cms.c')
| -rw-r--r-- | lib/libssl/src/apps/cms.c | 896 |
1 files changed, 362 insertions, 534 deletions
diff --git a/lib/libssl/src/apps/cms.c b/lib/libssl/src/apps/cms.c index 801d523caf3..553b6de76e5 100644 --- a/lib/libssl/src/apps/cms.c +++ b/lib/libssl/src/apps/cms.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -71,9 +71,10 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int cms_cb(int ok, X509_STORE_CTX *ctx); static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); -static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, - int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from); +static CMS_ReceiptRequest * +make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, + int rr_allorfirst, + STACK_OF(OPENSSL_STRING) *rr_from); #define SMIME_OP 0x10 #define SMIME_IP 0x20 @@ -99,8 +100,9 @@ int verify_err = 0; int MAIN(int, char **); -int MAIN(int argc, char **argv) - { +int +MAIN(int argc, char **argv) +{ ENGINE *e = NULL; int operation = 0; int ret = 0; @@ -109,7 +111,7 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL, *rctfile = NULL; char *signerfile = NULL, *recipfile = NULL; STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile=NULL; + char *certfile = NULL, *keyfile = NULL, *contfile = NULL; char *certsoutfile = NULL; const EVP_CIPHER *cipher = NULL; CMS_ContentInfo *cms = NULL, *rcms = NULL; @@ -131,9 +133,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; const EVP_MD *sign_md = NULL; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; + int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; #ifndef OPENSSL_NO_ENGINE - char *engine=NULL; + char *engine = NULL; #endif unsigned char *secret_key = NULL, *secret_keyid = NULL; unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; @@ -148,17 +150,15 @@ int MAIN(int argc, char **argv) apps_startup(); - if (bio_err == NULL) - { + if (bio_err == NULL) { if ((bio_err = BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); - } + } if (!load_config(bio_err, NULL)) goto end; - while (!badarg && *args && *args[0] == '-') - { + while (!badarg && *args && *args[0] == '-') { if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; else if (!strcmp (*args, "-decrypt")) @@ -173,15 +173,13 @@ int MAIN(int argc, char **argv) operation = SMIME_VERIFY; else if (!strcmp (*args, "-verify_retcode")) verify_retcode = 1; - else if (!strcmp(*args,"-verify_receipt")) - { + else if (!strcmp(*args, "-verify_receipt")) { operation = SMIME_VERIFY_RECEIPT; if (!args[1]) goto argerr; args++; rctfile = *args; - } - else if (!strcmp (*args, "-cmsout")) + } else if (!strcmp (*args, "-cmsout")) operation = SMIME_CMSOUT; else if (!strcmp (*args, "-data_out")) operation = SMIME_DATAOUT; @@ -200,202 +198,182 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-EncryptedData_encrypt")) operation = SMIME_ENCRYPTED_ENCRYPT; #ifndef OPENSSL_NO_DES - else if (!strcmp (*args, "-des3")) - cipher = EVP_des_ede3_cbc(); - else if (!strcmp (*args, "-des")) - cipher = EVP_des_cbc(); + else if (!strcmp (*args, "-des3")) + cipher = EVP_des_ede3_cbc(); + else if (!strcmp (*args, "-des")) + cipher = EVP_des_cbc(); #endif #ifndef OPENSSL_NO_SEED - else if (!strcmp (*args, "-seed")) - cipher = EVP_seed_cbc(); + else if (!strcmp (*args, "-seed")) + cipher = EVP_seed_cbc(); #endif #ifndef OPENSSL_NO_RC2 - else if (!strcmp (*args, "-rc2-40")) - cipher = EVP_rc2_40_cbc(); - else if (!strcmp (*args, "-rc2-128")) - cipher = EVP_rc2_cbc(); - else if (!strcmp (*args, "-rc2-64")) - cipher = EVP_rc2_64_cbc(); + else if (!strcmp (*args, "-rc2-40")) + cipher = EVP_rc2_40_cbc(); + else if (!strcmp (*args, "-rc2-128")) + cipher = EVP_rc2_cbc(); + else if (!strcmp (*args, "-rc2-64")) + cipher = EVP_rc2_64_cbc(); #endif #ifndef OPENSSL_NO_AES - else if (!strcmp(*args,"-aes128")) - cipher = EVP_aes_128_cbc(); - else if (!strcmp(*args,"-aes192")) - cipher = EVP_aes_192_cbc(); - else if (!strcmp(*args,"-aes256")) - cipher = EVP_aes_256_cbc(); + else if (!strcmp(*args, "-aes128")) + cipher = EVP_aes_128_cbc(); + else if (!strcmp(*args, "-aes192")) + cipher = EVP_aes_192_cbc(); + else if (!strcmp(*args, "-aes256")) + cipher = EVP_aes_256_cbc(); #endif #ifndef OPENSSL_NO_CAMELLIA - else if (!strcmp(*args,"-camellia128")) - cipher = EVP_camellia_128_cbc(); - else if (!strcmp(*args,"-camellia192")) - cipher = EVP_camellia_192_cbc(); - else if (!strcmp(*args,"-camellia256")) - cipher = EVP_camellia_256_cbc(); + else if (!strcmp(*args, "-camellia128")) + cipher = EVP_camellia_128_cbc(); + else if (!strcmp(*args, "-camellia192")) + cipher = EVP_camellia_192_cbc(); + else if (!strcmp(*args, "-camellia256")) + cipher = EVP_camellia_256_cbc(); #endif - else if (!strcmp (*args, "-debug_decrypt")) - flags |= CMS_DEBUG_DECRYPT; - else if (!strcmp (*args, "-text")) - flags |= CMS_TEXT; - else if (!strcmp (*args, "-nointern")) - flags |= CMS_NOINTERN; - else if (!strcmp (*args, "-noverify") - || !strcmp (*args, "-no_signer_cert_verify")) - flags |= CMS_NO_SIGNER_CERT_VERIFY; - else if (!strcmp (*args, "-nocerts")) - flags |= CMS_NOCERTS; - else if (!strcmp (*args, "-noattr")) - flags |= CMS_NOATTR; - else if (!strcmp (*args, "-nodetach")) - flags &= ~CMS_DETACHED; + else if (!strcmp (*args, "-debug_decrypt")) + flags |= CMS_DEBUG_DECRYPT; + else if (!strcmp (*args, "-text")) + flags |= CMS_TEXT; + else if (!strcmp (*args, "-nointern")) + flags |= CMS_NOINTERN; + else if (!strcmp (*args, "-noverify") || + !strcmp (*args, "-no_signer_cert_verify")) + flags |= CMS_NO_SIGNER_CERT_VERIFY; + else if (!strcmp (*args, "-nocerts")) + flags |= CMS_NOCERTS; + else if (!strcmp (*args, "-noattr")) + flags |= CMS_NOATTR; + else if (!strcmp (*args, "-nodetach")) + flags &= ~CMS_DETACHED; else if (!strcmp (*args, "-nosmimecap")) - flags |= CMS_NOSMIMECAP; + flags |= CMS_NOSMIMECAP; else if (!strcmp (*args, "-binary")) - flags |= CMS_BINARY; + flags |= CMS_BINARY; else if (!strcmp (*args, "-keyid")) - flags |= CMS_USE_KEYID; + flags |= CMS_USE_KEYID; else if (!strcmp (*args, "-nosigs")) - flags |= CMS_NOSIGS; + flags |= CMS_NOSIGS; else if (!strcmp (*args, "-no_content_verify")) - flags |= CMS_NO_CONTENT_VERIFY; + flags |= CMS_NO_CONTENT_VERIFY; else if (!strcmp (*args, "-no_attr_verify")) - flags |= CMS_NO_ATTR_VERIFY; + flags |= CMS_NO_ATTR_VERIFY; else if (!strcmp (*args, "-stream")) - flags |= CMS_STREAM; + flags |= CMS_STREAM; else if (!strcmp (*args, "-indef")) - flags |= CMS_STREAM; + flags |= CMS_STREAM; else if (!strcmp (*args, "-noindef")) - flags &= ~CMS_STREAM; + flags &= ~CMS_STREAM; else if (!strcmp (*args, "-nooldmime")) - flags |= CMS_NOOLDMIMETYPE; + flags |= CMS_NOOLDMIMETYPE; else if (!strcmp (*args, "-crlfeol")) - flags |= CMS_CRLFEOL; + flags |= CMS_CRLFEOL; else if (!strcmp (*args, "-noout")) - noout = 1; + noout = 1; else if (!strcmp (*args, "-receipt_request_print")) - rr_print = 1; + rr_print = 1; else if (!strcmp (*args, "-receipt_request_all")) - rr_allorfirst = 0; + rr_allorfirst = 0; else if (!strcmp (*args, "-receipt_request_first")) - rr_allorfirst = 1; - else if (!strcmp(*args,"-receipt_request_from")) - { + rr_allorfirst = 1; + else if (!strcmp(*args, "-receipt_request_from")) { if (!args[1]) goto argerr; args++; if (!rr_from) rr_from = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(rr_from, *args); - } - else if (!strcmp(*args,"-receipt_request_to")) - { + } + else if (!strcmp(*args, "-receipt_request_to")) { if (!args[1]) goto argerr; args++; if (!rr_to) rr_to = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(rr_to, *args); - } - else if (!strcmp (*args, "-print")) - { - noout = 1; - print = 1; - } - else if (!strcmp(*args,"-secretkey")) - { + } + else if (!strcmp (*args, "-print")) { + noout = 1; + print = 1; + } + else if (!strcmp(*args, "-secretkey")) { long ltmp; if (!args[1]) goto argerr; args++; secret_key = string_to_hex(*args, <mp); - if (!secret_key) - { + if (!secret_key) { BIO_printf(bio_err, "Invalid key %s\n", *args); goto argerr; - } - secret_keylen = (size_t)ltmp; } - else if (!strcmp(*args,"-secretkeyid")) - { + secret_keylen = (size_t)ltmp; + } + else if (!strcmp(*args, "-secretkeyid")) { long ltmp; if (!args[1]) goto argerr; args++; secret_keyid = string_to_hex(*args, <mp); - if (!secret_keyid) - { + if (!secret_keyid) { BIO_printf(bio_err, "Invalid id %s\n", *args); goto argerr; - } - secret_keyidlen = (size_t)ltmp; } - else if (!strcmp(*args,"-pwri_password")) - { + secret_keyidlen = (size_t)ltmp; + } + else if (!strcmp(*args, "-pwri_password")) { if (!args[1]) goto argerr; args++; pwri_pass = (unsigned char *)*args; - } - else if (!strcmp(*args,"-econtent_type")) - { + } else if (!strcmp(*args, "-econtent_type")) { if (!args[1]) goto argerr; args++; econtent_type = OBJ_txt2obj(*args, 0); - if (!econtent_type) - { + if (!econtent_type) { BIO_printf(bio_err, "Invalid OID %s\n", *args); goto argerr; - } } - else if (!strcmp(*args,"-rand")) - { + } else if (!strcmp(*args, "-rand")) { if (!args[1]) goto argerr; args++; inrand = *args; need_rand = 1; - } + } #ifndef OPENSSL_NO_ENGINE - else if (!strcmp(*args,"-engine")) - { + else if (!strcmp(*args, "-engine")) { if (!args[1]) goto argerr; engine = *++args; - } + } #endif - else if (!strcmp(*args,"-passin")) - { + else if (!strcmp(*args, "-passin")) { if (!args[1]) goto argerr; passargin = *++args; - } - else if (!strcmp (*args, "-to")) - { + } + else if (!strcmp (*args, "-to")) { if (!args[1]) goto argerr; to = *++args; - } - else if (!strcmp (*args, "-from")) - { + } + else if (!strcmp (*args, "-from")) { if (!args[1]) goto argerr; from = *++args; - } - else if (!strcmp (*args, "-subject")) - { + } + else if (!strcmp (*args, "-subject")) { if (!args[1]) goto argerr; subject = *++args; - } - else if (!strcmp (*args, "-signer")) - { + } + else if (!strcmp (*args, "-signer")) { if (!args[1]) goto argerr; /* If previous -signer argument add signer to list */ - if (signerfile) - { + if (signerfile) { if (!sksigners) sksigners = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(sksigners, signerfile); @@ -405,45 +383,34 @@ int MAIN(int argc, char **argv) skkeys = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(skkeys, keyfile); keyfile = NULL; - } - signerfile = *++args; } - else if (!strcmp (*args, "-recip")) - { + signerfile = *++args; + } else if (!strcmp (*args, "-recip")) { if (!args[1]) goto argerr; recipfile = *++args; - } - else if (!strcmp (*args, "-certsout")) - { + } else if (!strcmp (*args, "-certsout")) { if (!args[1]) goto argerr; certsoutfile = *++args; - } - else if (!strcmp (*args, "-md")) - { + } else if (!strcmp (*args, "-md")) { if (!args[1]) goto argerr; sign_md = EVP_get_digestbyname(*++args); - if (sign_md == NULL) - { + if (sign_md == NULL) { BIO_printf(bio_err, "Unknown digest %s\n", - *args); + *args); goto argerr; - } } - else if (!strcmp (*args, "-inkey")) - { - if (!args[1]) + } else if (!strcmp (*args, "-inkey")) { + if (!args[1]) goto argerr; /* If previous -inkey arument add signer to list */ - if (keyfile) - { - if (!signerfile) - { + if (keyfile) { + if (!signerfile) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto argerr; - } + } if (!sksigners) sksigners = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(sksigners, signerfile); @@ -451,103 +418,76 @@ int MAIN(int argc, char **argv) if (!skkeys) skkeys = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(skkeys, keyfile); - } - keyfile = *++args; } - else if (!strcmp (*args, "-keyform")) - { + keyfile = *++args; + } else if (!strcmp (*args, "-keyform")) { if (!args[1]) goto argerr; keyform = str2fmt(*++args); - } - else if (!strcmp (*args, "-rctform")) - { + } else if (!strcmp (*args, "-rctform")) { if (!args[1]) goto argerr; rctformat = str2fmt(*++args); - } - else if (!strcmp (*args, "-certfile")) - { + } else if (!strcmp (*args, "-certfile")) { if (!args[1]) goto argerr; certfile = *++args; - } - else if (!strcmp (*args, "-CAfile")) - { + } else if (!strcmp (*args, "-CAfile")) { if (!args[1]) goto argerr; CAfile = *++args; - } - else if (!strcmp (*args, "-CApath")) - { + } else if (!strcmp (*args, "-CApath")) { if (!args[1]) goto argerr; CApath = *++args; - } - else if (!strcmp (*args, "-in")) - { + } else if (!strcmp (*args, "-in")) { if (!args[1]) goto argerr; infile = *++args; - } - else if (!strcmp (*args, "-inform")) - { + } else if (!strcmp (*args, "-inform")) { if (!args[1]) goto argerr; informat = str2fmt(*++args); - } - else if (!strcmp (*args, "-outform")) - { + } else if (!strcmp (*args, "-outform")) { if (!args[1]) goto argerr; outformat = str2fmt(*++args); - } - else if (!strcmp (*args, "-out")) - { + } else if (!strcmp (*args, "-out")) { if (!args[1]) goto argerr; outfile = *++args; - } - else if (!strcmp (*args, "-content")) - { + } else if (!strcmp (*args, "-content")) { if (!args[1]) goto argerr; contfile = *++args; - } - else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) + } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) continue; else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) badarg = 1; args++; - } + } - if (((rr_allorfirst != -1) || rr_from) && !rr_to) - { + if (((rr_allorfirst != -1) || rr_from) && !rr_to) { BIO_puts(bio_err, "No Signed Receipts Recipients\n"); goto argerr; - } + } - if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) - { + if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) { BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); goto argerr; - } - if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) - { + } + if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); goto argerr; - } + } - if (operation & SMIME_SIGNERS) - { - if (keyfile && !signerfile) - { + if (operation & SMIME_SIGNERS) { + if (keyfile && !signerfile) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); goto argerr; - } + } /* Check to see if any final signer needs to be appended */ - if (signerfile) - { + if (signerfile) { if (!sksigners) sksigners = sk_OPENSSL_STRING_new_null(); sk_OPENSSL_STRING_push(sksigners, signerfile); @@ -556,39 +496,29 @@ int MAIN(int argc, char **argv) if (!keyfile) keyfile = signerfile; sk_OPENSSL_STRING_push(skkeys, keyfile); - } - if (!sksigners) - { + } + if (!sksigners) { BIO_printf(bio_err, "No signer certificate specified\n"); badarg = 1; - } + } signerfile = NULL; keyfile = NULL; need_rand = 1; - } - - else if (operation == SMIME_DECRYPT) - { - if (!recipfile && !keyfile && !secret_key && !pwri_pass) - { + } else if (operation == SMIME_DECRYPT) { + if (!recipfile && !keyfile && !secret_key && !pwri_pass) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); badarg = 1; - } } - else if (operation == SMIME_ENCRYPT) - { - if (!*args && !secret_key && !pwri_pass) - { + } else if (operation == SMIME_ENCRYPT) { + if (!*args && !secret_key && !pwri_pass) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; - } - need_rand = 1; } - else if (!operation) + need_rand = 1; + } else if (!operation) badarg = 1; - if (badarg) - { + if (badarg) { argerr: BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); BIO_printf (bio_err, "where options are\n"); @@ -653,300 +583,245 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, " the random number generator\n"); BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); goto end; - } + } #ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); + e = setup_engine(bio_err, engine, 0); #endif - if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) - { + if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; - } + } - if (need_rand) - { + if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) - BIO_printf(bio_err,"%ld semi-random bytes loaded\n", - app_RAND_load_files(inrand)); - } + BIO_printf(bio_err, "%ld semi-random bytes loaded\n", + app_RAND_load_files(inrand)); + } ret = 2; if (!(operation & SMIME_SIGNERS)) flags &= ~CMS_DETACHED; - if (operation & SMIME_OP) - { + if (operation & SMIME_OP) { if (outformat == FORMAT_ASN1) outmode = "wb"; - } - else - { + } else { if (flags & CMS_BINARY) outmode = "wb"; - } + } - if (operation & SMIME_IP) - { + if (operation & SMIME_IP) { if (informat == FORMAT_ASN1) inmode = "rb"; - } - else - { + } else { if (flags & CMS_BINARY) inmode = "rb"; - } + } - if (operation == SMIME_ENCRYPT) - { - if (!cipher) - { -#ifndef OPENSSL_NO_DES + if (operation == SMIME_ENCRYPT) { + if (!cipher) { +#ifndef OPENSSL_NO_DES cipher = EVP_des_ede3_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); goto end; #endif - } + } - if (secret_key && !secret_keyid) - { + if (secret_key && !secret_keyid) { BIO_printf(bio_err, "No secret key id\n"); goto end; - } + } if (*args) encerts = sk_X509_new_null(); - while (*args) - { - if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, - NULL, e, "recipient certificate file"))) + while (*args) { + if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, + NULL, e, "recipient certificate file"))) goto end; sk_X509_push(encerts, cert); cert = NULL; args++; - } } + } - if (certfile) - { - if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, - e, "certificate file"))) - { + if (certfile) { + if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, + e, "certificate file"))) { ERR_print_errors(bio_err); goto end; - } } + } - if (recipfile && (operation == SMIME_DECRYPT)) - { - if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, - e, "recipient certificate file"))) - { + if (recipfile && (operation == SMIME_DECRYPT)) { + if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, + e, "recipient certificate file"))) { ERR_print_errors(bio_err); goto end; - } } + } - if (operation == SMIME_SIGN_RECEIPT) - { - if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL, - e, "receipt signer certificate file"))) - { + if (operation == SMIME_SIGN_RECEIPT) { + if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, + e, "receipt signer certificate file"))) { ERR_print_errors(bio_err); goto end; - } } + } - if (operation == SMIME_DECRYPT) - { + if (operation == SMIME_DECRYPT) { if (!keyfile) keyfile = recipfile; - } - else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) - { + } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) { if (!keyfile) keyfile = signerfile; - } - else keyfile = NULL; + } else + keyfile = NULL; - if (keyfile) - { + if (keyfile) { key = load_key(bio_err, keyfile, keyform, 0, passin, e, - "signing key file"); + "signing key file"); if (!key) goto end; - } + } - if (infile) - { - if (!(in = BIO_new_file(infile, inmode))) - { + if (infile) { + if (!(in = BIO_new_file(infile, inmode))) { BIO_printf (bio_err, - "Can't open input file %s\n", infile); + "Can't open input file %s\n", infile); goto end; - } } - else + } else in = BIO_new_fp(stdin, BIO_NOCLOSE); - if (operation & SMIME_IP) - { - if (informat == FORMAT_SMIME) + if (operation & SMIME_IP) { + if (informat == FORMAT_SMIME) cms = SMIME_read_CMS(in, &indata); - else if (informat == FORMAT_PEM) + else if (informat == FORMAT_PEM) cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); - else if (informat == FORMAT_ASN1) + else if (informat == FORMAT_ASN1) cms = d2i_CMS_bio(in, NULL); - else - { + else { BIO_printf(bio_err, "Bad input format for CMS file\n"); goto end; - } + } - if (!cms) - { + if (!cms) { BIO_printf(bio_err, "Error reading S/MIME message\n"); goto end; - } - if (contfile) - { + } + if (contfile) { BIO_free(indata); - if (!(indata = BIO_new_file(contfile, "rb"))) - { + if (!(indata = BIO_new_file(contfile, "rb"))) { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; - } } - if (certsoutfile) - { + } + if (certsoutfile) { STACK_OF(X509) *allcerts; allcerts = CMS_get1_certs(cms); - if (!save_certs(certsoutfile, allcerts)) - { + if (!save_certs(certsoutfile, allcerts)) { BIO_printf(bio_err, - "Error writing certs to %s\n", - certsoutfile); + "Error writing certs to %s\n", + certsoutfile); ret = 5; goto end; - } - sk_X509_pop_free(allcerts, X509_free); } + sk_X509_pop_free(allcerts, X509_free); } + } - if (rctfile) - { + if (rctfile) { char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; - if (!(rctin = BIO_new_file(rctfile, rctmode))) - { + if (!(rctin = BIO_new_file(rctfile, rctmode))) { BIO_printf (bio_err, - "Can't open receipt file %s\n", rctfile); + "Can't open receipt file %s\n", rctfile); goto end; - } - - if (rctformat == FORMAT_SMIME) + } + + if (rctformat == FORMAT_SMIME) rcms = SMIME_read_CMS(rctin, NULL); - else if (rctformat == FORMAT_PEM) + else if (rctformat == FORMAT_PEM) rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); - else if (rctformat == FORMAT_ASN1) + else if (rctformat == FORMAT_ASN1) rcms = d2i_CMS_bio(rctin, NULL); - else - { + else { BIO_printf(bio_err, "Bad input format for receipt\n"); goto end; - } + } - if (!rcms) - { + if (!rcms) { BIO_printf(bio_err, "Error reading receipt\n"); goto end; - } } + } - if (outfile) - { - if (!(out = BIO_new_file(outfile, outmode))) - { + if (outfile) { + if (!(out = BIO_new_file(outfile, outmode))) { BIO_printf (bio_err, - "Can't open output file %s\n", outfile); + "Can't open output file %s\n", outfile); goto end; - } } - else - { + } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); - } + } - if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) - { + if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) { if (!(store = setup_verify(bio_err, CAfile, CApath))) goto end; X509_STORE_set_verify_cb(store, cms_cb); if (vpm) X509_STORE_set1_param(store, vpm); - } + } ret = 3; - if (operation == SMIME_DATA_CREATE) - { + if (operation == SMIME_DATA_CREATE) { cms = CMS_data_create(in, flags); - } - else if (operation == SMIME_DIGEST_CREATE) - { + } else if (operation == SMIME_DIGEST_CREATE) { cms = CMS_digest_create(in, sign_md, flags); - } - else if (operation == SMIME_COMPRESS) - { + } else if (operation == SMIME_COMPRESS) { cms = CMS_compress(in, -1, flags); - } - else if (operation == SMIME_ENCRYPT) - { + } else if (operation == SMIME_ENCRYPT) { flags |= CMS_PARTIAL; cms = CMS_encrypt(encerts, in, cipher, flags); if (!cms) goto end; - if (secret_key) - { - if (!CMS_add0_recipient_key(cms, NID_undef, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen, - NULL, NULL, NULL)) + if (secret_key) { + if (!CMS_add0_recipient_key(cms, NID_undef, + secret_key, secret_keylen, + secret_keyid, secret_keyidlen, + NULL, NULL, NULL)) goto end; /* NULL these because call absorbs them */ secret_key = NULL; secret_keyid = NULL; - } - if (pwri_pass) - { + } + if (pwri_pass) { pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass); if (!pwri_tmp) goto end; if (!CMS_add0_recipient_password(cms, - -1, NID_undef, NID_undef, - pwri_tmp, -1, NULL)) + -1, NID_undef, NID_undef, + pwri_tmp, -1, NULL)) goto end; pwri_tmp = NULL; - } - if (!(flags & CMS_STREAM)) - { + } + if (!(flags & CMS_STREAM)) { if (!CMS_final(cms, in, NULL, flags)) goto end; - } } - else if (operation == SMIME_ENCRYPTED_ENCRYPT) - { + } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { cms = CMS_EncryptedData_encrypt(in, cipher, - secret_key, secret_keylen, - flags); + secret_key, secret_keylen, + flags); - } - else if (operation == SMIME_SIGN_RECEIPT) - { + } else if (operation == SMIME_SIGN_RECEIPT) { CMS_ContentInfo *srcms = NULL; STACK_OF(CMS_SignerInfo) *sis; CMS_SignerInfo *si; @@ -959,21 +834,17 @@ int MAIN(int argc, char **argv) goto end; CMS_ContentInfo_free(cms); cms = srcms; - } - else if (operation & SMIME_SIGNERS) - { + } else if (operation & SMIME_SIGNERS) { int i; /* If detached data content we enable streaming if * S/MIME output format. */ - if (operation == SMIME_SIGN) - { - - if (flags & CMS_DETACHED) - { + if (operation == SMIME_SIGN) { + + if (flags & CMS_DETACHED) { if (outformat == FORMAT_SMIME) flags |= CMS_STREAM; - } + } flags |= CMS_PARTIAL; cms = CMS_sign(NULL, NULL, other, in, flags); if (!cms) @@ -981,31 +852,27 @@ int MAIN(int argc, char **argv) if (econtent_type) CMS_set1_eContentType(cms, econtent_type); - if (rr_to) - { + if (rr_to) { rr = make_receipt_request(rr_to, rr_allorfirst, - rr_from); - if (!rr) - { + rr_from); + if (!rr) { BIO_puts(bio_err, - "Signed Receipt Request Creation Error\n"); + "Signed Receipt Request Creation Error\n"); goto end; - } } } - else + } else flags |= CMS_REUSE_DIGEST; - for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) - { + for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { CMS_SignerInfo *si; signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, - e, "signer certificate"); + signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, + e, "signer certificate"); if (!signer) goto end; key = load_key(bio_err, keyfile, keyform, 0, passin, e, - "signing key file"); + "signing key file"); if (!key) goto end; si = CMS_add1_signer(cms, signer, key, sign_md, flags); @@ -1017,139 +884,107 @@ int MAIN(int argc, char **argv) signer = NULL; EVP_PKEY_free(key); key = NULL; - } + } /* If not streaming or resigning finalize structure */ - if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) - { + if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) { if (!CMS_final(cms, in, NULL, flags)) goto end; - } } + } - if (!cms) - { + if (!cms) { BIO_printf(bio_err, "Error creating CMS structure\n"); goto end; - } + } ret = 4; - if (operation == SMIME_DECRYPT) - { + if (operation == SMIME_DECRYPT) { if (flags & CMS_DEBUG_DECRYPT) CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); - if (secret_key) - { + if (secret_key) { if (!CMS_decrypt_set1_key(cms, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen)) - { + secret_key, secret_keylen, + secret_keyid, secret_keyidlen)) { BIO_puts(bio_err, - "Error decrypting CMS using secret key\n"); + "Error decrypting CMS using secret key\n"); goto end; - } } + } - if (key) - { - if (!CMS_decrypt_set1_pkey(cms, key, recip)) - { + if (key) { + if (!CMS_decrypt_set1_pkey(cms, key, recip)) { BIO_puts(bio_err, - "Error decrypting CMS using private key\n"); + "Error decrypting CMS using private key\n"); goto end; - } } + } - if (pwri_pass) - { - if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) - { + if (pwri_pass) { + if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { BIO_puts(bio_err, - "Error decrypting CMS using password\n"); + "Error decrypting CMS using password\n"); goto end; - } } + } - if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) - { + if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) { BIO_printf(bio_err, "Error decrypting CMS structure\n"); goto end; - } } - else if (operation == SMIME_DATAOUT) - { + } else if (operation == SMIME_DATAOUT) { if (!CMS_data(cms, out, flags)) goto end; - } - else if (operation == SMIME_UNCOMPRESS) - { + } else if (operation == SMIME_UNCOMPRESS) { if (!CMS_uncompress(cms, indata, out, flags)) goto end; - } - else if (operation == SMIME_DIGEST_VERIFY) - { + } else if (operation == SMIME_DIGEST_VERIFY) { if (CMS_digest_verify(cms, indata, out, flags) > 0) BIO_printf(bio_err, "Verification successful\n"); - else - { + else { BIO_printf(bio_err, "Verification failure\n"); goto end; - } } - else if (operation == SMIME_ENCRYPTED_DECRYPT) - { + } else if (operation == SMIME_ENCRYPTED_DECRYPT) { if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, - indata, out, flags)) + indata, out, flags)) goto end; - } - else if (operation == SMIME_VERIFY) - { + } else if (operation == SMIME_VERIFY) { if (CMS_verify(cms, other, store, indata, out, flags) > 0) BIO_printf(bio_err, "Verification successful\n"); - else - { + else { BIO_printf(bio_err, "Verification failure\n"); if (verify_retcode) ret = verify_err + 32; goto end; - } - if (signerfile) - { + } + if (signerfile) { STACK_OF(X509) *signers; signers = CMS_get0_signers(cms); - if (!save_certs(signerfile, signers)) - { + if (!save_certs(signerfile, signers)) { BIO_printf(bio_err, - "Error writing signers to %s\n", - signerfile); + "Error writing signers to %s\n", + signerfile); ret = 5; goto end; - } - sk_X509_free(signers); } + sk_X509_free(signers); + } if (rr_print) receipt_request_print(bio_err, cms); - - } - else if (operation == SMIME_VERIFY_RECEIPT) - { + + } else if (operation == SMIME_VERIFY_RECEIPT) { if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) BIO_printf(bio_err, "Verification successful\n"); - else - { + else { BIO_printf(bio_err, "Verification failure\n"); goto end; - } } - else - { - if (noout) - { + } else { + if (noout) { if (print) CMS_ContentInfo_print_ctx(out, cms, 0, NULL); - } - else if (outformat == FORMAT_SMIME) - { + } else if (outformat == FORMAT_SMIME) { if (to) BIO_printf(out, "To: %s\n", to); if (from) @@ -1160,22 +995,19 @@ int MAIN(int argc, char **argv) ret = SMIME_write_CMS(out, cms, indata, flags); else ret = SMIME_write_CMS(out, cms, in, flags); - } - else if (outformat == FORMAT_PEM) + } else if (outformat == FORMAT_PEM) ret = PEM_write_bio_CMS_stream(out, cms, in, flags); - else if (outformat == FORMAT_ASN1) - ret = i2d_CMS_bio_stream(out,cms, in, flags); - else - { + else if (outformat == FORMAT_ASN1) + ret = i2d_CMS_bio_stream(out, cms, in, flags); + else { BIO_printf(bio_err, "Bad output format for CMS file\n"); goto end; - } - if (ret <= 0) - { + } + if (ret <= 0) { ret = 6; goto end; - } } + } ret = 0; end: if (ret) @@ -1215,66 +1047,69 @@ end: BIO_free(in); BIO_free(indata); BIO_free_all(out); - if (passin) OPENSSL_free(passin); + if (passin) + OPENSSL_free(passin); return (ret); } -static int save_certs(char *signerfile, STACK_OF(X509) *signers) - { +static int +save_certs(char *signerfile, STACK_OF(X509) *signers) +{ int i; BIO *tmp; if (!signerfile) return 1; tmp = BIO_new_file(signerfile, "w"); - if (!tmp) return 0; - for(i = 0; i < sk_X509_num(signers); i++) + if (!tmp) + return 0; + for (i = 0; i < sk_X509_num(signers); i++) PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); BIO_free(tmp); return 1; - } - +} + /* Minimal callback just to output policy info (if any) */ -static int cms_cb(int ok, X509_STORE_CTX *ctx) - { +static int +cms_cb(int ok, X509_STORE_CTX *ctx) +{ int error; error = X509_STORE_CTX_get_error(ctx); verify_err = error; - if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) - && ((error != X509_V_OK) || (ok != 2))) + if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) && + ((error != X509_V_OK) || (ok != 2))) return ok; policies_print(NULL, ctx); return ok; +} - } - -static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) - { +static void +gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) +{ STACK_OF(GENERAL_NAME) *gens; GENERAL_NAME *gen; int i, j; - for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) - { + for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) { gens = sk_GENERAL_NAMES_value(gns, i); - for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) - { + for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { gen = sk_GENERAL_NAME_value(gens, j); BIO_puts(out, " "); GENERAL_NAME_print(out, gen); BIO_puts(out, "\n"); - } } - return; } + return; +} -static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) - { +static void +receipt_request_print(BIO *out, CMS_ContentInfo *cms) +{ STACK_OF(CMS_SignerInfo) *sis; CMS_SignerInfo *si; CMS_ReceiptRequest *rr; @@ -1283,35 +1118,29 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) ASN1_STRING *scid; int i, rv; sis = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) - { + for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) { si = sk_CMS_SignerInfo_value(sis, i); rv = CMS_get1_ReceiptRequest(si, &rr); BIO_printf(bio_err, "Signer %d:\n", i + 1); if (rv == 0) BIO_puts(bio_err, " No Receipt Request\n"); - else if (rv < 0) - { + else if (rv < 0) { BIO_puts(bio_err, " Receipt Request Parse Error\n"); ERR_print_errors(bio_err); - } - else - { + } else { char *id; int idlen; CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, - &rlist, &rto); + &rlist, &rto); BIO_puts(out, " Signed Content ID:\n"); idlen = ASN1_STRING_length(scid); id = (char *)ASN1_STRING_data(scid); BIO_dump_indent(out, id, idlen, 4); BIO_puts(out, " Receipts From"); - if (rlist) - { + if (rlist) { BIO_puts(out, " List:\n"); gnames_stack_print(out, rlist); - } - else if (allorfirst == 1) + } else if (allorfirst == 1) BIO_puts(out, ": First Tier\n"); else if (allorfirst == 0) BIO_puts(out, ": All\n"); @@ -1319,14 +1148,15 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) BIO_printf(out, " Unknown (%d)\n", allorfirst); BIO_puts(out, " Receipts To:\n"); gnames_stack_print(out, rto); - } + } if (rr) CMS_ReceiptRequest_free(rr); - } } +} -static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) - { +static +STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) +{ int i; STACK_OF(GENERAL_NAMES) *ret; GENERAL_NAMES *gens = NULL; @@ -1334,8 +1164,7 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) ret = sk_GENERAL_NAMES_new_null(); if (!ret) goto err; - for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) - { + for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) { char *str = sk_OPENSSL_STRING_value(ns, i); gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); if (!gen) @@ -1349,11 +1178,11 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) if (!sk_GENERAL_NAMES_push(ret, gens)) goto err; gens = NULL; - } + } return ret; - err: +err: if (ret) sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); if (gens) @@ -1361,31 +1190,30 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) if (gen) GENERAL_NAME_free(gen); return NULL; - } +} -static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, - int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from) - { +static CMS_ReceiptRequest * +make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, + STACK_OF(OPENSSL_STRING) *rr_from) +{ STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; CMS_ReceiptRequest *rr; rct_to = make_names_stack(rr_to); if (!rct_to) goto err; - if (rr_from) - { + if (rr_from) { rct_from = make_names_stack(rr_from); if (!rct_from) goto err; - } - else + } else rct_from = NULL; rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, - rct_to); + rct_to); return rr; - err: + +err: return NULL; - } +} #endif |