# define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
# define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
-int verify_err = 0;
+static int verify_err = 0;
typedef struct cms_key_param_st cms_key_param;
OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
- OPT_CAPATH, OPT_CONTENT, OPT_PRINT, OPT_SECRETKEY,
- OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, OPT_RAND,
- OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
+ OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
+ OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
+ OPT_RAND, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
OPT_3DES_WRAP, OPT_ENGINE,
{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
{"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
+ {"no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file"},
+ {"no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory"},
{"content", OPT_CONTENT, '<',
"Supply or override content for detached signature"},
{"print", OPT_PRINT, '-'},
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
{"receipt_request_from", OPT_RR_FROM, 's'},
{"receipt_request_to", OPT_RR_TO, 's'},
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
+ OPT_V_OPTIONS,
# ifndef OPENSSL_NO_AES
{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- OPT_V_OPTIONS,
- {NULL},
+ {NULL}
};
int cms_main(int argc, char **argv)
X509_VERIFY_PARAM *vpm = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
char *CAfile = NULL, *CApath = NULL, *certsoutfile = NULL;
+ int noCAfile = 0, noCApath = 0;
char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL;
char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile =
NULL;
char *to = NULL, *from = NULL, *subject = NULL, *prog;
cms_key_param *key_first = NULL, *key_param = NULL;
- const char *inmode = "r", *outmode = "w";
int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched =
0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
case OPT_CAPATH:
CApath = opt_arg();
break;
+ case OPT_NOCAFILE:
+ noCAfile = 1;
+ break;
+ case OPT_NOCAPATH:
+ noCApath = 1;
+ break;
case OPT_IN:
infile = opt_arg();
break;
goto end;
vpmtouched++;
break;
-# ifndef OPENSSL_NO_DES
case OPT_3DES_WRAP:
+# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();
- break;
# endif
+ break;
# ifndef OPENSSL_NO_AES
case OPT_AES128_WRAP:
wrap_cipher = EVP_aes_128_wrap();
case OPT_AES256_WRAP:
wrap_cipher = EVP_aes_256_wrap();
break;
+# else
+ case OPT_AES128_WRAP:
+ case OPT_AES192_WRAP:
+ case OPT_AES256_WRAP:
+ break;
# endif
}
}
} else if (!operation)
goto opthelp;
-
if (!app_passwd(passinarg, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
if (!(operation & SMIME_SIGNERS))
flags &= ~CMS_DETACHED;
- if (operation & SMIME_OP) {
- if (outformat == FORMAT_ASN1)
- outmode = "wb";
- } else {
+ if (!(operation & SMIME_OP)) {
if (flags & CMS_BINARY)
- outmode = "wb";
+ outformat = FORMAT_BINARY;
}
- if (operation & SMIME_IP) {
- if (informat == FORMAT_ASN1)
- inmode = "rb";
- } else {
+ if (!(operation & SMIME_IP)) {
if (flags & CMS_BINARY)
- inmode = "rb";
+ informat = FORMAT_BINARY;
}
if (operation == SMIME_ENCRYPT) {
if ((encerts = sk_X509_new_null()) == NULL)
goto end;
while (*argv) {
- if (!(cert = load_cert(*argv, FORMAT_PEM,
- NULL, e, "recipient certificate file")))
+ if ((cert = load_cert(*argv, FORMAT_PEM, NULL, e,
+ "recipient certificate file")) == NULL)
goto end;
sk_X509_push(encerts, cert);
cert = NULL;
}
if (certfile) {
- if (!(other = load_certs(certfile, FORMAT_PEM, NULL,
- e, "certificate file"))) {
+ if ((other = load_certs(certfile, FORMAT_PEM, NULL, e,
+ "certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
}
if (recipfile && (operation == SMIME_DECRYPT)) {
- if (!(recip = load_cert(recipfile, FORMAT_PEM, NULL,
- e, "recipient certificate file"))) {
+ if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, e,
+ "recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
}
if (operation == SMIME_SIGN_RECEIPT) {
- if (!(signer = load_cert(signerfile, FORMAT_PEM, NULL,
- e, "receipt signer certificate file"))) {
+ if ((signer = load_cert(signerfile, FORMAT_PEM, NULL, e,
+ "receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
goto end;
}
- in = bio_open_default(infile, inmode);
+ in = bio_open_default(infile, 'r', informat);
if (in == NULL)
goto end;
}
if (contfile) {
BIO_free(indata);
- if (!(indata = BIO_new_file(contfile, "rb"))) {
+ if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
BIO_printf(bio_err, "Can't read content file %s\n", contfile);
goto end;
}
if (rctfile) {
char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
- if (!(rctin = BIO_new_file(rctfile, rctmode))) {
+ if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
goto end;
}
}
}
- out = bio_open_default(outfile, outmode);
+ out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
- if (!(store = setup_verify(CAfile, CApath)))
+ if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
goto end;
X509_STORE_set_verify_cb(store, cms_cb);
if (vpmtouched)