X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fsmime.c;h=edc854e53b8394233f5887bfa6e4babe9c7b77a1;hp=16b940084bc30cca390803a954deb0c8eb3308bd;hb=9237ba8b6661f589960e4faa3bfe9ce80aaaf0ee;hpb=5270e7025e11b2fd1a5bdf8d81feded1167b1c87 diff --git a/apps/smime.c b/apps/smime.c index 16b940084b..edc854e53b 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -68,7 +68,6 @@ #undef PROG #define PROG smime_main -static X509_STORE *setup_verify(char *CAfile, char *CApath); static int save_certs(char *signerfile, STACK_OF(X509) *signers); #define SMIME_OP 0x10 @@ -90,7 +89,7 @@ int MAIN(int argc, char **argv) char *infile = NULL, *outfile = NULL; char *signerfile = NULL, *recipfile = NULL; char *certfile = NULL, *keyfile = NULL, *contfile=NULL; - EVP_CIPHER *cipher = NULL; + const EVP_CIPHER *cipher = NULL; PKCS7 *p7 = NULL; X509_STORE *store = NULL; X509 *cert = NULL, *recip = NULL, *signer = NULL; @@ -105,6 +104,7 @@ int MAIN(int argc, char **argv) char *inrand = NULL; int need_rand = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; + int keyform = FORMAT_PEM; char *engine=NULL; args = argv + 1; @@ -116,13 +116,13 @@ int MAIN(int argc, char **argv) else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT; -#ifndef NO_DES +#ifndef OPENSSL_NO_DES else if (!strcmp (*args, "-des3")) cipher = EVP_des_ede3_cbc(); else if (!strcmp (*args, "-des")) cipher = EVP_des_cbc(); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 else if (!strcmp (*args, "-rc2-40")) cipher = EVP_rc2_40_cbc(); else if (!strcmp (*args, "-rc2-128")) @@ -196,6 +196,11 @@ int MAIN(int argc, char **argv) args++; keyfile = *args; } else badarg = 1; + } else if (!strcmp (*args, "-keyform")) { + if (args[1]) { + args++; + keyform = str2fmt(*args); + } else badarg = 1; } else if (!strcmp (*args, "-certfile")) { if (args[1]) { args++; @@ -267,11 +272,11 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-sign sign message\n"); BIO_printf (bio_err, "-verify verify signed message\n"); BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n"); -#ifndef NO_DES +#ifndef OPENSSL_NO_DES BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); BIO_printf (bio_err, "-des encrypt with DES\n"); #endif -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); @@ -289,6 +294,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-in file input file\n"); BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); + BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); BIO_printf (bio_err, "-out file output file\n"); BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); @@ -299,6 +305,7 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); + BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); @@ -350,7 +357,7 @@ int MAIN(int argc, char **argv) if(operation == SMIME_ENCRYPT) { if (!cipher) { -#ifndef NO_RC2 +#ifndef OPENSSL_NO_RC2 cipher = EVP_rc2_40_cbc(); #else BIO_printf(bio_err, "No cipher selected\n"); @@ -399,11 +406,19 @@ int MAIN(int argc, char **argv) } else keyfile = NULL; if(keyfile) { - if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin))) { - BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); - ERR_print_errors(bio_err); - goto end; - } + if (keyform == FORMAT_ENGINE) { + if (!e) { + BIO_printf(bio_err,"no engine specified\n"); + goto end; + } + key = ENGINE_load_private_key(e, keyfile, passin); + } else { + if(!(key = load_key(bio_err,keyfile, FORMAT_PEM, passin, NULL))) { + BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); + ERR_print_errors(bio_err); + goto end; + } + } } if (infile) { @@ -422,7 +437,7 @@ int MAIN(int argc, char **argv) } } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef VMS +#ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); @@ -431,7 +446,7 @@ int MAIN(int argc, char **argv) } if(operation == SMIME_VERIFY) { - if(!(store = setup_verify(CAfile, CApath))) goto end; + if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end; } ret = 3; @@ -530,36 +545,6 @@ end: return (ret); } -static X509_STORE *setup_verify(char *CAfile, char *CApath) -{ - X509_STORE *store; - X509_LOOKUP *lookup; - if(!(store = X509_STORE_new())) goto end; - lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); - if (lookup == NULL) goto end; - if (CAfile) { - if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) { - BIO_printf(bio_err, "Error loading file %s\n", CAfile); - goto end; - } - } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); - - lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); - if (lookup == NULL) goto end; - if (CApath) { - if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) { - BIO_printf(bio_err, "Error loading directory %s\n", CApath); - goto end; - } - } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); - - ERR_clear_error(); - return store; - end: - X509_STORE_free(store); - return NULL; -} - static int save_certs(char *signerfile, STACK_OF(X509) *signers) { int i;