X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fcms.c;h=6ed9338685c0f8739130b8783ba8e09c0a53ab83;hp=5eb5d2df6fa658edcaf0c151bf15f1c2cf098343;hb=c9c84a13916aa5c5c58912b49839e72fe82b23f5;hpb=b4faea50c35d92a67d1369355b49cc3efba78406 diff --git a/apps/cms.c b/apps/cms.c index 5eb5d2df6f..6ed9338685 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -95,7 +95,7 @@ static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, # define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) # define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) -int verify_err = 0; +static int verify_err = 0; typedef struct cms_key_param_st cms_key_param; @@ -118,9 +118,9 @@ typedef enum OPTION_choice { OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF, OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, - OPT_CAPATH, OPT_CONTENT, OPT_PRINT, OPT_SECRETKEY, - OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, OPT_RAND, - OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, + OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT, + OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, + OPT_RAND, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM, OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP, OPT_3DES_WRAP, OPT_ENGINE, @@ -185,6 +185,10 @@ OPTIONS cms_options[] = { {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, {"CApath", OPT_CAPATH, '/', "trusted certificates directory"}, + {"no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file"}, + {"no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, {"print", OPT_PRINT, '-'}, @@ -208,6 +212,8 @@ OPTIONS cms_options[] = { {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, {"receipt_request_from", OPT_RR_FROM, 's'}, {"receipt_request_to", OPT_RR_TO, 's'}, + {"", OPT_CIPHER, '-', "Any supported cipher"}, + OPT_V_OPTIONS, # ifndef OPENSSL_NO_AES {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, @@ -219,9 +225,7 @@ OPTIONS cms_options[] = { # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, - OPT_V_OPTIONS, - {NULL}, + {NULL} }; int cms_main(int argc, char **argv) @@ -242,12 +246,12 @@ int cms_main(int argc, char **argv) X509_VERIFY_PARAM *vpm = NULL; char *certfile = NULL, *keyfile = NULL, *contfile = NULL; char *CAfile = NULL, *CApath = NULL, *certsoutfile = NULL; + int noCAfile = 0, noCApath = 0; char *infile = NULL, *outfile = NULL, *rctfile = NULL, *inrand = NULL; char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL; char *to = NULL, *from = NULL, *subject = NULL, *prog; cms_key_param *key_first = NULL, *key_param = NULL; - const char *inmode = "r", *outmode = "w"; int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; @@ -423,6 +427,12 @@ int cms_main(int argc, char **argv) case OPT_CAPATH: CApath = opt_arg(); break; + case OPT_NOCAFILE: + noCAfile = 1; + break; + case OPT_NOCAPATH: + noCApath = 1; + break; case OPT_IN: infile = opt_arg(); break; @@ -588,11 +598,11 @@ int cms_main(int argc, char **argv) goto end; vpmtouched++; break; -# ifndef OPENSSL_NO_DES case OPT_3DES_WRAP: +# ifndef OPENSSL_NO_DES wrap_cipher = EVP_des_ede3_wrap(); - break; # endif + break; # ifndef OPENSSL_NO_AES case OPT_AES128_WRAP: wrap_cipher = EVP_aes_128_wrap(); @@ -603,6 +613,11 @@ int cms_main(int argc, char **argv) case OPT_AES256_WRAP: wrap_cipher = EVP_aes_256_wrap(); break; +# else + case OPT_AES128_WRAP: + case OPT_AES192_WRAP: + case OPT_AES256_WRAP: + break; # endif } } @@ -664,12 +679,14 @@ int cms_main(int argc, char **argv) } else if (!operation) goto opthelp; - if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } + if (!app_load_modules(NULL)) + goto end; + if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) @@ -682,20 +699,14 @@ int cms_main(int argc, char **argv) if (!(operation & SMIME_SIGNERS)) flags &= ~CMS_DETACHED; - if (operation & SMIME_OP) { - if (outformat == FORMAT_ASN1) - outmode = "wb"; - } else { + if (!(operation & SMIME_OP)) { if (flags & CMS_BINARY) - outmode = "wb"; + outformat = FORMAT_BINARY; } - if (operation & SMIME_IP) { - if (informat == FORMAT_ASN1) - inmode = "rb"; - } else { + if (!(operation & SMIME_IP)) { if (flags & CMS_BINARY) - inmode = "rb"; + informat = FORMAT_BINARY; } if (operation == SMIME_ENCRYPT) { @@ -717,8 +728,8 @@ int cms_main(int argc, char **argv) if ((encerts = sk_X509_new_null()) == NULL) goto end; while (*argv) { - if (!(cert = load_cert(*argv, FORMAT_PEM, - NULL, e, "recipient certificate file"))) + if ((cert = load_cert(*argv, FORMAT_PEM, NULL, e, + "recipient certificate file")) == NULL) goto end; sk_X509_push(encerts, cert); cert = NULL; @@ -727,24 +738,24 @@ int cms_main(int argc, char **argv) } if (certfile) { - if (!(other = load_certs(certfile, FORMAT_PEM, NULL, - e, "certificate file"))) { + if ((other = load_certs(certfile, FORMAT_PEM, NULL, e, + "certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } if (recipfile && (operation == SMIME_DECRYPT)) { - if (!(recip = load_cert(recipfile, FORMAT_PEM, NULL, - e, "recipient certificate file"))) { + if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, e, + "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } if (operation == SMIME_SIGN_RECEIPT) { - if (!(signer = load_cert(signerfile, FORMAT_PEM, NULL, - e, "receipt signer certificate file"))) { + if ((signer = load_cert(signerfile, FORMAT_PEM, NULL, e, + "receipt signer certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } @@ -765,7 +776,7 @@ int cms_main(int argc, char **argv) goto end; } - in = bio_open_default(infile, inmode); + in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; @@ -787,7 +798,7 @@ int cms_main(int argc, char **argv) } if (contfile) { BIO_free(indata); - if (!(indata = BIO_new_file(contfile, "rb"))) { + if ((indata = BIO_new_file(contfile, "rb")) == NULL) { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; } @@ -807,7 +818,7 @@ int cms_main(int argc, char **argv) if (rctfile) { char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; - if (!(rctin = BIO_new_file(rctfile, rctmode))) { + if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) { BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile); goto end; } @@ -829,12 +840,12 @@ int cms_main(int argc, char **argv) } } - out = bio_open_default(outfile, outmode); + out = bio_open_default(outfile, 'w', outformat); if (out == NULL) goto end; if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) { - if (!(store = setup_verify(CAfile, CApath))) + if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cms_cb); if (vpmtouched)