1 /* $OpenBSD: cms.c,v 1.17 2020/01/04 14:17:55 inoguchi Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5 /* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54 /* CMS utility function */
55
56 #include <stdio.h>
57 #include <string.h>
58
59 #include "apps.h"
60
61 #ifndef OPENSSL_NO_CMS
62
63 #include <openssl/crypto.h>
64 #include <openssl/err.h>
65 #include <openssl/pem.h>
66 #include <openssl/x509_vfy.h>
67 #include <openssl/x509v3.h>
68
69 #include <openssl/cms.h>
70
71 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
72 static int cms_cb(int ok, X509_STORE_CTX *ctx);
73 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
74 static CMS_ReceiptRequest *make_receipt_request(
75 STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
76 STACK_OF(OPENSSL_STRING) *rr_from);
77 static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
78 STACK_OF(OPENSSL_STRING) *param);
79
80 #define SMIME_OP 0x10
81 #define SMIME_IP 0x20
82 #define SMIME_SIGNERS 0x40
83 #define SMIME_ENCRYPT (1 | SMIME_OP)
84 #define SMIME_DECRYPT (2 | SMIME_IP)
85 #define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
86 #define SMIME_VERIFY (4 | SMIME_IP)
87 #define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
88 #define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
89 #define SMIME_DATAOUT (7 | SMIME_IP)
90 #define SMIME_DATA_CREATE (8 | SMIME_OP)
91 #define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
92 #define SMIME_DIGEST_CREATE (10 | SMIME_OP)
93 #define SMIME_UNCOMPRESS (11 | SMIME_IP)
94 #define SMIME_COMPRESS (12 | SMIME_OP)
95 #define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
96 #define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
97 #define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
98 #define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
99
100 int verify_err = 0;
101
102 struct cms_key_param {
103 int idx;
104 STACK_OF(OPENSSL_STRING) *param;
105 struct cms_key_param *next;
106 };
107
108 int
cms_main(int argc,char ** argv)109 cms_main(int argc, char **argv)
110 {
111 int operation = 0;
112 int ret = 0;
113 char **args;
114 const char *inmode = "r", *outmode = "w";
115 char *infile = NULL, *outfile = NULL, *rctfile = NULL;
116 char *signerfile = NULL, *recipfile = NULL;
117 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
118 char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
119 char *certsoutfile = NULL;
120 const EVP_CIPHER *cipher = NULL;
121 CMS_ContentInfo *cms = NULL, *rcms = NULL;
122 X509_STORE *store = NULL;
123 X509 *cert = NULL, *recip = NULL, *signer = NULL;
124 EVP_PKEY *key = NULL;
125 STACK_OF(X509) *encerts = NULL, *other = NULL;
126 BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
127 int badarg = 0;
128 int flags = CMS_DETACHED, noout = 0, print = 0;
129 int verify_retcode = 0;
130 int rr_print = 0, rr_allorfirst = -1;
131 STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
132 CMS_ReceiptRequest *rr = NULL;
133 char *to = NULL, *from = NULL, *subject = NULL;
134 char *CAfile = NULL, *CApath = NULL;
135 char *passargin = NULL, *passin = NULL;
136 const EVP_MD *sign_md = NULL;
137 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
138 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
139 unsigned char *secret_key = NULL, *secret_keyid = NULL;
140 unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
141 size_t secret_keylen = 0, secret_keyidlen = 0;
142
143 struct cms_key_param *key_first = NULL, *key_param = NULL;
144
145 ASN1_OBJECT *econtent_type = NULL;
146
147 X509_VERIFY_PARAM *vpm = NULL;
148
149 if (single_execution) {
150 if (pledge("stdio rpath wpath cpath tty", NULL) == -1) {
151 perror("pledge");
152 exit(1);
153 }
154 }
155
156 args = argv + 1;
157 ret = 1;
158
159 while (!badarg && *args && *args[0] == '-') {
160 if (!strcmp(*args, "-encrypt"))
161 operation = SMIME_ENCRYPT;
162 else if (!strcmp(*args, "-decrypt"))
163 operation = SMIME_DECRYPT;
164 else if (!strcmp(*args, "-sign"))
165 operation = SMIME_SIGN;
166 else if (!strcmp(*args, "-sign_receipt"))
167 operation = SMIME_SIGN_RECEIPT;
168 else if (!strcmp(*args, "-resign"))
169 operation = SMIME_RESIGN;
170 else if (!strcmp(*args, "-verify"))
171 operation = SMIME_VERIFY;
172 else if (!strcmp(*args, "-verify_retcode"))
173 verify_retcode = 1;
174 else if (!strcmp(*args, "-verify_receipt")) {
175 operation = SMIME_VERIFY_RECEIPT;
176 if (!args[1])
177 goto argerr;
178 args++;
179 rctfile = *args;
180 } else if (!strcmp(*args, "-cmsout"))
181 operation = SMIME_CMSOUT;
182 else if (!strcmp(*args, "-data_out"))
183 operation = SMIME_DATAOUT;
184 else if (!strcmp(*args, "-data_create"))
185 operation = SMIME_DATA_CREATE;
186 else if (!strcmp(*args, "-digest_verify"))
187 operation = SMIME_DIGEST_VERIFY;
188 else if (!strcmp(*args, "-digest_create"))
189 operation = SMIME_DIGEST_CREATE;
190 else if (!strcmp(*args, "-compress"))
191 operation = SMIME_COMPRESS;
192 else if (!strcmp(*args, "-uncompress"))
193 operation = SMIME_UNCOMPRESS;
194 else if (!strcmp(*args, "-EncryptedData_decrypt"))
195 operation = SMIME_ENCRYPTED_DECRYPT;
196 else if (!strcmp(*args, "-EncryptedData_encrypt"))
197 operation = SMIME_ENCRYPTED_ENCRYPT;
198 #ifndef OPENSSL_NO_DES
199 else if (!strcmp(*args, "-des3"))
200 cipher = EVP_des_ede3_cbc();
201 else if (!strcmp(*args, "-des"))
202 cipher = EVP_des_cbc();
203 #endif
204 #ifndef OPENSSL_NO_RC2
205 else if (!strcmp(*args, "-rc2-40"))
206 cipher = EVP_rc2_40_cbc();
207 else if (!strcmp(*args, "-rc2-128"))
208 cipher = EVP_rc2_cbc();
209 else if (!strcmp(*args, "-rc2-64"))
210 cipher = EVP_rc2_64_cbc();
211 #endif
212 #ifndef OPENSSL_NO_AES
213 else if (!strcmp(*args, "-aes128"))
214 cipher = EVP_aes_128_cbc();
215 else if (!strcmp(*args, "-aes192"))
216 cipher = EVP_aes_192_cbc();
217 else if (!strcmp(*args, "-aes256"))
218 cipher = EVP_aes_256_cbc();
219 #endif
220 #ifndef OPENSSL_NO_CAMELLIA
221 else if (!strcmp(*args, "-camellia128"))
222 cipher = EVP_camellia_128_cbc();
223 else if (!strcmp(*args, "-camellia192"))
224 cipher = EVP_camellia_192_cbc();
225 else if (!strcmp(*args, "-camellia256"))
226 cipher = EVP_camellia_256_cbc();
227 #endif
228 else if (!strcmp(*args, "-debug_decrypt"))
229 flags |= CMS_DEBUG_DECRYPT;
230 else if (!strcmp(*args, "-text"))
231 flags |= CMS_TEXT;
232 else if (!strcmp(*args, "-nointern"))
233 flags |= CMS_NOINTERN;
234 else if (!strcmp(*args, "-noverify") ||
235 !strcmp(*args, "-no_signer_cert_verify"))
236 flags |= CMS_NO_SIGNER_CERT_VERIFY;
237 else if (!strcmp(*args, "-nocerts"))
238 flags |= CMS_NOCERTS;
239 else if (!strcmp(*args, "-noattr"))
240 flags |= CMS_NOATTR;
241 else if (!strcmp(*args, "-nodetach"))
242 flags &= ~CMS_DETACHED;
243 else if (!strcmp(*args, "-nosmimecap"))
244 flags |= CMS_NOSMIMECAP;
245 else if (!strcmp(*args, "-binary"))
246 flags |= CMS_BINARY;
247 else if (!strcmp(*args, "-keyid"))
248 flags |= CMS_USE_KEYID;
249 else if (!strcmp(*args, "-nosigs"))
250 flags |= CMS_NOSIGS;
251 else if (!strcmp(*args, "-no_content_verify"))
252 flags |= CMS_NO_CONTENT_VERIFY;
253 else if (!strcmp(*args, "-no_attr_verify"))
254 flags |= CMS_NO_ATTR_VERIFY;
255 else if (!strcmp(*args, "-stream"))
256 flags |= CMS_STREAM;
257 else if (!strcmp(*args, "-indef"))
258 flags |= CMS_STREAM;
259 else if (!strcmp(*args, "-noindef"))
260 flags &= ~CMS_STREAM;
261 else if (!strcmp(*args, "-nooldmime"))
262 flags |= CMS_NOOLDMIMETYPE;
263 else if (!strcmp(*args, "-crlfeol"))
264 flags |= CMS_CRLFEOL;
265 else if (!strcmp(*args, "-noout"))
266 noout = 1;
267 else if (!strcmp(*args, "-receipt_request_print"))
268 rr_print = 1;
269 else if (!strcmp(*args, "-receipt_request_all"))
270 rr_allorfirst = 0;
271 else if (!strcmp(*args, "-receipt_request_first"))
272 rr_allorfirst = 1;
273 else if (!strcmp(*args, "-receipt_request_from")) {
274 if (!args[1])
275 goto argerr;
276 args++;
277 if (rr_from == NULL &&
278 (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
279 goto end;
280 if (!sk_OPENSSL_STRING_push(rr_from, *args))
281 goto end;
282 } else if (!strcmp(*args, "-receipt_request_to")) {
283 if (!args[1])
284 goto argerr;
285 args++;
286 if (rr_to == NULL &&
287 (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
288 goto end;
289 if (!sk_OPENSSL_STRING_push(rr_to, *args))
290 goto end;
291 } else if (!strcmp(*args, "-print")) {
292 noout = 1;
293 print = 1;
294 } else if (!strcmp(*args, "-secretkey")) {
295 long ltmp;
296 if (!args[1])
297 goto argerr;
298 args++;
299 secret_key = string_to_hex(*args, <mp);
300 if (!secret_key) {
301 BIO_printf(bio_err, "Invalid key %s\n", *args);
302 goto argerr;
303 }
304 secret_keylen = (size_t) ltmp;
305 } else if (!strcmp(*args, "-secretkeyid")) {
306 long ltmp;
307 if (!args[1])
308 goto argerr;
309 args++;
310 secret_keyid = string_to_hex(*args, <mp);
311 if (!secret_keyid) {
312 BIO_printf(bio_err, "Invalid id %s\n", *args);
313 goto argerr;
314 }
315 secret_keyidlen = (size_t) ltmp;
316 } else if (!strcmp(*args, "-pwri_password")) {
317 if (!args[1])
318 goto argerr;
319 args++;
320 pwri_pass = (unsigned char *) *args;
321 } else if (!strcmp(*args, "-econtent_type")) {
322 if (!args[1])
323 goto argerr;
324 args++;
325 econtent_type = OBJ_txt2obj(*args, 0);
326 if (!econtent_type) {
327 BIO_printf(bio_err, "Invalid OID %s\n", *args);
328 goto argerr;
329 }
330 }
331 else if (!strcmp(*args, "-passin")) {
332 if (!args[1])
333 goto argerr;
334 passargin = *++args;
335 } else if (!strcmp(*args, "-to")) {
336 if (!args[1])
337 goto argerr;
338 to = *++args;
339 } else if (!strcmp(*args, "-from")) {
340 if (!args[1])
341 goto argerr;
342 from = *++args;
343 } else if (!strcmp(*args, "-subject")) {
344 if (!args[1])
345 goto argerr;
346 subject = *++args;
347 } else if (!strcmp(*args, "-signer")) {
348 if (!args[1])
349 goto argerr;
350 /* If previous -signer argument add signer to list */
351
352 if (signerfile) {
353 if (sksigners == NULL &&
354 (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
355 goto end;
356 if (!sk_OPENSSL_STRING_push(sksigners, signerfile))
357 goto end;
358 if (!keyfile)
359 keyfile = signerfile;
360 if (skkeys == NULL &&
361 (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
362 goto end;
363 if (!sk_OPENSSL_STRING_push(skkeys, keyfile))
364 goto end;
365 keyfile = NULL;
366 }
367 signerfile = *++args;
368 } else if (!strcmp(*args, "-recip")) {
369 if (!args[1])
370 goto argerr;
371 if (operation == SMIME_ENCRYPT) {
372 if (encerts == NULL &&
373 (encerts = sk_X509_new_null()) == NULL)
374 goto end;
375 cert = load_cert(bio_err, *++args, FORMAT_PEM,
376 NULL, "recipient certificate file");
377 if (cert == NULL)
378 goto end;
379 if (!sk_X509_push(encerts, cert))
380 goto end;
381 cert = NULL;
382 } else {
383 recipfile = *++args;
384 }
385 } else if (!strcmp(*args, "-certsout")) {
386 if (!args[1])
387 goto argerr;
388 certsoutfile = *++args;
389 } else if (!strcmp(*args, "-md")) {
390 if (!args[1])
391 goto argerr;
392 sign_md = EVP_get_digestbyname(*++args);
393 if (sign_md == NULL) {
394 BIO_printf(bio_err, "Unknown digest %s\n",
395 *args);
396 goto argerr;
397 }
398 } else if (!strcmp(*args, "-inkey")) {
399 if (!args[1])
400 goto argerr;
401 /* If previous -inkey arument add signer to list */
402 if (keyfile) {
403 if (!signerfile) {
404 BIO_puts(bio_err,
405 "Illegal -inkey without -signer\n");
406 goto argerr;
407 }
408 if (sksigners == NULL &&
409 (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
410 goto end;
411 if (!sk_OPENSSL_STRING_push(sksigners, signerfile))
412 goto end;
413 signerfile = NULL;
414 if (skkeys == NULL &&
415 (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
416 goto end;
417 if (!sk_OPENSSL_STRING_push(skkeys, keyfile))
418 goto end;
419 }
420 keyfile = *++args;
421 } else if (!strcmp(*args, "-keyform")) {
422 if (!args[1])
423 goto argerr;
424 keyform = str2fmt(*++args);
425 } else if (!strcmp (*args, "-keyopt")) {
426 int keyidx = -1;
427 if (!args[1])
428 goto argerr;
429 if (operation == SMIME_ENCRYPT) {
430 if (encerts != NULL)
431 keyidx += sk_X509_num(encerts);
432 } else {
433 if (keyfile != NULL || signerfile != NULL)
434 keyidx++;
435 if (skkeys != NULL)
436 keyidx += sk_OPENSSL_STRING_num(skkeys);
437 }
438 if (keyidx < 0) {
439 BIO_printf(bio_err, "No key specified\n");
440 goto argerr;
441 }
442 if (key_param == NULL || key_param->idx != keyidx) {
443 struct cms_key_param *nparam;
444 if ((nparam = malloc(sizeof(struct cms_key_param))) == NULL)
445 goto end;
446 nparam->idx = keyidx;
447 if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL)
448 goto end;
449 nparam->next = NULL;
450 if (key_first == NULL)
451 key_first = nparam;
452 else
453 key_param->next = nparam;
454 key_param = nparam;
455 }
456 if (!sk_OPENSSL_STRING_push(key_param->param, *++args))
457 goto end;
458 } else if (!strcmp(*args, "-rctform")) {
459 if (!args[1])
460 goto argerr;
461 rctformat = str2fmt(*++args);
462 } else if (!strcmp(*args, "-certfile")) {
463 if (!args[1])
464 goto argerr;
465 certfile = *++args;
466 } else if (!strcmp(*args, "-CAfile")) {
467 if (!args[1])
468 goto argerr;
469 CAfile = *++args;
470 } else if (!strcmp(*args, "-CApath")) {
471 if (!args[1])
472 goto argerr;
473 CApath = *++args;
474 } else if (!strcmp(*args, "-in")) {
475 if (!args[1])
476 goto argerr;
477 infile = *++args;
478 } else if (!strcmp(*args, "-inform")) {
479 if (!args[1])
480 goto argerr;
481 informat = str2fmt(*++args);
482 } else if (!strcmp(*args, "-outform")) {
483 if (!args[1])
484 goto argerr;
485 outformat = str2fmt(*++args);
486 } else if (!strcmp(*args, "-out")) {
487 if (!args[1])
488 goto argerr;
489 outfile = *++args;
490 } else if (!strcmp(*args, "-content")) {
491 if (!args[1])
492 goto argerr;
493 contfile = *++args;
494 } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
495 continue;
496 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
497 badarg = 1;
498 args++;
499 }
500
501 if (((rr_allorfirst != -1) || rr_from) && !rr_to) {
502 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
503 goto argerr;
504 }
505 if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
506 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
507 goto argerr;
508 }
509 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
510 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
511 goto argerr;
512 }
513 if (operation & SMIME_SIGNERS) {
514 if (keyfile && !signerfile) {
515 BIO_puts(bio_err, "Illegal -inkey without -signer\n");
516 goto argerr;
517 }
518 /* Check to see if any final signer needs to be appended */
519 if (signerfile) {
520 if (sksigners == NULL &&
521 (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
522 goto end;
523 if (!sk_OPENSSL_STRING_push(sksigners, signerfile))
524 goto end;
525 if (skkeys == NULL &&
526 (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
527 goto end;
528 if (!keyfile)
529 keyfile = signerfile;
530 if (!sk_OPENSSL_STRING_push(skkeys, keyfile))
531 goto end;
532 }
533 if (!sksigners) {
534 BIO_printf(bio_err,
535 "No signer certificate specified\n");
536 badarg = 1;
537 }
538 signerfile = NULL;
539 keyfile = NULL;
540 } else if (operation == SMIME_DECRYPT) {
541 if (!recipfile && !keyfile && !secret_key && !pwri_pass) {
542 BIO_printf(bio_err,
543 "No recipient certificate or key specified\n");
544 badarg = 1;
545 }
546 } else if (operation == SMIME_ENCRYPT) {
547 if (!*args && !secret_key && !pwri_pass && !encerts) {
548 BIO_printf(bio_err,
549 "No recipient(s) certificate(s) specified\n");
550 badarg = 1;
551 }
552 } else if (!operation)
553 badarg = 1;
554
555 if (badarg) {
556 argerr:
557 BIO_printf(bio_err, "Usage cms [options] cert.pem ...\n");
558 BIO_printf(bio_err, "where options are\n");
559 BIO_printf(bio_err, "-encrypt encrypt message\n");
560 BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
561 BIO_printf(bio_err, "-sign sign message\n");
562 BIO_printf(bio_err, "-verify verify signed message\n");
563 BIO_printf(bio_err, "-cmsout output CMS structure\n");
564 #ifndef OPENSSL_NO_DES
565 BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
566 BIO_printf(bio_err, "-des encrypt with DES\n");
567 #endif
568 #ifndef OPENSSL_NO_RC2
569 BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
570 BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
571 BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
572 #endif
573 #ifndef OPENSSL_NO_AES
574 BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
575 BIO_printf(bio_err, " encrypt PEM output with cbc aes\n");
576 #endif
577 #ifndef OPENSSL_NO_CAMELLIA
578 BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
579 BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n");
580 #endif
581 BIO_printf(bio_err, "-nointern don't search certificates in message for signer\n");
582 BIO_printf(bio_err, "-nosigs don't verify message signature\n");
583 BIO_printf(bio_err, "-noverify don't verify signers certificate\n");
584 BIO_printf(bio_err, "-nocerts don't include signers certificate when signing\n");
585 BIO_printf(bio_err, "-nodetach use opaque signing\n");
586 BIO_printf(bio_err, "-noattr don't include any signed attributes\n");
587 BIO_printf(bio_err, "-binary don't translate message to text\n");
588 BIO_printf(bio_err, "-certfile file other certificates file\n");
589 BIO_printf(bio_err, "-certsout file certificate output file\n");
590 BIO_printf(bio_err, "-signer file signer certificate file\n");
591 BIO_printf(bio_err, "-recip file recipient certificate file for decryption\n");
592 BIO_printf(bio_err, "-keyid use subject key identifier\n");
593 BIO_printf(bio_err, "-in file input file\n");
594 BIO_printf(bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
595 BIO_printf(bio_err, "-inkey file input private key (if not signer or recipient)\n");
596 BIO_printf(bio_err, "-keyform arg input private key format (PEM)\n");
597 BIO_printf(bio_err, "-keyopt nm:v set public key parameters\n");
598 BIO_printf(bio_err, "-out file output file\n");
599 BIO_printf(bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
600 BIO_printf(bio_err, "-content file supply or override content for detached signature\n");
601 BIO_printf(bio_err, "-to addr to address\n");
602 BIO_printf(bio_err, "-from ad from address\n");
603 BIO_printf(bio_err, "-subject s subject\n");
604 BIO_printf(bio_err, "-text include or delete text MIME headers\n");
605 BIO_printf(bio_err, "-CApath dir trusted certificates directory\n");
606 BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
607 BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
608 BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
609 BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
610 BIO_printf(bio_err, "cert.pem recipient certificate(s) for encryption\n");
611 goto end;
612 }
613
614 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
615 BIO_printf(bio_err, "Error getting password\n");
616 goto end;
617 }
618 ret = 2;
619
620 if (!(operation & SMIME_SIGNERS))
621 flags &= ~CMS_DETACHED;
622
623 if (operation & SMIME_OP) {
624 if (outformat == FORMAT_ASN1)
625 outmode = "wb";
626 } else {
627 if (flags & CMS_BINARY)
628 outmode = "wb";
629 }
630
631 if (operation & SMIME_IP) {
632 if (informat == FORMAT_ASN1)
633 inmode = "rb";
634 } else {
635 if (flags & CMS_BINARY)
636 inmode = "rb";
637 }
638
639 if (operation == SMIME_ENCRYPT) {
640 if (!cipher) {
641 #ifndef OPENSSL_NO_DES
642 cipher = EVP_des_ede3_cbc();
643 #else
644 BIO_printf(bio_err, "No cipher selected\n");
645 goto end;
646 #endif
647 }
648 if (secret_key && !secret_keyid) {
649 BIO_printf(bio_err, "No secret key id\n");
650 goto end;
651 }
652 if (*args && encerts == NULL)
653 if ((encerts = sk_X509_new_null()) == NULL)
654 goto end;
655 while (*args) {
656 if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
657 NULL, "recipient certificate file")))
658 goto end;
659 if (!sk_X509_push(encerts, cert))
660 goto end;
661 cert = NULL;
662 args++;
663 }
664 }
665 if (certfile) {
666 if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
667 "certificate file"))) {
668 ERR_print_errors(bio_err);
669 goto end;
670 }
671 }
672 if (recipfile && (operation == SMIME_DECRYPT)) {
673 if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
674 "recipient certificate file"))) {
675 ERR_print_errors(bio_err);
676 goto end;
677 }
678 }
679 if (operation == SMIME_SIGN_RECEIPT) {
680 if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
681 "receipt signer certificate file"))) {
682 ERR_print_errors(bio_err);
683 goto end;
684 }
685 }
686 if (operation == SMIME_DECRYPT) {
687 if (!keyfile)
688 keyfile = recipfile;
689 } else if ((operation == SMIME_SIGN) ||
690 (operation == SMIME_SIGN_RECEIPT)) {
691 if (!keyfile)
692 keyfile = signerfile;
693 } else
694 keyfile = NULL;
695
696 if (keyfile) {
697 key = load_key(bio_err, keyfile, keyform, 0, passin,
698 "signing key file");
699 if (!key)
700 goto end;
701 }
702 if (infile) {
703 if (!(in = BIO_new_file(infile, inmode))) {
704 BIO_printf(bio_err,
705 "Can't open input file %s\n", infile);
706 goto end;
707 }
708 } else
709 in = BIO_new_fp(stdin, BIO_NOCLOSE);
710
711 if (operation & SMIME_IP) {
712 if (informat == FORMAT_SMIME)
713 cms = SMIME_read_CMS(in, &indata);
714 else if (informat == FORMAT_PEM)
715 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
716 else if (informat == FORMAT_ASN1)
717 cms = d2i_CMS_bio(in, NULL);
718 else {
719 BIO_printf(bio_err, "Bad input format for CMS file\n");
720 goto end;
721 }
722
723 if (!cms) {
724 BIO_printf(bio_err, "Error reading S/MIME message\n");
725 goto end;
726 }
727 if (contfile) {
728 BIO_free(indata);
729 if (!(indata = BIO_new_file(contfile, "rb"))) {
730 BIO_printf(bio_err,
731 "Can't read content file %s\n", contfile);
732 goto end;
733 }
734 }
735 if (certsoutfile) {
736 STACK_OF(X509) *allcerts;
737 if ((allcerts = CMS_get1_certs(cms)) == NULL)
738 goto end;
739 if (!save_certs(certsoutfile, allcerts)) {
740 BIO_printf(bio_err,
741 "Error writing certs to %s\n",
742 certsoutfile);
743 ret = 5;
744 goto end;
745 }
746 sk_X509_pop_free(allcerts, X509_free);
747 }
748 }
749 if (rctfile) {
750 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
751 if (!(rctin = BIO_new_file(rctfile, rctmode))) {
752 BIO_printf(bio_err,
753 "Can't open receipt file %s\n", rctfile);
754 goto end;
755 }
756 if (rctformat == FORMAT_SMIME)
757 rcms = SMIME_read_CMS(rctin, NULL);
758 else if (rctformat == FORMAT_PEM)
759 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
760 else if (rctformat == FORMAT_ASN1)
761 rcms = d2i_CMS_bio(rctin, NULL);
762 else {
763 BIO_printf(bio_err, "Bad input format for receipt\n");
764 goto end;
765 }
766
767 if (!rcms) {
768 BIO_printf(bio_err, "Error reading receipt\n");
769 goto end;
770 }
771 }
772 if (outfile) {
773 if (!(out = BIO_new_file(outfile, outmode))) {
774 BIO_printf(bio_err,
775 "Can't open output file %s\n", outfile);
776 goto end;
777 }
778 } else {
779 out = BIO_new_fp(stdout, BIO_NOCLOSE);
780 }
781
782 if ((operation == SMIME_VERIFY) ||
783 (operation == SMIME_VERIFY_RECEIPT)) {
784 if (!(store = setup_verify(bio_err, CAfile, CApath)))
785 goto end;
786 X509_STORE_set_verify_cb(store, cms_cb);
787 if (vpm)
788 X509_STORE_set1_param(store, vpm);
789 }
790 ret = 3;
791
792 if (operation == SMIME_DATA_CREATE) {
793 cms = CMS_data_create(in, flags);
794 } else if (operation == SMIME_DIGEST_CREATE) {
795 cms = CMS_digest_create(in, sign_md, flags);
796 } else if (operation == SMIME_COMPRESS) {
797 cms = CMS_compress(in, -1, flags);
798 } else if (operation == SMIME_ENCRYPT) {
799 int i;
800 flags |= CMS_PARTIAL;
801 cms = CMS_encrypt(NULL, in, cipher, flags);
802 if (cms == NULL)
803 goto end;
804 for (i = 0; i < sk_X509_num(encerts); i++) {
805 CMS_RecipientInfo *ri;
806 struct cms_key_param *kparam;
807 int tflags = flags;
808 X509 *x = sk_X509_value(encerts, i);
809 for (kparam = key_first; kparam; kparam = kparam->next) {
810 if (kparam->idx == i) {
811 tflags |= CMS_KEY_PARAM;
812 break;
813 }
814 }
815 ri = CMS_add1_recipient_cert(cms, x, tflags);
816 if (ri == NULL)
817 goto end;
818 if (kparam != NULL) {
819 EVP_PKEY_CTX *pctx;
820 if ((pctx = CMS_RecipientInfo_get0_pkey_ctx(ri)) == NULL)
821 goto end;
822 if (!cms_set_pkey_param(pctx, kparam->param))
823 goto end;
824 }
825 }
826
827 if (secret_key) {
828 if (!CMS_add0_recipient_key(cms, NID_undef, secret_key,
829 secret_keylen, secret_keyid, secret_keyidlen,
830 NULL, NULL, NULL))
831 goto end;
832 /* NULL these because call absorbs them */
833 secret_key = NULL;
834 secret_keyid = NULL;
835 }
836 if (pwri_pass) {
837 pwri_tmp = strdup(pwri_pass);
838 if (!pwri_tmp)
839 goto end;
840 if (!CMS_add0_recipient_password(cms, -1, NID_undef,
841 NID_undef, pwri_tmp, -1, NULL))
842 goto end;
843 pwri_tmp = NULL;
844 }
845 if (!(flags & CMS_STREAM)) {
846 if (!CMS_final(cms, in, NULL, flags))
847 goto end;
848 }
849 } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
850 cms = CMS_EncryptedData_encrypt(in, cipher, secret_key,
851 secret_keylen, flags);
852
853 } else if (operation == SMIME_SIGN_RECEIPT) {
854 CMS_ContentInfo *srcms = NULL;
855 STACK_OF(CMS_SignerInfo) *sis;
856 CMS_SignerInfo *si;
857 sis = CMS_get0_SignerInfos(cms);
858 if (!sis)
859 goto end;
860 si = sk_CMS_SignerInfo_value(sis, 0);
861 srcms = CMS_sign_receipt(si, signer, key, other, flags);
862 if (!srcms)
863 goto end;
864 CMS_ContentInfo_free(cms);
865 cms = srcms;
866 } else if (operation & SMIME_SIGNERS) {
867 int i;
868 /*
869 * If detached data content we enable streaming if S/MIME
870 * output format.
871 */
872 if (operation == SMIME_SIGN) {
873
874 if (flags & CMS_DETACHED) {
875 if (outformat == FORMAT_SMIME)
876 flags |= CMS_STREAM;
877 }
878 flags |= CMS_PARTIAL;
879 cms = CMS_sign(NULL, NULL, other, in, flags);
880 if (!cms)
881 goto end;
882 if (econtent_type)
883 if (!CMS_set1_eContentType(cms, econtent_type))
884 goto end;
885
886 if (rr_to) {
887 rr = make_receipt_request(rr_to, rr_allorfirst,
888 rr_from);
889 if (!rr) {
890 BIO_puts(bio_err,
891 "Signed Receipt Request Creation Error\n");
892 goto end;
893 }
894 }
895 } else
896 flags |= CMS_REUSE_DIGEST;
897 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
898 CMS_SignerInfo *si;
899 struct cms_key_param *kparam;
900 int tflags = flags;
901 signerfile = sk_OPENSSL_STRING_value(sksigners, i);
902 keyfile = sk_OPENSSL_STRING_value(skkeys, i);
903
904 signer = load_cert(bio_err, signerfile, FORMAT_PEM,
905 NULL, "signer certificate");
906 if (!signer)
907 goto end;
908 key = load_key(bio_err, keyfile, keyform, 0, passin,
909 "signing key file");
910 if (!key)
911 goto end;
912 for (kparam = key_first; kparam; kparam = kparam->next) {
913 if (kparam->idx == i) {
914 tflags |= CMS_KEY_PARAM;
915 break;
916 }
917 }
918 si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
919 if (si == NULL)
920 goto end;
921 if (kparam != NULL) {
922 EVP_PKEY_CTX *pctx;
923 if ((pctx = CMS_SignerInfo_get0_pkey_ctx(si)) == NULL)
924 goto end;
925 if (!cms_set_pkey_param(pctx, kparam->param))
926 goto end;
927 }
928 if (rr && !CMS_add1_ReceiptRequest(si, rr))
929 goto end;
930 X509_free(signer);
931 signer = NULL;
932 EVP_PKEY_free(key);
933 key = NULL;
934 }
935 /* If not streaming or resigning finalize structure */
936 if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
937 if (!CMS_final(cms, in, NULL, flags))
938 goto end;
939 }
940 }
941 if (!cms) {
942 BIO_printf(bio_err, "Error creating CMS structure\n");
943 goto end;
944 }
945 ret = 4;
946 if (operation == SMIME_DECRYPT) {
947 if (flags & CMS_DEBUG_DECRYPT)
948 CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
949
950 if (secret_key) {
951 if (!CMS_decrypt_set1_key(cms, secret_key,
952 secret_keylen, secret_keyid, secret_keyidlen)) {
953 BIO_puts(bio_err,
954 "Error decrypting CMS using secret key\n");
955 goto end;
956 }
957 }
958 if (key) {
959 if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
960 BIO_puts(bio_err,
961 "Error decrypting CMS using private key\n");
962 goto end;
963 }
964 }
965 if (pwri_pass) {
966 if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
967 BIO_puts(bio_err,
968 "Error decrypting CMS using password\n");
969 goto end;
970 }
971 }
972 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
973 BIO_printf(bio_err, "Error decrypting CMS structure\n");
974 goto end;
975 }
976 } else if (operation == SMIME_DATAOUT) {
977 if (!CMS_data(cms, out, flags))
978 goto end;
979 } else if (operation == SMIME_UNCOMPRESS) {
980 if (!CMS_uncompress(cms, indata, out, flags))
981 goto end;
982 } else if (operation == SMIME_DIGEST_VERIFY) {
983 if (CMS_digest_verify(cms, indata, out, flags) > 0)
984 BIO_printf(bio_err, "Verification successful\n");
985 else {
986 BIO_printf(bio_err, "Verification failure\n");
987 goto end;
988 }
989 } else if (operation == SMIME_ENCRYPTED_DECRYPT) {
990 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
991 indata, out, flags))
992 goto end;
993 } else if (operation == SMIME_VERIFY) {
994 if (CMS_verify(cms, other, store, indata, out, flags) > 0)
995 BIO_printf(bio_err, "Verification successful\n");
996 else {
997 BIO_printf(bio_err, "Verification failure\n");
998 if (verify_retcode)
999 ret = verify_err + 32;
1000 goto end;
1001 }
1002 if (signerfile) {
1003 STACK_OF(X509) *signers;
1004 if ((signers = CMS_get0_signers(cms)) == NULL)
1005 goto end;
1006 if (!save_certs(signerfile, signers)) {
1007 BIO_printf(bio_err,
1008 "Error writing signers to %s\n",
1009 signerfile);
1010 ret = 5;
1011 goto end;
1012 }
1013 sk_X509_free(signers);
1014 }
1015 if (rr_print)
1016 receipt_request_print(bio_err, cms);
1017
1018 } else if (operation == SMIME_VERIFY_RECEIPT) {
1019 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
1020 BIO_printf(bio_err, "Verification successful\n");
1021 else {
1022 BIO_printf(bio_err, "Verification failure\n");
1023 goto end;
1024 }
1025 } else {
1026 if (noout) {
1027 if (print &&
1028 !CMS_ContentInfo_print_ctx(out, cms, 0, NULL))
1029 goto end;
1030 } else if (outformat == FORMAT_SMIME) {
1031 if (to)
1032 BIO_printf(out, "To: %s\n", to);
1033 if (from)
1034 BIO_printf(out, "From: %s\n", from);
1035 if (subject)
1036 BIO_printf(out, "Subject: %s\n", subject);
1037 if (operation == SMIME_RESIGN)
1038 ret = SMIME_write_CMS(out, cms, indata, flags);
1039 else
1040 ret = SMIME_write_CMS(out, cms, in, flags);
1041 } else if (outformat == FORMAT_PEM)
1042 ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
1043 else if (outformat == FORMAT_ASN1)
1044 ret = i2d_CMS_bio_stream(out, cms, in, flags);
1045 else {
1046 BIO_printf(bio_err, "Bad output format for CMS file\n");
1047 goto end;
1048 }
1049 if (ret <= 0) {
1050 ret = 6;
1051 goto end;
1052 }
1053 }
1054 ret = 0;
1055
1056 end:
1057 if (ret)
1058 ERR_print_errors(bio_err);
1059
1060 sk_X509_pop_free(encerts, X509_free);
1061 sk_X509_pop_free(other, X509_free);
1062 X509_VERIFY_PARAM_free(vpm);
1063 sk_OPENSSL_STRING_free(sksigners);
1064 sk_OPENSSL_STRING_free(skkeys);
1065 free(secret_key);
1066 free(secret_keyid);
1067 free(pwri_tmp);
1068 ASN1_OBJECT_free(econtent_type);
1069 CMS_ReceiptRequest_free(rr);
1070 sk_OPENSSL_STRING_free(rr_to);
1071 sk_OPENSSL_STRING_free(rr_from);
1072 for (key_param = key_first; key_param;) {
1073 struct cms_key_param *tparam;
1074 sk_OPENSSL_STRING_free(key_param->param);
1075 tparam = key_param->next;
1076 free(key_param);
1077 key_param = tparam;
1078 }
1079 X509_STORE_free(store);
1080 X509_free(cert);
1081 X509_free(recip);
1082 X509_free(signer);
1083 EVP_PKEY_free(key);
1084 CMS_ContentInfo_free(cms);
1085 CMS_ContentInfo_free(rcms);
1086 BIO_free(rctin);
1087 BIO_free(in);
1088 BIO_free(indata);
1089 BIO_free_all(out);
1090 free(passin);
1091
1092 return (ret);
1093 }
1094
1095 static int
save_certs(char * signerfile,STACK_OF (X509)* signers)1096 save_certs(char *signerfile, STACK_OF(X509) *signers)
1097 {
1098 int i;
1099 BIO *tmp;
1100
1101 if (!signerfile)
1102 return 1;
1103 tmp = BIO_new_file(signerfile, "w");
1104 if (!tmp)
1105 return 0;
1106 for (i = 0; i < sk_X509_num(signers); i++)
1107 PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
1108 BIO_free(tmp);
1109 return 1;
1110 }
1111
1112 /* Minimal callback just to output policy info (if any) */
1113
1114 static int
cms_cb(int ok,X509_STORE_CTX * ctx)1115 cms_cb(int ok, X509_STORE_CTX *ctx)
1116 {
1117 int error;
1118
1119 error = X509_STORE_CTX_get_error(ctx);
1120
1121 verify_err = error;
1122
1123 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) &&
1124 ((error != X509_V_OK) || (ok != 2)))
1125 return ok;
1126
1127 policies_print(NULL, ctx);
1128
1129 return ok;
1130 }
1131
1132 static void
gnames_stack_print(BIO * out,STACK_OF (GENERAL_NAMES)* gns)1133 gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
1134 {
1135 STACK_OF(GENERAL_NAME) *gens;
1136 GENERAL_NAME *gen;
1137 int i, j;
1138
1139 for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
1140 gens = sk_GENERAL_NAMES_value(gns, i);
1141 for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
1142 gen = sk_GENERAL_NAME_value(gens, j);
1143 BIO_puts(out, " ");
1144 GENERAL_NAME_print(out, gen);
1145 BIO_puts(out, "\n");
1146 }
1147 }
1148 return;
1149 }
1150
1151 static void
receipt_request_print(BIO * out,CMS_ContentInfo * cms)1152 receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1153 {
1154 STACK_OF(CMS_SignerInfo) *sis;
1155 CMS_SignerInfo *si;
1156 CMS_ReceiptRequest *rr;
1157 int allorfirst;
1158 STACK_OF(GENERAL_NAMES) *rto, *rlist;
1159 ASN1_STRING *scid;
1160 int i, rv;
1161
1162 if ((sis = CMS_get0_SignerInfos(cms)) == NULL)
1163 return;
1164 for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
1165 si = sk_CMS_SignerInfo_value(sis, i);
1166 rv = CMS_get1_ReceiptRequest(si, &rr);
1167 BIO_printf(bio_err, "Signer %d:\n", i + 1);
1168 if (rv == 0)
1169 BIO_puts(bio_err, " No Receipt Request\n");
1170 else if (rv < 0) {
1171 BIO_puts(bio_err, " Receipt Request Parse Error\n");
1172 ERR_print_errors(bio_err);
1173 } else {
1174 char *id;
1175 int idlen;
1176 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1177 &rlist, &rto);
1178 BIO_puts(out, " Signed Content ID:\n");
1179 idlen = ASN1_STRING_length(scid);
1180 id = (char *) ASN1_STRING_data(scid);
1181 BIO_dump_indent(out, id, idlen, 4);
1182 BIO_puts(out, " Receipts From");
1183 if (rlist) {
1184 BIO_puts(out, " List:\n");
1185 gnames_stack_print(out, rlist);
1186 } else if (allorfirst == 1)
1187 BIO_puts(out, ": First Tier\n");
1188 else if (allorfirst == 0)
1189 BIO_puts(out, ": All\n");
1190 else
1191 BIO_printf(out, " Unknown (%d)\n", allorfirst);
1192 BIO_puts(out, " Receipts To:\n");
1193 gnames_stack_print(out, rto);
1194 }
1195 if (rr)
1196 CMS_ReceiptRequest_free(rr);
1197 }
1198 }
1199
STACK_OF(GENERAL_NAMES)1200 static STACK_OF(GENERAL_NAMES) *
1201 make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1202 {
1203 int i;
1204 STACK_OF(GENERAL_NAMES) *ret;
1205 GENERAL_NAMES *gens = NULL;
1206 GENERAL_NAME *gen = NULL;
1207 if ((ret = sk_GENERAL_NAMES_new_null()) == NULL)
1208 goto err;
1209 for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
1210 char *str = sk_OPENSSL_STRING_value(ns, i);
1211 gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
1212 if (!gen)
1213 goto err;
1214 gens = GENERAL_NAMES_new();
1215 if (!gens)
1216 goto err;
1217 if (!sk_GENERAL_NAME_push(gens, gen))
1218 goto err;
1219 gen = NULL;
1220 if (!sk_GENERAL_NAMES_push(ret, gens))
1221 goto err;
1222 gens = NULL;
1223 }
1224
1225 return ret;
1226
1227 err:
1228 sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
1229 GENERAL_NAMES_free(gens);
1230 GENERAL_NAME_free(gen);
1231
1232 return NULL;
1233 }
1234
1235
1236 static CMS_ReceiptRequest *
make_receipt_request(STACK_OF (OPENSSL_STRING)* rr_to,int rr_allorfirst,STACK_OF (OPENSSL_STRING)* rr_from)1237 make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
1238 STACK_OF(OPENSSL_STRING) *rr_from)
1239 {
1240 STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
1241 CMS_ReceiptRequest *rr;
1242
1243 rct_to = make_names_stack(rr_to);
1244 if (!rct_to)
1245 goto err;
1246 if (rr_from) {
1247 rct_from = make_names_stack(rr_from);
1248 if (!rct_from)
1249 goto err;
1250 } else
1251 rct_from = NULL;
1252
1253 if ((rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1254 rct_to)) == NULL)
1255 goto err;
1256
1257 return rr;
1258
1259 err:
1260 return NULL;
1261 }
1262
1263 static int
cms_set_pkey_param(EVP_PKEY_CTX * pctx,STACK_OF (OPENSSL_STRING)* param)1264 cms_set_pkey_param(EVP_PKEY_CTX *pctx, STACK_OF(OPENSSL_STRING) *param)
1265 {
1266 char *keyopt;
1267 int i;
1268
1269 if (sk_OPENSSL_STRING_num(param) <= 0)
1270 return 1;
1271 for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) {
1272 keyopt = sk_OPENSSL_STRING_value(param, i);
1273 if (pkey_ctrl_string(pctx, keyopt) <= 0) {
1274 BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt);
1275 ERR_print_errors(bio_err);
1276 return 0;
1277 }
1278 }
1279 return 1;
1280 }
1281
1282 #endif
1283