Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

smime.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago
prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新 ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新以下のOSSをアップデート・mruby-1.3.0 ・musl-1.1.18 ・onigmo-6.1.3 ・tcc-0.9.27 以下のOSSを追加・openssl-1.1.0e ・curl-7.57.0 ・zlib-1.2.11 以下のmrbgemsを追加・iij/mruby-digest ・iij/mruby-env ・iij/mruby-errno ・iij/mruby-iijson ・iij/mruby-ipaddr ・iij/mruby-mock ・iij/mruby-require ・iij/mruby-tls-openssl
Property svn:eol-style set to `native` Property svn:mime-type set to `text/x-csrc`
File size: 21.1 KB

Line
1	/*
2	* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/* S/MIME utility function */
11
12	#include <stdio.h>
13	#include <string.h>
14	#include "apps.h"
15	#include <openssl/crypto.h>
16	#include <openssl/pem.h>
17	#include <openssl/err.h>
18	#include <openssl/x509_vfy.h>
19	#include <openssl/x509v3.h>
20
21	static int save_certs(char signerfile, STACK_OF(X509) signers);
22	static int smime_cb(int ok, X509_STORE_CTX *ctx);
23
24	#define SMIME_OP 0x10
25	#define SMIME_IP 0x20
26	#define SMIME_SIGNERS 0x40
27	#define SMIME_ENCRYPT (1 \| SMIME_OP)
28	#define SMIME_DECRYPT (2 \| SMIME_IP)
29	#define SMIME_SIGN (3 \| SMIME_OP \| SMIME_SIGNERS)
30	#define SMIME_VERIFY (4 \| SMIME_IP)
31	#define SMIME_PK7OUT (5 \| SMIME_IP \| SMIME_OP)
32	#define SMIME_RESIGN (6 \| SMIME_IP \| SMIME_OP \| SMIME_SIGNERS)
33
34	typedef enum OPTION_choice {
35	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
36	OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
37	OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
38	OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
39	OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
40	OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN,
41	OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
42	OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
43	OPT_V_ENUM,
44	OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
45	OPT_OUTFORM, OPT_CONTENT
46	} OPTION_CHOICE;
47
48	OPTIONS smime_options[] = {
49	{OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
50	{OPT_HELP_STR, 1, '-',
51	" cert.pem... recipient certs for encryption\n"},
52	{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
53	{"help", OPT_HELP, '-', "Display this summary"},
54	{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
55	{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
56	{"sign", OPT_SIGN, '-', "Sign message"},
57	{"verify", OPT_VERIFY, '-', "Verify signed message"},
58	{"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
59	{"nointern", OPT_NOINTERN, '-',
60	"Don't search certificates in message for signer"},
61	{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
62	{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
63	{"nocerts", OPT_NOCERTS, '-',
64	"Don't include signers certificate when signing"},
65	{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
66	{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
67	{"binary", OPT_BINARY, '-', "Don't translate message to text"},
68	{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
69	{"signer", OPT_SIGNER, 's', "Signer certificate file"},
70	{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
71	{"in", OPT_IN, '<', "Input file"},
72	{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
73	{"inkey", OPT_INKEY, '<',
74	"Input private key (if not signer or recipient)"},
75	{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
76	{"out", OPT_OUT, '>', "Output file"},
77	{"outform", OPT_OUTFORM, 'c',
78	"Output format SMIME (default), PEM or DER"},
79	{"content", OPT_CONTENT, '<',
80	"Supply or override content for detached signature"},
81	{"to", OPT_TO, 's', "To address"},
82	{"from", OPT_FROM, 's', "From address"},
83	{"subject", OPT_SUBJECT, 's', "Subject"},
84	{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
85	{"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
86	{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
87	{"no-CAfile", OPT_NOCAFILE, '-',
88	"Do not load the default certificates file"},
89	{"no-CApath", OPT_NOCAPATH, '-',
90	"Do not load certificates from the default certificates directory"},
91	{"resign", OPT_RESIGN, '-', "Resign a signed message"},
92	{"nochain", OPT_NOCHAIN, '-',
93	"set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
94	{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
95	{"stream", OPT_STREAM, '-', "Enable CMS streaming" },
96	{"indef", OPT_INDEF, '-', "Same as -stream" },
97	{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
98	{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
99	{"rand", OPT_RAND, 's',
100	"Load the file(s) into the random number generator"},
101	{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
102	{"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
103	{"", OPT_CIPHER, '-', "Any supported cipher"},
104	OPT_V_OPTIONS,
105	#ifndef OPENSSL_NO_ENGINE
106	{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
107	#endif
108	{NULL}
109	};
110
111	int smime_main(int argc, char **argv)
112	{
113	BIO in = NULL, out = NULL, *indata = NULL;
114	EVP_PKEY *key = NULL;
115	PKCS7 *p7 = NULL;
116	STACK_OF(OPENSSL_STRING) sksigners = NULL, skkeys = NULL;
117	STACK_OF(X509) encerts = NULL, other = NULL;
118	X509 cert = NULL, recip = NULL, *signer = NULL;
119	X509_STORE *store = NULL;
120	X509_VERIFY_PARAM *vpm = NULL;
121	const EVP_CIPHER *cipher = NULL;
122	const EVP_MD *sign_md = NULL;
123	const char CAfile = NULL, CApath = NULL, *prog = NULL;
124	char certfile = NULL, keyfile = NULL, contfile = NULL, inrand = NULL;
125	char infile = NULL, outfile = NULL, signerfile = NULL, recipfile =
126	NULL;
127	char passinarg = NULL, passin = NULL, to = NULL, from =
128	NULL, *subject = NULL;
129	OPTION_CHOICE o;
130	int noCApath = 0, noCAfile = 0;
131	int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef =
132	0;
133	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
134	FORMAT_PEM;
135	int vpmtouched = 0, rv = 0;
136	ENGINE *e = NULL;
137	const char *mime_eol = "\n";
138
139	if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
140	return 1;
141
142	prog = opt_init(argc, argv, smime_options);
143	while ((o = opt_next()) != OPT_EOF) {
144	switch (o) {
145	case OPT_EOF:
146	case OPT_ERR:
147	opthelp:
148	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
149	goto end;
150	case OPT_HELP:
151	opt_help(smime_options);
152	ret = 0;
153	goto end;
154	case OPT_INFORM:
155	if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
156	goto opthelp;
157	break;
158	case OPT_IN:
159	infile = opt_arg();
160	break;
161	case OPT_OUTFORM:
162	if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
163	goto opthelp;
164	break;
165	case OPT_OUT:
166	outfile = opt_arg();
167	break;
168	case OPT_ENCRYPT:
169	operation = SMIME_ENCRYPT;
170	break;
171	case OPT_DECRYPT:
172	operation = SMIME_DECRYPT;
173	break;
174	case OPT_SIGN:
175	operation = SMIME_SIGN;
176	break;
177	case OPT_RESIGN:
178	operation = SMIME_RESIGN;
179	break;
180	case OPT_VERIFY:
181	operation = SMIME_VERIFY;
182	break;
183	case OPT_PK7OUT:
184	operation = SMIME_PK7OUT;
185	break;
186	case OPT_TEXT:
187	flags \|= PKCS7_TEXT;
188	break;
189	case OPT_NOINTERN:
190	flags \|= PKCS7_NOINTERN;
191	break;
192	case OPT_NOVERIFY:
193	flags \|= PKCS7_NOVERIFY;
194	break;
195	case OPT_NOCHAIN:
196	flags \|= PKCS7_NOCHAIN;
197	break;
198	case OPT_NOCERTS:
199	flags \|= PKCS7_NOCERTS;
200	break;
201	case OPT_NOATTR:
202	flags \|= PKCS7_NOATTR;
203	break;
204	case OPT_NODETACH:
205	flags &= ~PKCS7_DETACHED;
206	break;
207	case OPT_NOSMIMECAP:
208	flags \|= PKCS7_NOSMIMECAP;
209	break;
210	case OPT_BINARY:
211	flags \|= PKCS7_BINARY;
212	break;
213	case OPT_NOSIGS:
214	flags \|= PKCS7_NOSIGS;
215	break;
216	case OPT_STREAM:
217	case OPT_INDEF:
218	indef = 1;
219	break;
220	case OPT_NOINDEF:
221	indef = 0;
222	break;
223	case OPT_CRLFEOL:
224	flags \|= PKCS7_CRLFEOL;
225	mime_eol = "\r\n";
226	break;
227	case OPT_RAND:
228	inrand = opt_arg();
229	need_rand = 1;
230	break;
231	case OPT_ENGINE:
232	e = setup_engine(opt_arg(), 0);
233	break;
234	case OPT_PASSIN:
235	passinarg = opt_arg();
236	break;
237	case OPT_TO:
238	to = opt_arg();
239	break;
240	case OPT_FROM:
241	from = opt_arg();
242	break;
243	case OPT_SUBJECT:
244	subject = opt_arg();
245	break;
246	case OPT_SIGNER:
247	/* If previous -signer argument add signer to list */
248	if (signerfile) {
249	if (sksigners == NULL
250	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
251	goto end;
252	sk_OPENSSL_STRING_push(sksigners, signerfile);
253	if (keyfile == NULL)
254	keyfile = signerfile;
255	if (skkeys == NULL
256	&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
257	goto end;
258	sk_OPENSSL_STRING_push(skkeys, keyfile);
259	keyfile = NULL;
260	}
261	signerfile = opt_arg();
262	break;
263	case OPT_RECIP:
264	recipfile = opt_arg();
265	break;
266	case OPT_MD:
267	if (!opt_md(opt_arg(), &sign_md))
268	goto opthelp;
269	break;
270	case OPT_CIPHER:
271	if (!opt_cipher(opt_unknown(), &cipher))
272	goto opthelp;
273	break;
274	case OPT_INKEY:
275	/* If previous -inkey argument add signer to list */
276	if (keyfile) {
277	if (signerfile == NULL) {
278	BIO_printf(bio_err,
279	"%s: Must have -signer before -inkey\n", prog);
280	goto opthelp;
281	}
282	if (sksigners == NULL
283	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
284	goto end;
285	sk_OPENSSL_STRING_push(sksigners, signerfile);
286	signerfile = NULL;
287	if (skkeys == NULL
288	&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
289	goto end;
290	sk_OPENSSL_STRING_push(skkeys, keyfile);
291	}
292	keyfile = opt_arg();
293	break;
294	case OPT_KEYFORM:
295	if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
296	goto opthelp;
297	break;
298	case OPT_CERTFILE:
299	certfile = opt_arg();
300	break;
301	case OPT_CAFILE:
302	CAfile = opt_arg();
303	break;
304	case OPT_CAPATH:
305	CApath = opt_arg();
306	break;
307	case OPT_NOCAFILE:
308	noCAfile = 1;
309	break;
310	case OPT_NOCAPATH:
311	noCApath = 1;
312	break;
313	case OPT_CONTENT:
314	contfile = opt_arg();
315	break;
316	case OPT_V_CASES:
317	if (!opt_verify(o, vpm))
318	goto opthelp;
319	vpmtouched++;
320	break;
321	}
322	}
323	argc = opt_num_rest();
324	argv = opt_rest();
325
326	if (!(operation & SMIME_SIGNERS) && (skkeys \|\| sksigners)) {
327	BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
328	goto opthelp;
329	}
330
331	if (operation & SMIME_SIGNERS) {
332	/* Check to see if any final signer needs to be appended */
333	if (keyfile && !signerfile) {
334	BIO_puts(bio_err, "Illegal -inkey without -signer\n");
335	goto opthelp;
336	}
337	if (signerfile) {
338	if (!sksigners
339	&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
340	goto end;
341	sk_OPENSSL_STRING_push(sksigners, signerfile);
342	if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
343	goto end;
344	if (!keyfile)
345	keyfile = signerfile;
346	sk_OPENSSL_STRING_push(skkeys, keyfile);
347	}
348	if (!sksigners) {
349	BIO_printf(bio_err, "No signer certificate specified\n");
350	goto opthelp;
351	}
352	signerfile = NULL;
353	keyfile = NULL;
354	need_rand = 1;
355	} else if (operation == SMIME_DECRYPT) {
356	if (!recipfile && !keyfile) {
357	BIO_printf(bio_err,
358	"No recipient certificate or key specified\n");
359	goto opthelp;
360	}
361	} else if (operation == SMIME_ENCRYPT) {
362	if (argc == 0) {
363	BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
364	goto opthelp;
365	}
366	need_rand = 1;
367	} else if (!operation)
368	goto opthelp;
369
370	if (!app_passwd(passinarg, NULL, &passin, NULL)) {
371	BIO_printf(bio_err, "Error getting password\n");
372	goto end;
373	}
374
375	if (need_rand) {
376	app_RAND_load_file(NULL, (inrand != NULL));
377	if (inrand != NULL)
378	BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
379	app_RAND_load_files(inrand));
380	}
381
382	ret = 2;
383
384	if (!(operation & SMIME_SIGNERS))
385	flags &= ~PKCS7_DETACHED;
386
387	if (!(operation & SMIME_OP)) {
388	if (flags & PKCS7_BINARY)
389	outformat = FORMAT_BINARY;
390	}
391
392	if (!(operation & SMIME_IP)) {
393	if (flags & PKCS7_BINARY)
394	informat = FORMAT_BINARY;
395	}
396
397	if (operation == SMIME_ENCRYPT) {
398	if (!cipher) {
399	#ifndef OPENSSL_NO_DES
400	cipher = EVP_des_ede3_cbc();
401	#else
402	BIO_printf(bio_err, "No cipher selected\n");
403	goto end;
404	#endif
405	}
406	encerts = sk_X509_new_null();
407	if (!encerts)
408	goto end;
409	while (*argv) {
410	cert = load_cert(*argv, FORMAT_PEM,
411	"recipient certificate file");
412	if (cert == NULL)
413	goto end;
414	sk_X509_push(encerts, cert);
415	cert = NULL;
416	argv++;
417	}
418	}
419
420	if (certfile) {
421	if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
422	"certificate file")) {
423	ERR_print_errors(bio_err);
424	goto end;
425	}
426	}
427
428	if (recipfile && (operation == SMIME_DECRYPT)) {
429	if ((recip = load_cert(recipfile, FORMAT_PEM,
430	"recipient certificate file")) == NULL) {
431	ERR_print_errors(bio_err);
432	goto end;
433	}
434	}
435
436	if (operation == SMIME_DECRYPT) {
437	if (!keyfile)
438	keyfile = recipfile;
439	} else if (operation == SMIME_SIGN) {
440	if (!keyfile)
441	keyfile = signerfile;
442	} else
443	keyfile = NULL;
444
445	if (keyfile) {
446	key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
447	if (!key)
448	goto end;
449	}
450
451	in = bio_open_default(infile, 'r', informat);
452	if (in == NULL)
453	goto end;
454
455	if (operation & SMIME_IP) {
456	if (informat == FORMAT_SMIME)
457	p7 = SMIME_read_PKCS7(in, &indata);
458	else if (informat == FORMAT_PEM)
459	p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
460	else if (informat == FORMAT_ASN1)
461	p7 = d2i_PKCS7_bio(in, NULL);
462	else {
463	BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
464	goto end;
465	}
466
467	if (!p7) {
468	BIO_printf(bio_err, "Error reading S/MIME message\n");
469	goto end;
470	}
471	if (contfile) {
472	BIO_free(indata);
473	if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
474	BIO_printf(bio_err, "Can't read content file %s\n", contfile);
475	goto end;
476	}
477	}
478	}
479
480	out = bio_open_default(outfile, 'w', outformat);
481	if (out == NULL)
482	goto end;
483
484	if (operation == SMIME_VERIFY) {
485	if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
486	goto end;
487	X509_STORE_set_verify_cb(store, smime_cb);
488	if (vpmtouched)
489	X509_STORE_set1_param(store, vpm);
490	}
491
492	ret = 3;
493
494	if (operation == SMIME_ENCRYPT) {
495	if (indef)
496	flags \|= PKCS7_STREAM;
497	p7 = PKCS7_encrypt(encerts, in, cipher, flags);
498	} else if (operation & SMIME_SIGNERS) {
499	int i;
500	/*
501	* If detached data content we only enable streaming if S/MIME output
502	* format.
503	*/
504	if (operation == SMIME_SIGN) {
505	if (flags & PKCS7_DETACHED) {
506	if (outformat == FORMAT_SMIME)
507	flags \|= PKCS7_STREAM;
508	} else if (indef)
509	flags \|= PKCS7_STREAM;
510	flags \|= PKCS7_PARTIAL;
511	p7 = PKCS7_sign(NULL, NULL, other, in, flags);
512	if (!p7)
513	goto end;
514	if (flags & PKCS7_NOCERTS) {
515	for (i = 0; i < sk_X509_num(other); i++) {
516	X509 *x = sk_X509_value(other, i);
517	PKCS7_add_certificate(p7, x);
518	}
519	}
520	} else
521	flags \|= PKCS7_REUSE_DIGEST;
522	for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
523	signerfile = sk_OPENSSL_STRING_value(sksigners, i);
524	keyfile = sk_OPENSSL_STRING_value(skkeys, i);
525	signer = load_cert(signerfile, FORMAT_PEM,
526	"signer certificate");
527	if (!signer)
528	goto end;
529	key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
530	if (!key)
531	goto end;
532	if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
533	goto end;
534	X509_free(signer);
535	signer = NULL;
536	EVP_PKEY_free(key);
537	key = NULL;
538	}
539	/* If not streaming or resigning finalize structure */
540	if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
541	if (!PKCS7_final(p7, in, flags))
542	goto end;
543	}
544	}
545
546	if (!p7) {
547	BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
548	goto end;
549	}
550
551	ret = 4;
552	if (operation == SMIME_DECRYPT) {
553	if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
554	BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
555	goto end;
556	}
557	} else if (operation == SMIME_VERIFY) {
558	STACK_OF(X509) *signers;
559	if (PKCS7_verify(p7, other, store, indata, out, flags))
560	BIO_printf(bio_err, "Verification successful\n");
561	else {
562	BIO_printf(bio_err, "Verification failure\n");
563	goto end;
564	}
565	signers = PKCS7_get0_signers(p7, other, flags);
566	if (!save_certs(signerfile, signers)) {
567	BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
568	ret = 5;
569	goto end;
570	}
571	sk_X509_free(signers);
572	} else if (operation == SMIME_PK7OUT)
573	PEM_write_bio_PKCS7(out, p7);
574	else {
575	if (to)
576	BIO_printf(out, "To: %s%s", to, mime_eol);
577	if (from)
578	BIO_printf(out, "From: %s%s", from, mime_eol);
579	if (subject)
580	BIO_printf(out, "Subject: %s%s", subject, mime_eol);
581	if (outformat == FORMAT_SMIME) {
582	if (operation == SMIME_RESIGN)
583	rv = SMIME_write_PKCS7(out, p7, indata, flags);
584	else
585	rv = SMIME_write_PKCS7(out, p7, in, flags);
586	} else if (outformat == FORMAT_PEM)
587	rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
588	else if (outformat == FORMAT_ASN1)
589	rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
590	else {
591	BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
592	goto end;
593	}
594	if (rv == 0) {
595	BIO_printf(bio_err, "Error writing output\n");
596	ret = 3;
597	goto end;
598	}
599	}
600	ret = 0;
601	end:
602	if (need_rand)
603	app_RAND_write_file(NULL);
604	if (ret)
605	ERR_print_errors(bio_err);
606	sk_X509_pop_free(encerts, X509_free);
607	sk_X509_pop_free(other, X509_free);
608	X509_VERIFY_PARAM_free(vpm);
609	sk_OPENSSL_STRING_free(sksigners);
610	sk_OPENSSL_STRING_free(skkeys);
611	X509_STORE_free(store);
612	X509_free(cert);
613	X509_free(recip);
614	X509_free(signer);
615	EVP_PKEY_free(key);
616	PKCS7_free(p7);
617	release_engine(e);
618	BIO_free(in);
619	BIO_free(indata);
620	BIO_free_all(out);
621	OPENSSL_free(passin);
622	return (ret);
623	}
624
625	static int save_certs(char signerfile, STACK_OF(X509) signers)
626	{
627	int i;
628	BIO *tmp;
629	if (!signerfile)
630	return 1;
631	tmp = BIO_new_file(signerfile, "w");
632	if (!tmp)
633	return 0;
634	for (i = 0; i < sk_X509_num(signers); i++)
635	PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
636	BIO_free(tmp);
637	return 1;
638	}
639
640	/* Minimal callback just to output policy info (if any) */
641
642	static int smime_cb(int ok, X509_STORE_CTX *ctx)
643	{
644	int error;
645
646	error = X509_STORE_CTX_get_error(ctx);
647
648	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
649	&& ((error != X509_V_OK) \|\| (ok != 2)))
650	return ok;
651
652	policies_print(ctx);
653
654	return ok;
655
656	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: EcnlProtoTool/trunk/openssl-1.1.0e/apps/smime.c@ 331

Download in other formats: