projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
RT3548: Remove unsupported platforms.
[oweals/openssl.git]
/
apps
/
smime.c
diff --git
a/apps/smime.c
b/apps/smime.c
index 8c010b3e4717b2dc603424fda2d0ebb4bc4a8f9e..94c2884fed744f6265b10fe1dba0dfc6200a633f 100644
(file)
--- a/
apps/smime.c
+++ b/
apps/smime.c
@@
-1,5
+1,5
@@
/* smime.c */
/* smime.c */
-/* Written by Dr Stephen N Henson (s
henson@bigfoot.com
) for the OpenSSL
+/* Written by Dr Stephen N Henson (s
teve@openssl.org
) for the OpenSSL
* project.
*/
/* ====================================================================
* project.
*/
/* ====================================================================
@@
-93,7
+93,7
@@
int MAIN(int argc, char **argv)
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
const char *inmode = "r", *outmode = "w";
char *infile = NULL, *outfile = NULL;
char *signerfile = NULL, *recipfile = NULL;
- STACK *sksigners = NULL, *skkeys = NULL;
+ STACK
_OF(OPENSSL_STRING)
*sksigners = NULL, *skkeys = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
const EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
const EVP_CIPHER *cipher = NULL;
PKCS7 *p7 = NULL;
@@
-109,6
+109,7
@@
int MAIN(int argc, char **argv)
char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
int need_rand = 0;
char *passargin = NULL, *passin = NULL;
char *inrand = NULL;
int need_rand = 0;
+ int indef = 0;
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
const EVP_MD *sign_md = NULL;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
@@
-152,6
+153,10
@@
int MAIN(int argc, char **argv)
else if (!strcmp (*args, "-des"))
cipher = EVP_des_cbc();
#endif
else if (!strcmp (*args, "-des"))
cipher = EVP_des_cbc();
#endif
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp (*args, "-seed"))
+ cipher = EVP_seed_cbc();
+#endif
#ifndef OPENSSL_NO_RC2
else if (!strcmp (*args, "-rc2-40"))
cipher = EVP_rc2_40_cbc();
#ifndef OPENSSL_NO_RC2
else if (!strcmp (*args, "-rc2-40"))
cipher = EVP_rc2_40_cbc();
@@
-196,6
+201,12
@@
int MAIN(int argc, char **argv)
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
+ else if (!strcmp (*args, "-stream"))
+ indef = 1;
+ else if (!strcmp (*args, "-indef"))
+ indef = 1;
+ else if (!strcmp (*args, "-noindef"))
+ indef = 0;
else if (!strcmp (*args, "-nooldmime"))
flags |= PKCS7_NOOLDMIMETYPE;
else if (!strcmp (*args, "-crlfeol"))
else if (!strcmp (*args, "-nooldmime"))
flags |= PKCS7_NOOLDMIMETYPE;
else if (!strcmp (*args, "-crlfeol"))
@@
-249,13
+260,13
@@
int MAIN(int argc, char **argv)
if (signerfile)
{
if (!sksigners)
if (signerfile)
{
if (!sksigners)
- sksigners = sk_new_null();
- sk_push(sksigners, signerfile);
+ sksigners = sk_
OPENSSL_STRING_
new_null();
+ sk_
OPENSSL_STRING_
push(sksigners, signerfile);
if (!keyfile)
keyfile = signerfile;
if (!skkeys)
if (!keyfile)
keyfile = signerfile;
if (!skkeys)
- skkeys = sk_new_null();
- sk_push(skkeys, keyfile);
+ skkeys = sk_
OPENSSL_STRING_
new_null();
+ sk_
OPENSSL_STRING_
push(skkeys, keyfile);
keyfile = NULL;
}
signerfile = *++args;
keyfile = NULL;
}
signerfile = *++args;
@@
-291,12
+302,12
@@
int MAIN(int argc, char **argv)
goto argerr;
}
if (!sksigners)
goto argerr;
}
if (!sksigners)
- sksigners = sk_new_null();
- sk_push(sksigners, signerfile);
+ sksigners = sk_
OPENSSL_STRING_
new_null();
+ sk_
OPENSSL_STRING_
push(sksigners, signerfile);
signerfile = NULL;
if (!skkeys)
signerfile = NULL;
if (!skkeys)
- skkeys = sk_new_null();
- sk_push(skkeys, keyfile);
+ skkeys = sk_
OPENSSL_STRING_
new_null();
+ sk_
OPENSSL_STRING_
push(skkeys, keyfile);
}
keyfile = *++args;
}
}
keyfile = *++args;
}
@@
-378,13
+389,13
@@
int MAIN(int argc, char **argv)
if (signerfile)
{
if (!sksigners)
if (signerfile)
{
if (!sksigners)
- sksigners = sk_new_null();
- sk_push(sksigners, signerfile);
+ sksigners = sk_
OPENSSL_STRING_
new_null();
+ sk_
OPENSSL_STRING_
push(sksigners, signerfile);
if (!skkeys)
if (!skkeys)
- skkeys = sk_new_null();
+ skkeys = sk_
OPENSSL_STRING_
new_null();
if (!keyfile)
keyfile = signerfile;
if (!keyfile)
keyfile = signerfile;
- sk_push(skkeys, keyfile);
+ sk_
OPENSSL_STRING_
push(skkeys, keyfile);
}
if (!sksigners)
{
}
if (!sksigners)
{
@@
-429,6
+440,9
@@
int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
BIO_printf (bio_err, "-des encrypt with DES\n");
#endif
BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
BIO_printf (bio_err, "-des encrypt with DES\n");
#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf (bio_err, "-seed encrypt with SEED\n");
+#endif
#ifndef OPENSSL_NO_RC2
BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
#ifndef OPENSSL_NO_RC2
BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
@@
-465,6
+479,7
@@
int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-text include or delete text MIME headers\n");
BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-trusted_first use locally trusted CA's first when building trust chain\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
#ifndef OPENSSL_NO_ENGINE
@@
-527,8
+542,8
@@
int MAIN(int argc, char **argv)
{
if (!cipher)
{
{
if (!cipher)
{
-#ifndef OPENSSL_NO_
RC2
- cipher = EVP_
rc2_40
_cbc();
+#ifndef OPENSSL_NO_
DES
+ cipher = EVP_
des_ede3
_cbc();
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;
#else
BIO_printf(bio_err, "No cipher selected\n");
goto end;
@@
-657,7
+672,7
@@
int MAIN(int argc, char **argv)
{
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
{
if (!(store = setup_verify(bio_err, CAfile, CApath)))
goto end;
- X509_STORE_set_verify_cb
_func
(store, smime_cb);
+ X509_STORE_set_verify_cb(store, smime_cb);
if (vpm)
X509_STORE_set1_param(store, vpm);
}
if (vpm)
X509_STORE_set1_param(store, vpm);
}
@@
-666,27
+681,45
@@
int MAIN(int argc, char **argv)
ret = 3;
if (operation == SMIME_ENCRYPT)
ret = 3;
if (operation == SMIME_ENCRYPT)
+ {
+ if (indef)
+ flags |= PKCS7_STREAM;
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+ }
else if (operation & SMIME_SIGNERS)
{
int i;
else if (operation & SMIME_SIGNERS)
{
int i;
- /* If detached data
and SMIME output enable partial
- *
signing
.
+ /* If detached data
content we only enable streaming if
+ *
S/MIME output format
.
*/
if (operation == SMIME_SIGN)
{
*/
if (operation == SMIME_SIGN)
{
- if ((flags & PKCS7_DETACHED)
- && (outformat == FORMAT_SMIME))
+ if (flags & PKCS7_DETACHED)
+ {
+ if (outformat == FORMAT_SMIME)
+ flags |= PKCS7_STREAM;
+ }
+ else if (indef)
flags |= PKCS7_STREAM;
flags |= PKCS7_PARTIAL;
p7 = PKCS7_sign(NULL, NULL, other, in, flags);
flags |= PKCS7_STREAM;
flags |= PKCS7_PARTIAL;
p7 = PKCS7_sign(NULL, NULL, other, in, flags);
+ if (!p7)
+ goto end;
+ if (flags & PKCS7_NOCERTS)
+ {
+ for (i = 0; i < sk_X509_num(other); i++)
+ {
+ X509 *x = sk_X509_value(other, i);
+ PKCS7_add_certificate(p7, x);
+ }
+ }
}
else
flags |= PKCS7_REUSE_DIGEST;
}
else
flags |= PKCS7_REUSE_DIGEST;
- for (i = 0; i < sk_num(sksigners); i++)
+ for (i = 0; i < sk_
OPENSSL_STRING_
num(sksigners); i++)
{
{
- signerfile = sk_value(sksigners, i);
- keyfile = sk_value(skkeys, i);
+ signerfile = sk_
OPENSSL_STRING_
value(sksigners, i);
+ keyfile = sk_
OPENSSL_STRING_
value(skkeys, i);
signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
e, "signer certificate");
if (!signer)
@@
-764,9
+797,9
@@
int MAIN(int argc, char **argv)
SMIME_write_PKCS7(out, p7, in, flags);
}
else if (outformat == FORMAT_PEM)
SMIME_write_PKCS7(out, p7, in, flags);
}
else if (outformat == FORMAT_PEM)
- PEM_write_bio_PKCS7
(out,p7
);
+ PEM_write_bio_PKCS7
_stream(out, p7, in, flags
);
else if (outformat == FORMAT_ASN1)
else if (outformat == FORMAT_ASN1)
- i2d_PKCS7_bio
(out,p7
);
+ i2d_PKCS7_bio
_stream(out,p7, in, flags
);
else
{
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
else
{
BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
@@
-783,9
+816,9
@@
end:
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (sksigners)
- sk_free(sksigners);
+ sk_
OPENSSL_STRING_
free(sksigners);
if (skkeys)
if (skkeys)
- sk_free(skkeys);
+ sk_
OPENSSL_STRING_
free(skkeys);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);
X509_STORE_free(store);
X509_free(cert);
X509_free(recip);