Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame apps/smime.c

Blob History Raw

Packit Service	084de1	`/*`
Packit Service	084de1	`* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.`
Packit Service	084de1	`*`
Packit Service	084de1	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit Service	084de1	`* this file except in compliance with the License. You can obtain a copy`
Packit Service	084de1	`* in the file LICENSE in the source distribution or at`
Packit Service	084de1	`* https://www.openssl.org/source/license.html`
Packit Service	084de1	`*/`
Packit Service	084de1
Packit Service	084de1	`/* S/MIME utility function */`
Packit Service	084de1
Packit Service	084de1	`#include <stdio.h>`
Packit Service	084de1	`#include <string.h>`
Packit Service	084de1	`#include "apps.h"`
Packit Service	084de1	`#include "progs.h"`
Packit Service	084de1	`#include <openssl/crypto.h>`
Packit Service	084de1	`#include <openssl/pem.h>`
Packit Service	084de1	`#include <openssl/err.h>`
Packit Service	084de1	`#include <openssl/x509_vfy.h>`
Packit Service	084de1	`#include <openssl/x509v3.h>`
Packit Service	084de1
Packit Service	084de1	`static int save_certs(char signerfile, STACK_OF(X509) signers);`
Packit Service	084de1	`static int smime_cb(int ok, X509_STORE_CTX *ctx);`
Packit Service	084de1
Packit Service	084de1	`#define SMIME_OP 0x10`
Packit Service	084de1	`#define SMIME_IP 0x20`
Packit Service	084de1	`#define SMIME_SIGNERS 0x40`
Packit Service	084de1	`#define SMIME_ENCRYPT (1 \| SMIME_OP)`
Packit Service	084de1	`#define SMIME_DECRYPT (2 \| SMIME_IP)`
Packit Service	084de1	`#define SMIME_SIGN (3 \| SMIME_OP \| SMIME_SIGNERS)`
Packit Service	084de1	`#define SMIME_VERIFY (4 \| SMIME_IP)`
Packit Service	084de1	`#define SMIME_PK7OUT (5 \| SMIME_IP \| SMIME_OP)`
Packit Service	084de1	`#define SMIME_RESIGN (6 \| SMIME_IP \| SMIME_OP \| SMIME_SIGNERS)`
Packit Service	084de1
Packit Service	084de1	`typedef enum OPTION_choice {`
Packit Service	084de1	`OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,`
Packit Service	084de1	`OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,`
Packit Service	084de1	`OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,`
Packit Service	084de1	`OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,`
Packit Service	084de1	`OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,`
Packit Service	084de1	`OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,`
Packit Service	084de1	`OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,`
Packit Service	084de1	`OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,`
Packit Service	084de1	`OPT_R_ENUM,`
Packit Service	084de1	`OPT_V_ENUM,`
Packit Service	084de1	`OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,`
Packit Service	084de1	`OPT_OUTFORM, OPT_CONTENT`
Packit Service	084de1	`} OPTION_CHOICE;`
Packit Service	084de1
Packit Service	084de1	`const OPTIONS smime_options[] = {`
Packit Service	084de1	`{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},`
Packit Service	084de1	`{OPT_HELP_STR, 1, '-',`
Packit Service	084de1	`" cert.pem... recipient certs for encryption\n"},`
Packit Service	084de1	`{OPT_HELP_STR, 1, '-', "Valid options are:\n"},`
Packit Service	084de1	`{"help", OPT_HELP, '-', "Display this summary"},`
Packit Service	084de1	`{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},`
Packit Service	084de1	`{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},`
Packit Service	084de1	`{"sign", OPT_SIGN, '-', "Sign message"},`
Packit Service	084de1	`{"verify", OPT_VERIFY, '-', "Verify signed message"},`
Packit Service	084de1	`{"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},`
Packit Service	084de1	`{"nointern", OPT_NOINTERN, '-',`
Packit Service	084de1	`"Don't search certificates in message for signer"},`
Packit Service	084de1	`{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},`
Packit Service	084de1	`{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},`
Packit Service	084de1	`{"nocerts", OPT_NOCERTS, '-',`
Packit Service	084de1	`"Don't include signers certificate when signing"},`
Packit Service	084de1	`{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},`
Packit Service	084de1	`{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},`
Packit Service	084de1	`{"binary", OPT_BINARY, '-', "Don't translate message to text"},`
Packit Service	084de1	`{"certfile", OPT_CERTFILE, '<', "Other certificates file"},`
Packit Service	084de1	`{"signer", OPT_SIGNER, 's', "Signer certificate file"},`
Packit Service	084de1	`{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},`
Packit Service	084de1	`{"in", OPT_IN, '<', "Input file"},`
Packit Service	084de1	`{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},`
Packit Service	084de1	`{"inkey", OPT_INKEY, 's',`
Packit Service	084de1	`"Input private key (if not signer or recipient)"},`
Packit Service	084de1	`{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},`
Packit Service	084de1	`{"out", OPT_OUT, '>', "Output file"},`
Packit Service	084de1	`{"outform", OPT_OUTFORM, 'c',`
Packit Service	084de1	`"Output format SMIME (default), PEM or DER"},`
Packit Service	084de1	`{"content", OPT_CONTENT, '<',`
Packit Service	084de1	`"Supply or override content for detached signature"},`
Packit Service	084de1	`{"to", OPT_TO, 's', "To address"},`
Packit Service	084de1	`{"from", OPT_FROM, 's', "From address"},`
Packit Service	084de1	`{"subject", OPT_SUBJECT, 's', "Subject"},`
Packit Service	084de1	`{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},`
Packit Service	084de1	`{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},`
Packit Service	084de1	`{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},`
Packit Service	084de1	`{"no-CAfile", OPT_NOCAFILE, '-',`
Packit Service	084de1	`"Do not load the default certificates file"},`
Packit Service	084de1	`{"no-CApath", OPT_NOCAPATH, '-',`
Packit Service	084de1	`"Do not load certificates from the default certificates directory"},`
Packit Service	084de1	`{"resign", OPT_RESIGN, '-', "Resign a signed message"},`
Packit Service	084de1	`{"nochain", OPT_NOCHAIN, '-',`
Packit Service	084de1	`"set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },`
Packit Service	084de1	`{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},`
Packit Service	084de1	`{"stream", OPT_STREAM, '-', "Enable CMS streaming" },`
Packit Service	084de1	`{"indef", OPT_INDEF, '-', "Same as -stream" },`
Packit Service	084de1	`{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},`
Packit Service	084de1	`{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},`
Packit Service	084de1	`OPT_R_OPTIONS,`
Packit Service	084de1	`{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},`
Packit Service	084de1	`{"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},`
Packit Service	084de1	`{"", OPT_CIPHER, '-', "Any supported cipher"},`
Packit Service	084de1	`OPT_V_OPTIONS,`
Packit Service	084de1	`#ifndef OPENSSL_NO_ENGINE`
Packit Service	084de1	`{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},`
Packit Service	084de1	`#endif`
Packit Service	084de1	`{NULL}`
Packit Service	084de1	`};`
Packit Service	084de1
Packit Service	084de1	`int smime_main(int argc, char **argv)`
Packit Service	084de1	`{`
Packit Service	084de1	`BIO in = NULL, out = NULL, *indata = NULL;`
Packit Service	084de1	`EVP_PKEY *key = NULL;`
Packit Service	084de1	`PKCS7 *p7 = NULL;`
Packit Service	084de1	`STACK_OF(OPENSSL_STRING) sksigners = NULL, skkeys = NULL;`
Packit Service	084de1	`STACK_OF(X509) encerts = NULL, other = NULL;`
Packit Service	084de1	`X509 cert = NULL, recip = NULL, *signer = NULL;`
Packit Service	084de1	`X509_STORE *store = NULL;`
Packit Service	084de1	`X509_VERIFY_PARAM *vpm = NULL;`
Packit Service	084de1	`const EVP_CIPHER *cipher = NULL;`
Packit Service	084de1	`const EVP_MD *sign_md = NULL;`
Packit Service	084de1	`const char CAfile = NULL, CApath = NULL, *prog = NULL;`
Packit Service	084de1	`char certfile = NULL, keyfile = NULL, *contfile = NULL;`
Packit Service	084de1	`char infile = NULL, outfile = NULL, signerfile = NULL, recipfile = NULL;`
Packit Service	084de1	`char passinarg = NULL, passin = NULL, to = NULL, from = NULL, *subject = NULL;`
Packit Service	084de1	`OPTION_CHOICE o;`
Packit Service	084de1	`int noCApath = 0, noCAfile = 0;`
Packit Service	084de1	`int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;`
Packit Service	084de1	`int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =`
Packit Service	084de1	`FORMAT_PEM;`
Packit Service	084de1	`int vpmtouched = 0, rv = 0;`
Packit Service	084de1	`ENGINE *e = NULL;`
Packit Service	084de1	`const char *mime_eol = "\n";`
Packit Service	084de1
Packit Service	084de1	`if ((vpm = X509_VERIFY_PARAM_new()) == NULL)`
Packit Service	084de1	`return 1;`
Packit Service	084de1
Packit Service	084de1	`prog = opt_init(argc, argv, smime_options);`
Packit Service	084de1	`while ((o = opt_next()) != OPT_EOF) {`
Packit Service	084de1	`switch (o) {`
Packit Service	084de1	`case OPT_EOF:`
Packit Service	084de1	`case OPT_ERR:`
Packit Service	084de1	`opthelp:`
Packit Service	084de1	`BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`case OPT_HELP:`
Packit Service	084de1	`opt_help(smime_options);`
Packit Service	084de1	`ret = 0;`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`case OPT_INFORM:`
Packit Service	084de1	`if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_IN:`
Packit Service	084de1	`infile = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_OUTFORM:`
Packit Service	084de1	`if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_OUT:`
Packit Service	084de1	`outfile = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_ENCRYPT:`
Packit Service	084de1	`operation = SMIME_ENCRYPT;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_DECRYPT:`
Packit Service	084de1	`operation = SMIME_DECRYPT;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_SIGN:`
Packit Service	084de1	`operation = SMIME_SIGN;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_RESIGN:`
Packit Service	084de1	`operation = SMIME_RESIGN;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_VERIFY:`
Packit Service	084de1	`operation = SMIME_VERIFY;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_PK7OUT:`
Packit Service	084de1	`operation = SMIME_PK7OUT;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_TEXT:`
Packit Service	084de1	`flags \|= PKCS7_TEXT;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOINTERN:`
Packit Service	084de1	`flags \|= PKCS7_NOINTERN;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOVERIFY:`
Packit Service	084de1	`flags \|= PKCS7_NOVERIFY;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOCHAIN:`
Packit Service	084de1	`flags \|= PKCS7_NOCHAIN;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOCERTS:`
Packit Service	084de1	`flags \|= PKCS7_NOCERTS;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOATTR:`
Packit Service	084de1	`flags \|= PKCS7_NOATTR;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NODETACH:`
Packit Service	084de1	`flags &= ~PKCS7_DETACHED;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOSMIMECAP:`
Packit Service	084de1	`flags \|= PKCS7_NOSMIMECAP;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_BINARY:`
Packit Service	084de1	`flags \|= PKCS7_BINARY;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOSIGS:`
Packit Service	084de1	`flags \|= PKCS7_NOSIGS;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_STREAM:`
Packit Service	084de1	`case OPT_INDEF:`
Packit Service	084de1	`indef = 1;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOINDEF:`
Packit Service	084de1	`indef = 0;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_CRLFEOL:`
Packit Service	084de1	`flags \|= PKCS7_CRLFEOL;`
Packit Service	084de1	`mime_eol = "\r\n";`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_R_CASES:`
Packit Service	084de1	`if (!opt_rand(o))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_ENGINE:`
Packit Service	084de1	`e = setup_engine(opt_arg(), 0);`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_PASSIN:`
Packit Service	084de1	`passinarg = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_TO:`
Packit Service	084de1	`to = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_FROM:`
Packit Service	084de1	`from = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_SUBJECT:`
Packit Service	084de1	`subject = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_SIGNER:`
Packit Service	084de1	`/* If previous -signer argument add signer to list */`
Packit Service	084de1	`if (signerfile != NULL) {`
Packit Service	084de1	`if (sksigners == NULL`
Packit Service	084de1	`&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`sk_OPENSSL_STRING_push(sksigners, signerfile);`
Packit Service	084de1	`if (keyfile == NULL)`
Packit Service	084de1	`keyfile = signerfile;`
Packit Service	084de1	`if (skkeys == NULL`
Packit Service	084de1	`&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`sk_OPENSSL_STRING_push(skkeys, keyfile);`
Packit Service	084de1	`keyfile = NULL;`
Packit Service	084de1	`}`
Packit Service	084de1	`signerfile = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_RECIP:`
Packit Service	084de1	`recipfile = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_MD:`
Packit Service	084de1	`if (!opt_md(opt_arg(), &sign_md))`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_CIPHER:`
Packit Service	084de1	`if (!opt_cipher(opt_unknown(), &cipher))`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_INKEY:`
Packit Service	084de1	`/* If previous -inkey argument add signer to list */`
Packit Service	084de1	`if (keyfile != NULL) {`
Packit Service	084de1	`if (signerfile == NULL) {`
Packit Service	084de1	`BIO_printf(bio_err,`
Packit Service	084de1	`"%s: Must have -signer before -inkey\n", prog);`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (sksigners == NULL`
Packit Service	084de1	`&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`sk_OPENSSL_STRING_push(sksigners, signerfile);`
Packit Service	084de1	`signerfile = NULL;`
Packit Service	084de1	`if (skkeys == NULL`
Packit Service	084de1	`&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`sk_OPENSSL_STRING_push(skkeys, keyfile);`
Packit Service	084de1	`}`
Packit Service	084de1	`keyfile = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_KEYFORM:`
Packit Service	084de1	`if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_CERTFILE:`
Packit Service	084de1	`certfile = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_CAFILE:`
Packit Service	084de1	`CAfile = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_CAPATH:`
Packit Service	084de1	`CApath = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOCAFILE:`
Packit Service	084de1	`noCAfile = 1;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_NOCAPATH:`
Packit Service	084de1	`noCApath = 1;`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_CONTENT:`
Packit Service	084de1	`contfile = opt_arg();`
Packit Service	084de1	`break;`
Packit Service	084de1	`case OPT_V_CASES:`
Packit Service	084de1	`if (!opt_verify(o, vpm))`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`vpmtouched++;`
Packit Service	084de1	`break;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`argc = opt_num_rest();`
Packit Service	084de1	`argv = opt_rest();`
Packit Service	084de1
Packit Service	084de1	`if (!(operation & SMIME_SIGNERS) && (skkeys != NULL \|\| sksigners != NULL)) {`
Packit Service	084de1	`BIO_puts(bio_err, "Multiple signers or keys not allowed\n");`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (operation & SMIME_SIGNERS) {`
Packit Service	084de1	`/* Check to see if any final signer needs to be appended */`
Packit Service	084de1	`if (keyfile && !signerfile) {`
Packit Service	084de1	`BIO_puts(bio_err, "Illegal -inkey without -signer\n");`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (signerfile != NULL) {`
Packit Service	084de1	`if (sksigners == NULL`
Packit Service	084de1	`&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`sk_OPENSSL_STRING_push(sksigners, signerfile);`
Packit Service	084de1	`if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`if (!keyfile)`
Packit Service	084de1	`keyfile = signerfile;`
Packit Service	084de1	`sk_OPENSSL_STRING_push(skkeys, keyfile);`
Packit Service	084de1	`}`
Packit Service	084de1	`if (sksigners == NULL) {`
Packit Service	084de1	`BIO_printf(bio_err, "No signer certificate specified\n");`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`}`
Packit Service	084de1	`signerfile = NULL;`
Packit Service	084de1	`keyfile = NULL;`
Packit Service	084de1	`} else if (operation == SMIME_DECRYPT) {`
Packit Service	084de1	`if (recipfile == NULL && keyfile == NULL) {`
Packit Service	084de1	`BIO_printf(bio_err,`
Packit Service	084de1	`"No recipient certificate or key specified\n");`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (operation == SMIME_ENCRYPT) {`
Packit Service	084de1	`if (argc == 0) {`
Packit Service	084de1	`BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (!operation) {`
Packit Service	084de1	`goto opthelp;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!app_passwd(passinarg, NULL, &passin, NULL)) {`
Packit Service	084de1	`BIO_printf(bio_err, "Error getting password\n");`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`ret = 2;`
Packit Service	084de1
Packit Service	084de1	`if (!(operation & SMIME_SIGNERS))`
Packit Service	084de1	`flags &= ~PKCS7_DETACHED;`
Packit Service	084de1
Packit Service	084de1	`if (!(operation & SMIME_OP)) {`
Packit Service	084de1	`if (flags & PKCS7_BINARY)`
Packit Service	084de1	`outformat = FORMAT_BINARY;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (!(operation & SMIME_IP)) {`
Packit Service	084de1	`if (flags & PKCS7_BINARY)`
Packit Service	084de1	`informat = FORMAT_BINARY;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (operation == SMIME_ENCRYPT) {`
Packit Service	084de1	`if (cipher == NULL) {`
Packit Service	084de1	`#ifndef OPENSSL_NO_DES`
Packit Service	084de1	`cipher = EVP_des_ede3_cbc();`
Packit Service	084de1	`#else`
Packit Service	084de1	`BIO_printf(bio_err, "No cipher selected\n");`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1	`encerts = sk_X509_new_null();`
Packit Service	084de1	`if (encerts == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`while (*argv != NULL) {`
Packit Service	084de1	`cert = load_cert(*argv, FORMAT_PEM,`
Packit Service	084de1	`"recipient certificate file");`
Packit Service	084de1	`if (cert == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`sk_X509_push(encerts, cert);`
Packit Service	084de1	`cert = NULL;`
Packit Service	084de1	`argv++;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (certfile != NULL) {`
Packit Service	084de1	`if (!load_certs(certfile, &other, FORMAT_PEM, NULL,`
Packit Service	084de1	`"certificate file")) {`
Packit Service	084de1	`ERR_print_errors(bio_err);`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (recipfile != NULL && (operation == SMIME_DECRYPT)) {`
Packit Service	084de1	`if ((recip = load_cert(recipfile, FORMAT_PEM,`
Packit Service	084de1	`"recipient certificate file")) == NULL) {`
Packit Service	084de1	`ERR_print_errors(bio_err);`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (operation == SMIME_DECRYPT) {`
Packit Service	084de1	`if (keyfile == NULL)`
Packit Service	084de1	`keyfile = recipfile;`
Packit Service	084de1	`} else if (operation == SMIME_SIGN) {`
Packit Service	084de1	`if (keyfile == NULL)`
Packit Service	084de1	`keyfile = signerfile;`
Packit Service	084de1	`} else {`
Packit Service	084de1	`keyfile = NULL;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (keyfile != NULL) {`
Packit Service	084de1	`key = load_key(keyfile, keyform, 0, passin, e, "signing key file");`
Packit Service	084de1	`if (key == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`in = bio_open_default(infile, 'r', informat);`
Packit Service	084de1	`if (in == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1
Packit Service	084de1	`if (operation & SMIME_IP) {`
Packit Service	084de1	`if (informat == FORMAT_SMIME) {`
Packit Service	084de1	`p7 = SMIME_read_PKCS7(in, &indata);`
Packit Service	084de1	`} else if (informat == FORMAT_PEM) {`
Packit Service	084de1	`p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);`
Packit Service	084de1	`} else if (informat == FORMAT_ASN1) {`
Packit Service	084de1	`p7 = d2i_PKCS7_bio(in, NULL);`
Packit Service	084de1	`} else {`
Packit Service	084de1	`BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (p7 == NULL) {`
Packit Service	084de1	`BIO_printf(bio_err, "Error reading S/MIME message\n");`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (contfile != NULL) {`
Packit Service	084de1	`BIO_free(indata);`
Packit Service	084de1	`if ((indata = BIO_new_file(contfile, "rb")) == NULL) {`
Packit Service	084de1	`BIO_printf(bio_err, "Can't read content file %s\n", contfile);`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`out = bio_open_default(outfile, 'w', outformat);`
Packit Service	084de1	`if (out == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1
Packit Service	084de1	`if (operation == SMIME_VERIFY) {`
Packit Service	084de1	`if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`X509_STORE_set_verify_cb(store, smime_cb);`
Packit Service	084de1	`if (vpmtouched)`
Packit Service	084de1	`X509_STORE_set1_param(store, vpm);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`ret = 3;`
Packit Service	084de1
Packit Service	084de1	`if (operation == SMIME_ENCRYPT) {`
Packit Service	084de1	`if (indef)`
Packit Service	084de1	`flags \|= PKCS7_STREAM;`
Packit Service	084de1	`p7 = PKCS7_encrypt(encerts, in, cipher, flags);`
Packit Service	084de1	`} else if (operation & SMIME_SIGNERS) {`
Packit Service	084de1	`int i;`
Packit Service	084de1	`/*`
Packit Service	084de1	`* If detached data content we only enable streaming if S/MIME output`
Packit Service	084de1	`* format.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (operation == SMIME_SIGN) {`
Packit Service	084de1	`if (flags & PKCS7_DETACHED) {`
Packit Service	084de1	`if (outformat == FORMAT_SMIME)`
Packit Service	084de1	`flags \|= PKCS7_STREAM;`
Packit Service	084de1	`} else if (indef) {`
Packit Service	084de1	`flags \|= PKCS7_STREAM;`
Packit Service	084de1	`}`
Packit Service	084de1	`flags \|= PKCS7_PARTIAL;`
Packit Service	084de1	`p7 = PKCS7_sign(NULL, NULL, other, in, flags);`
Packit Service	084de1	`if (p7 == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`if (flags & PKCS7_NOCERTS) {`
Packit Service	084de1	`for (i = 0; i < sk_X509_num(other); i++) {`
Packit Service	084de1	`X509 *x = sk_X509_value(other, i);`
Packit Service	084de1	`PKCS7_add_certificate(p7, x);`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`} else {`
Packit Service	084de1	`flags \|= PKCS7_REUSE_DIGEST;`
Packit Service	084de1	`}`
Packit Service	084de1	`for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {`
Packit Service	084de1	`signerfile = sk_OPENSSL_STRING_value(sksigners, i);`
Packit Service	084de1	`keyfile = sk_OPENSSL_STRING_value(skkeys, i);`
Packit Service	084de1	`signer = load_cert(signerfile, FORMAT_PEM,`
Packit Service	084de1	`"signer certificate");`
Packit Service	084de1	`if (signer == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`key = load_key(keyfile, keyform, 0, passin, e, "signing key file");`
Packit Service	084de1	`if (key == NULL)`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`X509_free(signer);`
Packit Service	084de1	`signer = NULL;`
Packit Service	084de1	`EVP_PKEY_free(key);`
Packit Service	084de1	`key = NULL;`
Packit Service	084de1	`}`
Packit Service	084de1	`/* If not streaming or resigning finalize structure */`
Packit Service	084de1	`if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {`
Packit Service	084de1	`if (!PKCS7_final(p7, in, flags))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`if (p7 == NULL) {`
Packit Service	084de1	`BIO_printf(bio_err, "Error creating PKCS#7 structure\n");`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`ret = 4;`
Packit Service	084de1	`if (operation == SMIME_DECRYPT) {`
Packit Service	084de1	`if (!PKCS7_decrypt(p7, key, recip, out, flags)) {`
Packit Service	084de1	`BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`} else if (operation == SMIME_VERIFY) {`
Packit Service	084de1	`STACK_OF(X509) *signers;`
Packit Service	084de1	`if (PKCS7_verify(p7, other, store, indata, out, flags))`
Packit Service	084de1	`BIO_printf(bio_err, "Verification successful\n");`
Packit Service	084de1	`else {`
Packit Service	084de1	`BIO_printf(bio_err, "Verification failure\n");`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`signers = PKCS7_get0_signers(p7, other, flags);`
Packit Service	084de1	`if (!save_certs(signerfile, signers)) {`
Packit Service	084de1	`BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);`
Packit Service	084de1	`ret = 5;`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`sk_X509_free(signers);`
Packit Service	084de1	`} else if (operation == SMIME_PK7OUT) {`
Packit Service	084de1	`PEM_write_bio_PKCS7(out, p7);`
Packit Service	084de1	`} else {`
Packit Service	084de1	`if (to)`
Packit Service	084de1	`BIO_printf(out, "To: %s%s", to, mime_eol);`
Packit Service	084de1	`if (from)`
Packit Service	084de1	`BIO_printf(out, "From: %s%s", from, mime_eol);`
Packit Service	084de1	`if (subject)`
Packit Service	084de1	`BIO_printf(out, "Subject: %s%s", subject, mime_eol);`
Packit Service	084de1	`if (outformat == FORMAT_SMIME) {`
Packit Service	084de1	`if (operation == SMIME_RESIGN)`
Packit Service	084de1	`rv = SMIME_write_PKCS7(out, p7, indata, flags);`
Packit Service	084de1	`else`
Packit Service	084de1	`rv = SMIME_write_PKCS7(out, p7, in, flags);`
Packit Service	084de1	`} else if (outformat == FORMAT_PEM) {`
Packit Service	084de1	`rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);`
Packit Service	084de1	`} else if (outformat == FORMAT_ASN1) {`
Packit Service	084de1	`rv = i2d_PKCS7_bio_stream(out, p7, in, flags);`
Packit Service	084de1	`} else {`
Packit Service	084de1	`BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (rv == 0) {`
Packit Service	084de1	`BIO_printf(bio_err, "Error writing output\n");`
Packit Service	084de1	`ret = 3;`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`ret = 0;`
Packit Service	084de1	`end:`
Packit Service	084de1	`if (ret)`
Packit Service	084de1	`ERR_print_errors(bio_err);`
Packit Service	084de1	`sk_X509_pop_free(encerts, X509_free);`
Packit Service	084de1	`sk_X509_pop_free(other, X509_free);`
Packit Service	084de1	`X509_VERIFY_PARAM_free(vpm);`
Packit Service	084de1	`sk_OPENSSL_STRING_free(sksigners);`
Packit Service	084de1	`sk_OPENSSL_STRING_free(skkeys);`
Packit Service	084de1	`X509_STORE_free(store);`
Packit Service	084de1	`X509_free(cert);`
Packit Service	084de1	`X509_free(recip);`
Packit Service	084de1	`X509_free(signer);`
Packit Service	084de1	`EVP_PKEY_free(key);`
Packit Service	084de1	`PKCS7_free(p7);`
Packit Service	084de1	`release_engine(e);`
Packit Service	084de1	`BIO_free(in);`
Packit Service	084de1	`BIO_free(indata);`
Packit Service	084de1	`BIO_free_all(out);`
Packit Service	084de1	`OPENSSL_free(passin);`
Packit Service	084de1	`return ret;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int save_certs(char signerfile, STACK_OF(X509) signers)`
Packit Service	084de1	`{`
Packit Service	084de1	`int i;`
Packit Service	084de1	`BIO *tmp;`
Packit Service	084de1
Packit Service	084de1	`if (signerfile == NULL)`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`tmp = BIO_new_file(signerfile, "w");`
Packit Service	084de1	`if (tmp == NULL)`
Packit Service	084de1	`return 0;`
Packit Service	084de1	`for (i = 0; i < sk_X509_num(signers); i++)`
Packit Service	084de1	`PEM_write_bio_X509(tmp, sk_X509_value(signers, i));`
Packit Service	084de1	`BIO_free(tmp);`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Minimal callback just to output policy info (if any) */`
Packit Service	084de1
Packit Service	084de1	`static int smime_cb(int ok, X509_STORE_CTX *ctx)`
Packit Service	084de1	`{`
Packit Service	084de1	`int error;`
Packit Service	084de1
Packit Service	084de1	`error = X509_STORE_CTX_get_error(ctx);`
Packit Service	084de1
Packit Service	084de1	`if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)`
Packit Service	084de1	`&& ((error != X509_V_OK) \|\| (ok != 2)))`
Packit Service	084de1	`return ok;`
Packit Service	084de1
Packit Service	084de1	`policies_print(ctx);`
Packit Service	084de1
Packit Service	084de1	`return ok;`
Packit Service	084de1	`}`

source-git / openssl

Source Code

Blame apps/smime.c