smime.c@ 96441

Last change on this file since 96441 was 94082, checked in by vboxsync, 3 years ago
libs/openssl-3.0.1: started applying and adjusting our OpenSSL changes to 3.0.1. bugref:10128
File size: 22.6 KB

Line
1	/*
2	* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/* S/MIME utility function */
11
12	#include <stdio.h>
13	#include <string.h>
14	#include "apps.h"
15	#include "progs.h"
16	#include <openssl/crypto.h>
17	#include <openssl/pem.h>
18	#include <openssl/err.h>
19	#include <openssl/x509_vfy.h>
20	#include <openssl/x509v3.h>
21
22	static int save_certs(char signerfile, STACK_OF(X509) signers);
23	static int smime_cb(int ok, X509_STORE_CTX *ctx);
24
25	#define SMIME_OP 0x10
26	#define SMIME_IP 0x20
27	#define SMIME_SIGNERS 0x40
28	#define SMIME_ENCRYPT (1 \| SMIME_OP)
29	#define SMIME_DECRYPT (2 \| SMIME_IP)
30	#define SMIME_SIGN (3 \| SMIME_OP \| SMIME_SIGNERS)
31	#define SMIME_VERIFY (4 \| SMIME_IP)
32	#define SMIME_PK7OUT (5 \| SMIME_IP \| SMIME_OP)
33	#define SMIME_RESIGN (6 \| SMIME_IP \| SMIME_OP \| SMIME_SIGNERS)
34
35	typedef enum OPTION_choice {
36	OPT_COMMON,
37	OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
38	OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
39	OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
40	OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
41	OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,
42	OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
43	OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
44	OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE, OPT_NOCAPATH, OPT_NOCASTORE,
45	OPT_R_ENUM, OPT_PROV_ENUM, OPT_CONFIG,
46	OPT_V_ENUM,
47	OPT_IN, OPT_INFORM, OPT_OUT,
48	OPT_OUTFORM, OPT_CONTENT
49	} OPTION_CHOICE;
50
51	const OPTIONS smime_options[] = {
52	{OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
53
54	OPT_SECTION("General"),
55	{"help", OPT_HELP, '-', "Display this summary"},
56	{"in", OPT_IN, '<', "Input file"},
57	{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
58	{"out", OPT_OUT, '>', "Output file"},
59	{"outform", OPT_OUTFORM, 'c',
60	"Output format SMIME (default), PEM or DER"},
61	{"inkey", OPT_INKEY, 's',
62	"Input private key (if not signer or recipient)"},
63	{"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"},
64	#ifndef OPENSSL_NO_ENGINE
65	{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
66	#endif
67	{"stream", OPT_STREAM, '-', "Enable CMS streaming" },
68	{"indef", OPT_INDEF, '-', "Same as -stream" },
69	{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
70	OPT_CONFIG_OPTION,
71
72	OPT_SECTION("Action"),
73	{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
74	{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
75	{"sign", OPT_SIGN, '-', "Sign message"},
76	{"resign", OPT_RESIGN, '-', "Resign a signed message"},
77	{"verify", OPT_VERIFY, '-', "Verify signed message"},
78
79	OPT_SECTION("Signing/Encryption"),
80	{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
81	{"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
82	{"", OPT_CIPHER, '-', "Any supported cipher"},
83	{"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
84	{"nointern", OPT_NOINTERN, '-',
85	"Don't search certificates in message for signer"},
86	{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
87	{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
88	{"binary", OPT_BINARY, '-', "Don't translate message to text"},
89	{"signer", OPT_SIGNER, 's', "Signer certificate file"},
90	{"content", OPT_CONTENT, '<',
91	"Supply or override content for detached signature"},
92	{"nocerts", OPT_NOCERTS, '-',
93	"Don't include signers certificate when signing"},
94
95	OPT_SECTION("Verification/Decryption"),
96	{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
97	{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
98
99	{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
100	{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
101
102	OPT_SECTION("Email"),
103	{"to", OPT_TO, 's', "To address"},
104	{"from", OPT_FROM, 's', "From address"},
105	{"subject", OPT_SUBJECT, 's', "Subject"},
106	{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
107	{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
108
109	OPT_SECTION("Certificate chain"),
110	{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
111	{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
112	{"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"},
113	{"no-CAfile", OPT_NOCAFILE, '-',
114	"Do not load the default certificates file"},
115	{"no-CApath", OPT_NOCAPATH, '-',
116	"Do not load certificates from the default certificates directory"},
117	{"no-CAstore", OPT_NOCASTORE, '-',
118	"Do not load certificates from the default certificates store"},
119	{"nochain", OPT_NOCHAIN, '-',
120	"set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
121	{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
122
123	OPT_R_OPTIONS,
124	OPT_V_OPTIONS,
125	OPT_PROV_OPTIONS,
126
127	OPT_PARAMETERS(),
128	{"cert", 0, 0, "Recipient certs, used when encrypting"},
129	{NULL}
130	};
131
132	int smime_main(int argc, char **argv)
133	{
134	CONF *conf = NULL;
135	BIO in = NULL, out = NULL, *indata = NULL;
136	EVP_PKEY *key = NULL;
137	PKCS7 *p7 = NULL;
138	STACK_OF(OPENSSL_STRING) sksigners = NULL, skkeys = NULL;
139	STACK_OF(X509) encerts = NULL, other = NULL;
140	X509 cert = NULL, recip = NULL, *signer = NULL;
141	X509_STORE *store = NULL;
142	X509_VERIFY_PARAM *vpm = NULL;
143	EVP_CIPHER *cipher = NULL;
144	EVP_MD *sign_md = NULL;
145	const char CAfile = NULL, CApath = NULL, CAstore = NULL, prog = NULL;
146	char certfile = NULL, keyfile = NULL, *contfile = NULL;
147	char infile = NULL, outfile = NULL, signerfile = NULL, recipfile = NULL;
148	char passinarg = NULL, passin = NULL, to = NULL, from = NULL;
149	char subject = NULL, digestname = NULL, *ciphername = NULL;
150	OPTION_CHOICE o;
151	int noCApath = 0, noCAfile = 0, noCAstore = 0;
152	int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
153	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
154	FORMAT_UNDEF;
155	int vpmtouched = 0, rv = 0;
156	ENGINE *e = NULL;
157	const char *mime_eol = "\n";
158	OSSL_LIB_CTX *libctx = app_get0_libctx();
159
160	if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
161	return 1;
162
163	prog = opt_init(argc, argv, smime_options);
164	while ((o = opt_next()) != OPT_EOF) {
165	switch (o) {
166	case OPT_EOF:
167	case OPT_ERR:
168	opthelp:
169	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
170	goto end;
171	case OPT_HELP:
172	opt_help(smime_options);
173	ret = 0;
174	goto end;
175	case OPT_INFORM:
176	if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
177	goto opthelp;
178	break;
179	case OPT_IN:
180	infile = opt_arg();
181	break;
182	case OPT_OUTFORM:
183	if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
184	goto opthelp;
185	break;
186	case OPT_OUT:
187	outfile = opt_arg();
188	break;
189	case OPT_ENCRYPT:
190	operation = SMIME_ENCRYPT;
191	break;
192	case OPT_DECRYPT:
193	operation = SMIME_DECRYPT;
194	break;
195	case OPT_SIGN:
196	operation = SMIME_SIGN;
197	break;
198	case OPT_RESIGN:
199	operation = SMIME_RESIGN;
200	break;
201	case OPT_VERIFY:
202	operation = SMIME_VERIFY;
203	break;
204	case OPT_PK7OUT:
205	operation = SMIME_PK7OUT;
206	break;
207	case OPT_TEXT:
208	flags \|= PKCS7_TEXT;
209	break;
210	case OPT_NOINTERN:
211	flags \|= PKCS7_NOINTERN;
212	break;
213	case OPT_NOVERIFY:
214	flags \|= PKCS7_NOVERIFY;
215	break;
216	case OPT_NOCHAIN:
217	flags \|= PKCS7_NOCHAIN;
218	break;
219	case OPT_NOCERTS:
220	flags \|= PKCS7_NOCERTS;
221	break;
222	case OPT_NOATTR:
223	flags \|= PKCS7_NOATTR;
224	break;
225	case OPT_NODETACH:
226	flags &= ~PKCS7_DETACHED;
227	break;
228	case OPT_NOSMIMECAP:
229	flags \|= PKCS7_NOSMIMECAP;
230	break;
231	case OPT_BINARY:
232	flags \|= PKCS7_BINARY;
233	break;
234	case OPT_NOSIGS:
235	flags \|= PKCS7_NOSIGS;
236	break;
237	case OPT_STREAM:
238	case OPT_INDEF:
239	indef = 1;
240	break;
241	case OPT_NOINDEF:
242	indef = 0;
243	break;
244	case OPT_CRLFEOL:
245	flags \|= PKCS7_CRLFEOL;
246	mime_eol = "\r\n";
247	break;
248	case OPT_R_CASES:
249	if (!opt_rand(o))
250	goto end;
251	break;
252	case OPT_PROV_CASES:
253	if (!opt_provider(o))
254	goto end;
255	break;
256	case OPT_CONFIG:
257	conf = app_load_config_modules(opt_arg());
258	if (conf == NULL)
259	goto end;
260	break;
261	case OPT_ENGINE:
262	e = setup_engine(opt_arg(), 0);
263	break;
264	case OPT_PASSIN:
265	passinarg = opt_arg();
266	break;
267	case OPT_TO:
268	to = opt_arg();
269	break;
270	case OPT_FROM:
271	from = opt_arg();
272	break;
273	case OPT_SUBJECT:
274	subject = opt_arg();
275	break;
276	case OPT_SIGNER:
277	/* If previous -signer argument add signer to list */
278	if (signerfile != NULL) {
279	if (sksigners == NULL
280	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
281	goto end;
282	sk_OPENSSL_STRING_push(sksigners, signerfile);
283	if (keyfile == NULL)
284	keyfile = signerfile;
285	if (skkeys == NULL
286	&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
287	goto end;
288	sk_OPENSSL_STRING_push(skkeys, keyfile);
289	keyfile = NULL;
290	}
291	signerfile = opt_arg();
292	break;
293	case OPT_RECIP:
294	recipfile = opt_arg();
295	break;
296	case OPT_MD:
297	digestname = opt_arg();
298	break;
299	case OPT_CIPHER:
300	ciphername = opt_unknown();
301	break;
302	case OPT_INKEY:
303	/* If previous -inkey argument add signer to list */
304	if (keyfile != NULL) {
305	if (signerfile == NULL) {
306	BIO_printf(bio_err,
307	"%s: Must have -signer before -inkey\n", prog);
308	goto opthelp;
309	}
310	if (sksigners == NULL
311	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
312	goto end;
313	sk_OPENSSL_STRING_push(sksigners, signerfile);
314	signerfile = NULL;
315	if (skkeys == NULL
316	&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
317	goto end;
318	sk_OPENSSL_STRING_push(skkeys, keyfile);
319	}
320	keyfile = opt_arg();
321	break;
322	case OPT_KEYFORM:
323	if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
324	goto opthelp;
325	break;
326	case OPT_CERTFILE:
327	certfile = opt_arg();
328	break;
329	case OPT_CAFILE:
330	CAfile = opt_arg();
331	break;
332	case OPT_CAPATH:
333	CApath = opt_arg();
334	break;
335	case OPT_CASTORE:
336	CAstore = opt_arg();
337	break;
338	case OPT_NOCAFILE:
339	noCAfile = 1;
340	break;
341	case OPT_NOCAPATH:
342	noCApath = 1;
343	break;
344	case OPT_NOCASTORE:
345	noCAstore = 1;
346	break;
347	case OPT_CONTENT:
348	contfile = opt_arg();
349	break;
350	case OPT_V_CASES:
351	if (!opt_verify(o, vpm))
352	goto opthelp;
353	vpmtouched++;
354	break;
355	}
356	}
357
358	/* Extra arguments are files with recipient keys. */
359	argc = opt_num_rest();
360	argv = opt_rest();
361
362	if (!app_RAND_load())
363	goto end;
364
365	if (digestname != NULL) {
366	if (!opt_md(digestname, &sign_md))
367	goto opthelp;
368	}
369	if (ciphername != NULL) {
370	if (!opt_cipher_any(ciphername, &cipher))
371	goto opthelp;
372	}
373	if (!(operation & SMIME_SIGNERS) && (skkeys != NULL \|\| sksigners != NULL)) {
374	BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
375	goto opthelp;
376	}
377	if (!operation) {
378	BIO_puts(bio_err,
379	"No operation (-encrypt\|-sign\|...) specified\n");
380	goto opthelp;
381	}
382
383	if (operation & SMIME_SIGNERS) {
384	/* Check to see if any final signer needs to be appended */
385	if (keyfile && !signerfile) {
386	BIO_puts(bio_err, "Illegal -inkey without -signer\n");
387	goto opthelp;
388	}
389	if (signerfile != NULL) {
390	if (sksigners == NULL
391	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
392	goto end;
393	sk_OPENSSL_STRING_push(sksigners, signerfile);
394	if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
395	goto end;
396	if (!keyfile)
397	keyfile = signerfile;
398	sk_OPENSSL_STRING_push(skkeys, keyfile);
399	}
400	if (sksigners == NULL) {
401	BIO_printf(bio_err, "No signer certificate specified\n");
402	goto opthelp;
403	}
404	signerfile = NULL;
405	keyfile = NULL;
406	} else if (operation == SMIME_DECRYPT) {
407	if (recipfile == NULL && keyfile == NULL) {
408	BIO_printf(bio_err,
409	"No recipient certificate or key specified\n");
410	goto opthelp;
411	}
412	} else if (operation == SMIME_ENCRYPT) {
413	if (argc == 0) {
414	BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
415	goto opthelp;
416	}
417	}
418
419	if (!app_passwd(passinarg, NULL, &passin, NULL)) {
420	BIO_printf(bio_err, "Error getting password\n");
421	goto end;
422	}
423
424	ret = 2;
425
426	if (!(operation & SMIME_SIGNERS))
427	flags &= ~PKCS7_DETACHED;
428
429	if (!(operation & SMIME_OP)) {
430	if (flags & PKCS7_BINARY)
431	outformat = FORMAT_BINARY;
432	}
433
434	if (!(operation & SMIME_IP)) {
435	if (flags & PKCS7_BINARY)
436	informat = FORMAT_BINARY;
437	}
438
439	if (operation == SMIME_ENCRYPT) {
440	if (cipher == NULL) {
441	#ifndef OPENSSL_NO_DES
442	cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
443	#else
444	BIO_printf(bio_err, "No cipher selected\n");
445	goto end;
446	#endif
447	}
448	encerts = sk_X509_new_null();
449	if (encerts == NULL)
450	goto end;
451	while (*argv != NULL) {
452	cert = load_cert(*argv, FORMAT_UNDEF,
453	"recipient certificate file");
454	if (cert == NULL)
455	goto end;
456	sk_X509_push(encerts, cert);
457	cert = NULL;
458	argv++;
459	}
460	}
461
462	if (certfile != NULL) {
463	if (!load_certs(certfile, 0, &other, NULL, "certificates")) {
464	ERR_print_errors(bio_err);
465	goto end;
466	}
467	}
468
469	if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
470	if ((recip = load_cert(recipfile, FORMAT_UNDEF,
471	"recipient certificate file")) == NULL) {
472	ERR_print_errors(bio_err);
473	goto end;
474	}
475	}
476
477	if (operation == SMIME_DECRYPT) {
478	if (keyfile == NULL)
479	keyfile = recipfile;
480	} else if (operation == SMIME_SIGN) {
481	if (keyfile == NULL)
482	keyfile = signerfile;
483	} else {
484	keyfile = NULL;
485	}
486
487	if (keyfile != NULL) {
488	key = load_key(keyfile, keyform, 0, passin, e, "signing key");
489	if (key == NULL)
490	goto end;
491	}
492
493	in = bio_open_default(infile, 'r', informat);
494	if (in == NULL)
495	goto end;
496
497	if (operation & SMIME_IP) {
498	PKCS7 *p7_in = NULL;
499
500	p7 = PKCS7_new_ex(libctx, app_get0_propq());
501	if (p7 == NULL) {
502	BIO_printf(bio_err, "Error allocating PKCS7 object\n");
503	goto end;
504	}
505	if (informat == FORMAT_SMIME) {
506	p7_in = SMIME_read_PKCS7_ex(in, &indata, &p7);
507	} else if (informat == FORMAT_PEM) {
508	p7_in = PEM_read_bio_PKCS7(in, &p7, NULL, NULL);
509	} else if (informat == FORMAT_ASN1) {
510	p7_in = d2i_PKCS7_bio(in, &p7);
511	} else {
512	BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
513	goto end;
514	}
515
516	if (p7_in == NULL) {
517	BIO_printf(bio_err, "Error reading S/MIME message\n");
518	goto end;
519	}
520	if (contfile != NULL) {
521	BIO_free(indata);
522	if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
523	BIO_printf(bio_err, "Can't read content file %s\n", contfile);
524	goto end;
525	}
526	}
527	}
528
529	out = bio_open_default(outfile, 'w', outformat);
530	if (out == NULL)
531	goto end;
532
533	if (operation == SMIME_VERIFY) {
534	if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath,
535	CAstore, noCAstore)) == NULL)
536	goto end;
537	X509_STORE_set_verify_cb(store, smime_cb);
538	if (vpmtouched)
539	X509_STORE_set1_param(store, vpm);
540	}
541
542	ret = 3;
543
544	if (operation == SMIME_ENCRYPT) {
545	if (indef)
546	flags \|= PKCS7_STREAM;
547	p7 = PKCS7_encrypt_ex(encerts, in, cipher, flags, libctx, app_get0_propq());
548	} else if (operation & SMIME_SIGNERS) {
549	int i;
550	/*
551	* If detached data content we only enable streaming if S/MIME output
552	* format.
553	*/
554	if (operation == SMIME_SIGN) {
555	if (flags & PKCS7_DETACHED) {
556	if (outformat == FORMAT_SMIME)
557	flags \|= PKCS7_STREAM;
558	} else if (indef) {
559	flags \|= PKCS7_STREAM;
560	}
561	flags \|= PKCS7_PARTIAL;
562	p7 = PKCS7_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq());
563	if (p7 == NULL)
564	goto end;
565	if (flags & PKCS7_NOCERTS) {
566	for (i = 0; i < sk_X509_num(other); i++) {
567	X509 *x = sk_X509_value(other, i);
568	PKCS7_add_certificate(p7, x);
569	}
570	}
571	} else {
572	flags \|= PKCS7_REUSE_DIGEST;
573	}
574	for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
575	signerfile = sk_OPENSSL_STRING_value(sksigners, i);
576	keyfile = sk_OPENSSL_STRING_value(skkeys, i);
577	signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate");
578	if (signer == NULL)
579	goto end;
580	key = load_key(keyfile, keyform, 0, passin, e, "signing key");
581	if (key == NULL)
582	goto end;
583
584	if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
585	goto end;
586	X509_free(signer);
587	signer = NULL;
588	EVP_PKEY_free(key);
589	key = NULL;
590	}
591	/* If not streaming or resigning finalize structure */
592	if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
593	if (!PKCS7_final(p7, in, flags))
594	goto end;
595	}
596	}
597
598	if (p7 == NULL) {
599	BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
600	goto end;
601	}
602
603	ret = 4;
604	if (operation == SMIME_DECRYPT) {
605	if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
606	BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
607	goto end;
608	}
609	} else if (operation == SMIME_VERIFY) {
610	STACK_OF(X509) *signers;
611	if (PKCS7_verify(p7, other, store, indata, out, flags))
612	BIO_printf(bio_err, "Verification successful\n");
613	else {
614	BIO_printf(bio_err, "Verification failure\n");
615	goto end;
616	}
617	signers = PKCS7_get0_signers(p7, other, flags);
618	if (!save_certs(signerfile, signers)) {
619	BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
620	ret = 5;
621	goto end;
622	}
623	sk_X509_free(signers);
624	} else if (operation == SMIME_PK7OUT) {
625	PEM_write_bio_PKCS7(out, p7);
626	} else {
627	if (to)
628	BIO_printf(out, "To: %s%s", to, mime_eol);
629	if (from)
630	BIO_printf(out, "From: %s%s", from, mime_eol);
631	if (subject)
632	BIO_printf(out, "Subject: %s%s", subject, mime_eol);
633	if (outformat == FORMAT_SMIME) {
634	if (operation == SMIME_RESIGN)
635	rv = SMIME_write_PKCS7(out, p7, indata, flags);
636	else
637	rv = SMIME_write_PKCS7(out, p7, in, flags);
638	} else if (outformat == FORMAT_PEM) {
639	rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
640	} else if (outformat == FORMAT_ASN1) {
641	rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
642	} else {
643	BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
644	goto end;
645	}
646	if (rv == 0) {
647	BIO_printf(bio_err, "Error writing output\n");
648	ret = 3;
649	goto end;
650	}
651	}
652	ret = 0;
653	end:
654	if (ret)
655	ERR_print_errors(bio_err);
656	sk_X509_pop_free(encerts, X509_free);
657	sk_X509_pop_free(other, X509_free);
658	X509_VERIFY_PARAM_free(vpm);
659	sk_OPENSSL_STRING_free(sksigners);
660	sk_OPENSSL_STRING_free(skkeys);
661	X509_STORE_free(store);
662	X509_free(cert);
663	X509_free(recip);
664	X509_free(signer);
665	EVP_PKEY_free(key);
666	EVP_MD_free(sign_md);
667	EVP_CIPHER_free(cipher);
668	PKCS7_free(p7);
669	release_engine(e);
670	BIO_free(in);
671	BIO_free(indata);
672	BIO_free_all(out);
673	OPENSSL_free(passin);
674	NCONF_free(conf);
675	return ret;
676	}
677
678	static int save_certs(char signerfile, STACK_OF(X509) signers)
679	{
680	int i;
681	BIO *tmp;
682
683	if (signerfile == NULL)
684	return 1;
685	tmp = BIO_new_file(signerfile, "w");
686	if (tmp == NULL)
687	return 0;
688	for (i = 0; i < sk_X509_num(signers); i++)
689	PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
690	BIO_free(tmp);
691	return 1;
692	}
693
694	/* Minimal callback just to output policy info (if any) */
695
696	static int smime_cb(int ok, X509_STORE_CTX *ctx)
697	{
698	int error;
699
700	error = X509_STORE_CTX_get_error(ctx);
701
702	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
703	&& ((error != X509_V_OK) \|\| (ok != 2)))
704	return ok;
705
706	policies_print(ctx);
707
708	return ok;
709	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.0.3/apps/smime.c@ 96441

Download in other formats: