OpenSSL  1.0.1c
 All Classes Files Functions Variables Typedefs Enumerations Enumerator Macros
cms.c
Go to the documentation of this file.
1 /* apps/cms.c */
2 /* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL
3  * project.
4  */
5 /* ====================================================================
6  * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  * notice, this list of conditions and the following disclaimer in
17  * the documentation and/or other materials provided with the
18  * distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  * software must display the following acknowledgment:
22  * "This product includes software developed by the OpenSSL Project
23  * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  * endorse or promote products derived from this software without
27  * prior written permission. For written permission, please contact
28  * [email protected].
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  * nor may "OpenSSL" appear in their names without prior written
32  * permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  * acknowledgment:
36  * "This product includes software developed by the OpenSSL Project
37  * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  */
53 
54 /* CMS utility function */
55 
56 #include <stdio.h>
57 #include <string.h>
58 #include "apps.h"
59 
60 #ifndef OPENSSL_NO_CMS
61 
62 #include <openssl/crypto.h>
63 #include <openssl/pem.h>
64 #include <openssl/err.h>
65 #include <openssl/x509_vfy.h>
66 #include <openssl/x509v3.h>
67 #include <openssl/cms.h>
68 
69 #undef PROG
70 #define PROG cms_main
71 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
72 static int cms_cb(int ok, X509_STORE_CTX *ctx);
73 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
74 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
75  int rr_allorfirst,
76  STACK_OF(OPENSSL_STRING) *rr_from);
77 
78 #define SMIME_OP 0x10
79 #define SMIME_IP 0x20
80 #define SMIME_SIGNERS 0x40
81 #define SMIME_ENCRYPT (1 | SMIME_OP)
82 #define SMIME_DECRYPT (2 | SMIME_IP)
83 #define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
84 #define SMIME_VERIFY (4 | SMIME_IP)
85 #define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
86 #define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
87 #define SMIME_DATAOUT (7 | SMIME_IP)
88 #define SMIME_DATA_CREATE (8 | SMIME_OP)
89 #define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
90 #define SMIME_DIGEST_CREATE (10 | SMIME_OP)
91 #define SMIME_UNCOMPRESS (11 | SMIME_IP)
92 #define SMIME_COMPRESS (12 | SMIME_OP)
93 #define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
94 #define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
95 #define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
96 #define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
97 
98 int verify_err = 0;
99 
100 int MAIN(int, char **);
101 
102 int MAIN(int argc, char **argv)
103  {
104  ENGINE *e = NULL;
105  int operation = 0;
106  int ret = 0;
107  char **args;
108  const char *inmode = "r", *outmode = "w";
109  char *infile = NULL, *outfile = NULL, *rctfile = NULL;
110  char *signerfile = NULL, *recipfile = NULL;
111  STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
112  char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
113  char *certsoutfile = NULL;
114  const EVP_CIPHER *cipher = NULL;
115  CMS_ContentInfo *cms = NULL, *rcms = NULL;
116  X509_STORE *store = NULL;
117  X509 *cert = NULL, *recip = NULL, *signer = NULL;
118  EVP_PKEY *key = NULL;
119  STACK_OF(X509) *encerts = NULL, *other = NULL;
120  BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
121  int badarg = 0;
122  int flags = CMS_DETACHED, noout = 0, print = 0;
123  int verify_retcode = 0;
124  int rr_print = 0, rr_allorfirst = -1;
125  STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
126  CMS_ReceiptRequest *rr = NULL;
127  char *to = NULL, *from = NULL, *subject = NULL;
128  char *CAfile = NULL, *CApath = NULL;
129  char *passargin = NULL, *passin = NULL;
130  char *inrand = NULL;
131  int need_rand = 0;
132  const EVP_MD *sign_md = NULL;
133  int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
134  int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
135 #ifndef OPENSSL_NO_ENGINE
136  char *engine=NULL;
137 #endif
138  unsigned char *secret_key = NULL, *secret_keyid = NULL;
139  unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
140  size_t secret_keylen = 0, secret_keyidlen = 0;
141 
142  ASN1_OBJECT *econtent_type = NULL;
143 
144  X509_VERIFY_PARAM *vpm = NULL;
145 
146  args = argv + 1;
147  ret = 1;
148 
149  apps_startup();
150 
151  if (bio_err == NULL)
152  {
153  if ((bio_err = BIO_new(BIO_s_file())) != NULL)
154  BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
155  }
156 
157  if (!load_config(bio_err, NULL))
158  goto end;
159 
160  while (!badarg && *args && *args[0] == '-')
161  {
162  if (!strcmp (*args, "-encrypt"))
163  operation = SMIME_ENCRYPT;
164  else if (!strcmp (*args, "-decrypt"))
165  operation = SMIME_DECRYPT;
166  else if (!strcmp (*args, "-sign"))
167  operation = SMIME_SIGN;
168  else if (!strcmp (*args, "-sign_receipt"))
169  operation = SMIME_SIGN_RECEIPT;
170  else if (!strcmp (*args, "-resign"))
171  operation = SMIME_RESIGN;
172  else if (!strcmp (*args, "-verify"))
173  operation = SMIME_VERIFY;
174  else if (!strcmp (*args, "-verify_retcode"))
175  verify_retcode = 1;
176  else if (!strcmp(*args,"-verify_receipt"))
177  {
178  operation = SMIME_VERIFY_RECEIPT;
179  if (!args[1])
180  goto argerr;
181  args++;
182  rctfile = *args;
183  }
184  else if (!strcmp (*args, "-cmsout"))
185  operation = SMIME_CMSOUT;
186  else if (!strcmp (*args, "-data_out"))
187  operation = SMIME_DATAOUT;
188  else if (!strcmp (*args, "-data_create"))
189  operation = SMIME_DATA_CREATE;
190  else if (!strcmp (*args, "-digest_verify"))
191  operation = SMIME_DIGEST_VERIFY;
192  else if (!strcmp (*args, "-digest_create"))
193  operation = SMIME_DIGEST_CREATE;
194  else if (!strcmp (*args, "-compress"))
195  operation = SMIME_COMPRESS;
196  else if (!strcmp (*args, "-uncompress"))
197  operation = SMIME_UNCOMPRESS;
198  else if (!strcmp (*args, "-EncryptedData_decrypt"))
199  operation = SMIME_ENCRYPTED_DECRYPT;
200  else if (!strcmp (*args, "-EncryptedData_encrypt"))
201  operation = SMIME_ENCRYPTED_ENCRYPT;
202 #ifndef OPENSSL_NO_DES
203  else if (!strcmp (*args, "-des3"))
204  cipher = EVP_des_ede3_cbc();
205  else if (!strcmp (*args, "-des"))
206  cipher = EVP_des_cbc();
207 #endif
208 #ifndef OPENSSL_NO_SEED
209  else if (!strcmp (*args, "-seed"))
210  cipher = EVP_seed_cbc();
211 #endif
212 #ifndef OPENSSL_NO_RC2
213  else if (!strcmp (*args, "-rc2-40"))
214  cipher = EVP_rc2_40_cbc();
215  else if (!strcmp (*args, "-rc2-128"))
216  cipher = EVP_rc2_cbc();
217  else if (!strcmp (*args, "-rc2-64"))
218  cipher = EVP_rc2_64_cbc();
219 #endif
220 #ifndef OPENSSL_NO_AES
221  else if (!strcmp(*args,"-aes128"))
222  cipher = EVP_aes_128_cbc();
223  else if (!strcmp(*args,"-aes192"))
224  cipher = EVP_aes_192_cbc();
225  else if (!strcmp(*args,"-aes256"))
226  cipher = EVP_aes_256_cbc();
227 #endif
228 #ifndef OPENSSL_NO_CAMELLIA
229  else if (!strcmp(*args,"-camellia128"))
230  cipher = EVP_camellia_128_cbc();
231  else if (!strcmp(*args,"-camellia192"))
232  cipher = EVP_camellia_192_cbc();
233  else if (!strcmp(*args,"-camellia256"))
234  cipher = EVP_camellia_256_cbc();
235 #endif
236  else if (!strcmp (*args, "-text"))
237  flags |= CMS_TEXT;
238  else if (!strcmp (*args, "-nointern"))
239  flags |= CMS_NOINTERN;
240  else if (!strcmp (*args, "-noverify")
241  || !strcmp (*args, "-no_signer_cert_verify"))
242  flags |= CMS_NO_SIGNER_CERT_VERIFY;
243  else if (!strcmp (*args, "-nocerts"))
244  flags |= CMS_NOCERTS;
245  else if (!strcmp (*args, "-noattr"))
246  flags |= CMS_NOATTR;
247  else if (!strcmp (*args, "-nodetach"))
248  flags &= ~CMS_DETACHED;
249  else if (!strcmp (*args, "-nosmimecap"))
250  flags |= CMS_NOSMIMECAP;
251  else if (!strcmp (*args, "-binary"))
252  flags |= CMS_BINARY;
253  else if (!strcmp (*args, "-keyid"))
254  flags |= CMS_USE_KEYID;
255  else if (!strcmp (*args, "-nosigs"))
256  flags |= CMS_NOSIGS;
257  else if (!strcmp (*args, "-no_content_verify"))
258  flags |= CMS_NO_CONTENT_VERIFY;
259  else if (!strcmp (*args, "-no_attr_verify"))
260  flags |= CMS_NO_ATTR_VERIFY;
261  else if (!strcmp (*args, "-stream"))
262  flags |= CMS_STREAM;
263  else if (!strcmp (*args, "-indef"))
264  flags |= CMS_STREAM;
265  else if (!strcmp (*args, "-noindef"))
266  flags &= ~CMS_STREAM;
267  else if (!strcmp (*args, "-nooldmime"))
268  flags |= CMS_NOOLDMIMETYPE;
269  else if (!strcmp (*args, "-crlfeol"))
270  flags |= CMS_CRLFEOL;
271  else if (!strcmp (*args, "-noout"))
272  noout = 1;
273  else if (!strcmp (*args, "-receipt_request_print"))
274  rr_print = 1;
275  else if (!strcmp (*args, "-receipt_request_all"))
276  rr_allorfirst = 0;
277  else if (!strcmp (*args, "-receipt_request_first"))
278  rr_allorfirst = 1;
279  else if (!strcmp(*args,"-receipt_request_from"))
280  {
281  if (!args[1])
282  goto argerr;
283  args++;
284  if (!rr_from)
285  rr_from = sk_OPENSSL_STRING_new_null();
286  sk_OPENSSL_STRING_push(rr_from, *args);
287  }
288  else if (!strcmp(*args,"-receipt_request_to"))
289  {
290  if (!args[1])
291  goto argerr;
292  args++;
293  if (!rr_to)
294  rr_to = sk_OPENSSL_STRING_new_null();
295  sk_OPENSSL_STRING_push(rr_to, *args);
296  }
297  else if (!strcmp (*args, "-print"))
298  {
299  noout = 1;
300  print = 1;
301  }
302  else if (!strcmp(*args,"-secretkey"))
303  {
304  long ltmp;
305  if (!args[1])
306  goto argerr;
307  args++;
308  secret_key = string_to_hex(*args, &ltmp);
309  if (!secret_key)
310  {
311  BIO_printf(bio_err, "Invalid key %s\n", *args);
312  goto argerr;
313  }
314  secret_keylen = (size_t)ltmp;
315  }
316  else if (!strcmp(*args,"-secretkeyid"))
317  {
318  long ltmp;
319  if (!args[1])
320  goto argerr;
321  args++;
322  secret_keyid = string_to_hex(*args, &ltmp);
323  if (!secret_keyid)
324  {
325  BIO_printf(bio_err, "Invalid id %s\n", *args);
326  goto argerr;
327  }
328  secret_keyidlen = (size_t)ltmp;
329  }
330  else if (!strcmp(*args,"-pwri_password"))
331  {
332  if (!args[1])
333  goto argerr;
334  args++;
335  pwri_pass = (unsigned char *)*args;
336  }
337  else if (!strcmp(*args,"-econtent_type"))
338  {
339  if (!args[1])
340  goto argerr;
341  args++;
342  econtent_type = OBJ_txt2obj(*args, 0);
343  if (!econtent_type)
344  {
345  BIO_printf(bio_err, "Invalid OID %s\n", *args);
346  goto argerr;
347  }
348  }
349  else if (!strcmp(*args,"-rand"))
350  {
351  if (!args[1])
352  goto argerr;
353  args++;
354  inrand = *args;
355  need_rand = 1;
356  }
357 #ifndef OPENSSL_NO_ENGINE
358  else if (!strcmp(*args,"-engine"))
359  {
360  if (!args[1])
361  goto argerr;
362  engine = *++args;
363  }
364 #endif
365  else if (!strcmp(*args,"-passin"))
366  {
367  if (!args[1])
368  goto argerr;
369  passargin = *++args;
370  }
371  else if (!strcmp (*args, "-to"))
372  {
373  if (!args[1])
374  goto argerr;
375  to = *++args;
376  }
377  else if (!strcmp (*args, "-from"))
378  {
379  if (!args[1])
380  goto argerr;
381  from = *++args;
382  }
383  else if (!strcmp (*args, "-subject"))
384  {
385  if (!args[1])
386  goto argerr;
387  subject = *++args;
388  }
389  else if (!strcmp (*args, "-signer"))
390  {
391  if (!args[1])
392  goto argerr;
393  /* If previous -signer argument add signer to list */
394 
395  if (signerfile)
396  {
397  if (!sksigners)
398  sksigners = sk_OPENSSL_STRING_new_null();
399  sk_OPENSSL_STRING_push(sksigners, signerfile);
400  if (!keyfile)
401  keyfile = signerfile;
402  if (!skkeys)
403  skkeys = sk_OPENSSL_STRING_new_null();
404  sk_OPENSSL_STRING_push(skkeys, keyfile);
405  keyfile = NULL;
406  }
407  signerfile = *++args;
408  }
409  else if (!strcmp (*args, "-recip"))
410  {
411  if (!args[1])
412  goto argerr;
413  recipfile = *++args;
414  }
415  else if (!strcmp (*args, "-certsout"))
416  {
417  if (!args[1])
418  goto argerr;
419  certsoutfile = *++args;
420  }
421  else if (!strcmp (*args, "-md"))
422  {
423  if (!args[1])
424  goto argerr;
425  sign_md = EVP_get_digestbyname(*++args);
426  if (sign_md == NULL)
427  {
428  BIO_printf(bio_err, "Unknown digest %s\n",
429  *args);
430  goto argerr;
431  }
432  }
433  else if (!strcmp (*args, "-inkey"))
434  {
435  if (!args[1])
436  goto argerr;
437  /* If previous -inkey arument add signer to list */
438  if (keyfile)
439  {
440  if (!signerfile)
441  {
442  BIO_puts(bio_err, "Illegal -inkey without -signer\n");
443  goto argerr;
444  }
445  if (!sksigners)
446  sksigners = sk_OPENSSL_STRING_new_null();
447  sk_OPENSSL_STRING_push(sksigners, signerfile);
448  signerfile = NULL;
449  if (!skkeys)
450  skkeys = sk_OPENSSL_STRING_new_null();
451  sk_OPENSSL_STRING_push(skkeys, keyfile);
452  }
453  keyfile = *++args;
454  }
455  else if (!strcmp (*args, "-keyform"))
456  {
457  if (!args[1])
458  goto argerr;
459  keyform = str2fmt(*++args);
460  }
461  else if (!strcmp (*args, "-rctform"))
462  {
463  if (!args[1])
464  goto argerr;
465  rctformat = str2fmt(*++args);
466  }
467  else if (!strcmp (*args, "-certfile"))
468  {
469  if (!args[1])
470  goto argerr;
471  certfile = *++args;
472  }
473  else if (!strcmp (*args, "-CAfile"))
474  {
475  if (!args[1])
476  goto argerr;
477  CAfile = *++args;
478  }
479  else if (!strcmp (*args, "-CApath"))
480  {
481  if (!args[1])
482  goto argerr;
483  CApath = *++args;
484  }
485  else if (!strcmp (*args, "-in"))
486  {
487  if (!args[1])
488  goto argerr;
489  infile = *++args;
490  }
491  else if (!strcmp (*args, "-inform"))
492  {
493  if (!args[1])
494  goto argerr;
495  informat = str2fmt(*++args);
496  }
497  else if (!strcmp (*args, "-outform"))
498  {
499  if (!args[1])
500  goto argerr;
501  outformat = str2fmt(*++args);
502  }
503  else if (!strcmp (*args, "-out"))
504  {
505  if (!args[1])
506  goto argerr;
507  outfile = *++args;
508  }
509  else if (!strcmp (*args, "-content"))
510  {
511  if (!args[1])
512  goto argerr;
513  contfile = *++args;
514  }
515  else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
516  continue;
517  else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
518  badarg = 1;
519  args++;
520  }
521 
522  if (((rr_allorfirst != -1) || rr_from) && !rr_to)
523  {
524  BIO_puts(bio_err, "No Signed Receipts Recipients\n");
525  goto argerr;
526  }
527 
528  if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from))
529  {
530  BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
531  goto argerr;
532  }
533  if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
534  {
535  BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
536  goto argerr;
537  }
538 
539  if (operation & SMIME_SIGNERS)
540  {
541  if (keyfile && !signerfile)
542  {
543  BIO_puts(bio_err, "Illegal -inkey without -signer\n");
544  goto argerr;
545  }
546  /* Check to see if any final signer needs to be appended */
547  if (signerfile)
548  {
549  if (!sksigners)
550  sksigners = sk_OPENSSL_STRING_new_null();
551  sk_OPENSSL_STRING_push(sksigners, signerfile);
552  if (!skkeys)
553  skkeys = sk_OPENSSL_STRING_new_null();
554  if (!keyfile)
555  keyfile = signerfile;
556  sk_OPENSSL_STRING_push(skkeys, keyfile);
557  }
558  if (!sksigners)
559  {
560  BIO_printf(bio_err, "No signer certificate specified\n");
561  badarg = 1;
562  }
563  signerfile = NULL;
564  keyfile = NULL;
565  need_rand = 1;
566  }
567 
568  else if (operation == SMIME_DECRYPT)
569  {
570  if (!recipfile && !keyfile && !secret_key && !pwri_pass)
571  {
572  BIO_printf(bio_err, "No recipient certificate or key specified\n");
573  badarg = 1;
574  }
575  }
576  else if (operation == SMIME_ENCRYPT)
577  {
578  if (!*args && !secret_key && !pwri_pass)
579  {
580  BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
581  badarg = 1;
582  }
583  need_rand = 1;
584  }
585  else if (!operation)
586  badarg = 1;
587 
588  if (badarg)
589  {
590  argerr:
591  BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
592  BIO_printf (bio_err, "where options are\n");
593  BIO_printf (bio_err, "-encrypt encrypt message\n");
594  BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
595  BIO_printf (bio_err, "-sign sign message\n");
596  BIO_printf (bio_err, "-verify verify signed message\n");
597  BIO_printf (bio_err, "-cmsout output CMS structure\n");
598 #ifndef OPENSSL_NO_DES
599  BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
600  BIO_printf (bio_err, "-des encrypt with DES\n");
601 #endif
602 #ifndef OPENSSL_NO_SEED
603  BIO_printf (bio_err, "-seed encrypt with SEED\n");
604 #endif
605 #ifndef OPENSSL_NO_RC2
606  BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
607  BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
608  BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
609 #endif
610 #ifndef OPENSSL_NO_AES
611  BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
612  BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
613 #endif
614 #ifndef OPENSSL_NO_CAMELLIA
615  BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
616  BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
617 #endif
618  BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
619  BIO_printf (bio_err, "-nosigs don't verify message signature\n");
620  BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
621  BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
622  BIO_printf (bio_err, "-nodetach use opaque signing\n");
623  BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
624  BIO_printf (bio_err, "-binary don't translate message to text\n");
625  BIO_printf (bio_err, "-certfile file other certificates file\n");
626  BIO_printf (bio_err, "-certsout file certificate output file\n");
627  BIO_printf (bio_err, "-signer file signer certificate file\n");
628  BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
629  BIO_printf (bio_err, "-keyid use subject key identifier\n");
630  BIO_printf (bio_err, "-in file input file\n");
631  BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
632  BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
633  BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
634  BIO_printf (bio_err, "-out file output file\n");
635  BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
636  BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
637  BIO_printf (bio_err, "-to addr to address\n");
638  BIO_printf (bio_err, "-from ad from address\n");
639  BIO_printf (bio_err, "-subject s subject\n");
640  BIO_printf (bio_err, "-text include or delete text MIME headers\n");
641  BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
642  BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
643  BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
644  BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
645 #ifndef OPENSSL_NO_ENGINE
646  BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
647 #endif
648  BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
649  BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
650  BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
651  BIO_printf(bio_err, " the random number generator\n");
652  BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
653  goto end;
654  }
655 
656 #ifndef OPENSSL_NO_ENGINE
657  e = setup_engine(bio_err, engine, 0);
658 #endif
659 
660  if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
661  {
662  BIO_printf(bio_err, "Error getting password\n");
663  goto end;
664  }
665 
666  if (need_rand)
667  {
668  app_RAND_load_file(NULL, bio_err, (inrand != NULL));
669  if (inrand != NULL)
670  BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
671  app_RAND_load_files(inrand));
672  }
673 
674  ret = 2;
675 
676  if (!(operation & SMIME_SIGNERS))
677  flags &= ~CMS_DETACHED;
678 
679  if (operation & SMIME_OP)
680  {
681  if (outformat == FORMAT_ASN1)
682  outmode = "wb";
683  }
684  else
685  {
686  if (flags & CMS_BINARY)
687  outmode = "wb";
688  }
689 
690  if (operation & SMIME_IP)
691  {
692  if (informat == FORMAT_ASN1)
693  inmode = "rb";
694  }
695  else
696  {
697  if (flags & CMS_BINARY)
698  inmode = "rb";
699  }
700 
701  if (operation == SMIME_ENCRYPT)
702  {
703  if (!cipher)
704  {
705 #ifndef OPENSSL_NO_DES
706  cipher = EVP_des_ede3_cbc();
707 #else
708  BIO_printf(bio_err, "No cipher selected\n");
709  goto end;
710 #endif
711  }
712 
713  if (secret_key && !secret_keyid)
714  {
715  BIO_printf(bio_err, "No secret key id\n");
716  goto end;
717  }
718 
719  if (*args)
720  encerts = sk_X509_new_null();
721  while (*args)
722  {
723  if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
724  NULL, e, "recipient certificate file")))
725  goto end;
726  sk_X509_push(encerts, cert);
727  cert = NULL;
728  args++;
729  }
730  }
731 
732  if (certfile)
733  {
734  if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
735  e, "certificate file")))
736  {
737  ERR_print_errors(bio_err);
738  goto end;
739  }
740  }
741 
742  if (recipfile && (operation == SMIME_DECRYPT))
743  {
744  if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
745  e, "recipient certificate file")))
746  {
747  ERR_print_errors(bio_err);
748  goto end;
749  }
750  }
751 
752  if (operation == SMIME_SIGN_RECEIPT)
753  {
754  if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
755  e, "receipt signer certificate file")))
756  {
757  ERR_print_errors(bio_err);
758  goto end;
759  }
760  }
761 
762  if (operation == SMIME_DECRYPT)
763  {
764  if (!keyfile)
765  keyfile = recipfile;
766  }
767  else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
768  {
769  if (!keyfile)
770  keyfile = signerfile;
771  }
772  else keyfile = NULL;
773 
774  if (keyfile)
775  {
776  key = load_key(bio_err, keyfile, keyform, 0, passin, e,
777  "signing key file");
778  if (!key)
779  goto end;
780  }
781 
782  if (infile)
783  {
784  if (!(in = BIO_new_file(infile, inmode)))
785  {
786  BIO_printf (bio_err,
787  "Can't open input file %s\n", infile);
788  goto end;
789  }
790  }
791  else
792  in = BIO_new_fp(stdin, BIO_NOCLOSE);
793 
794  if (operation & SMIME_IP)
795  {
796  if (informat == FORMAT_SMIME)
797  cms = SMIME_read_CMS(in, &indata);
798  else if (informat == FORMAT_PEM)
799  cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
800  else if (informat == FORMAT_ASN1)
801  cms = d2i_CMS_bio(in, NULL);
802  else
803  {
804  BIO_printf(bio_err, "Bad input format for CMS file\n");
805  goto end;
806  }
807 
808  if (!cms)
809  {
810  BIO_printf(bio_err, "Error reading S/MIME message\n");
811  goto end;
812  }
813  if (contfile)
814  {
815  BIO_free(indata);
816  if (!(indata = BIO_new_file(contfile, "rb")))
817  {
818  BIO_printf(bio_err, "Can't read content file %s\n", contfile);
819  goto end;
820  }
821  }
822  if (certsoutfile)
823  {
824  STACK_OF(X509) *allcerts;
825  allcerts = CMS_get1_certs(cms);
826  if (!save_certs(certsoutfile, allcerts))
827  {
828  BIO_printf(bio_err,
829  "Error writing certs to %s\n",
830  certsoutfile);
831  ret = 5;
832  goto end;
833  }
834  sk_X509_pop_free(allcerts, X509_free);
835  }
836  }
837 
838  if (rctfile)
839  {
840  char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
841  if (!(rctin = BIO_new_file(rctfile, rctmode)))
842  {
843  BIO_printf (bio_err,
844  "Can't open receipt file %s\n", rctfile);
845  goto end;
846  }
847 
848  if (rctformat == FORMAT_SMIME)
849  rcms = SMIME_read_CMS(rctin, NULL);
850  else if (rctformat == FORMAT_PEM)
851  rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
852  else if (rctformat == FORMAT_ASN1)
853  rcms = d2i_CMS_bio(rctin, NULL);
854  else
855  {
856  BIO_printf(bio_err, "Bad input format for receipt\n");
857  goto end;
858  }
859 
860  if (!rcms)
861  {
862  BIO_printf(bio_err, "Error reading receipt\n");
863  goto end;
864  }
865  }
866 
867  if (outfile)
868  {
869  if (!(out = BIO_new_file(outfile, outmode)))
870  {
871  BIO_printf (bio_err,
872  "Can't open output file %s\n", outfile);
873  goto end;
874  }
875  }
876  else
877  {
878  out = BIO_new_fp(stdout, BIO_NOCLOSE);
879 #ifdef OPENSSL_SYS_VMS
880  {
881  BIO *tmpbio = BIO_new(BIO_f_linebuffer());
882  out = BIO_push(tmpbio, out);
883  }
884 #endif
885  }
886 
887  if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
888  {
889  if (!(store = setup_verify(bio_err, CAfile, CApath)))
890  goto end;
891  X509_STORE_set_verify_cb(store, cms_cb);
892  if (vpm)
893  X509_STORE_set1_param(store, vpm);
894  }
895 
896 
897  ret = 3;
898 
899  if (operation == SMIME_DATA_CREATE)
900  {
901  cms = CMS_data_create(in, flags);
902  }
903  else if (operation == SMIME_DIGEST_CREATE)
904  {
905  cms = CMS_digest_create(in, sign_md, flags);
906  }
907  else if (operation == SMIME_COMPRESS)
908  {
909  cms = CMS_compress(in, -1, flags);
910  }
911  else if (operation == SMIME_ENCRYPT)
912  {
913  flags |= CMS_PARTIAL;
914  cms = CMS_encrypt(encerts, in, cipher, flags);
915  if (!cms)
916  goto end;
917  if (secret_key)
918  {
919  if (!CMS_add0_recipient_key(cms, NID_undef,
920  secret_key, secret_keylen,
921  secret_keyid, secret_keyidlen,
922  NULL, NULL, NULL))
923  goto end;
924  /* NULL these because call absorbs them */
925  secret_key = NULL;
926  secret_keyid = NULL;
927  }
928  if (pwri_pass)
929  {
930  pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
931  if (!pwri_tmp)
932  goto end;
933  if (!CMS_add0_recipient_password(cms,
934  -1, NID_undef, NID_undef,
935  pwri_tmp, -1, NULL))
936  goto end;
937  pwri_tmp = NULL;
938  }
939  if (!(flags & CMS_STREAM))
940  {
941  if (!CMS_final(cms, in, NULL, flags))
942  goto end;
943  }
944  }
945  else if (operation == SMIME_ENCRYPTED_ENCRYPT)
946  {
947  cms = CMS_EncryptedData_encrypt(in, cipher,
948  secret_key, secret_keylen,
949  flags);
950 
951  }
952  else if (operation == SMIME_SIGN_RECEIPT)
953  {
954  CMS_ContentInfo *srcms = NULL;
955  STACK_OF(CMS_SignerInfo) *sis;
956  CMS_SignerInfo *si;
957  sis = CMS_get0_SignerInfos(cms);
958  if (!sis)
959  goto end;
960  si = sk_CMS_SignerInfo_value(sis, 0);
961  srcms = CMS_sign_receipt(si, signer, key, other, flags);
962  if (!srcms)
963  goto end;
964  CMS_ContentInfo_free(cms);
965  cms = srcms;
966  }
967  else if (operation & SMIME_SIGNERS)
968  {
969  int i;
970  /* If detached data content we enable streaming if
971  * S/MIME output format.
972  */
973  if (operation == SMIME_SIGN)
974  {
975 
976  if (flags & CMS_DETACHED)
977  {
978  if (outformat == FORMAT_SMIME)
979  flags |= CMS_STREAM;
980  }
981  flags |= CMS_PARTIAL;
982  cms = CMS_sign(NULL, NULL, other, in, flags);
983  if (!cms)
984  goto end;
985  if (econtent_type)
986  CMS_set1_eContentType(cms, econtent_type);
987 
988  if (rr_to)
989  {
990  rr = make_receipt_request(rr_to, rr_allorfirst,
991  rr_from);
992  if (!rr)
993  {
994  BIO_puts(bio_err,
995  "Signed Receipt Request Creation Error\n");
996  goto end;
997  }
998  }
999  }
1000  else
1001  flags |= CMS_REUSE_DIGEST;
1002  for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
1003  {
1004  CMS_SignerInfo *si;
1005  signerfile = sk_OPENSSL_STRING_value(sksigners, i);
1006  keyfile = sk_OPENSSL_STRING_value(skkeys, i);
1007  signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
1008  e, "signer certificate");
1009  if (!signer)
1010  goto end;
1011  key = load_key(bio_err, keyfile, keyform, 0, passin, e,
1012  "signing key file");
1013  if (!key)
1014  goto end;
1015  si = CMS_add1_signer(cms, signer, key, sign_md, flags);
1016  if (!si)
1017  goto end;
1018  if (rr && !CMS_add1_ReceiptRequest(si, rr))
1019  goto end;
1020  X509_free(signer);
1021  signer = NULL;
1022  EVP_PKEY_free(key);
1023  key = NULL;
1024  }
1025  /* If not streaming or resigning finalize structure */
1026  if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
1027  {
1028  if (!CMS_final(cms, in, NULL, flags))
1029  goto end;
1030  }
1031  }
1032 
1033  if (!cms)
1034  {
1035  BIO_printf(bio_err, "Error creating CMS structure\n");
1036  goto end;
1037  }
1038 
1039  ret = 4;
1040  if (operation == SMIME_DECRYPT)
1041  {
1042 
1043  if (secret_key)
1044  {
1045  if (!CMS_decrypt_set1_key(cms,
1046  secret_key, secret_keylen,
1047  secret_keyid, secret_keyidlen))
1048  {
1049  BIO_puts(bio_err,
1050  "Error decrypting CMS using secret key\n");
1051  goto end;
1052  }
1053  }
1054 
1055  if (key)
1056  {
1057  if (!CMS_decrypt_set1_pkey(cms, key, recip))
1058  {
1059  BIO_puts(bio_err,
1060  "Error decrypting CMS using private key\n");
1061  goto end;
1062  }
1063  }
1064 
1065  if (pwri_pass)
1066  {
1067  if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))
1068  {
1069  BIO_puts(bio_err,
1070  "Error decrypting CMS using password\n");
1071  goto end;
1072  }
1073  }
1074 
1075  if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
1076  {
1077  BIO_printf(bio_err, "Error decrypting CMS structure\n");
1078  goto end;
1079  }
1080  }
1081  else if (operation == SMIME_DATAOUT)
1082  {
1083  if (!CMS_data(cms, out, flags))
1084  goto end;
1085  }
1086  else if (operation == SMIME_UNCOMPRESS)
1087  {
1088  if (!CMS_uncompress(cms, indata, out, flags))
1089  goto end;
1090  }
1091  else if (operation == SMIME_DIGEST_VERIFY)
1092  {
1093  if (CMS_digest_verify(cms, indata, out, flags) > 0)
1094  BIO_printf(bio_err, "Verification successful\n");
1095  else
1096  {
1097  BIO_printf(bio_err, "Verification failure\n");
1098  goto end;
1099  }
1100  }
1101  else if (operation == SMIME_ENCRYPTED_DECRYPT)
1102  {
1103  if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
1104  indata, out, flags))
1105  goto end;
1106  }
1107  else if (operation == SMIME_VERIFY)
1108  {
1109  if (CMS_verify(cms, other, store, indata, out, flags) > 0)
1110  BIO_printf(bio_err, "Verification successful\n");
1111  else
1112  {
1113  BIO_printf(bio_err, "Verification failure\n");
1114  if (verify_retcode)
1115  ret = verify_err + 32;
1116  goto end;
1117  }
1118  if (signerfile)
1119  {
1120  STACK_OF(X509) *signers;
1121  signers = CMS_get0_signers(cms);
1122  if (!save_certs(signerfile, signers))
1123  {
1124  BIO_printf(bio_err,
1125  "Error writing signers to %s\n",
1126  signerfile);
1127  ret = 5;
1128  goto end;
1129  }
1130  sk_X509_free(signers);
1131  }
1132  if (rr_print)
1133  receipt_request_print(bio_err, cms);
1134 
1135  }
1136  else if (operation == SMIME_VERIFY_RECEIPT)
1137  {
1138  if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
1139  BIO_printf(bio_err, "Verification successful\n");
1140  else
1141  {
1142  BIO_printf(bio_err, "Verification failure\n");
1143  goto end;
1144  }
1145  }
1146  else
1147  {
1148  if (noout)
1149  {
1150  if (print)
1151  CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
1152  }
1153  else if (outformat == FORMAT_SMIME)
1154  {
1155  if (to)
1156  BIO_printf(out, "To: %s\n", to);
1157  if (from)
1158  BIO_printf(out, "From: %s\n", from);
1159  if (subject)
1160  BIO_printf(out, "Subject: %s\n", subject);
1161  if (operation == SMIME_RESIGN)
1162  ret = SMIME_write_CMS(out, cms, indata, flags);
1163  else
1164  ret = SMIME_write_CMS(out, cms, in, flags);
1165  }
1166  else if (outformat == FORMAT_PEM)
1167  ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
1168  else if (outformat == FORMAT_ASN1)
1169  ret = i2d_CMS_bio_stream(out,cms, in, flags);
1170  else
1171  {
1172  BIO_printf(bio_err, "Bad output format for CMS file\n");
1173  goto end;
1174  }
1175  if (ret <= 0)
1176  {
1177  ret = 6;
1178  goto end;
1179  }
1180  }
1181  ret = 0;
1182 end:
1183  if (ret)
1184  ERR_print_errors(bio_err);
1185  if (need_rand)
1186  app_RAND_write_file(NULL, bio_err);
1187  sk_X509_pop_free(encerts, X509_free);
1188  sk_X509_pop_free(other, X509_free);
1189  if (vpm)
1190  X509_VERIFY_PARAM_free(vpm);
1191  if (sksigners)
1192  sk_OPENSSL_STRING_free(sksigners);
1193  if (skkeys)
1194  sk_OPENSSL_STRING_free(skkeys);
1195  if (secret_key)
1196  OPENSSL_free(secret_key);
1197  if (secret_keyid)
1198  OPENSSL_free(secret_keyid);
1199  if (pwri_tmp)
1200  OPENSSL_free(pwri_tmp);
1201  if (econtent_type)
1202  ASN1_OBJECT_free(econtent_type);
1203  if (rr)
1204  CMS_ReceiptRequest_free(rr);
1205  if (rr_to)
1206  sk_OPENSSL_STRING_free(rr_to);
1207  if (rr_from)
1208  sk_OPENSSL_STRING_free(rr_from);
1209  X509_STORE_free(store);
1210  X509_free(cert);
1211  X509_free(recip);
1212  X509_free(signer);
1213  EVP_PKEY_free(key);
1214  CMS_ContentInfo_free(cms);
1215  CMS_ContentInfo_free(rcms);
1216  BIO_free(rctin);
1217  BIO_free(in);
1218  BIO_free(indata);
1219  BIO_free_all(out);
1220  if (passin) OPENSSL_free(passin);
1221  return (ret);
1222 }
1223 
1224 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
1225  {
1226  int i;
1227  BIO *tmp;
1228  if (!signerfile)
1229  return 1;
1230  tmp = BIO_new_file(signerfile, "w");
1231  if (!tmp) return 0;
1232  for(i = 0; i < sk_X509_num(signers); i++)
1233  PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
1234  BIO_free(tmp);
1235  return 1;
1236  }
1237 
1238 
1239 /* Minimal callback just to output policy info (if any) */
1240 
1241 static int cms_cb(int ok, X509_STORE_CTX *ctx)
1242  {
1243  int error;
1244 
1245  error = X509_STORE_CTX_get_error(ctx);
1246 
1247  verify_err = error;
1248 
1249  if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
1250  && ((error != X509_V_OK) || (ok != 2)))
1251  return ok;
1252 
1253  policies_print(NULL, ctx);
1254 
1255  return ok;
1256 
1257  }
1258 
1259 static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
1260  {
1261  STACK_OF(GENERAL_NAME) *gens;
1262  GENERAL_NAME *gen;
1263  int i, j;
1264  for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
1265  {
1266  gens = sk_GENERAL_NAMES_value(gns, i);
1267  for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
1268  {
1269  gen = sk_GENERAL_NAME_value(gens, j);
1270  BIO_puts(out, " ");
1271  GENERAL_NAME_print(out, gen);
1272  BIO_puts(out, "\n");
1273  }
1274  }
1275  return;
1276  }
1277 
1278 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1279  {
1280  STACK_OF(CMS_SignerInfo) *sis;
1281  CMS_SignerInfo *si;
1282  CMS_ReceiptRequest *rr;
1283  int allorfirst;
1284  STACK_OF(GENERAL_NAMES) *rto, *rlist;
1285  ASN1_STRING *scid;
1286  int i, rv;
1287  sis = CMS_get0_SignerInfos(cms);
1288  for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
1289  {
1290  si = sk_CMS_SignerInfo_value(sis, i);
1291  rv = CMS_get1_ReceiptRequest(si, &rr);
1292  BIO_printf(bio_err, "Signer %d:\n", i + 1);
1293  if (rv == 0)
1294  BIO_puts(bio_err, " No Receipt Request\n");
1295  else if (rv < 0)
1296  {
1297  BIO_puts(bio_err, " Receipt Request Parse Error\n");
1298  ERR_print_errors(bio_err);
1299  }
1300  else
1301  {
1302  char *id;
1303  int idlen;
1304  CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1305  &rlist, &rto);
1306  BIO_puts(out, " Signed Content ID:\n");
1307  idlen = ASN1_STRING_length(scid);
1308  id = (char *)ASN1_STRING_data(scid);
1309  BIO_dump_indent(out, id, idlen, 4);
1310  BIO_puts(out, " Receipts From");
1311  if (rlist)
1312  {
1313  BIO_puts(out, " List:\n");
1314  gnames_stack_print(out, rlist);
1315  }
1316  else if (allorfirst == 1)
1317  BIO_puts(out, ": First Tier\n");
1318  else if (allorfirst == 0)
1319  BIO_puts(out, ": All\n");
1320  else
1321  BIO_printf(out, " Unknown (%d)\n", allorfirst);
1322  BIO_puts(out, " Receipts To:\n");
1323  gnames_stack_print(out, rto);
1324  }
1325  if (rr)
1326  CMS_ReceiptRequest_free(rr);
1327  }
1328  }
1329 
1330 static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1331  {
1332  int i;
1333  STACK_OF(GENERAL_NAMES) *ret;
1334  GENERAL_NAMES *gens = NULL;
1335  GENERAL_NAME *gen = NULL;
1336  ret = sk_GENERAL_NAMES_new_null();
1337  if (!ret)
1338  goto err;
1339  for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)
1340  {
1341  char *str = sk_OPENSSL_STRING_value(ns, i);
1342  gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
1343  if (!gen)
1344  goto err;
1345  gens = GENERAL_NAMES_new();
1346  if (!gens)
1347  goto err;
1348  if (!sk_GENERAL_NAME_push(gens, gen))
1349  goto err;
1350  gen = NULL;
1351  if (!sk_GENERAL_NAMES_push(ret, gens))
1352  goto err;
1353  gens = NULL;
1354  }
1355 
1356  return ret;
1357 
1358  err:
1359  if (ret)
1360  sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
1361  if (gens)
1362  GENERAL_NAMES_free(gens);
1363  if (gen)
1364  GENERAL_NAME_free(gen);
1365  return NULL;
1366  }
1367 
1368 
1369 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
1370  int rr_allorfirst,
1371  STACK_OF(OPENSSL_STRING) *rr_from)
1372  {
1373  STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
1374  CMS_ReceiptRequest *rr;
1375  rct_to = make_names_stack(rr_to);
1376  if (!rct_to)
1377  goto err;
1378  if (rr_from)
1379  {
1380  rct_from = make_names_stack(rr_from);
1381  if (!rct_from)
1382  goto err;
1383  }
1384  else
1385  rct_from = NULL;
1386  rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1387  rct_to);
1388  return rr;
1389  err:
1390  return NULL;
1391  }
1392 
1393 #endif
Generated on Thu Jan 10 2013 09:53:32 for OpenSSL by   doxygen 1.8.2