# include <openssl/x509v3.h>
# include <openssl/cms.h>
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(GENERAL_NAMES)
+DEFINE_STACK_OF_STRING()
+
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int cms_cb(int ok, X509_STORE_CTX *ctx);
static void receipt_request_print(CMS_ContentInfo *cms);
OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
OPT_CAPATH, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE,
- OPT_CONTENT, OPT_PRINT,
+ OPT_CONTENT, OPT_PRINT, OPT_NAMEOPT,
OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
"Supply or override content for detached signature"},
{"print", OPT_PRINT, '-',
"For the -cmsout operation print out all fields of the CMS structure"},
+ {"nameopt", OPT_NAMEOPT, 's',
+ "For the -print option specifies various strings printing options"},
{"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
OPT_SECTION("Keying"),
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"inkey", OPT_INKEY, 's',
"Input private key (if not signer or recipient)"},
- {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
+ {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"},
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
OPT_SECTION("Mail header"),
case OPT_PRINT:
noout = print = 1;
break;
+ case OPT_NAMEOPT:
+ if (!set_nameopt(opt_arg()))
+ goto opthelp;
+ break;
case OPT_SECRETKEY:
if (secret_key != NULL) {
BIO_printf(bio_err, "Invalid key (supplied twice) %s\n",
if (operation == SMIME_ENCRYPT) {
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
goto end;
- cert = load_cert(opt_arg(), FORMAT_PEM,
+ cert = load_cert(opt_arg(), FORMAT_UNDEF,
"recipient certificate file");
if (cert == NULL)
goto end;
goto opthelp;
}
- if (flags & CMS_CADES) {
- if (flags & CMS_NOATTR) {
+ if ((flags & CMS_CADES) != 0) {
+ if ((flags & CMS_NOATTR) != 0) {
BIO_puts(bio_err, "Incompatible options: "
"CAdES required signed attributes\n");
goto opthelp;
}
+ if (operation == SMIME_VERIFY
+ && (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY)) != 0) {
+ BIO_puts(bio_err, "Incompatible options: CAdES validation require"
+ " certs and signed attributes validations\n");
+ goto opthelp;
+ }
}
if (operation & SMIME_SIGNERS) {
if ((encerts = sk_X509_new_null()) == NULL)
goto end;
while (*argv) {
- if ((cert = load_cert(*argv, FORMAT_PEM,
+ if ((cert = load_cert(*argv, FORMAT_UNDEF,
"recipient certificate file")) == NULL)
goto end;
sk_X509_push(encerts, cert);
}
if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
- if ((recip = load_cert(recipfile, FORMAT_PEM,
+ if ((recip = load_cert(recipfile, FORMAT_UNDEF,
"recipient certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (originatorfile != NULL) {
- if ((originator = load_cert(originatorfile, FORMAT_PEM,
+ if ((originator = load_cert(originatorfile, FORMAT_UNDEF,
"originator certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (operation == SMIME_SIGN_RECEIPT) {
- if ((signer = load_cert(signerfile, FORMAT_PEM,
+ if ((signer = load_cert(signerfile, FORMAT_UNDEF,
"receipt signer certificate file")) == NULL) {
ERR_print_errors(bio_err);
goto end;
signerfile = sk_OPENSSL_STRING_value(sksigners, i);
keyfile = sk_OPENSSL_STRING_value(skkeys, i);
- signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
+ signer = load_cert(signerfile, FORMAT_UNDEF,
+ "signer certificate");
if (signer == NULL) {
ret = 2;
goto end;
goto end;
} else if (operation == SMIME_VERIFY) {
if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
- BIO_printf(bio_err, "Verification successful\n");
+ BIO_printf(bio_err, "%s Verification successful\n",
+ (flags & CMS_CADES) ? "CAdES" : "CMS");
} else {
BIO_printf(bio_err, "Verification failure\n");
if (verify_retcode)
}
} else {
if (noout) {
- if (print)
- CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
+ if (print) {
+ ASN1_PCTX *pctx = NULL;
+ if (get_nameopt() != XN_FLAG_ONELINE) {
+ pctx = ASN1_PCTX_new();
+ if (pctx != NULL) { /* Print anyway if malloc failed */
+ ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT);
+ ASN1_PCTX_set_str_flags(pctx, get_nameopt());
+ ASN1_PCTX_set_nm_flags(pctx, get_nameopt());
+ }
+ }
+ CMS_ContentInfo_print_ctx(out, cms, 0, pctx);
+ ASN1_PCTX_free(pctx);
+ }
} else if (outformat == FORMAT_SMIME) {
if (to)
BIO_printf(out, "To: %s%s", to, mime_eol);