cms.c 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362
  1. /* apps/cms.c */
  2. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  3. * project.
  4. */
  5. /* ====================================================================
  6. * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. All advertising materials mentioning features or use of this
  21. * software must display the following acknowledgment:
  22. * "This product includes software developed by the OpenSSL Project
  23. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. *
  25. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. * endorse or promote products derived from this software without
  27. * prior written permission. For written permission, please contact
  28. * licensing@OpenSSL.org.
  29. *
  30. * 5. Products derived from this software may not be called "OpenSSL"
  31. * nor may "OpenSSL" appear in their names without prior written
  32. * permission of the OpenSSL Project.
  33. *
  34. * 6. Redistributions of any form whatsoever must retain the following
  35. * acknowledgment:
  36. * "This product includes software developed by the OpenSSL Project
  37. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. *
  39. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. * OF THE POSSIBILITY OF SUCH DAMAGE.
  51. * ====================================================================
  52. */
  53. /* CMS utility function */
  54. #include <stdio.h>
  55. #include <string.h>
  56. #include "apps.h"
  57. #ifndef OPENSSL_NO_CMS
  58. #include <openssl/crypto.h>
  59. #include <openssl/pem.h>
  60. #include <openssl/err.h>
  61. #include <openssl/x509_vfy.h>
  62. #include <openssl/x509v3.h>
  63. #include <openssl/cms.h>
  64. #undef PROG
  65. #define PROG cms_main
  66. static int save_certs(char *signerfile, STACK_OF(X509) *signers);
  67. static int cms_cb(int ok, X509_STORE_CTX *ctx);
  68. static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
  69. static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
  70. int rr_allorfirst,
  71. STACK_OF(OPENSSL_STRING) *rr_from);
  72. #define SMIME_OP 0x10
  73. #define SMIME_IP 0x20
  74. #define SMIME_SIGNERS 0x40
  75. #define SMIME_ENCRYPT (1 | SMIME_OP)
  76. #define SMIME_DECRYPT (2 | SMIME_IP)
  77. #define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
  78. #define SMIME_VERIFY (4 | SMIME_IP)
  79. #define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
  80. #define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
  81. #define SMIME_DATAOUT (7 | SMIME_IP)
  82. #define SMIME_DATA_CREATE (8 | SMIME_OP)
  83. #define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
  84. #define SMIME_DIGEST_CREATE (10 | SMIME_OP)
  85. #define SMIME_UNCOMPRESS (11 | SMIME_IP)
  86. #define SMIME_COMPRESS (12 | SMIME_OP)
  87. #define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
  88. #define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
  89. #define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
  90. #define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
  91. int verify_err = 0;
  92. int MAIN(int, char **);
  93. int MAIN(int argc, char **argv)
  94. {
  95. ENGINE *e = NULL;
  96. int operation = 0;
  97. int ret = 0;
  98. char **args;
  99. const char *inmode = "r", *outmode = "w";
  100. char *infile = NULL, *outfile = NULL, *rctfile = NULL;
  101. char *signerfile = NULL, *recipfile = NULL;
  102. STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
  103. char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
  104. char *certsoutfile = NULL;
  105. const EVP_CIPHER *cipher = NULL;
  106. CMS_ContentInfo *cms = NULL, *rcms = NULL;
  107. X509_STORE *store = NULL;
  108. X509 *cert = NULL, *recip = NULL, *signer = NULL;
  109. EVP_PKEY *key = NULL;
  110. STACK_OF(X509) *encerts = NULL, *other = NULL;
  111. BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
  112. int badarg = 0;
  113. int flags = CMS_DETACHED, noout = 0, print = 0;
  114. int verify_retcode = 0;
  115. int rr_print = 0, rr_allorfirst = -1;
  116. STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
  117. CMS_ReceiptRequest *rr = NULL;
  118. char *to = NULL, *from = NULL, *subject = NULL;
  119. char *CAfile = NULL, *CApath = NULL;
  120. char *passargin = NULL, *passin = NULL;
  121. char *inrand = NULL;
  122. int need_rand = 0;
  123. const EVP_MD *sign_md = NULL;
  124. int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
  125. int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
  126. #ifndef OPENSSL_NO_ENGINE
  127. char *engine=NULL;
  128. #endif
  129. unsigned char *secret_key = NULL, *secret_keyid = NULL;
  130. size_t secret_keylen = 0, secret_keyidlen = 0;
  131. ASN1_OBJECT *econtent_type = NULL;
  132. X509_VERIFY_PARAM *vpm = NULL;
  133. args = argv + 1;
  134. ret = 1;
  135. apps_startup();
  136. if (bio_err == NULL)
  137. {
  138. if ((bio_err = BIO_new(BIO_s_file())) != NULL)
  139. BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
  140. }
  141. if (!load_config(bio_err, NULL))
  142. goto end;
  143. while (!badarg && *args && *args[0] == '-')
  144. {
  145. if (!strcmp (*args, "-encrypt"))
  146. operation = SMIME_ENCRYPT;
  147. else if (!strcmp (*args, "-decrypt"))
  148. operation = SMIME_DECRYPT;
  149. else if (!strcmp (*args, "-sign"))
  150. operation = SMIME_SIGN;
  151. else if (!strcmp (*args, "-sign_receipt"))
  152. operation = SMIME_SIGN_RECEIPT;
  153. else if (!strcmp (*args, "-resign"))
  154. operation = SMIME_RESIGN;
  155. else if (!strcmp (*args, "-verify"))
  156. operation = SMIME_VERIFY;
  157. else if (!strcmp (*args, "-verify_retcode"))
  158. verify_retcode = 1;
  159. else if (!strcmp(*args,"-verify_receipt"))
  160. {
  161. operation = SMIME_VERIFY_RECEIPT;
  162. if (!args[1])
  163. goto argerr;
  164. args++;
  165. rctfile = *args;
  166. }
  167. else if (!strcmp (*args, "-cmsout"))
  168. operation = SMIME_CMSOUT;
  169. else if (!strcmp (*args, "-data_out"))
  170. operation = SMIME_DATAOUT;
  171. else if (!strcmp (*args, "-data_create"))
  172. operation = SMIME_DATA_CREATE;
  173. else if (!strcmp (*args, "-digest_verify"))
  174. operation = SMIME_DIGEST_VERIFY;
  175. else if (!strcmp (*args, "-digest_create"))
  176. operation = SMIME_DIGEST_CREATE;
  177. else if (!strcmp (*args, "-compress"))
  178. operation = SMIME_COMPRESS;
  179. else if (!strcmp (*args, "-uncompress"))
  180. operation = SMIME_UNCOMPRESS;
  181. else if (!strcmp (*args, "-EncryptedData_decrypt"))
  182. operation = SMIME_ENCRYPTED_DECRYPT;
  183. else if (!strcmp (*args, "-EncryptedData_encrypt"))
  184. operation = SMIME_ENCRYPTED_ENCRYPT;
  185. #ifndef OPENSSL_NO_DES
  186. else if (!strcmp (*args, "-des3"))
  187. cipher = EVP_des_ede3_cbc();
  188. else if (!strcmp (*args, "-des"))
  189. cipher = EVP_des_cbc();
  190. #endif
  191. #ifndef OPENSSL_NO_SEED
  192. else if (!strcmp (*args, "-seed"))
  193. cipher = EVP_seed_cbc();
  194. #endif
  195. #ifndef OPENSSL_NO_RC2
  196. else if (!strcmp (*args, "-rc2-40"))
  197. cipher = EVP_rc2_40_cbc();
  198. else if (!strcmp (*args, "-rc2-128"))
  199. cipher = EVP_rc2_cbc();
  200. else if (!strcmp (*args, "-rc2-64"))
  201. cipher = EVP_rc2_64_cbc();
  202. #endif
  203. #ifndef OPENSSL_NO_AES
  204. else if (!strcmp(*args,"-aes128"))
  205. cipher = EVP_aes_128_cbc();
  206. else if (!strcmp(*args,"-aes192"))
  207. cipher = EVP_aes_192_cbc();
  208. else if (!strcmp(*args,"-aes256"))
  209. cipher = EVP_aes_256_cbc();
  210. #endif
  211. #ifndef OPENSSL_NO_CAMELLIA
  212. else if (!strcmp(*args,"-camellia128"))
  213. cipher = EVP_camellia_128_cbc();
  214. else if (!strcmp(*args,"-camellia192"))
  215. cipher = EVP_camellia_192_cbc();
  216. else if (!strcmp(*args,"-camellia256"))
  217. cipher = EVP_camellia_256_cbc();
  218. #endif
  219. else if (!strcmp (*args, "-text"))
  220. flags |= CMS_TEXT;
  221. else if (!strcmp (*args, "-nointern"))
  222. flags |= CMS_NOINTERN;
  223. else if (!strcmp (*args, "-noverify")
  224. || !strcmp (*args, "-no_signer_cert_verify"))
  225. flags |= CMS_NO_SIGNER_CERT_VERIFY;
  226. else if (!strcmp (*args, "-nocerts"))
  227. flags |= CMS_NOCERTS;
  228. else if (!strcmp (*args, "-noattr"))
  229. flags |= CMS_NOATTR;
  230. else if (!strcmp (*args, "-nodetach"))
  231. flags &= ~CMS_DETACHED;
  232. else if (!strcmp (*args, "-nosmimecap"))
  233. flags |= CMS_NOSMIMECAP;
  234. else if (!strcmp (*args, "-binary"))
  235. flags |= CMS_BINARY;
  236. else if (!strcmp (*args, "-keyid"))
  237. flags |= CMS_USE_KEYID;
  238. else if (!strcmp (*args, "-nosigs"))
  239. flags |= CMS_NOSIGS;
  240. else if (!strcmp (*args, "-no_content_verify"))
  241. flags |= CMS_NO_CONTENT_VERIFY;
  242. else if (!strcmp (*args, "-no_attr_verify"))
  243. flags |= CMS_NO_ATTR_VERIFY;
  244. else if (!strcmp (*args, "-stream"))
  245. flags |= CMS_STREAM;
  246. else if (!strcmp (*args, "-indef"))
  247. flags |= CMS_STREAM;
  248. else if (!strcmp (*args, "-noindef"))
  249. flags &= ~CMS_STREAM;
  250. else if (!strcmp (*args, "-nooldmime"))
  251. flags |= CMS_NOOLDMIMETYPE;
  252. else if (!strcmp (*args, "-crlfeol"))
  253. flags |= CMS_CRLFEOL;
  254. else if (!strcmp (*args, "-noout"))
  255. noout = 1;
  256. else if (!strcmp (*args, "-receipt_request_print"))
  257. rr_print = 1;
  258. else if (!strcmp (*args, "-receipt_request_all"))
  259. rr_allorfirst = 0;
  260. else if (!strcmp (*args, "-receipt_request_first"))
  261. rr_allorfirst = 1;
  262. else if (!strcmp(*args,"-receipt_request_from"))
  263. {
  264. if (!args[1])
  265. goto argerr;
  266. args++;
  267. if (!rr_from)
  268. rr_from = sk_OPENSSL_STRING_new_null();
  269. sk_OPENSSL_STRING_push(rr_from, *args);
  270. }
  271. else if (!strcmp(*args,"-receipt_request_to"))
  272. {
  273. if (!args[1])
  274. goto argerr;
  275. args++;
  276. if (!rr_to)
  277. rr_to = sk_OPENSSL_STRING_new_null();
  278. sk_OPENSSL_STRING_push(rr_to, *args);
  279. }
  280. else if (!strcmp (*args, "-print"))
  281. {
  282. noout = 1;
  283. print = 1;
  284. }
  285. else if (!strcmp(*args,"-secretkey"))
  286. {
  287. long ltmp;
  288. if (!args[1])
  289. goto argerr;
  290. args++;
  291. secret_key = string_to_hex(*args, &ltmp);
  292. if (!secret_key)
  293. {
  294. BIO_printf(bio_err, "Invalid key %s\n", *args);
  295. goto argerr;
  296. }
  297. secret_keylen = (size_t)ltmp;
  298. }
  299. else if (!strcmp(*args,"-secretkeyid"))
  300. {
  301. long ltmp;
  302. if (!args[1])
  303. goto argerr;
  304. args++;
  305. secret_keyid = string_to_hex(*args, &ltmp);
  306. if (!secret_keyid)
  307. {
  308. BIO_printf(bio_err, "Invalid id %s\n", *args);
  309. goto argerr;
  310. }
  311. secret_keyidlen = (size_t)ltmp;
  312. }
  313. else if (!strcmp(*args,"-econtent_type"))
  314. {
  315. if (!args[1])
  316. goto argerr;
  317. args++;
  318. econtent_type = OBJ_txt2obj(*args, 0);
  319. if (!econtent_type)
  320. {
  321. BIO_printf(bio_err, "Invalid OID %s\n", *args);
  322. goto argerr;
  323. }
  324. }
  325. else if (!strcmp(*args,"-rand"))
  326. {
  327. if (!args[1])
  328. goto argerr;
  329. args++;
  330. inrand = *args;
  331. need_rand = 1;
  332. }
  333. #ifndef OPENSSL_NO_ENGINE
  334. else if (!strcmp(*args,"-engine"))
  335. {
  336. if (!args[1])
  337. goto argerr;
  338. engine = *++args;
  339. }
  340. #endif
  341. else if (!strcmp(*args,"-passin"))
  342. {
  343. if (!args[1])
  344. goto argerr;
  345. passargin = *++args;
  346. }
  347. else if (!strcmp (*args, "-to"))
  348. {
  349. if (!args[1])
  350. goto argerr;
  351. to = *++args;
  352. }
  353. else if (!strcmp (*args, "-from"))
  354. {
  355. if (!args[1])
  356. goto argerr;
  357. from = *++args;
  358. }
  359. else if (!strcmp (*args, "-subject"))
  360. {
  361. if (!args[1])
  362. goto argerr;
  363. subject = *++args;
  364. }
  365. else if (!strcmp (*args, "-signer"))
  366. {
  367. if (!args[1])
  368. goto argerr;
  369. /* If previous -signer argument add signer to list */
  370. if (signerfile)
  371. {
  372. if (!sksigners)
  373. sksigners = sk_OPENSSL_STRING_new_null();
  374. sk_OPENSSL_STRING_push(sksigners, signerfile);
  375. if (!keyfile)
  376. keyfile = signerfile;
  377. if (!skkeys)
  378. skkeys = sk_OPENSSL_STRING_new_null();
  379. sk_OPENSSL_STRING_push(skkeys, keyfile);
  380. keyfile = NULL;
  381. }
  382. signerfile = *++args;
  383. }
  384. else if (!strcmp (*args, "-recip"))
  385. {
  386. if (!args[1])
  387. goto argerr;
  388. recipfile = *++args;
  389. }
  390. else if (!strcmp (*args, "-certsout"))
  391. {
  392. if (!args[1])
  393. goto argerr;
  394. certsoutfile = *++args;
  395. }
  396. else if (!strcmp (*args, "-md"))
  397. {
  398. if (!args[1])
  399. goto argerr;
  400. sign_md = EVP_get_digestbyname(*++args);
  401. if (sign_md == NULL)
  402. {
  403. BIO_printf(bio_err, "Unknown digest %s\n",
  404. *args);
  405. goto argerr;
  406. }
  407. }
  408. else if (!strcmp (*args, "-inkey"))
  409. {
  410. if (!args[1])
  411. goto argerr;
  412. /* If previous -inkey arument add signer to list */
  413. if (keyfile)
  414. {
  415. if (!signerfile)
  416. {
  417. BIO_puts(bio_err, "Illegal -inkey without -signer\n");
  418. goto argerr;
  419. }
  420. if (!sksigners)
  421. sksigners = sk_OPENSSL_STRING_new_null();
  422. sk_OPENSSL_STRING_push(sksigners, signerfile);
  423. signerfile = NULL;
  424. if (!skkeys)
  425. skkeys = sk_OPENSSL_STRING_new_null();
  426. sk_OPENSSL_STRING_push(skkeys, keyfile);
  427. }
  428. keyfile = *++args;
  429. }
  430. else if (!strcmp (*args, "-keyform"))
  431. {
  432. if (!args[1])
  433. goto argerr;
  434. keyform = str2fmt(*++args);
  435. }
  436. else if (!strcmp (*args, "-rctform"))
  437. {
  438. if (!args[1])
  439. goto argerr;
  440. rctformat = str2fmt(*++args);
  441. }
  442. else if (!strcmp (*args, "-certfile"))
  443. {
  444. if (!args[1])
  445. goto argerr;
  446. certfile = *++args;
  447. }
  448. else if (!strcmp (*args, "-CAfile"))
  449. {
  450. if (!args[1])
  451. goto argerr;
  452. CAfile = *++args;
  453. }
  454. else if (!strcmp (*args, "-CApath"))
  455. {
  456. if (!args[1])
  457. goto argerr;
  458. CApath = *++args;
  459. }
  460. else if (!strcmp (*args, "-in"))
  461. {
  462. if (!args[1])
  463. goto argerr;
  464. infile = *++args;
  465. }
  466. else if (!strcmp (*args, "-inform"))
  467. {
  468. if (!args[1])
  469. goto argerr;
  470. informat = str2fmt(*++args);
  471. }
  472. else if (!strcmp (*args, "-outform"))
  473. {
  474. if (!args[1])
  475. goto argerr;
  476. outformat = str2fmt(*++args);
  477. }
  478. else if (!strcmp (*args, "-out"))
  479. {
  480. if (!args[1])
  481. goto argerr;
  482. outfile = *++args;
  483. }
  484. else if (!strcmp (*args, "-content"))
  485. {
  486. if (!args[1])
  487. goto argerr;
  488. contfile = *++args;
  489. }
  490. else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
  491. continue;
  492. else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
  493. badarg = 1;
  494. args++;
  495. }
  496. if (((rr_allorfirst != -1) || rr_from) && !rr_to)
  497. {
  498. BIO_puts(bio_err, "No Signed Receipts Recipients\n");
  499. goto argerr;
  500. }
  501. if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from))
  502. {
  503. BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
  504. goto argerr;
  505. }
  506. if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
  507. {
  508. BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
  509. goto argerr;
  510. }
  511. if (operation & SMIME_SIGNERS)
  512. {
  513. if (keyfile && !signerfile)
  514. {
  515. BIO_puts(bio_err, "Illegal -inkey without -signer\n");
  516. goto argerr;
  517. }
  518. /* Check to see if any final signer needs to be appended */
  519. if (signerfile)
  520. {
  521. if (!sksigners)
  522. sksigners = sk_OPENSSL_STRING_new_null();
  523. sk_OPENSSL_STRING_push(sksigners, signerfile);
  524. if (!skkeys)
  525. skkeys = sk_OPENSSL_STRING_new_null();
  526. if (!keyfile)
  527. keyfile = signerfile;
  528. sk_OPENSSL_STRING_push(skkeys, keyfile);
  529. }
  530. if (!sksigners)
  531. {
  532. BIO_printf(bio_err, "No signer certificate specified\n");
  533. badarg = 1;
  534. }
  535. signerfile = NULL;
  536. keyfile = NULL;
  537. need_rand = 1;
  538. }
  539. else if (operation == SMIME_DECRYPT)
  540. {
  541. if (!recipfile && !keyfile && !secret_key)
  542. {
  543. BIO_printf(bio_err, "No recipient certificate or key specified\n");
  544. badarg = 1;
  545. }
  546. }
  547. else if (operation == SMIME_ENCRYPT)
  548. {
  549. if (!*args && !secret_key)
  550. {
  551. BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
  552. badarg = 1;
  553. }
  554. need_rand = 1;
  555. }
  556. else if (!operation)
  557. badarg = 1;
  558. if (badarg)
  559. {
  560. argerr:
  561. BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
  562. BIO_printf (bio_err, "where options are\n");
  563. BIO_printf (bio_err, "-encrypt encrypt message\n");
  564. BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
  565. BIO_printf (bio_err, "-sign sign message\n");
  566. BIO_printf (bio_err, "-verify verify signed message\n");
  567. BIO_printf (bio_err, "-cmsout output CMS structure\n");
  568. #ifndef OPENSSL_NO_DES
  569. BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
  570. BIO_printf (bio_err, "-des encrypt with DES\n");
  571. #endif
  572. #ifndef OPENSSL_NO_SEED
  573. BIO_printf (bio_err, "-seed encrypt with SEED\n");
  574. #endif
  575. #ifndef OPENSSL_NO_RC2
  576. BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
  577. BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
  578. BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
  579. #endif
  580. #ifndef OPENSSL_NO_AES
  581. BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
  582. BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
  583. #endif
  584. #ifndef OPENSSL_NO_CAMELLIA
  585. BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
  586. BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
  587. #endif
  588. BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
  589. BIO_printf (bio_err, "-nosigs don't verify message signature\n");
  590. BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
  591. BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
  592. BIO_printf (bio_err, "-nodetach use opaque signing\n");
  593. BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
  594. BIO_printf (bio_err, "-binary don't translate message to text\n");
  595. BIO_printf (bio_err, "-certfile file other certificates file\n");
  596. BIO_printf (bio_err, "-certsout file certificate output file\n");
  597. BIO_printf (bio_err, "-signer file signer certificate file\n");
  598. BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
  599. BIO_printf (bio_err, "-skeyid use subject key identifier\n");
  600. BIO_printf (bio_err, "-in file input file\n");
  601. BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
  602. BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
  603. BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
  604. BIO_printf (bio_err, "-out file output file\n");
  605. BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
  606. BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
  607. BIO_printf (bio_err, "-to addr to address\n");
  608. BIO_printf (bio_err, "-from ad from address\n");
  609. BIO_printf (bio_err, "-subject s subject\n");
  610. BIO_printf (bio_err, "-text include or delete text MIME headers\n");
  611. BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
  612. BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
  613. BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
  614. BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
  615. #ifndef OPENSSL_NO_ENGINE
  616. BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
  617. #endif
  618. BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
  619. BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
  620. BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
  621. BIO_printf(bio_err, " the random number generator\n");
  622. BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
  623. goto end;
  624. }
  625. #ifndef OPENSSL_NO_ENGINE
  626. e = setup_engine(bio_err, engine, 0);
  627. #endif
  628. if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
  629. {
  630. BIO_printf(bio_err, "Error getting password\n");
  631. goto end;
  632. }
  633. if (need_rand)
  634. {
  635. app_RAND_load_file(NULL, bio_err, (inrand != NULL));
  636. if (inrand != NULL)
  637. BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
  638. app_RAND_load_files(inrand));
  639. }
  640. ret = 2;
  641. if (!(operation & SMIME_SIGNERS))
  642. flags &= ~CMS_DETACHED;
  643. if (operation & SMIME_OP)
  644. {
  645. if (outformat == FORMAT_ASN1)
  646. outmode = "wb";
  647. }
  648. else
  649. {
  650. if (flags & CMS_BINARY)
  651. outmode = "wb";
  652. }
  653. if (operation & SMIME_IP)
  654. {
  655. if (informat == FORMAT_ASN1)
  656. inmode = "rb";
  657. }
  658. else
  659. {
  660. if (flags & CMS_BINARY)
  661. inmode = "rb";
  662. }
  663. if (operation == SMIME_ENCRYPT)
  664. {
  665. if (!cipher)
  666. {
  667. #ifndef OPENSSL_NO_DES
  668. cipher = EVP_des_ede3_cbc();
  669. #else
  670. BIO_printf(bio_err, "No cipher selected\n");
  671. goto end;
  672. #endif
  673. }
  674. if (secret_key && !secret_keyid)
  675. {
  676. BIO_printf(bio_err, "No secret key id\n");
  677. goto end;
  678. }
  679. if (*args)
  680. encerts = sk_X509_new_null();
  681. while (*args)
  682. {
  683. if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
  684. NULL, e, "recipient certificate file")))
  685. goto end;
  686. sk_X509_push(encerts, cert);
  687. cert = NULL;
  688. args++;
  689. }
  690. }
  691. if (certfile)
  692. {
  693. if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
  694. e, "certificate file")))
  695. {
  696. ERR_print_errors(bio_err);
  697. goto end;
  698. }
  699. }
  700. if (recipfile && (operation == SMIME_DECRYPT))
  701. {
  702. if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
  703. e, "recipient certificate file")))
  704. {
  705. ERR_print_errors(bio_err);
  706. goto end;
  707. }
  708. }
  709. if (operation == SMIME_SIGN_RECEIPT)
  710. {
  711. if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
  712. e, "receipt signer certificate file")))
  713. {
  714. ERR_print_errors(bio_err);
  715. goto end;
  716. }
  717. }
  718. if (operation == SMIME_DECRYPT)
  719. {
  720. if (!keyfile)
  721. keyfile = recipfile;
  722. }
  723. else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
  724. {
  725. if (!keyfile)
  726. keyfile = signerfile;
  727. }
  728. else keyfile = NULL;
  729. if (keyfile)
  730. {
  731. key = load_key(bio_err, keyfile, keyform, 0, passin, e,
  732. "signing key file");
  733. if (!key)
  734. goto end;
  735. }
  736. if (infile)
  737. {
  738. if (!(in = BIO_new_file(infile, inmode)))
  739. {
  740. BIO_printf (bio_err,
  741. "Can't open input file %s\n", infile);
  742. goto end;
  743. }
  744. }
  745. else
  746. in = BIO_new_fp(stdin, BIO_NOCLOSE);
  747. if (operation & SMIME_IP)
  748. {
  749. if (informat == FORMAT_SMIME)
  750. cms = SMIME_read_CMS(in, &indata);
  751. else if (informat == FORMAT_PEM)
  752. cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
  753. else if (informat == FORMAT_ASN1)
  754. cms = d2i_CMS_bio(in, NULL);
  755. else
  756. {
  757. BIO_printf(bio_err, "Bad input format for CMS file\n");
  758. goto end;
  759. }
  760. if (!cms)
  761. {
  762. BIO_printf(bio_err, "Error reading S/MIME message\n");
  763. goto end;
  764. }
  765. if (contfile)
  766. {
  767. BIO_free(indata);
  768. if (!(indata = BIO_new_file(contfile, "rb")))
  769. {
  770. BIO_printf(bio_err, "Can't read content file %s\n", contfile);
  771. goto end;
  772. }
  773. }
  774. if (certsoutfile)
  775. {
  776. STACK_OF(X509) *allcerts;
  777. allcerts = CMS_get1_certs(cms);
  778. if (!save_certs(certsoutfile, allcerts))
  779. {
  780. BIO_printf(bio_err,
  781. "Error writing certs to %s\n",
  782. certsoutfile);
  783. ret = 5;
  784. goto end;
  785. }
  786. sk_X509_pop_free(allcerts, X509_free);
  787. }
  788. }
  789. if (rctfile)
  790. {
  791. char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
  792. if (!(rctin = BIO_new_file(rctfile, rctmode)))
  793. {
  794. BIO_printf (bio_err,
  795. "Can't open receipt file %s\n", rctfile);
  796. goto end;
  797. }
  798. if (rctformat == FORMAT_SMIME)
  799. rcms = SMIME_read_CMS(rctin, NULL);
  800. else if (rctformat == FORMAT_PEM)
  801. rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
  802. else if (rctformat == FORMAT_ASN1)
  803. rcms = d2i_CMS_bio(rctin, NULL);
  804. else
  805. {
  806. BIO_printf(bio_err, "Bad input format for receipt\n");
  807. goto end;
  808. }
  809. if (!rcms)
  810. {
  811. BIO_printf(bio_err, "Error reading receipt\n");
  812. goto end;
  813. }
  814. }
  815. if (outfile)
  816. {
  817. if (!(out = BIO_new_file(outfile, outmode)))
  818. {
  819. BIO_printf (bio_err,
  820. "Can't open output file %s\n", outfile);
  821. goto end;
  822. }
  823. }
  824. else
  825. {
  826. out = BIO_new_fp(stdout, BIO_NOCLOSE);
  827. #ifdef OPENSSL_SYS_VMS
  828. {
  829. BIO *tmpbio = BIO_new(BIO_f_linebuffer());
  830. out = BIO_push(tmpbio, out);
  831. }
  832. #endif
  833. }
  834. if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
  835. {
  836. if (!(store = setup_verify(bio_err, CAfile, CApath)))
  837. goto end;
  838. X509_STORE_set_verify_cb_func(store, cms_cb);
  839. if (vpm)
  840. X509_STORE_set1_param(store, vpm);
  841. }
  842. ret = 3;
  843. if (operation == SMIME_DATA_CREATE)
  844. {
  845. cms = CMS_data_create(in, flags);
  846. }
  847. else if (operation == SMIME_DIGEST_CREATE)
  848. {
  849. cms = CMS_digest_create(in, sign_md, flags);
  850. }
  851. else if (operation == SMIME_COMPRESS)
  852. {
  853. cms = CMS_compress(in, -1, flags);
  854. }
  855. else if (operation == SMIME_ENCRYPT)
  856. {
  857. flags |= CMS_PARTIAL;
  858. cms = CMS_encrypt(encerts, in, cipher, flags);
  859. if (!cms)
  860. goto end;
  861. if (secret_key)
  862. {
  863. if (!CMS_add0_recipient_key(cms, NID_undef,
  864. secret_key, secret_keylen,
  865. secret_keyid, secret_keyidlen,
  866. NULL, NULL, NULL))
  867. goto end;
  868. /* NULL these because call absorbs them */
  869. secret_key = NULL;
  870. secret_keyid = NULL;
  871. }
  872. if (!(flags & CMS_STREAM))
  873. {
  874. if (!CMS_final(cms, in, NULL, flags))
  875. goto end;
  876. }
  877. }
  878. else if (operation == SMIME_ENCRYPTED_ENCRYPT)
  879. {
  880. cms = CMS_EncryptedData_encrypt(in, cipher,
  881. secret_key, secret_keylen,
  882. flags);
  883. }
  884. else if (operation == SMIME_SIGN_RECEIPT)
  885. {
  886. CMS_ContentInfo *srcms = NULL;
  887. STACK_OF(CMS_SignerInfo) *sis;
  888. CMS_SignerInfo *si;
  889. sis = CMS_get0_SignerInfos(cms);
  890. if (!sis)
  891. goto end;
  892. si = sk_CMS_SignerInfo_value(sis, 0);
  893. srcms = CMS_sign_receipt(si, signer, key, other, flags);
  894. if (!srcms)
  895. goto end;
  896. CMS_ContentInfo_free(cms);
  897. cms = srcms;
  898. }
  899. else if (operation & SMIME_SIGNERS)
  900. {
  901. int i;
  902. /* If detached data content we enable streaming if
  903. * S/MIME output format.
  904. */
  905. if (operation == SMIME_SIGN)
  906. {
  907. if (flags & CMS_DETACHED)
  908. {
  909. if (outformat == FORMAT_SMIME)
  910. flags |= CMS_STREAM;
  911. }
  912. flags |= CMS_PARTIAL;
  913. cms = CMS_sign(NULL, NULL, other, in, flags);
  914. if (!cms)
  915. goto end;
  916. if (econtent_type)
  917. CMS_set1_eContentType(cms, econtent_type);
  918. if (rr_to)
  919. {
  920. rr = make_receipt_request(rr_to, rr_allorfirst,
  921. rr_from);
  922. if (!rr)
  923. {
  924. BIO_puts(bio_err,
  925. "Signed Receipt Request Creation Error\n");
  926. goto end;
  927. }
  928. }
  929. }
  930. else
  931. flags |= CMS_REUSE_DIGEST;
  932. for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
  933. {
  934. CMS_SignerInfo *si;
  935. signerfile = sk_OPENSSL_STRING_value(sksigners, i);
  936. keyfile = sk_OPENSSL_STRING_value(skkeys, i);
  937. signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
  938. e, "signer certificate");
  939. if (!signer)
  940. goto end;
  941. key = load_key(bio_err, keyfile, keyform, 0, passin, e,
  942. "signing key file");
  943. if (!key)
  944. goto end;
  945. si = CMS_add1_signer(cms, signer, key, sign_md, flags);
  946. if (!si)
  947. goto end;
  948. if (rr && !CMS_add1_ReceiptRequest(si, rr))
  949. goto end;
  950. X509_free(signer);
  951. signer = NULL;
  952. EVP_PKEY_free(key);
  953. key = NULL;
  954. }
  955. /* If not streaming or resigning finalize structure */
  956. if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
  957. {
  958. if (!CMS_final(cms, in, NULL, flags))
  959. goto end;
  960. }
  961. }
  962. if (!cms)
  963. {
  964. BIO_printf(bio_err, "Error creating CMS structure\n");
  965. goto end;
  966. }
  967. ret = 4;
  968. if (operation == SMIME_DECRYPT)
  969. {
  970. if (secret_key)
  971. {
  972. if (!CMS_decrypt_set1_key(cms,
  973. secret_key, secret_keylen,
  974. secret_keyid, secret_keyidlen))
  975. {
  976. BIO_puts(bio_err,
  977. "Error decrypting CMS using secret key\n");
  978. goto end;
  979. }
  980. }
  981. if (key)
  982. {
  983. if (!CMS_decrypt_set1_pkey(cms, key, recip))
  984. {
  985. BIO_puts(bio_err,
  986. "Error decrypting CMS using private key\n");
  987. goto end;
  988. }
  989. }
  990. if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
  991. {
  992. BIO_printf(bio_err, "Error decrypting CMS structure\n");
  993. goto end;
  994. }
  995. }
  996. else if (operation == SMIME_DATAOUT)
  997. {
  998. if (!CMS_data(cms, out, flags))
  999. goto end;
  1000. }
  1001. else if (operation == SMIME_UNCOMPRESS)
  1002. {
  1003. if (!CMS_uncompress(cms, indata, out, flags))
  1004. goto end;
  1005. }
  1006. else if (operation == SMIME_DIGEST_VERIFY)
  1007. {
  1008. if (CMS_digest_verify(cms, indata, out, flags) > 0)
  1009. BIO_printf(bio_err, "Verification successful\n");
  1010. else
  1011. {
  1012. BIO_printf(bio_err, "Verification failure\n");
  1013. goto end;
  1014. }
  1015. }
  1016. else if (operation == SMIME_ENCRYPTED_DECRYPT)
  1017. {
  1018. if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
  1019. indata, out, flags))
  1020. goto end;
  1021. }
  1022. else if (operation == SMIME_VERIFY)
  1023. {
  1024. if (CMS_verify(cms, other, store, indata, out, flags) > 0)
  1025. BIO_printf(bio_err, "Verification successful\n");
  1026. else
  1027. {
  1028. BIO_printf(bio_err, "Verification failure\n");
  1029. if (verify_retcode)
  1030. ret = verify_err + 32;
  1031. goto end;
  1032. }
  1033. if (signerfile)
  1034. {
  1035. STACK_OF(X509) *signers;
  1036. signers = CMS_get0_signers(cms);
  1037. if (!save_certs(signerfile, signers))
  1038. {
  1039. BIO_printf(bio_err,
  1040. "Error writing signers to %s\n",
  1041. signerfile);
  1042. ret = 5;
  1043. goto end;
  1044. }
  1045. sk_X509_free(signers);
  1046. }
  1047. if (rr_print)
  1048. receipt_request_print(bio_err, cms);
  1049. }
  1050. else if (operation == SMIME_VERIFY_RECEIPT)
  1051. {
  1052. if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
  1053. BIO_printf(bio_err, "Verification successful\n");
  1054. else
  1055. {
  1056. BIO_printf(bio_err, "Verification failure\n");
  1057. goto end;
  1058. }
  1059. }
  1060. else
  1061. {
  1062. if (noout)
  1063. {
  1064. if (print)
  1065. CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
  1066. }
  1067. else if (outformat == FORMAT_SMIME)
  1068. {
  1069. if (to)
  1070. BIO_printf(out, "To: %s\n", to);
  1071. if (from)
  1072. BIO_printf(out, "From: %s\n", from);
  1073. if (subject)
  1074. BIO_printf(out, "Subject: %s\n", subject);
  1075. if (operation == SMIME_RESIGN)
  1076. ret = SMIME_write_CMS(out, cms, indata, flags);
  1077. else
  1078. ret = SMIME_write_CMS(out, cms, in, flags);
  1079. }
  1080. else if (outformat == FORMAT_PEM)
  1081. ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
  1082. else if (outformat == FORMAT_ASN1)
  1083. ret = i2d_CMS_bio_stream(out,cms, in, flags);
  1084. else
  1085. {
  1086. BIO_printf(bio_err, "Bad output format for CMS file\n");
  1087. goto end;
  1088. }
  1089. if (ret <= 0)
  1090. {
  1091. ret = 6;
  1092. goto end;
  1093. }
  1094. }
  1095. ret = 0;
  1096. end:
  1097. if (ret)
  1098. ERR_print_errors(bio_err);
  1099. if (need_rand)
  1100. app_RAND_write_file(NULL, bio_err);
  1101. sk_X509_pop_free(encerts, X509_free);
  1102. sk_X509_pop_free(other, X509_free);
  1103. if (vpm)
  1104. X509_VERIFY_PARAM_free(vpm);
  1105. if (sksigners)
  1106. sk_OPENSSL_STRING_free(sksigners);
  1107. if (skkeys)
  1108. sk_OPENSSL_STRING_free(skkeys);
  1109. if (secret_key)
  1110. OPENSSL_free(secret_key);
  1111. if (secret_keyid)
  1112. OPENSSL_free(secret_keyid);
  1113. if (econtent_type)
  1114. ASN1_OBJECT_free(econtent_type);
  1115. if (rr)
  1116. CMS_ReceiptRequest_free(rr);
  1117. if (rr_to)
  1118. sk_OPENSSL_STRING_free(rr_to);
  1119. if (rr_from)
  1120. sk_OPENSSL_STRING_free(rr_from);
  1121. X509_STORE_free(store);
  1122. X509_free(cert);
  1123. X509_free(recip);
  1124. X509_free(signer);
  1125. EVP_PKEY_free(key);
  1126. CMS_ContentInfo_free(cms);
  1127. CMS_ContentInfo_free(rcms);
  1128. BIO_free(rctin);
  1129. BIO_free(in);
  1130. BIO_free(indata);
  1131. BIO_free_all(out);
  1132. if (passin) OPENSSL_free(passin);
  1133. return (ret);
  1134. }
  1135. static int save_certs(char *signerfile, STACK_OF(X509) *signers)
  1136. {
  1137. int i;
  1138. BIO *tmp;
  1139. if (!signerfile)
  1140. return 1;
  1141. tmp = BIO_new_file(signerfile, "w");
  1142. if (!tmp) return 0;
  1143. for(i = 0; i < sk_X509_num(signers); i++)
  1144. PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
  1145. BIO_free(tmp);
  1146. return 1;
  1147. }
  1148. /* Minimal callback just to output policy info (if any) */
  1149. static int cms_cb(int ok, X509_STORE_CTX *ctx)
  1150. {
  1151. int error;
  1152. error = X509_STORE_CTX_get_error(ctx);
  1153. verify_err = error;
  1154. if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
  1155. && ((error != X509_V_OK) || (ok != 2)))
  1156. return ok;
  1157. policies_print(NULL, ctx);
  1158. return ok;
  1159. }
  1160. static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
  1161. {
  1162. STACK_OF(GENERAL_NAME) *gens;
  1163. GENERAL_NAME *gen;
  1164. int i, j;
  1165. for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
  1166. {
  1167. gens = sk_GENERAL_NAMES_value(gns, i);
  1168. for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
  1169. {
  1170. gen = sk_GENERAL_NAME_value(gens, j);
  1171. BIO_puts(out, " ");
  1172. GENERAL_NAME_print(out, gen);
  1173. BIO_puts(out, "\n");
  1174. }
  1175. }
  1176. return;
  1177. }
  1178. static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
  1179. {
  1180. STACK_OF(CMS_SignerInfo) *sis;
  1181. CMS_SignerInfo *si;
  1182. CMS_ReceiptRequest *rr;
  1183. int allorfirst;
  1184. STACK_OF(GENERAL_NAMES) *rto, *rlist;
  1185. ASN1_STRING *scid;
  1186. int i, rv;
  1187. sis = CMS_get0_SignerInfos(cms);
  1188. for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
  1189. {
  1190. si = sk_CMS_SignerInfo_value(sis, i);
  1191. rv = CMS_get1_ReceiptRequest(si, &rr);
  1192. BIO_printf(bio_err, "Signer %d:\n", i + 1);
  1193. if (rv == 0)
  1194. BIO_puts(bio_err, " No Receipt Request\n");
  1195. else if (rv < 0)
  1196. {
  1197. BIO_puts(bio_err, " Receipt Request Parse Error\n");
  1198. ERR_print_errors(bio_err);
  1199. }
  1200. else
  1201. {
  1202. char *id;
  1203. int idlen;
  1204. CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
  1205. &rlist, &rto);
  1206. BIO_puts(out, " Signed Content ID:\n");
  1207. idlen = ASN1_STRING_length(scid);
  1208. id = (char *)ASN1_STRING_data(scid);
  1209. BIO_dump_indent(out, id, idlen, 4);
  1210. BIO_puts(out, " Receipts From");
  1211. if (rlist)
  1212. {
  1213. BIO_puts(out, " List:\n");
  1214. gnames_stack_print(out, rlist);
  1215. }
  1216. else if (allorfirst == 1)
  1217. BIO_puts(out, ": First Tier\n");
  1218. else if (allorfirst == 0)
  1219. BIO_puts(out, ": All\n");
  1220. else
  1221. BIO_printf(out, " Unknown (%d)\n", allorfirst);
  1222. BIO_puts(out, " Receipts To:\n");
  1223. gnames_stack_print(out, rto);
  1224. }
  1225. if (rr)
  1226. CMS_ReceiptRequest_free(rr);
  1227. }
  1228. }
  1229. static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
  1230. {
  1231. int i;
  1232. STACK_OF(GENERAL_NAMES) *ret;
  1233. GENERAL_NAMES *gens = NULL;
  1234. GENERAL_NAME *gen = NULL;
  1235. ret = sk_GENERAL_NAMES_new_null();
  1236. if (!ret)
  1237. goto err;
  1238. for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)
  1239. {
  1240. char *str = sk_OPENSSL_STRING_value(ns, i);
  1241. gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
  1242. if (!gen)
  1243. goto err;
  1244. gens = GENERAL_NAMES_new();
  1245. if (!gens)
  1246. goto err;
  1247. if (!sk_GENERAL_NAME_push(gens, gen))
  1248. goto err;
  1249. gen = NULL;
  1250. if (!sk_GENERAL_NAMES_push(ret, gens))
  1251. goto err;
  1252. gens = NULL;
  1253. }
  1254. return ret;
  1255. err:
  1256. if (ret)
  1257. sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
  1258. if (gens)
  1259. GENERAL_NAMES_free(gens);
  1260. if (gen)
  1261. GENERAL_NAME_free(gen);
  1262. return NULL;
  1263. }
  1264. static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
  1265. int rr_allorfirst,
  1266. STACK_OF(OPENSSL_STRING) *rr_from)
  1267. {
  1268. STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
  1269. CMS_ReceiptRequest *rr;
  1270. rct_to = make_names_stack(rr_to);
  1271. if (!rct_to)
  1272. goto err;
  1273. if (rr_from)
  1274. {
  1275. rct_from = make_names_stack(rr_from);
  1276. if (!rct_from)
  1277. goto err;
  1278. }
  1279. else
  1280. rct_from = NULL;
  1281. rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
  1282. rct_to);
  1283. return rr;
  1284. err:
  1285. return NULL;
  1286. }
  1287. #endif