Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame apps/smime.c

Blob History Raw

Packit	c4476c	`/*`
Packit	c4476c	`* Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.`
Packit	c4476c	`*`
Packit	c4476c	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit	c4476c	`* this file except in compliance with the License. You can obtain a copy`
Packit	c4476c	`* in the file LICENSE in the source distribution or at`
Packit	c4476c	`* https://www.openssl.org/source/license.html`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`/* S/MIME utility function */`
Packit	c4476c
Packit	c4476c	`#include <stdio.h>`
Packit	c4476c	`#include <string.h>`
Packit	c4476c	`#include "apps.h"`
Packit	c4476c	`#include "progs.h"`
Packit	c4476c	`#include <openssl/crypto.h>`
Packit	c4476c	`#include <openssl/pem.h>`
Packit	c4476c	`#include <openssl/err.h>`
Packit	c4476c	`#include <openssl/x509_vfy.h>`
Packit	c4476c	`#include <openssl/x509v3.h>`
Packit	c4476c
Packit	c4476c	`static int save_certs(char signerfile, STACK_OF(X509) signers);`
Packit	c4476c	`static int smime_cb(int ok, X509_STORE_CTX *ctx);`
Packit	c4476c
Packit	c4476c	`#define SMIME_OP 0x10`
Packit	c4476c	`#define SMIME_IP 0x20`
Packit	c4476c	`#define SMIME_SIGNERS 0x40`
Packit	c4476c	`#define SMIME_ENCRYPT (1 \| SMIME_OP)`
Packit	c4476c	`#define SMIME_DECRYPT (2 \| SMIME_IP)`
Packit	c4476c	`#define SMIME_SIGN (3 \| SMIME_OP \| SMIME_SIGNERS)`
Packit	c4476c	`#define SMIME_VERIFY (4 \| SMIME_IP)`
Packit	c4476c	`#define SMIME_PK7OUT (5 \| SMIME_IP \| SMIME_OP)`
Packit	c4476c	`#define SMIME_RESIGN (6 \| SMIME_IP \| SMIME_OP \| SMIME_SIGNERS)`
Packit	c4476c
Packit	c4476c	`typedef enum OPTION_choice {`
Packit	c4476c	`OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,`
Packit	c4476c	`OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,`
Packit	c4476c	`OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,`
Packit	c4476c	`OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,`
Packit	c4476c	`OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,`
Packit	c4476c	`OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,`
Packit	c4476c	`OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,`
Packit	c4476c	`OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,`
Packit	c4476c	`OPT_R_ENUM,`
Packit	c4476c	`OPT_V_ENUM,`
Packit	c4476c	`OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,`
Packit	c4476c	`OPT_OUTFORM, OPT_CONTENT`
Packit	c4476c	`} OPTION_CHOICE;`
Packit	c4476c
Packit	c4476c	`const OPTIONS smime_options[] = {`
Packit	c4476c	`{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},`
Packit	c4476c	`{OPT_HELP_STR, 1, '-',`
Packit	c4476c	`" cert.pem... recipient certs for encryption\n"},`
Packit	c4476c	`{OPT_HELP_STR, 1, '-', "Valid options are:\n"},`
Packit	c4476c	`{"help", OPT_HELP, '-', "Display this summary"},`
Packit	c4476c	`{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},`
Packit	c4476c	`{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},`
Packit	c4476c	`{"sign", OPT_SIGN, '-', "Sign message"},`
Packit	c4476c	`{"verify", OPT_VERIFY, '-', "Verify signed message"},`
Packit	c4476c	`{"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},`
Packit	c4476c	`{"nointern", OPT_NOINTERN, '-',`
Packit	c4476c	`"Don't search certificates in message for signer"},`
Packit	c4476c	`{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},`
Packit	c4476c	`{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},`
Packit	c4476c	`{"nocerts", OPT_NOCERTS, '-',`
Packit	c4476c	`"Don't include signers certificate when signing"},`
Packit	c4476c	`{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},`
Packit	c4476c	`{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},`
Packit	c4476c	`{"binary", OPT_BINARY, '-', "Don't translate message to text"},`
Packit	c4476c	`{"certfile", OPT_CERTFILE, '<', "Other certificates file"},`
Packit	c4476c	`{"signer", OPT_SIGNER, 's', "Signer certificate file"},`
Packit	c4476c	`{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},`
Packit	c4476c	`{"in", OPT_IN, '<', "Input file"},`
Packit	c4476c	`{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},`
Packit	c4476c	`{"inkey", OPT_INKEY, 's',`
Packit	c4476c	`"Input private key (if not signer or recipient)"},`
Packit	c4476c	`{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},`
Packit	c4476c	`{"out", OPT_OUT, '>', "Output file"},`
Packit	c4476c	`{"outform", OPT_OUTFORM, 'c',`
Packit	c4476c	`"Output format SMIME (default), PEM or DER"},`
Packit	c4476c	`{"content", OPT_CONTENT, '<',`
Packit	c4476c	`"Supply or override content for detached signature"},`
Packit	c4476c	`{"to", OPT_TO, 's', "To address"},`
Packit	c4476c	`{"from", OPT_FROM, 's', "From address"},`
Packit	c4476c	`{"subject", OPT_SUBJECT, 's', "Subject"},`
Packit	c4476c	`{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},`
Packit	c4476c	`{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},`
Packit	c4476c	`{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},`
Packit	c4476c	`{"no-CAfile", OPT_NOCAFILE, '-',`
Packit	c4476c	`"Do not load the default certificates file"},`
Packit	c4476c	`{"no-CApath", OPT_NOCAPATH, '-',`
Packit	c4476c	`"Do not load certificates from the default certificates directory"},`
Packit	c4476c	`{"resign", OPT_RESIGN, '-', "Resign a signed message"},`
Packit	c4476c	`{"nochain", OPT_NOCHAIN, '-',`
Packit	c4476c	`"set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },`
Packit	c4476c	`{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},`
Packit	c4476c	`{"stream", OPT_STREAM, '-', "Enable CMS streaming" },`
Packit	c4476c	`{"indef", OPT_INDEF, '-', "Same as -stream" },`
Packit	c4476c	`{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},`
Packit	c4476c	`{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},`
Packit	c4476c	`OPT_R_OPTIONS,`
Packit	c4476c	`{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},`
Packit	c4476c	`{"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},`
Packit	c4476c	`{"", OPT_CIPHER, '-', "Any supported cipher"},`
Packit	c4476c	`OPT_V_OPTIONS,`
Packit	c4476c	`#ifndef OPENSSL_NO_ENGINE`
Packit	c4476c	`{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},`
Packit	c4476c	`#endif`
Packit	c4476c	`{NULL}`
Packit	c4476c	`};`
Packit	c4476c
Packit	c4476c	`int smime_main(int argc, char **argv)`
Packit	c4476c	`{`
Packit	c4476c	`BIO in = NULL, out = NULL, *indata = NULL;`
Packit	c4476c	`EVP_PKEY *key = NULL;`
Packit	c4476c	`PKCS7 *p7 = NULL;`
Packit	c4476c	`STACK_OF(OPENSSL_STRING) sksigners = NULL, skkeys = NULL;`
Packit	c4476c	`STACK_OF(X509) encerts = NULL, other = NULL;`
Packit	c4476c	`X509 cert = NULL, recip = NULL, *signer = NULL;`
Packit	c4476c	`X509_STORE *store = NULL;`
Packit	c4476c	`X509_VERIFY_PARAM *vpm = NULL;`
Packit	c4476c	`const EVP_CIPHER *cipher = NULL;`
Packit	c4476c	`const EVP_MD *sign_md = NULL;`
Packit	c4476c	`const char CAfile = NULL, CApath = NULL, *prog = NULL;`
Packit	c4476c	`char certfile = NULL, keyfile = NULL, *contfile = NULL;`
Packit	c4476c	`char infile = NULL, outfile = NULL, signerfile = NULL, recipfile = NULL;`
Packit	c4476c	`char passinarg = NULL, passin = NULL, to = NULL, from = NULL, *subject = NULL;`
Packit	c4476c	`OPTION_CHOICE o;`
Packit	c4476c	`int noCApath = 0, noCAfile = 0;`
Packit	c4476c	`int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;`
Packit	c4476c	`int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =`
Packit	c4476c	`FORMAT_PEM;`
Packit	c4476c	`int vpmtouched = 0, rv = 0;`
Packit	c4476c	`ENGINE *e = NULL;`
Packit	c4476c	`const char *mime_eol = "\n";`
Packit	c4476c
Packit	c4476c	`if ((vpm = X509_VERIFY_PARAM_new()) == NULL)`
Packit	c4476c	`return 1;`
Packit	c4476c
Packit	c4476c	`prog = opt_init(argc, argv, smime_options);`
Packit	c4476c	`while ((o = opt_next()) != OPT_EOF) {`
Packit	c4476c	`switch (o) {`
Packit	c4476c	`case OPT_EOF:`
Packit	c4476c	`case OPT_ERR:`
Packit	c4476c	`opthelp:`
Packit	c4476c	`BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);`
Packit	c4476c	`goto end;`
Packit	c4476c	`case OPT_HELP:`
Packit	c4476c	`opt_help(smime_options);`
Packit	c4476c	`ret = 0;`
Packit	c4476c	`goto end;`
Packit	c4476c	`case OPT_INFORM:`
Packit	c4476c	`if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_IN:`
Packit	c4476c	`infile = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_OUTFORM:`
Packit	c4476c	`if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_OUT:`
Packit	c4476c	`outfile = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_ENCRYPT:`
Packit	c4476c	`operation = SMIME_ENCRYPT;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_DECRYPT:`
Packit	c4476c	`operation = SMIME_DECRYPT;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_SIGN:`
Packit	c4476c	`operation = SMIME_SIGN;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_RESIGN:`
Packit	c4476c	`operation = SMIME_RESIGN;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_VERIFY:`
Packit	c4476c	`operation = SMIME_VERIFY;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_PK7OUT:`
Packit	c4476c	`operation = SMIME_PK7OUT;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_TEXT:`
Packit	c4476c	`flags \|= PKCS7_TEXT;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOINTERN:`
Packit	c4476c	`flags \|= PKCS7_NOINTERN;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOVERIFY:`
Packit	c4476c	`flags \|= PKCS7_NOVERIFY;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOCHAIN:`
Packit	c4476c	`flags \|= PKCS7_NOCHAIN;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOCERTS:`
Packit	c4476c	`flags \|= PKCS7_NOCERTS;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOATTR:`
Packit	c4476c	`flags \|= PKCS7_NOATTR;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NODETACH:`
Packit	c4476c	`flags &= ~PKCS7_DETACHED;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOSMIMECAP:`
Packit	c4476c	`flags \|= PKCS7_NOSMIMECAP;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_BINARY:`
Packit	c4476c	`flags \|= PKCS7_BINARY;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOSIGS:`
Packit	c4476c	`flags \|= PKCS7_NOSIGS;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_STREAM:`
Packit	c4476c	`case OPT_INDEF:`
Packit	c4476c	`indef = 1;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOINDEF:`
Packit	c4476c	`indef = 0;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_CRLFEOL:`
Packit	c4476c	`flags \|= PKCS7_CRLFEOL;`
Packit	c4476c	`mime_eol = "\r\n";`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_R_CASES:`
Packit	c4476c	`if (!opt_rand(o))`
Packit	c4476c	`goto end;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_ENGINE:`
Packit	c4476c	`e = setup_engine(opt_arg(), 0);`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_PASSIN:`
Packit	c4476c	`passinarg = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_TO:`
Packit	c4476c	`to = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_FROM:`
Packit	c4476c	`from = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_SUBJECT:`
Packit	c4476c	`subject = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_SIGNER:`
Packit	c4476c	`/* If previous -signer argument add signer to list */`
Packit	c4476c	`if (signerfile != NULL) {`
Packit	c4476c	`if (sksigners == NULL`
Packit	c4476c	`&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`sk_OPENSSL_STRING_push(sksigners, signerfile);`
Packit	c4476c	`if (keyfile == NULL)`
Packit	c4476c	`keyfile = signerfile;`
Packit	c4476c	`if (skkeys == NULL`
Packit	c4476c	`&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`sk_OPENSSL_STRING_push(skkeys, keyfile);`
Packit	c4476c	`keyfile = NULL;`
Packit	c4476c	`}`
Packit	c4476c	`signerfile = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_RECIP:`
Packit	c4476c	`recipfile = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_MD:`
Packit	c4476c	`if (!opt_md(opt_arg(), &sign_md))`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_CIPHER:`
Packit	c4476c	`if (!opt_cipher(opt_unknown(), &cipher))`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_INKEY:`
Packit	c4476c	`/* If previous -inkey argument add signer to list */`
Packit	c4476c	`if (keyfile != NULL) {`
Packit	c4476c	`if (signerfile == NULL) {`
Packit	c4476c	`BIO_printf(bio_err,`
Packit	c4476c	`"%s: Must have -signer before -inkey\n", prog);`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`}`
Packit	c4476c	`if (sksigners == NULL`
Packit	c4476c	`&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`sk_OPENSSL_STRING_push(sksigners, signerfile);`
Packit	c4476c	`signerfile = NULL;`
Packit	c4476c	`if (skkeys == NULL`
Packit	c4476c	`&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`sk_OPENSSL_STRING_push(skkeys, keyfile);`
Packit	c4476c	`}`
Packit	c4476c	`keyfile = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_KEYFORM:`
Packit	c4476c	`if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_CERTFILE:`
Packit	c4476c	`certfile = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_CAFILE:`
Packit	c4476c	`CAfile = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_CAPATH:`
Packit	c4476c	`CApath = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOCAFILE:`
Packit	c4476c	`noCAfile = 1;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_NOCAPATH:`
Packit	c4476c	`noCApath = 1;`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_CONTENT:`
Packit	c4476c	`contfile = opt_arg();`
Packit	c4476c	`break;`
Packit	c4476c	`case OPT_V_CASES:`
Packit	c4476c	`if (!opt_verify(o, vpm))`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`vpmtouched++;`
Packit	c4476c	`break;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`argc = opt_num_rest();`
Packit	c4476c	`argv = opt_rest();`
Packit	c4476c
Packit	c4476c	`if (!(operation & SMIME_SIGNERS) && (skkeys != NULL \|\| sksigners != NULL)) {`
Packit	c4476c	`BIO_puts(bio_err, "Multiple signers or keys not allowed\n");`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (operation & SMIME_SIGNERS) {`
Packit	c4476c	`/* Check to see if any final signer needs to be appended */`
Packit	c4476c	`if (keyfile && !signerfile) {`
Packit	c4476c	`BIO_puts(bio_err, "Illegal -inkey without -signer\n");`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`}`
Packit	c4476c	`if (signerfile != NULL) {`
Packit	c4476c	`if (sksigners == NULL`
Packit	c4476c	`&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`sk_OPENSSL_STRING_push(sksigners, signerfile);`
Packit	c4476c	`if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`if (!keyfile)`
Packit	c4476c	`keyfile = signerfile;`
Packit	c4476c	`sk_OPENSSL_STRING_push(skkeys, keyfile);`
Packit	c4476c	`}`
Packit	c4476c	`if (sksigners == NULL) {`
Packit	c4476c	`BIO_printf(bio_err, "No signer certificate specified\n");`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`}`
Packit	c4476c	`signerfile = NULL;`
Packit	c4476c	`keyfile = NULL;`
Packit	c4476c	`} else if (operation == SMIME_DECRYPT) {`
Packit	c4476c	`if (recipfile == NULL && keyfile == NULL) {`
Packit	c4476c	`BIO_printf(bio_err,`
Packit	c4476c	`"No recipient certificate or key specified\n");`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`}`
Packit	c4476c	`} else if (operation == SMIME_ENCRYPT) {`
Packit	c4476c	`if (argc == 0) {`
Packit	c4476c	`BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`}`
Packit	c4476c	`} else if (!operation) {`
Packit	c4476c	`goto opthelp;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (!app_passwd(passinarg, NULL, &passin, NULL)) {`
Packit	c4476c	`BIO_printf(bio_err, "Error getting password\n");`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`ret = 2;`
Packit	c4476c
Packit	c4476c	`if (!(operation & SMIME_SIGNERS))`
Packit	c4476c	`flags &= ~PKCS7_DETACHED;`
Packit	c4476c
Packit	c4476c	`if (!(operation & SMIME_OP)) {`
Packit	c4476c	`if (flags & PKCS7_BINARY)`
Packit	c4476c	`outformat = FORMAT_BINARY;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (!(operation & SMIME_IP)) {`
Packit	c4476c	`if (flags & PKCS7_BINARY)`
Packit	c4476c	`informat = FORMAT_BINARY;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (operation == SMIME_ENCRYPT) {`
Packit	c4476c	`if (cipher == NULL) {`
Packit	c4476c	`#ifndef OPENSSL_NO_DES`
Packit	c4476c	`cipher = EVP_des_ede3_cbc();`
Packit	c4476c	`#else`
Packit	c4476c	`BIO_printf(bio_err, "No cipher selected\n");`
Packit	c4476c	`goto end;`
Packit	c4476c	`#endif`
Packit	c4476c	`}`
Packit	c4476c	`encerts = sk_X509_new_null();`
Packit	c4476c	`if (encerts == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`while (*argv != NULL) {`
Packit	c4476c	`cert = load_cert(*argv, FORMAT_PEM,`
Packit	c4476c	`"recipient certificate file");`
Packit	c4476c	`if (cert == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`sk_X509_push(encerts, cert);`
Packit	c4476c	`cert = NULL;`
Packit	c4476c	`argv++;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (certfile != NULL) {`
Packit	c4476c	`if (!load_certs(certfile, &other, FORMAT_PEM, NULL,`
Packit	c4476c	`"certificate file")) {`
Packit	c4476c	`ERR_print_errors(bio_err);`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (recipfile != NULL && (operation == SMIME_DECRYPT)) {`
Packit	c4476c	`if ((recip = load_cert(recipfile, FORMAT_PEM,`
Packit	c4476c	`"recipient certificate file")) == NULL) {`
Packit	c4476c	`ERR_print_errors(bio_err);`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (operation == SMIME_DECRYPT) {`
Packit	c4476c	`if (keyfile == NULL)`
Packit	c4476c	`keyfile = recipfile;`
Packit	c4476c	`} else if (operation == SMIME_SIGN) {`
Packit	c4476c	`if (keyfile == NULL)`
Packit	c4476c	`keyfile = signerfile;`
Packit	c4476c	`} else {`
Packit	c4476c	`keyfile = NULL;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (keyfile != NULL) {`
Packit	c4476c	`key = load_key(keyfile, keyform, 0, passin, e, "signing key file");`
Packit	c4476c	`if (key == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`in = bio_open_default(infile, 'r', informat);`
Packit	c4476c	`if (in == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`if (operation & SMIME_IP) {`
Packit	c4476c	`if (informat == FORMAT_SMIME) {`
Packit	c4476c	`p7 = SMIME_read_PKCS7(in, &indata);`
Packit	c4476c	`} else if (informat == FORMAT_PEM) {`
Packit	c4476c	`p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);`
Packit	c4476c	`} else if (informat == FORMAT_ASN1) {`
Packit	c4476c	`p7 = d2i_PKCS7_bio(in, NULL);`
Packit	c4476c	`} else {`
Packit	c4476c	`BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (p7 == NULL) {`
Packit	c4476c	`BIO_printf(bio_err, "Error reading S/MIME message\n");`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`if (contfile != NULL) {`
Packit	c4476c	`BIO_free(indata);`
Packit	c4476c	`if ((indata = BIO_new_file(contfile, "rb")) == NULL) {`
Packit	c4476c	`BIO_printf(bio_err, "Can't read content file %s\n", contfile);`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`out = bio_open_default(outfile, 'w', outformat);`
Packit	c4476c	`if (out == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c
Packit	c4476c	`if (operation == SMIME_VERIFY) {`
Packit	c4476c	`if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`X509_STORE_set_verify_cb(store, smime_cb);`
Packit	c4476c	`if (vpmtouched)`
Packit	c4476c	`X509_STORE_set1_param(store, vpm);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`ret = 3;`
Packit	c4476c
Packit	c4476c	`if (operation == SMIME_ENCRYPT) {`
Packit	c4476c	`if (indef)`
Packit	c4476c	`flags \|= PKCS7_STREAM;`
Packit	c4476c	`p7 = PKCS7_encrypt(encerts, in, cipher, flags);`
Packit	c4476c	`} else if (operation & SMIME_SIGNERS) {`
Packit	c4476c	`int i;`
Packit	c4476c	`/*`
Packit	c4476c	`* If detached data content we only enable streaming if S/MIME output`
Packit	c4476c	`* format.`
Packit	c4476c	`*/`
Packit	c4476c	`if (operation == SMIME_SIGN) {`
Packit	c4476c	`if (flags & PKCS7_DETACHED) {`
Packit	c4476c	`if (outformat == FORMAT_SMIME)`
Packit	c4476c	`flags \|= PKCS7_STREAM;`
Packit	c4476c	`} else if (indef) {`
Packit	c4476c	`flags \|= PKCS7_STREAM;`
Packit	c4476c	`}`
Packit	c4476c	`flags \|= PKCS7_PARTIAL;`
Packit	c4476c	`p7 = PKCS7_sign(NULL, NULL, other, in, flags);`
Packit	c4476c	`if (p7 == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`if (flags & PKCS7_NOCERTS) {`
Packit	c4476c	`for (i = 0; i < sk_X509_num(other); i++) {`
Packit	c4476c	`X509 *x = sk_X509_value(other, i);`
Packit	c4476c	`PKCS7_add_certificate(p7, x);`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`} else {`
Packit	c4476c	`flags \|= PKCS7_REUSE_DIGEST;`
Packit	c4476c	`}`
Packit	c4476c	`for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {`
Packit	c4476c	`signerfile = sk_OPENSSL_STRING_value(sksigners, i);`
Packit	c4476c	`keyfile = sk_OPENSSL_STRING_value(skkeys, i);`
Packit	c4476c	`signer = load_cert(signerfile, FORMAT_PEM,`
Packit	c4476c	`"signer certificate");`
Packit	c4476c	`if (signer == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`key = load_key(keyfile, keyform, 0, passin, e, "signing key file");`
Packit	c4476c	`if (key == NULL)`
Packit	c4476c	`goto end;`
Packit	c4476c	`if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))`
Packit	c4476c	`goto end;`
Packit	c4476c	`X509_free(signer);`
Packit	c4476c	`signer = NULL;`
Packit	c4476c	`EVP_PKEY_free(key);`
Packit	c4476c	`key = NULL;`
Packit	c4476c	`}`
Packit	c4476c	`/* If not streaming or resigning finalize structure */`
Packit	c4476c	`if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {`
Packit	c4476c	`if (!PKCS7_final(p7, in, flags))`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (p7 == NULL) {`
Packit	c4476c	`BIO_printf(bio_err, "Error creating PKCS#7 structure\n");`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`ret = 4;`
Packit	c4476c	`if (operation == SMIME_DECRYPT) {`
Packit	c4476c	`if (!PKCS7_decrypt(p7, key, recip, out, flags)) {`
Packit	c4476c	`BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`} else if (operation == SMIME_VERIFY) {`
Packit	c4476c	`STACK_OF(X509) *signers;`
Packit	c4476c	`if (PKCS7_verify(p7, other, store, indata, out, flags))`
Packit	c4476c	`BIO_printf(bio_err, "Verification successful\n");`
Packit	c4476c	`else {`
Packit	c4476c	`BIO_printf(bio_err, "Verification failure\n");`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`signers = PKCS7_get0_signers(p7, other, flags);`
Packit	c4476c	`if (!save_certs(signerfile, signers)) {`
Packit	c4476c	`BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);`
Packit	c4476c	`ret = 5;`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`sk_X509_free(signers);`
Packit	c4476c	`} else if (operation == SMIME_PK7OUT) {`
Packit	c4476c	`PEM_write_bio_PKCS7(out, p7);`
Packit	c4476c	`} else {`
Packit	c4476c	`if (to)`
Packit	c4476c	`BIO_printf(out, "To: %s%s", to, mime_eol);`
Packit	c4476c	`if (from)`
Packit	c4476c	`BIO_printf(out, "From: %s%s", from, mime_eol);`
Packit	c4476c	`if (subject)`
Packit	c4476c	`BIO_printf(out, "Subject: %s%s", subject, mime_eol);`
Packit	c4476c	`if (outformat == FORMAT_SMIME) {`
Packit	c4476c	`if (operation == SMIME_RESIGN)`
Packit	c4476c	`rv = SMIME_write_PKCS7(out, p7, indata, flags);`
Packit	c4476c	`else`
Packit	c4476c	`rv = SMIME_write_PKCS7(out, p7, in, flags);`
Packit	c4476c	`} else if (outformat == FORMAT_PEM) {`
Packit	c4476c	`rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);`
Packit	c4476c	`} else if (outformat == FORMAT_ASN1) {`
Packit	c4476c	`rv = i2d_PKCS7_bio_stream(out, p7, in, flags);`
Packit	c4476c	`} else {`
Packit	c4476c	`BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`if (rv == 0) {`
Packit	c4476c	`BIO_printf(bio_err, "Error writing output\n");`
Packit	c4476c	`ret = 3;`
Packit	c4476c	`goto end;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`ret = 0;`
Packit	c4476c	`end:`
Packit	c4476c	`if (ret)`
Packit	c4476c	`ERR_print_errors(bio_err);`
Packit	c4476c	`sk_X509_pop_free(encerts, X509_free);`
Packit	c4476c	`sk_X509_pop_free(other, X509_free);`
Packit	c4476c	`X509_VERIFY_PARAM_free(vpm);`
Packit	c4476c	`sk_OPENSSL_STRING_free(sksigners);`
Packit	c4476c	`sk_OPENSSL_STRING_free(skkeys);`
Packit	c4476c	`X509_STORE_free(store);`
Packit	c4476c	`X509_free(cert);`
Packit	c4476c	`X509_free(recip);`
Packit	c4476c	`X509_free(signer);`
Packit	c4476c	`EVP_PKEY_free(key);`
Packit	c4476c	`PKCS7_free(p7);`
Packit	c4476c	`release_engine(e);`
Packit	c4476c	`BIO_free(in);`
Packit	c4476c	`BIO_free(indata);`
Packit	c4476c	`BIO_free_all(out);`
Packit	c4476c	`OPENSSL_free(passin);`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int save_certs(char signerfile, STACK_OF(X509) signers)`
Packit	c4476c	`{`
Packit	c4476c	`int i;`
Packit	c4476c	`BIO *tmp;`
Packit	c4476c
Packit	c4476c	`if (signerfile == NULL)`
Packit	c4476c	`return 1;`
Packit	c4476c	`tmp = BIO_new_file(signerfile, "w");`
Packit	c4476c	`if (tmp == NULL)`
Packit	c4476c	`return 0;`
Packit	c4476c	`for (i = 0; i < sk_X509_num(signers); i++)`
Packit	c4476c	`PEM_write_bio_X509(tmp, sk_X509_value(signers, i));`
Packit	c4476c	`BIO_free(tmp);`
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Minimal callback just to output policy info (if any) */`
Packit	c4476c
Packit	c4476c	`static int smime_cb(int ok, X509_STORE_CTX *ctx)`
Packit	c4476c	`{`
Packit	c4476c	`int error;`
Packit	c4476c
Packit	c4476c	`error = X509_STORE_CTX_get_error(ctx);`
Packit	c4476c
Packit	c4476c	`if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)`
Packit	c4476c	`&& ((error != X509_V_OK) \|\| (ok != 2)))`
Packit	c4476c	`return ok;`
Packit	c4476c
Packit	c4476c	`policies_print(ctx);`
Packit	c4476c
Packit	c4476c	`return ok;`
Packit	c4476c	`}`

source-git / openssl

Source Code

Blame apps/smime.c