New option to add CRLs for s_client and s_server.

[openssl.git] / apps / cms.c

diff --git a/apps/cms.c b/apps/cms.c
index d29a8849022c970793378b6313edccf2d72f945f..5f77f8fbb03f14066cae8cd819b67dba51a2fc0f 100644 (file)
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -136,6 +136,7 @@ int MAIN(int argc, char **argv)
        char *engine=NULL;
 #endif
        unsigned char *secret_key = NULL, *secret_keyid = NULL;
+       unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
        size_t secret_keylen = 0, secret_keyidlen = 0;
 
        ASN1_OBJECT *econtent_type = NULL;
@@ -232,6 +233,8 @@ int MAIN(int argc, char **argv)
                else if (!strcmp(*args,"-camellia256"))
                                cipher = EVP_camellia_256_cbc();
 #endif
+               else if (!strcmp (*args, "-debug_decrypt")) 
+                               flags |= CMS_DEBUG_DECRYPT;
                else if (!strcmp (*args, "-text")) 
                                flags |= CMS_TEXT;
                else if (!strcmp (*args, "-nointern")) 
@@ -326,6 +329,13 @@ int MAIN(int argc, char **argv)
                                }
                        secret_keyidlen = (size_t)ltmp;
                        }
+               else if (!strcmp(*args,"-pwri_password"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       pwri_pass = (unsigned char *)*args;
+                       }
                else if (!strcmp(*args,"-econtent_type"))
                        {
                        if (!args[1])
@@ -559,7 +569,7 @@ int MAIN(int argc, char **argv)
 
        else if (operation == SMIME_DECRYPT)
                {
-               if (!recipfile && !keyfile && !secret_key)
+               if (!recipfile && !keyfile && !secret_key && !pwri_pass)
                        {
                        BIO_printf(bio_err, "No recipient certificate or key specified\n");
                        badarg = 1;
@@ -567,7 +577,7 @@ int MAIN(int argc, char **argv)
                }
        else if (operation == SMIME_ENCRYPT)
                {
-               if (!*args && !secret_key)
+               if (!*args && !secret_key && !pwri_pass)
                        {
                        BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
                        badarg = 1;
@@ -618,7 +628,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-certsout file certificate output file\n");
                BIO_printf (bio_err, "-signer file   signer certificate file\n");
                BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
-               BIO_printf (bio_err, "-skeyid        use subject key identifier\n");
+               BIO_printf (bio_err, "-keyid         use subject key identifier\n");
                BIO_printf (bio_err, "-in file       input file\n");
                BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
                BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
@@ -917,6 +927,17 @@ int MAIN(int argc, char **argv)
                        secret_key = NULL;
                        secret_keyid = NULL;
                        }
+               if (pwri_pass)
+                       {
+                       pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
+                       if (!pwri_tmp)
+                               goto end;
+                       if (!CMS_add0_recipient_password(cms,
+                                               -1, NID_undef, NID_undef,
+                                                pwri_tmp, -1, NULL))
+                               goto end;
+                       pwri_tmp = NULL;
+                       }
                if (!(flags & CMS_STREAM))
                        {
                        if (!CMS_final(cms, in, NULL, flags))
@@ -1020,6 +1041,8 @@ int MAIN(int argc, char **argv)
        ret = 4;
        if (operation == SMIME_DECRYPT)
                {
+               if (flags & CMS_DEBUG_DECRYPT)
+                       CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
 
                if (secret_key)
                        {
@@ -1043,6 +1066,16 @@ int MAIN(int argc, char **argv)
                                }
                        }
 
+               if (pwri_pass)
+                       {
+                       if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))
+                               {
+                               BIO_puts(bio_err,
+                                       "Error decrypting CMS using password\n");
+                               goto end;
+                               }
+                       }
+
                if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
                        {
                        BIO_printf(bio_err, "Error decrypting CMS structure\n");
@@ -1167,6 +1200,8 @@ end:
                OPENSSL_free(secret_key);
        if (secret_keyid)
                OPENSSL_free(secret_keyid);
+       if (pwri_tmp)
+               OPENSSL_free(pwri_tmp);
        if (econtent_type)
                ASN1_OBJECT_free(econtent_type);
        if (rr)