Add support for signed receipt request printout and generation.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 26 Mar 2008 17:40:22 +0000 (17:40 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 26 Mar 2008 17:40:22 +0000 (17:40 +0000)
apps/cms.c
crypto/cms/cms.h
crypto/cms/cms_env.c
crypto/cms/cms_err.c
crypto/cms/cms_ess.c

index eb1dc3e..7a63778 100644 (file)
@@ -71,6 +71,8 @@
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int smime_cb(int ok, X509_STORE_CTX *ctx);
 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+                                                               STACK *rr_from);
 
 #define SMIME_OP       0x10
 #define SMIME_IP       0x20
@@ -112,7 +114,9 @@ int MAIN(int argc, char **argv)
        BIO *in = NULL, *out = NULL, *indata = NULL;
        int badarg = 0;
        int flags = CMS_DETACHED, noout = 0, print = 0;
-       int rr_print = 0;
+       int rr_print = 0, rr_allorfirst = -1;
+       STACK *rr_to = NULL, *rr_from = NULL;
+       CMS_ReceiptRequest *rr = NULL;
        char *to = NULL, *from = NULL, *subject = NULL;
        char *CAfile = NULL, *CApath = NULL;
        char *passargin = NULL, *passin = NULL;
@@ -248,6 +252,28 @@ int MAIN(int argc, char **argv)
                                noout = 1;
                else if (!strcmp (*args, "-receipt_request_print"))
                                rr_print = 1;
+               else if (!strcmp (*args, "-receipt_request_all"))
+                               rr_allorfirst = 0;
+               else if (!strcmp (*args, "-receipt_request_first"))
+                               rr_allorfirst = 1;
+               else if (!strcmp(*args,"-receipt_request_from"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       if (!rr_from)
+                               rr_from = sk_new_null();
+                       sk_push(rr_from, *args);
+                       }
+               else if (!strcmp(*args,"-receipt_request_to"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       args++;
+                       if (!rr_to)
+                               rr_to = sk_new_null();
+                       sk_push(rr_to, *args);
+                       }
                else if (!strcmp (*args, "-print"))
                                {
                                noout = 1;
@@ -454,6 +480,17 @@ int MAIN(int argc, char **argv)
                args++;
                }
 
+       if (((rr_allorfirst != -1) || rr_from) && !rr_to)
+               {
+               BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+               goto argerr;
+               }
+
+       if (!(operation & SMIME_SIGNERS)  && (rr_to || rr_from))
+               {
+               BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+               goto argerr;
+               }
        if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
                {
                BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
@@ -462,12 +499,12 @@ int MAIN(int argc, char **argv)
 
        if (operation & SMIME_SIGNERS)
                {
-               /* Check to see if any final signer needs to be appended */
                if (keyfile && !signerfile)
                        {
                        BIO_puts(bio_err, "Illegal -inkey without -signer\n");
                        goto argerr;
                        }
+               /* Check to see if any final signer needs to be appended */
                if (signerfile)
                        {
                        if (!sksigners)
@@ -810,27 +847,41 @@ int MAIN(int argc, char **argv)
        else if (operation & SMIME_SIGNERS)
                {
                int i;
-               /* If detached data content we only enable streaming if
+               /* If detached data content we enable streaming if
                 * S/MIME output format.
                 */
                if (operation == SMIME_SIGN)
                        {
+                               
                        if (flags & CMS_DETACHED)
                                {
-                               if (outformat != FORMAT_SMIME)
-                                       flags &= ~CMS_STREAM;
+                               if (outformat == FORMAT_SMIME)
+                                       flags |= CMS_STREAM;
                                }
                        flags |= CMS_PARTIAL;
                        cms = CMS_sign(NULL, NULL, other, in, flags);
-                       if (econtent_type)
-                               CMS_set1_eContentType(cms, econtent_type);
                        if (!cms)
                                goto end;
+                       if (econtent_type)
+                               CMS_set1_eContentType(cms, econtent_type);
+
+                       if (rr_to)
+                               {
+                               rr = make_receipt_request(rr_to, rr_allorfirst,
+                                                               rr_from);
+                               if (!rr)
+                                       {
+                                       BIO_puts(bio_err,
+                               "Signed Receipt Request Creation Error\n");
+                                       goto end;
+                                       }
+                               }
                        }
                else
                        flags |= CMS_REUSE_DIGEST;
                for (i = 0; i < sk_num(sksigners); i++)
                        {
+                       CMS_SignerInfo *si;
                        signerfile = sk_value(sksigners, i);
                        keyfile = sk_value(skkeys, i);
                        signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
@@ -841,7 +892,10 @@ int MAIN(int argc, char **argv)
                               "signing key file");
                        if (!key)
                                goto end;
-                       if (!CMS_add1_signer(cms, signer, key, sign_md, flags))
+                       si = CMS_add1_signer(cms, signer, key, sign_md, flags);
+                       if (!si)
+                               goto end;
+                       if (rr && !CMS_add1_ReceiptRequest(si, rr))
                                goto end;
                        X509_free(signer);
                        signer = NULL;
@@ -1002,6 +1056,12 @@ end:
                OPENSSL_free(secret_keyid);
        if (econtent_type)
                ASN1_OBJECT_free(econtent_type);
+       if (rr)
+               CMS_ReceiptRequest_free(rr);
+       if (rr_to)
+               sk_free(rr_to);
+       if (rr_from)
+               sk_free(rr_from);
        X509_STORE_free(store);
        X509_free(cert);
        X509_free(recip);
@@ -1119,4 +1179,66 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
                }
        }
 
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
+       {
+       int i;
+       STACK_OF(GENERAL_NAMES) *ret;
+       GENERAL_NAMES *gens = NULL;
+       GENERAL_NAME *gen = NULL;
+       ret = sk_GENERAL_NAMES_new_null();
+       if (!ret)
+               goto err;
+       for (i = 0; i < sk_num(ns); i++)
+               {
+               char *str = sk_value(ns, i);
+               gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
+               if (!gen)
+                       goto err;
+               gens = GENERAL_NAMES_new();
+               if (!gens)
+                       goto err;
+               if (!sk_GENERAL_NAME_push(gens, gen))
+                       goto err;
+               gen = NULL;
+               if (!sk_GENERAL_NAMES_push(ret, gens))
+                       goto err;
+               gens = NULL;
+               }
+
+       return ret;
+
+       err:
+       if (ret)
+               sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+       if (gens)
+               GENERAL_NAMES_free(gens);
+       if (gen)
+               GENERAL_NAME_free(gen);
+       return NULL;
+       }
+
+
+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
+                                                               STACK *rr_from)
+       {
+       STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
+       CMS_ReceiptRequest *rr;
+       rct_to = make_names_stack(rr_to);
+       if (!rct_to)
+               goto err;
+       if (rr_from)
+               {
+               rct_from = make_names_stack(rr_from);
+               if (!rct_from)
+                       goto err;
+               }
+       else
+               rct_from = NULL;
+       rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+                                               rct_to);
+       return rr;
+       err:
+       return NULL;
+       }
+
 #endif
index 15205bb..4cc5d93 100644 (file)
@@ -197,6 +197,13 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
                                        ASN1_OBJECT *otherTypeId,
                                        ASN1_TYPE *otherType);
 
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                       X509_ALGOR **palg,
+                                       ASN1_OCTET_STRING **pid,
+                                       ASN1_GENERALIZEDTIME **pdate,
+                                       ASN1_OBJECT **potherid,
+                                       ASN1_TYPE **pothertype);
+
 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
                                unsigned char *key, size_t keylen);
 
@@ -288,11 +295,11 @@ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
 #ifdef HEADER_X509V3_H
 
 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si,
-                               unsigned char *id, int idlen,
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
                                int allorfirst,
                                STACK_OF(GENERAL_NAMES) *receiptList,
                                STACK_OF(GENERAL_NAMES) *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
 void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
                                        ASN1_STRING **pcid,
                                        int *pallorfirst,
@@ -346,6 +353,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_F_CMS_GET0_ENVELOPED                        131
 #define CMS_F_CMS_GET0_REVOCATION_CHOICES               132
 #define CMS_F_CMS_GET0_SIGNED                           133
+#define CMS_F_CMS_RECEIPTREQUEST_CREATE0                159
 #define CMS_F_CMS_RECIPIENTINFO_DECRYPT                         134
 #define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT           135
 #define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT           136
index 0a0b772..b3237d4 100644 (file)
@@ -581,7 +581,6 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
 
        }
 
-#if 0
 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
                                        X509_ALGOR **palg,
                                        ASN1_OCTET_STRING **pid,
@@ -618,8 +617,6 @@ int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
                }
        return 1;
        }
-#endif
-
 
 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
                                unsigned char *key, size_t keylen)
index 7b1294c..93e15e3 100644 (file)
@@ -72,7 +72,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
        {
 {ERR_FUNC(CMS_F_CHECK_CONTENT),        "CHECK_CONTENT"},
 {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY),       "CMS_add0_recipient_key"},
-{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST),      "CMS_ADD1_RECEIPTREQUEST"},
+{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST),      "CMS_add1_ReceiptRequest"},
 {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),      "CMS_add1_recipient_cert"},
 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER),      "CMS_add1_signer"},
 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
@@ -106,6 +106,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED),   "CMS_GET0_ENVELOPED"},
 {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),  "CMS_GET0_REVOCATION_CHOICES"},
 {ERR_FUNC(CMS_F_CMS_GET0_SIGNED),      "CMS_GET0_SIGNED"},
+{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),   "CMS_ReceiptRequest_create0"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT),    "CMS_RecipientInfo_decrypt"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),      "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),      "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
index 00cd9dc..9377217 100644 (file)
@@ -89,26 +89,18 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
        return 1;
        }
 
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si,
-                               unsigned char *id, int idlen,
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
                                int allorfirst,
                                STACK_OF(GENERAL_NAMES) *receiptList,
                                STACK_OF(GENERAL_NAMES) *receiptsTo)
        {
        CMS_ReceiptRequest *rr = NULL;
-       STACK_OF(GENERAL_NAMES) *tmpto = NULL;
-       unsigned char *rrder = NULL;
-       int rrderlen;
-       int r = 0;
 
        rr = CMS_ReceiptRequest_new();
        if (!rr)
                goto merr;
        if (id)
-               {
-               if (!ASN1_STRING_set(rr->signedContentIdentifier, id, idlen))
-                       goto merr;
-               }
+               ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
        else
                {
                if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
@@ -118,7 +110,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si,
                        goto err;
                }
 
-       tmpto = rr->receiptsTo;
+       sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
        rr->receiptsTo = receiptsTo;
 
        if (receiptList)
@@ -132,21 +124,38 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si,
                rr->receiptsFrom->d.allOrFirstTier = allorfirst;
                }
 
-       rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
-
-       r = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
-                                       V_ASN1_SEQUENCE, rrder, rrderlen);
+       return rr;
 
        merr:
-       CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+       CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
 
        err:
        if (rr)
-               {
-               rr->receiptsTo = tmpto;
-               rr->receiptsFrom->type = 0;
                CMS_ReceiptRequest_free(rr);
-               }
+
+       return NULL;
+       
+       }
+
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+       {
+       unsigned char *rrder = NULL;
+       int rrderlen, r = 0;
+
+       rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
+       if (rrderlen < 0)
+               goto merr;
+
+       if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
+                                       V_ASN1_SEQUENCE, rrder, rrderlen))
+               goto merr;
+
+       r = 1;
+
+       merr:
+       if (!r)
+               CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+
        if (rrder)
                OPENSSL_free(rrder);