1/* apps/cms.c */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 */ 53 54/* CMS utility function */ 55 56#include <stdio.h> 57#include <string.h> 58#include "apps.h" 59 60#ifndef OPENSSL_NO_CMS 61 62#include <openssl/crypto.h> 63#include <openssl/pem.h> 64#include <openssl/err.h> 65#include <openssl/x509_vfy.h> 66#include <openssl/x509v3.h> 67#include <openssl/cms.h> 68 69#undef PROG 70#define PROG cms_main 71static int save_certs(char *signerfile, STACK_OF(X509) *signers); 72static int cms_cb(int ok, X509_STORE_CTX *ctx); 73static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); 74static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, 75 int rr_allorfirst, 76 STACK_OF(OPENSSL_STRING) *rr_from); 77 78#define SMIME_OP 0x10 79#define SMIME_IP 0x20 80#define SMIME_SIGNERS 0x40 81#define SMIME_ENCRYPT (1 | SMIME_OP) 82#define SMIME_DECRYPT (2 | SMIME_IP) 83#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) 84#define SMIME_VERIFY (4 | SMIME_IP) 85#define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP) 86#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) 87#define SMIME_DATAOUT (7 | SMIME_IP) 88#define SMIME_DATA_CREATE (8 | SMIME_OP) 89#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) 90#define SMIME_DIGEST_CREATE (10 | SMIME_OP) 91#define SMIME_UNCOMPRESS (11 | SMIME_IP) 92#define SMIME_COMPRESS (12 | SMIME_OP) 93#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) 94#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) 95#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) 96#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) 97 98int verify_err = 0; 99 100int MAIN(int, char **); 101 102int MAIN(int argc, char **argv) 103 { 104 ENGINE *e = NULL; 105 int operation = 0; 106 int ret = 0; 107 char **args; 108 const char *inmode = "r", *outmode = "w"; 109 char *infile = NULL, *outfile = NULL, *rctfile = NULL; 110 char *signerfile = NULL, *recipfile = NULL; 111 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; 112 char *certfile = NULL, *keyfile = NULL, *contfile=NULL; 113 char *certsoutfile = NULL; 114 const EVP_CIPHER *cipher = NULL; 115 CMS_ContentInfo *cms = NULL, *rcms = NULL; 116 X509_STORE *store = NULL; 117 X509 *cert = NULL, *recip = NULL, *signer = NULL; 118 EVP_PKEY *key = NULL; 119 STACK_OF(X509) *encerts = NULL, *other = NULL; 120 BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; 121 int badarg = 0; 122 int flags = CMS_DETACHED, noout = 0, print = 0; 123 int verify_retcode = 0; 124 int rr_print = 0, rr_allorfirst = -1; 125 STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; 126 CMS_ReceiptRequest *rr = NULL; 127 char *to = NULL, *from = NULL, *subject = NULL; 128 char *CAfile = NULL, *CApath = NULL; 129 char *passargin = NULL, *passin = NULL; 130 char *inrand = NULL; 131 int need_rand = 0; 132 const EVP_MD *sign_md = NULL; 133 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 134 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; 135#ifndef OPENSSL_NO_ENGINE 136 char *engine=NULL; 137#endif 138 unsigned char *secret_key = NULL, *secret_keyid = NULL; 139 unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; 140 size_t secret_keylen = 0, secret_keyidlen = 0; 141 142 ASN1_OBJECT *econtent_type = NULL; 143 144 X509_VERIFY_PARAM *vpm = NULL; 145 146 args = argv + 1; 147 ret = 1; 148 149 apps_startup(); 150 151 if (bio_err == NULL) 152 { 153 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 154 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 155 } 156 157 if (!load_config(bio_err, NULL)) 158 goto end; 159 160 while (!badarg && *args && *args[0] == '-') 161 { 162 if (!strcmp (*args, "-encrypt")) 163 operation = SMIME_ENCRYPT; 164 else if (!strcmp (*args, "-decrypt")) 165 operation = SMIME_DECRYPT; 166 else if (!strcmp (*args, "-sign")) 167 operation = SMIME_SIGN; 168 else if (!strcmp (*args, "-sign_receipt")) 169 operation = SMIME_SIGN_RECEIPT; 170 else if (!strcmp (*args, "-resign")) 171 operation = SMIME_RESIGN; 172 else if (!strcmp (*args, "-verify")) 173 operation = SMIME_VERIFY; 174 else if (!strcmp (*args, "-verify_retcode")) 175 verify_retcode = 1; 176 else if (!strcmp(*args,"-verify_receipt")) 177 { 178 operation = SMIME_VERIFY_RECEIPT; 179 if (!args[1]) 180 goto argerr; 181 args++; 182 rctfile = *args; 183 } 184 else if (!strcmp (*args, "-cmsout")) 185 operation = SMIME_CMSOUT; 186 else if (!strcmp (*args, "-data_out")) 187 operation = SMIME_DATAOUT; 188 else if (!strcmp (*args, "-data_create")) 189 operation = SMIME_DATA_CREATE; 190 else if (!strcmp (*args, "-digest_verify")) 191 operation = SMIME_DIGEST_VERIFY; 192 else if (!strcmp (*args, "-digest_create")) 193 operation = SMIME_DIGEST_CREATE; 194 else if (!strcmp (*args, "-compress")) 195 operation = SMIME_COMPRESS; 196 else if (!strcmp (*args, "-uncompress")) 197 operation = SMIME_UNCOMPRESS; 198 else if (!strcmp (*args, "-EncryptedData_decrypt")) 199 operation = SMIME_ENCRYPTED_DECRYPT; 200 else if (!strcmp (*args, "-EncryptedData_encrypt")) 201 operation = SMIME_ENCRYPTED_ENCRYPT; 202#ifndef OPENSSL_NO_DES 203 else if (!strcmp (*args, "-des3")) 204 cipher = EVP_des_ede3_cbc(); 205 else if (!strcmp (*args, "-des")) 206 cipher = EVP_des_cbc(); 207#endif 208#ifndef OPENSSL_NO_SEED 209 else if (!strcmp (*args, "-seed")) 210 cipher = EVP_seed_cbc(); 211#endif 212#ifndef OPENSSL_NO_RC2 213 else if (!strcmp (*args, "-rc2-40")) 214 cipher = EVP_rc2_40_cbc(); 215 else if (!strcmp (*args, "-rc2-128")) 216 cipher = EVP_rc2_cbc(); 217 else if (!strcmp (*args, "-rc2-64")) 218 cipher = EVP_rc2_64_cbc(); 219#endif 220#ifndef OPENSSL_NO_AES 221 else if (!strcmp(*args,"-aes128")) 222 cipher = EVP_aes_128_cbc(); 223 else if (!strcmp(*args,"-aes192")) 224 cipher = EVP_aes_192_cbc(); 225 else if (!strcmp(*args,"-aes256")) 226 cipher = EVP_aes_256_cbc(); 227#endif 228#ifndef OPENSSL_NO_CAMELLIA 229 else if (!strcmp(*args,"-camellia128")) 230 cipher = EVP_camellia_128_cbc(); 231 else if (!strcmp(*args,"-camellia192")) 232 cipher = EVP_camellia_192_cbc(); 233 else if (!strcmp(*args,"-camellia256")) 234 cipher = EVP_camellia_256_cbc(); 235#endif 236 else if (!strcmp (*args, "-text")) 237 flags |= CMS_TEXT; 238 else if (!strcmp (*args, "-nointern")) 239 flags |= CMS_NOINTERN; 240 else if (!strcmp (*args, "-noverify") 241 || !strcmp (*args, "-no_signer_cert_verify")) 242 flags |= CMS_NO_SIGNER_CERT_VERIFY; 243 else if (!strcmp (*args, "-nocerts")) 244 flags |= CMS_NOCERTS; 245 else if (!strcmp (*args, "-noattr")) 246 flags |= CMS_NOATTR; 247 else if (!strcmp (*args, "-nodetach")) 248 flags &= ~CMS_DETACHED; 249 else if (!strcmp (*args, "-nosmimecap")) 250 flags |= CMS_NOSMIMECAP; 251 else if (!strcmp (*args, "-binary")) 252 flags |= CMS_BINARY; 253 else if (!strcmp (*args, "-keyid")) 254 flags |= CMS_USE_KEYID; 255 else if (!strcmp (*args, "-nosigs")) 256 flags |= CMS_NOSIGS; 257 else if (!strcmp (*args, "-no_content_verify")) 258 flags |= CMS_NO_CONTENT_VERIFY; 259 else if (!strcmp (*args, "-no_attr_verify")) 260 flags |= CMS_NO_ATTR_VERIFY; 261 else if (!strcmp (*args, "-stream")) 262 flags |= CMS_STREAM; 263 else if (!strcmp (*args, "-indef")) 264 flags |= CMS_STREAM; 265 else if (!strcmp (*args, "-noindef")) 266 flags &= ~CMS_STREAM; 267 else if (!strcmp (*args, "-nooldmime")) 268 flags |= CMS_NOOLDMIMETYPE; 269 else if (!strcmp (*args, "-crlfeol")) 270 flags |= CMS_CRLFEOL; 271 else if (!strcmp (*args, "-noout")) 272 noout = 1; 273 else if (!strcmp (*args, "-receipt_request_print")) 274 rr_print = 1; 275 else if (!strcmp (*args, "-receipt_request_all")) 276 rr_allorfirst = 0; 277 else if (!strcmp (*args, "-receipt_request_first")) 278 rr_allorfirst = 1; 279 else if (!strcmp(*args,"-receipt_request_from")) 280 { 281 if (!args[1]) 282 goto argerr; 283 args++; 284 if (!rr_from) 285 rr_from = sk_OPENSSL_STRING_new_null(); 286 sk_OPENSSL_STRING_push(rr_from, *args); 287 } 288 else if (!strcmp(*args,"-receipt_request_to")) 289 { 290 if (!args[1]) 291 goto argerr; 292 args++; 293 if (!rr_to) 294 rr_to = sk_OPENSSL_STRING_new_null(); 295 sk_OPENSSL_STRING_push(rr_to, *args); 296 } 297 else if (!strcmp (*args, "-print")) 298 { 299 noout = 1; 300 print = 1; 301 } 302 else if (!strcmp(*args,"-secretkey")) 303 { 304 long ltmp; 305 if (!args[1]) 306 goto argerr; 307 args++; 308 secret_key = string_to_hex(*args, <mp); 309 if (!secret_key) 310 { 311 BIO_printf(bio_err, "Invalid key %s\n", *args); 312 goto argerr; 313 } 314 secret_keylen = (size_t)ltmp; 315 } 316 else if (!strcmp(*args,"-secretkeyid")) 317 { 318 long ltmp; 319 if (!args[1]) 320 goto argerr; 321 args++; 322 secret_keyid = string_to_hex(*args, <mp); 323 if (!secret_keyid) 324 { 325 BIO_printf(bio_err, "Invalid id %s\n", *args); 326 goto argerr; 327 } 328 secret_keyidlen = (size_t)ltmp; 329 } 330 else if (!strcmp(*args,"-pwri_password")) 331 { 332 if (!args[1]) 333 goto argerr; 334 args++; 335 pwri_pass = (unsigned char *)*args; 336 } 337 else if (!strcmp(*args,"-econtent_type")) 338 { 339 if (!args[1]) 340 goto argerr; 341 args++; 342 econtent_type = OBJ_txt2obj(*args, 0); 343 if (!econtent_type) 344 { 345 BIO_printf(bio_err, "Invalid OID %s\n", *args); 346 goto argerr; 347 } 348 } 349 else if (!strcmp(*args,"-rand")) 350 { 351 if (!args[1]) 352 goto argerr; 353 args++; 354 inrand = *args; 355 need_rand = 1; 356 } 357#ifndef OPENSSL_NO_ENGINE 358 else if (!strcmp(*args,"-engine")) 359 { 360 if (!args[1]) 361 goto argerr; 362 engine = *++args; 363 } 364#endif 365 else if (!strcmp(*args,"-passin")) 366 { 367 if (!args[1]) 368 goto argerr; 369 passargin = *++args; 370 } 371 else if (!strcmp (*args, "-to")) 372 { 373 if (!args[1]) 374 goto argerr; 375 to = *++args; 376 } 377 else if (!strcmp (*args, "-from")) 378 { 379 if (!args[1]) 380 goto argerr; 381 from = *++args; 382 } 383 else if (!strcmp (*args, "-subject")) 384 { 385 if (!args[1]) 386 goto argerr; 387 subject = *++args; 388 } 389 else if (!strcmp (*args, "-signer")) 390 { 391 if (!args[1]) 392 goto argerr; 393 /* If previous -signer argument add signer to list */ 394 395 if (signerfile) 396 { 397 if (!sksigners) 398 sksigners = sk_OPENSSL_STRING_new_null(); 399 sk_OPENSSL_STRING_push(sksigners, signerfile); 400 if (!keyfile) 401 keyfile = signerfile; 402 if (!skkeys) 403 skkeys = sk_OPENSSL_STRING_new_null(); 404 sk_OPENSSL_STRING_push(skkeys, keyfile); 405 keyfile = NULL; 406 } 407 signerfile = *++args; 408 } 409 else if (!strcmp (*args, "-recip")) 410 { 411 if (!args[1]) 412 goto argerr; 413 recipfile = *++args; 414 } 415 else if (!strcmp (*args, "-certsout")) 416 { 417 if (!args[1]) 418 goto argerr; 419 certsoutfile = *++args; 420 } 421 else if (!strcmp (*args, "-md")) 422 { 423 if (!args[1]) 424 goto argerr; 425 sign_md = EVP_get_digestbyname(*++args); 426 if (sign_md == NULL) 427 { 428 BIO_printf(bio_err, "Unknown digest %s\n", 429 *args); 430 goto argerr; 431 } 432 } 433 else if (!strcmp (*args, "-inkey")) 434 { 435 if (!args[1]) 436 goto argerr; 437 /* If previous -inkey arument add signer to list */ 438 if (keyfile) 439 { 440 if (!signerfile) 441 { 442 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 443 goto argerr; 444 } 445 if (!sksigners) 446 sksigners = sk_OPENSSL_STRING_new_null(); 447 sk_OPENSSL_STRING_push(sksigners, signerfile); 448 signerfile = NULL; 449 if (!skkeys) 450 skkeys = sk_OPENSSL_STRING_new_null(); 451 sk_OPENSSL_STRING_push(skkeys, keyfile); 452 } 453 keyfile = *++args; 454 } 455 else if (!strcmp (*args, "-keyform")) 456 { 457 if (!args[1]) 458 goto argerr; 459 keyform = str2fmt(*++args); 460 } 461 else if (!strcmp (*args, "-rctform")) 462 { 463 if (!args[1]) 464 goto argerr; 465 rctformat = str2fmt(*++args); 466 } 467 else if (!strcmp (*args, "-certfile")) 468 { 469 if (!args[1]) 470 goto argerr; 471 certfile = *++args; 472 } 473 else if (!strcmp (*args, "-CAfile")) 474 { 475 if (!args[1]) 476 goto argerr; 477 CAfile = *++args; 478 } 479 else if (!strcmp (*args, "-CApath")) 480 { 481 if (!args[1]) 482 goto argerr; 483 CApath = *++args; 484 } 485 else if (!strcmp (*args, "-in")) 486 { 487 if (!args[1]) 488 goto argerr; 489 infile = *++args; 490 } 491 else if (!strcmp (*args, "-inform")) 492 { 493 if (!args[1]) 494 goto argerr; 495 informat = str2fmt(*++args); 496 } 497 else if (!strcmp (*args, "-outform")) 498 { 499 if (!args[1]) 500 goto argerr; 501 outformat = str2fmt(*++args); 502 } 503 else if (!strcmp (*args, "-out")) 504 { 505 if (!args[1]) 506 goto argerr; 507 outfile = *++args; 508 } 509 else if (!strcmp (*args, "-content")) 510 { 511 if (!args[1]) 512 goto argerr; 513 contfile = *++args; 514 } 515 else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) 516 continue; 517 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) 518 badarg = 1; 519 args++; 520 } 521 522 if (((rr_allorfirst != -1) || rr_from) && !rr_to) 523 { 524 BIO_puts(bio_err, "No Signed Receipts Recipients\n"); 525 goto argerr; 526 } 527 528 if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) 529 { 530 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); 531 goto argerr; 532 } 533 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) 534 { 535 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 536 goto argerr; 537 } 538 539 if (operation & SMIME_SIGNERS) 540 { 541 if (keyfile && !signerfile) 542 { 543 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 544 goto argerr; 545 } 546 /* Check to see if any final signer needs to be appended */ 547 if (signerfile) 548 { 549 if (!sksigners) 550 sksigners = sk_OPENSSL_STRING_new_null(); 551 sk_OPENSSL_STRING_push(sksigners, signerfile); 552 if (!skkeys) 553 skkeys = sk_OPENSSL_STRING_new_null(); 554 if (!keyfile) 555 keyfile = signerfile; 556 sk_OPENSSL_STRING_push(skkeys, keyfile); 557 } 558 if (!sksigners) 559 { 560 BIO_printf(bio_err, "No signer certificate specified\n"); 561 badarg = 1; 562 } 563 signerfile = NULL; 564 keyfile = NULL; 565 need_rand = 1; 566 } 567 568 else if (operation == SMIME_DECRYPT) 569 { 570 if (!recipfile && !keyfile && !secret_key && !pwri_pass) 571 { 572 BIO_printf(bio_err, "No recipient certificate or key specified\n"); 573 badarg = 1; 574 } 575 } 576 else if (operation == SMIME_ENCRYPT) 577 { 578 if (!*args && !secret_key && !pwri_pass) 579 { 580 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 581 badarg = 1; 582 } 583 need_rand = 1; 584 } 585 else if (!operation) 586 badarg = 1; 587 588 if (badarg) 589 { 590 argerr: 591 BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); 592 BIO_printf (bio_err, "where options are\n"); 593 BIO_printf (bio_err, "-encrypt encrypt message\n"); 594 BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); 595 BIO_printf (bio_err, "-sign sign message\n"); 596 BIO_printf (bio_err, "-verify verify signed message\n"); 597 BIO_printf (bio_err, "-cmsout output CMS structure\n"); 598#ifndef OPENSSL_NO_DES 599 BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); 600 BIO_printf (bio_err, "-des encrypt with DES\n"); 601#endif 602#ifndef OPENSSL_NO_SEED 603 BIO_printf (bio_err, "-seed encrypt with SEED\n"); 604#endif 605#ifndef OPENSSL_NO_RC2 606 BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); 607 BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); 608 BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); 609#endif 610#ifndef OPENSSL_NO_AES 611 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); 612 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); 613#endif 614#ifndef OPENSSL_NO_CAMELLIA 615 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); 616 BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); 617#endif 618 BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); 619 BIO_printf (bio_err, "-nosigs don't verify message signature\n"); 620 BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); 621 BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); 622 BIO_printf (bio_err, "-nodetach use opaque signing\n"); 623 BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); 624 BIO_printf (bio_err, "-binary don't translate message to text\n"); 625 BIO_printf (bio_err, "-certfile file other certificates file\n"); 626 BIO_printf (bio_err, "-certsout file certificate output file\n"); 627 BIO_printf (bio_err, "-signer file signer certificate file\n"); 628 BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); 629 BIO_printf (bio_err, "-keyid use subject key identifier\n"); 630 BIO_printf (bio_err, "-in file input file\n"); 631 BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); 632 BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); 633 BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); 634 BIO_printf (bio_err, "-out file output file\n"); 635 BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); 636 BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); 637 BIO_printf (bio_err, "-to addr to address\n"); 638 BIO_printf (bio_err, "-from ad from address\n"); 639 BIO_printf (bio_err, "-subject s subject\n"); 640 BIO_printf (bio_err, "-text include or delete text MIME headers\n"); 641 BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 642 BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 643 BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); 644 BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); 645#ifndef OPENSSL_NO_ENGINE 646 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); 647#endif 648 BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); 649 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 650 BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); 651 BIO_printf(bio_err, " the random number generator\n"); 652 BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); 653 goto end; 654 } 655 656#ifndef OPENSSL_NO_ENGINE 657 e = setup_engine(bio_err, engine, 0); 658#endif 659 660 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 661 { 662 BIO_printf(bio_err, "Error getting password\n"); 663 goto end; 664 } 665 666 if (need_rand) 667 { 668 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); 669 if (inrand != NULL) 670 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 671 app_RAND_load_files(inrand)); 672 } 673 674 ret = 2; 675 676 if (!(operation & SMIME_SIGNERS)) 677 flags &= ~CMS_DETACHED; 678 679 if (operation & SMIME_OP) 680 { 681 if (outformat == FORMAT_ASN1) 682 outmode = "wb"; 683 } 684 else 685 { 686 if (flags & CMS_BINARY) 687 outmode = "wb"; 688 } 689 690 if (operation & SMIME_IP) 691 { 692 if (informat == FORMAT_ASN1) 693 inmode = "rb"; 694 } 695 else 696 { 697 if (flags & CMS_BINARY) 698 inmode = "rb"; 699 } 700 701 if (operation == SMIME_ENCRYPT) 702 { 703 if (!cipher) 704 { 705#ifndef OPENSSL_NO_DES 706 cipher = EVP_des_ede3_cbc(); 707#else 708 BIO_printf(bio_err, "No cipher selected\n"); 709 goto end; 710#endif 711 } 712 713 if (secret_key && !secret_keyid) 714 { 715 BIO_printf(bio_err, "No secret key id\n"); 716 goto end; 717 } 718 719 if (*args) 720 encerts = sk_X509_new_null(); 721 while (*args) 722 { 723 if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, 724 NULL, e, "recipient certificate file"))) 725 goto end; 726 sk_X509_push(encerts, cert); 727 cert = NULL; 728 args++; 729 } 730 } 731 732 if (certfile) 733 { 734 if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, 735 e, "certificate file"))) 736 { 737 ERR_print_errors(bio_err); 738 goto end; 739 } 740 } 741 742 if (recipfile && (operation == SMIME_DECRYPT)) 743 { 744 if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, 745 e, "recipient certificate file"))) 746 { 747 ERR_print_errors(bio_err); 748 goto end; 749 } 750 } 751 752 if (operation == SMIME_SIGN_RECEIPT) 753 { 754 if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL, 755 e, "receipt signer certificate file"))) 756 { 757 ERR_print_errors(bio_err); 758 goto end; 759 } 760 } 761 762 if (operation == SMIME_DECRYPT) 763 { 764 if (!keyfile) 765 keyfile = recipfile; 766 } 767 else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) 768 { 769 if (!keyfile) 770 keyfile = signerfile; 771 } 772 else keyfile = NULL; 773 774 if (keyfile) 775 { 776 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 777 "signing key file"); 778 if (!key) 779 goto end; 780 } 781 782 if (infile) 783 { 784 if (!(in = BIO_new_file(infile, inmode))) 785 { 786 BIO_printf (bio_err, 787 "Can't open input file %s\n", infile); 788 goto end; 789 } 790 } 791 else 792 in = BIO_new_fp(stdin, BIO_NOCLOSE); 793 794 if (operation & SMIME_IP) 795 { 796 if (informat == FORMAT_SMIME) 797 cms = SMIME_read_CMS(in, &indata); 798 else if (informat == FORMAT_PEM) 799 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); 800 else if (informat == FORMAT_ASN1) 801 cms = d2i_CMS_bio(in, NULL); 802 else 803 { 804 BIO_printf(bio_err, "Bad input format for CMS file\n"); 805 goto end; 806 } 807 808 if (!cms) 809 { 810 BIO_printf(bio_err, "Error reading S/MIME message\n"); 811 goto end; 812 } 813 if (contfile) 814 { 815 BIO_free(indata); 816 if (!(indata = BIO_new_file(contfile, "rb"))) 817 { 818 BIO_printf(bio_err, "Can't read content file %s\n", contfile); 819 goto end; 820 } 821 } 822 if (certsoutfile) 823 { 824 STACK_OF(X509) *allcerts; 825 allcerts = CMS_get1_certs(cms); 826 if (!save_certs(certsoutfile, allcerts)) 827 { 828 BIO_printf(bio_err, 829 "Error writing certs to %s\n", 830 certsoutfile); 831 ret = 5; 832 goto end; 833 } 834 sk_X509_pop_free(allcerts, X509_free); 835 } 836 } 837 838 if (rctfile) 839 { 840 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; 841 if (!(rctin = BIO_new_file(rctfile, rctmode))) 842 { 843 BIO_printf (bio_err, 844 "Can't open receipt file %s\n", rctfile); 845 goto end; 846 } 847 848 if (rctformat == FORMAT_SMIME) 849 rcms = SMIME_read_CMS(rctin, NULL); 850 else if (rctformat == FORMAT_PEM) 851 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); 852 else if (rctformat == FORMAT_ASN1) 853 rcms = d2i_CMS_bio(rctin, NULL); 854 else 855 { 856 BIO_printf(bio_err, "Bad input format for receipt\n"); 857 goto end; 858 } 859 860 if (!rcms) 861 { 862 BIO_printf(bio_err, "Error reading receipt\n"); 863 goto end; 864 } 865 } 866 867 if (outfile) 868 { 869 if (!(out = BIO_new_file(outfile, outmode))) 870 { 871 BIO_printf (bio_err, 872 "Can't open output file %s\n", outfile); 873 goto end; 874 } 875 } 876 else 877 { 878 out = BIO_new_fp(stdout, BIO_NOCLOSE); 879#ifdef OPENSSL_SYS_VMS 880 { 881 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 882 out = BIO_push(tmpbio, out); 883 } 884#endif 885 } 886 887 if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) 888 { 889 if (!(store = setup_verify(bio_err, CAfile, CApath))) 890 goto end; 891 X509_STORE_set_verify_cb(store, cms_cb); 892 if (vpm) 893 X509_STORE_set1_param(store, vpm); 894 } 895 896 897 ret = 3; 898 899 if (operation == SMIME_DATA_CREATE) 900 { 901 cms = CMS_data_create(in, flags); 902 } 903 else if (operation == SMIME_DIGEST_CREATE) 904 { 905 cms = CMS_digest_create(in, sign_md, flags); 906 } 907 else if (operation == SMIME_COMPRESS) 908 { 909 cms = CMS_compress(in, -1, flags); 910 } 911 else if (operation == SMIME_ENCRYPT) 912 { 913 flags |= CMS_PARTIAL; 914 cms = CMS_encrypt(encerts, in, cipher, flags); 915 if (!cms) 916 goto end; 917 if (secret_key) 918 { 919 if (!CMS_add0_recipient_key(cms, NID_undef, 920 secret_key, secret_keylen, 921 secret_keyid, secret_keyidlen, 922 NULL, NULL, NULL)) 923 goto end; 924 /* NULL these because call absorbs them */ 925 secret_key = NULL; 926 secret_keyid = NULL; 927 } 928 if (pwri_pass) 929 { 930 pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass); 931 if (!pwri_tmp) 932 goto end; 933 if (!CMS_add0_recipient_password(cms, 934 -1, NID_undef, NID_undef, 935 pwri_tmp, -1, NULL)) 936 goto end; 937 pwri_tmp = NULL; 938 } 939 if (!(flags & CMS_STREAM)) 940 { 941 if (!CMS_final(cms, in, NULL, flags)) 942 goto end; 943 } 944 } 945 else if (operation == SMIME_ENCRYPTED_ENCRYPT) 946 { 947 cms = CMS_EncryptedData_encrypt(in, cipher, 948 secret_key, secret_keylen, 949 flags); 950 951 } 952 else if (operation == SMIME_SIGN_RECEIPT) 953 { 954 CMS_ContentInfo *srcms = NULL; 955 STACK_OF(CMS_SignerInfo) *sis; 956 CMS_SignerInfo *si; 957 sis = CMS_get0_SignerInfos(cms); 958 if (!sis) 959 goto end; 960 si = sk_CMS_SignerInfo_value(sis, 0); 961 srcms = CMS_sign_receipt(si, signer, key, other, flags); 962 if (!srcms) 963 goto end; 964 CMS_ContentInfo_free(cms); 965 cms = srcms; 966 } 967 else if (operation & SMIME_SIGNERS) 968 { 969 int i; 970 /* If detached data content we enable streaming if 971 * S/MIME output format. 972 */ 973 if (operation == SMIME_SIGN) 974 { 975 976 if (flags & CMS_DETACHED) 977 { 978 if (outformat == FORMAT_SMIME) 979 flags |= CMS_STREAM; 980 } 981 flags |= CMS_PARTIAL; 982 cms = CMS_sign(NULL, NULL, other, in, flags); 983 if (!cms) 984 goto end; 985 if (econtent_type) 986 CMS_set1_eContentType(cms, econtent_type); 987 988 if (rr_to) 989 { 990 rr = make_receipt_request(rr_to, rr_allorfirst, 991 rr_from); 992 if (!rr) 993 { 994 BIO_puts(bio_err, 995 "Signed Receipt Request Creation Error\n"); 996 goto end; 997 } 998 } 999 } 1000 else 1001 flags |= CMS_REUSE_DIGEST; 1002 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) 1003 { 1004 CMS_SignerInfo *si; 1005 signerfile = sk_OPENSSL_STRING_value(sksigners, i); 1006 keyfile = sk_OPENSSL_STRING_value(skkeys, i); 1007 signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, 1008 e, "signer certificate"); 1009 if (!signer) 1010 goto end; 1011 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 1012 "signing key file"); 1013 if (!key) 1014 goto end; 1015 si = CMS_add1_signer(cms, signer, key, sign_md, flags); 1016 if (!si) 1017 goto end; 1018 if (rr && !CMS_add1_ReceiptRequest(si, rr)) 1019 goto end; 1020 X509_free(signer); 1021 signer = NULL; 1022 EVP_PKEY_free(key); 1023 key = NULL; 1024 } 1025 /* If not streaming or resigning finalize structure */ 1026 if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) 1027 { 1028 if (!CMS_final(cms, in, NULL, flags)) 1029 goto end; 1030 } 1031 } 1032 1033 if (!cms) 1034 { 1035 BIO_printf(bio_err, "Error creating CMS structure\n"); 1036 goto end; 1037 } 1038 1039 ret = 4; 1040 if (operation == SMIME_DECRYPT) 1041 { 1042 1043 if (secret_key) 1044 { 1045 if (!CMS_decrypt_set1_key(cms, 1046 secret_key, secret_keylen, 1047 secret_keyid, secret_keyidlen)) 1048 { 1049 BIO_puts(bio_err, 1050 "Error decrypting CMS using secret key\n"); 1051 goto end; 1052 } 1053 } 1054 1055 if (key) 1056 { 1057 if (!CMS_decrypt_set1_pkey(cms, key, recip)) 1058 { 1059 BIO_puts(bio_err, 1060 "Error decrypting CMS using private key\n"); 1061 goto end; 1062 } 1063 } 1064 1065 if (pwri_pass) 1066 { 1067 if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) 1068 { 1069 BIO_puts(bio_err, 1070 "Error decrypting CMS using password\n"); 1071 goto end; 1072 } 1073 } 1074 1075 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) 1076 { 1077 BIO_printf(bio_err, "Error decrypting CMS structure\n"); 1078 goto end; 1079 } 1080 } 1081 else if (operation == SMIME_DATAOUT) 1082 { 1083 if (!CMS_data(cms, out, flags)) 1084 goto end; 1085 } 1086 else if (operation == SMIME_UNCOMPRESS) 1087 { 1088 if (!CMS_uncompress(cms, indata, out, flags)) 1089 goto end; 1090 } 1091 else if (operation == SMIME_DIGEST_VERIFY) 1092 { 1093 if (CMS_digest_verify(cms, indata, out, flags) > 0) 1094 BIO_printf(bio_err, "Verification successful\n"); 1095 else 1096 { 1097 BIO_printf(bio_err, "Verification failure\n"); 1098 goto end; 1099 } 1100 } 1101 else if (operation == SMIME_ENCRYPTED_DECRYPT) 1102 { 1103 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, 1104 indata, out, flags)) 1105 goto end; 1106 } 1107 else if (operation == SMIME_VERIFY) 1108 { 1109 if (CMS_verify(cms, other, store, indata, out, flags) > 0) 1110 BIO_printf(bio_err, "Verification successful\n"); 1111 else 1112 { 1113 BIO_printf(bio_err, "Verification failure\n"); 1114 if (verify_retcode) 1115 ret = verify_err + 32; 1116 goto end; 1117 } 1118 if (signerfile) 1119 { 1120 STACK_OF(X509) *signers; 1121 signers = CMS_get0_signers(cms); 1122 if (!save_certs(signerfile, signers)) 1123 { 1124 BIO_printf(bio_err, 1125 "Error writing signers to %s\n", 1126 signerfile); 1127 ret = 5; 1128 goto end; 1129 } 1130 sk_X509_free(signers); 1131 } 1132 if (rr_print) 1133 receipt_request_print(bio_err, cms); 1134 1135 } 1136 else if (operation == SMIME_VERIFY_RECEIPT) 1137 { 1138 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) 1139 BIO_printf(bio_err, "Verification successful\n"); 1140 else 1141 { 1142 BIO_printf(bio_err, "Verification failure\n"); 1143 goto end; 1144 } 1145 } 1146 else 1147 { 1148 if (noout) 1149 { 1150 if (print) 1151 CMS_ContentInfo_print_ctx(out, cms, 0, NULL); 1152 } 1153 else if (outformat == FORMAT_SMIME) 1154 { 1155 if (to) 1156 BIO_printf(out, "To: %s\n", to); 1157 if (from) 1158 BIO_printf(out, "From: %s\n", from); 1159 if (subject) 1160 BIO_printf(out, "Subject: %s\n", subject); 1161 if (operation == SMIME_RESIGN) 1162 ret = SMIME_write_CMS(out, cms, indata, flags); 1163 else 1164 ret = SMIME_write_CMS(out, cms, in, flags); 1165 } 1166 else if (outformat == FORMAT_PEM) 1167 ret = PEM_write_bio_CMS_stream(out, cms, in, flags); 1168 else if (outformat == FORMAT_ASN1) 1169 ret = i2d_CMS_bio_stream(out,cms, in, flags); 1170 else 1171 { 1172 BIO_printf(bio_err, "Bad output format for CMS file\n"); 1173 goto end; 1174 } 1175 if (ret <= 0) 1176 { 1177 ret = 6; 1178 goto end; 1179 } 1180 } 1181 ret = 0; 1182end: 1183 if (ret) 1184 ERR_print_errors(bio_err); 1185 if (need_rand) 1186 app_RAND_write_file(NULL, bio_err); 1187 sk_X509_pop_free(encerts, X509_free); 1188 sk_X509_pop_free(other, X509_free); 1189 if (vpm) 1190 X509_VERIFY_PARAM_free(vpm); 1191 if (sksigners) 1192 sk_OPENSSL_STRING_free(sksigners); 1193 if (skkeys) 1194 sk_OPENSSL_STRING_free(skkeys); 1195 if (secret_key) 1196 OPENSSL_free(secret_key); 1197 if (secret_keyid) 1198 OPENSSL_free(secret_keyid); 1199 if (pwri_tmp) 1200 OPENSSL_free(pwri_tmp); 1201 if (econtent_type) 1202 ASN1_OBJECT_free(econtent_type); 1203 if (rr) 1204 CMS_ReceiptRequest_free(rr); 1205 if (rr_to) 1206 sk_OPENSSL_STRING_free(rr_to); 1207 if (rr_from) 1208 sk_OPENSSL_STRING_free(rr_from); 1209 X509_STORE_free(store); 1210 X509_free(cert); 1211 X509_free(recip); 1212 X509_free(signer); 1213 EVP_PKEY_free(key); 1214 CMS_ContentInfo_free(cms); 1215 CMS_ContentInfo_free(rcms); 1216 BIO_free(rctin); 1217 BIO_free(in); 1218 BIO_free(indata); 1219 BIO_free_all(out); 1220 if (passin) OPENSSL_free(passin); 1221 return (ret); 1222} 1223 1224static int save_certs(char *signerfile, STACK_OF(X509) *signers) 1225 { 1226 int i; 1227 BIO *tmp; 1228 if (!signerfile) 1229 return 1; 1230 tmp = BIO_new_file(signerfile, "w"); 1231 if (!tmp) return 0; 1232 for(i = 0; i < sk_X509_num(signers); i++) 1233 PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); 1234 BIO_free(tmp); 1235 return 1; 1236 } 1237 1238 1239/* Minimal callback just to output policy info (if any) */ 1240 1241static int cms_cb(int ok, X509_STORE_CTX *ctx) 1242 { 1243 int error; 1244 1245 error = X509_STORE_CTX_get_error(ctx); 1246 1247 verify_err = error; 1248 1249 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) 1250 && ((error != X509_V_OK) || (ok != 2))) 1251 return ok; 1252 1253 policies_print(NULL, ctx); 1254 1255 return ok; 1256 1257 } 1258 1259static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) 1260 { 1261 STACK_OF(GENERAL_NAME) *gens; 1262 GENERAL_NAME *gen; 1263 int i, j; 1264 for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) 1265 { 1266 gens = sk_GENERAL_NAMES_value(gns, i); 1267 for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) 1268 { 1269 gen = sk_GENERAL_NAME_value(gens, j); 1270 BIO_puts(out, " "); 1271 GENERAL_NAME_print(out, gen); 1272 BIO_puts(out, "\n"); 1273 } 1274 } 1275 return; 1276 } 1277 1278static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) 1279 { 1280 STACK_OF(CMS_SignerInfo) *sis; 1281 CMS_SignerInfo *si; 1282 CMS_ReceiptRequest *rr; 1283 int allorfirst; 1284 STACK_OF(GENERAL_NAMES) *rto, *rlist; 1285 ASN1_STRING *scid; 1286 int i, rv; 1287 sis = CMS_get0_SignerInfos(cms); 1288 for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) 1289 { 1290 si = sk_CMS_SignerInfo_value(sis, i); 1291 rv = CMS_get1_ReceiptRequest(si, &rr); 1292 BIO_printf(bio_err, "Signer %d:\n", i + 1); 1293 if (rv == 0) 1294 BIO_puts(bio_err, " No Receipt Request\n"); 1295 else if (rv < 0) 1296 { 1297 BIO_puts(bio_err, " Receipt Request Parse Error\n"); 1298 ERR_print_errors(bio_err); 1299 } 1300 else 1301 { 1302 char *id; 1303 int idlen; 1304 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, 1305 &rlist, &rto); 1306 BIO_puts(out, " Signed Content ID:\n"); 1307 idlen = ASN1_STRING_length(scid); 1308 id = (char *)ASN1_STRING_data(scid); 1309 BIO_dump_indent(out, id, idlen, 4); 1310 BIO_puts(out, " Receipts From"); 1311 if (rlist) 1312 { 1313 BIO_puts(out, " List:\n"); 1314 gnames_stack_print(out, rlist); 1315 } 1316 else if (allorfirst == 1) 1317 BIO_puts(out, ": First Tier\n"); 1318 else if (allorfirst == 0) 1319 BIO_puts(out, ": All\n"); 1320 else 1321 BIO_printf(out, " Unknown (%d)\n", allorfirst); 1322 BIO_puts(out, " Receipts To:\n"); 1323 gnames_stack_print(out, rto); 1324 } 1325 if (rr) 1326 CMS_ReceiptRequest_free(rr); 1327 } 1328 } 1329 1330static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) 1331 { 1332 int i; 1333 STACK_OF(GENERAL_NAMES) *ret; 1334 GENERAL_NAMES *gens = NULL; 1335 GENERAL_NAME *gen = NULL; 1336 ret = sk_GENERAL_NAMES_new_null(); 1337 if (!ret) 1338 goto err; 1339 for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) 1340 { 1341 char *str = sk_OPENSSL_STRING_value(ns, i); 1342 gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); 1343 if (!gen) 1344 goto err; 1345 gens = GENERAL_NAMES_new(); 1346 if (!gens) 1347 goto err; 1348 if (!sk_GENERAL_NAME_push(gens, gen)) 1349 goto err; 1350 gen = NULL; 1351 if (!sk_GENERAL_NAMES_push(ret, gens)) 1352 goto err; 1353 gens = NULL; 1354 } 1355 1356 return ret; 1357 1358 err: 1359 if (ret) 1360 sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); 1361 if (gens) 1362 GENERAL_NAMES_free(gens); 1363 if (gen) 1364 GENERAL_NAME_free(gen); 1365 return NULL; 1366 } 1367 1368 1369static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, 1370 int rr_allorfirst, 1371 STACK_OF(OPENSSL_STRING) *rr_from) 1372 { 1373 STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; 1374 CMS_ReceiptRequest *rr; 1375 rct_to = make_names_stack(rr_to); 1376 if (!rct_to) 1377 goto err; 1378 if (rr_from) 1379 { 1380 rct_from = make_names_stack(rr_from); 1381 if (!rct_from) 1382 goto err; 1383 } 1384 else 1385 rct_from = NULL; 1386 rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, 1387 rct_to); 1388 return rr; 1389 err: 1390 return NULL; 1391 } 1392 1393#endif 1394