generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add support for signed receipt request printout and generation.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2008-03-26 17:40:22 +00:00
parent f4cc56f494
commit f5e2354c9d
5 changed files with 171 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
apps/cms.c
View File

@ -71,6 +71,8 @@
static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int save_certs(char *signerfile, STACK_OF(X509) *signers);
static int smime_cb(int ok, X509_STORE_CTX *ctx); static int smime_cb(int ok, X509_STORE_CTX *ctx);
static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
STACK *rr_from);
#define SMIME_OP 0x10 #define SMIME_OP 0x10
#define SMIME_IP 0x20 #define SMIME_IP 0x20
@ -112,7 +114,9 @@ int MAIN(int argc, char **argv)
BIO *in = NULL, *out = NULL, *indata = NULL; BIO *in = NULL, *out = NULL, *indata = NULL;
int badarg = 0; int badarg = 0;
int flags = CMS_DETACHED, noout = 0, print = 0; int flags = CMS_DETACHED, noout = 0, print = 0;
int rr_print = 0; int rr_print = 0, rr_allorfirst = -1;
STACK *rr_to = NULL, *rr_from = NULL;
CMS_ReceiptRequest *rr = NULL;
char *to = NULL, *from = NULL, *subject = NULL; char *to = NULL, *from = NULL, *subject = NULL;
char *CAfile = NULL, *CApath = NULL; char *CAfile = NULL, *CApath = NULL;
char *passargin = NULL, *passin = NULL; char *passargin = NULL, *passin = NULL;
@ -248,6 +252,28 @@ int MAIN(int argc, char **argv)
noout = 1; noout = 1;
else if (!strcmp (*args, "-receipt_request_print")) else if (!strcmp (*args, "-receipt_request_print"))
rr_print = 1; rr_print = 1;
else if (!strcmp (*args, "-receipt_request_all"))
rr_allorfirst = 0;
else if (!strcmp (*args, "-receipt_request_first"))
rr_allorfirst = 1;
else if (!strcmp(*args,"-receipt_request_from"))
{
if (!args[1])
goto argerr;
args++;
if (!rr_from)
rr_from = sk_new_null();
sk_push(rr_from, *args);
}
else if (!strcmp(*args,"-receipt_request_to"))
{
if (!args[1])
goto argerr;
args++;
if (!rr_to)
rr_to = sk_new_null();
sk_push(rr_to, *args);
}
else if (!strcmp (*args, "-print")) else if (!strcmp (*args, "-print"))
{ {
noout = 1; noout = 1;
@ -454,6 +480,17 @@ int MAIN(int argc, char **argv)
args++; args++;
} }
if (((rr_allorfirst != -1) || rr_from) && !rr_to)
{
BIO_puts(bio_err, "No Signed Receipts Recipients\n");
goto argerr;
}
if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from))
{
BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
goto argerr;
}
if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
{ {
BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
@ -462,12 +499,12 @@ int MAIN(int argc, char **argv)
if (operation & SMIME_SIGNERS) if (operation & SMIME_SIGNERS)
{ {
/* Check to see if any final signer needs to be appended */
if (keyfile && !signerfile) if (keyfile && !signerfile)
{ {
BIO_puts(bio_err, "Illegal -inkey without -signer\n"); BIO_puts(bio_err, "Illegal -inkey without -signer\n");
goto argerr; goto argerr;
} }
/* Check to see if any final signer needs to be appended */
if (signerfile) if (signerfile)
{ {
if (!sksigners) if (!sksigners)
@ -810,27 +847,41 @@ int MAIN(int argc, char **argv)
else if (operation & SMIME_SIGNERS) else if (operation & SMIME_SIGNERS)
{ {
int i; int i;
/* If detached data content we only enable streaming if /* If detached data content we enable streaming if
* S/MIME output format. * S/MIME output format.
*/ */
if (operation == SMIME_SIGN) if (operation == SMIME_SIGN)
{ {
if (flags & CMS_DETACHED) if (flags & CMS_DETACHED)
{ {
if (outformat != FORMAT_SMIME) if (outformat == FORMAT_SMIME)
flags &= ~CMS_STREAM; flags |= CMS_STREAM;
} }
flags |= CMS_PARTIAL; flags |= CMS_PARTIAL;
cms = CMS_sign(NULL, NULL, other, in, flags); cms = CMS_sign(NULL, NULL, other, in, flags);
if (econtent_type)
CMS_set1_eContentType(cms, econtent_type);
if (!cms) if (!cms)
goto end; goto end;
if (econtent_type)
CMS_set1_eContentType(cms, econtent_type);
if (rr_to)
{
rr = make_receipt_request(rr_to, rr_allorfirst,
rr_from);
if (!rr)
{
BIO_puts(bio_err,
"Signed Receipt Request Creation Error\n");
goto end;
}
}
} }
else else
flags |= CMS_REUSE_DIGEST; flags |= CMS_REUSE_DIGEST;
for (i = 0; i < sk_num(sksigners); i++) for (i = 0; i < sk_num(sksigners); i++)
{ {
CMS_SignerInfo *si;
signerfile = sk_value(sksigners, i); signerfile = sk_value(sksigners, i);
keyfile = sk_value(skkeys, i); keyfile = sk_value(skkeys, i);
signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
@ -841,7 +892,10 @@ int MAIN(int argc, char **argv)
"signing key file"); "signing key file");
if (!key) if (!key)
goto end; goto end;
if (!CMS_add1_signer(cms, signer, key, sign_md, flags)) si = CMS_add1_signer(cms, signer, key, sign_md, flags);
if (!si)
goto end;
if (rr && !CMS_add1_ReceiptRequest(si, rr))
goto end; goto end;
X509_free(signer); X509_free(signer);
signer = NULL; signer = NULL;
@ -1002,6 +1056,12 @@ end:
OPENSSL_free(secret_keyid); OPENSSL_free(secret_keyid);
if (econtent_type) if (econtent_type)
ASN1_OBJECT_free(econtent_type); ASN1_OBJECT_free(econtent_type);
if (rr)
CMS_ReceiptRequest_free(rr);
if (rr_to)
sk_free(rr_to);
if (rr_from)
sk_free(rr_from);
X509_STORE_free(store); X509_STORE_free(store);
X509_free(cert); X509_free(cert);
X509_free(recip); X509_free(recip);
@ -1119,4 +1179,66 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
} }
} }
static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
{
int i;
STACK_OF(GENERAL_NAMES) *ret;
GENERAL_NAMES *gens = NULL;
GENERAL_NAME *gen = NULL;
ret = sk_GENERAL_NAMES_new_null();
if (!ret)
goto err;
for (i = 0; i < sk_num(ns); i++)
{
char *str = sk_value(ns, i);
gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
if (!gen)
goto err;
gens = GENERAL_NAMES_new();
if (!gens)
goto err;
if (!sk_GENERAL_NAME_push(gens, gen))
goto err;
gen = NULL;
if (!sk_GENERAL_NAMES_push(ret, gens))
goto err;
gens = NULL;
}
return ret;
err:
if (ret)
sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
if (gens)
GENERAL_NAMES_free(gens);
if (gen)
GENERAL_NAME_free(gen);
return NULL;
}
static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
STACK *rr_from)
{
STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
CMS_ReceiptRequest *rr;
rct_to = make_names_stack(rr_to);
if (!rct_to)
goto err;
if (rr_from)
{
rct_from = make_names_stack(rr_from);
if (!rct_from)
goto err;
}
else
rct_from = NULL;
rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
rct_to);
return rr;
err:
return NULL;
}
#endif #endif

12
crypto/cms/cms.h
View File

@ -197,6 +197,13 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
ASN1_OBJECT *otherTypeId, ASN1_OBJECT *otherTypeId,
ASN1_TYPE *otherType); ASN1_TYPE *otherType);
int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
X509_ALGOR **palg,
ASN1_OCTET_STRING **pid,
ASN1_GENERALIZEDTIME **pdate,
ASN1_OBJECT **potherid,
ASN1_TYPE **pothertype);
int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
unsigned char *key, size_t keylen); unsigned char *key, size_t keylen);
@ -288,11 +295,11 @@ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
#ifdef HEADER_X509V3_H #ifdef HEADER_X509V3_H
int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
unsigned char *id, int idlen,
int allorfirst, int allorfirst,
STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptList,
STACK_OF(GENERAL_NAMES) *receiptsTo); STACK_OF(GENERAL_NAMES) *receiptsTo);
int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
ASN1_STRING **pcid, ASN1_STRING **pcid,
int *pallorfirst, int *pallorfirst,
@ -346,6 +353,7 @@ void ERR_load_CMS_strings(void);
#define CMS_F_CMS_GET0_ENVELOPED 131 #define CMS_F_CMS_GET0_ENVELOPED 131
#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 #define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
#define CMS_F_CMS_GET0_SIGNED 133 #define CMS_F_CMS_GET0_SIGNED 133
#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 #define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 #define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 #define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136

3
crypto/cms/cms_env.c
View File

@ -581,7 +581,6 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
} }
#if 0
int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
X509_ALGOR **palg, X509_ALGOR **palg,
ASN1_OCTET_STRING **pid, ASN1_OCTET_STRING **pid,
@ -618,8 +617,6 @@ int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
} }
return 1; return 1;
} }
#endif
int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
unsigned char *key, size_t keylen) unsigned char *key, size_t keylen)

3
crypto/cms/cms_err.c
View File

@ -72,7 +72,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
{ {
{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_ADD1_RECEIPTREQUEST"}, {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
@ -106,6 +106,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"}, {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"},
{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"}, {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},

49
crypto/cms/cms_ess.c
View File

@ -89,26 +89,18 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
return 1; return 1;
} }
int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
unsigned char *id, int idlen,
int allorfirst, int allorfirst,
STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptList,
STACK_OF(GENERAL_NAMES) *receiptsTo) STACK_OF(GENERAL_NAMES) *receiptsTo)
{ {
CMS_ReceiptRequest *rr = NULL; CMS_ReceiptRequest *rr = NULL;
STACK_OF(GENERAL_NAMES) *tmpto = NULL;
unsigned char *rrder = NULL;
int rrderlen;
int r = 0;
rr = CMS_ReceiptRequest_new(); rr = CMS_ReceiptRequest_new();
if (!rr) if (!rr)
goto merr; goto merr;
if (id) if (id)
{ ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
if (!ASN1_STRING_set(rr->signedContentIdentifier, id, idlen))
goto merr;
}
else else
{ {
if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
@ -118,7 +110,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si,
goto err; goto err;
} }
tmpto = rr->receiptsTo; sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
rr->receiptsTo = receiptsTo; rr->receiptsTo = receiptsTo;
if (receiptList) if (receiptList)
@ -132,21 +124,38 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si,
rr->receiptsFrom->d.allOrFirstTier = allorfirst; rr->receiptsFrom->d.allOrFirstTier = allorfirst;
} }
rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder); return rr;
r = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
V_ASN1_SEQUENCE, rrder, rrderlen);
merr: merr:
CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE); CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
err: err:
if (rr) if (rr)
{
rr->receiptsTo = tmpto;
rr->receiptsFrom->type = 0;
CMS_ReceiptRequest_free(rr); CMS_ReceiptRequest_free(rr);
}
return NULL;
}
int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
{
unsigned char *rrder = NULL;
int rrderlen, r = 0;
rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
if (rrderlen < 0)
goto merr;
if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
V_ASN1_SEQUENCE, rrder, rrderlen))
goto merr;
r = 1;
merr:
if (!r)
CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
if (rrder) if (rrder)
OPENSSL_free(rrder); OPENSSL_free(rrder);