1/* apps/cms.c */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 */ 53 54/* CMS utility function */ 55 56#include <stdio.h> 57#include <string.h> 58#include "apps.h" 59 60#ifndef OPENSSL_NO_CMS 61 62#include <openssl/crypto.h> 63#include <openssl/pem.h> 64#include <openssl/err.h> 65#include <openssl/x509_vfy.h> 66#include <openssl/x509v3.h> 67#include <openssl/cms.h> 68 69#undef PROG 70#define PROG cms_main 71static int save_certs(char *signerfile, STACK_OF(X509) *signers); 72static int cms_cb(int ok, X509_STORE_CTX *ctx); 73static void receipt_request_print(BIO *out, CMS_ContentInfo *cms); 74static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, 75 int rr_allorfirst, 76 STACK_OF(OPENSSL_STRING) *rr_from); 77 78#define SMIME_OP 0x10 79#define SMIME_IP 0x20 80#define SMIME_SIGNERS 0x40 81#define SMIME_ENCRYPT (1 | SMIME_OP) 82#define SMIME_DECRYPT (2 | SMIME_IP) 83#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) 84#define SMIME_VERIFY (4 | SMIME_IP) 85#define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP) 86#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) 87#define SMIME_DATAOUT (7 | SMIME_IP) 88#define SMIME_DATA_CREATE (8 | SMIME_OP) 89#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) 90#define SMIME_DIGEST_CREATE (10 | SMIME_OP) 91#define SMIME_UNCOMPRESS (11 | SMIME_IP) 92#define SMIME_COMPRESS (12 | SMIME_OP) 93#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) 94#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) 95#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP) 96#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP) 97 98int verify_err = 0; 99 100int MAIN(int, char **); 101 102int MAIN(int argc, char **argv) 103 { 104 ENGINE *e = NULL; 105 int operation = 0; 106 int ret = 0; 107 char **args; 108 const char *inmode = "r", *outmode = "w"; 109 char *infile = NULL, *outfile = NULL, *rctfile = NULL; 110 char *signerfile = NULL, *recipfile = NULL; 111 STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; 112 char *certfile = NULL, *keyfile = NULL, *contfile=NULL; 113 char *certsoutfile = NULL; 114 const EVP_CIPHER *cipher = NULL; 115 CMS_ContentInfo *cms = NULL, *rcms = NULL; 116 X509_STORE *store = NULL; 117 X509 *cert = NULL, *recip = NULL, *signer = NULL; 118 EVP_PKEY *key = NULL; 119 STACK_OF(X509) *encerts = NULL, *other = NULL; 120 BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; 121 int badarg = 0; 122 int flags = CMS_DETACHED, noout = 0, print = 0; 123 int verify_retcode = 0; 124 int rr_print = 0, rr_allorfirst = -1; 125 STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; 126 CMS_ReceiptRequest *rr = NULL; 127 char *to = NULL, *from = NULL, *subject = NULL; 128 char *CAfile = NULL, *CApath = NULL; 129 char *passargin = NULL, *passin = NULL; 130 char *inrand = NULL; 131 int need_rand = 0; 132 const EVP_MD *sign_md = NULL; 133 int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 134 int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM; 135#ifndef OPENSSL_NO_ENGINE 136 char *engine=NULL; 137#endif 138 unsigned char *secret_key = NULL, *secret_keyid = NULL; 139 size_t secret_keylen = 0, secret_keyidlen = 0; 140 141 ASN1_OBJECT *econtent_type = NULL; 142 143 X509_VERIFY_PARAM *vpm = NULL; 144 145 args = argv + 1; 146 ret = 1; 147 148 apps_startup(); 149 150 if (bio_err == NULL) 151 { 152 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 153 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 154 } 155 156 if (!load_config(bio_err, NULL)) 157 goto end; 158 159 while (!badarg && *args && *args[0] == '-') 160 { 161 if (!strcmp (*args, "-encrypt")) 162 operation = SMIME_ENCRYPT; 163 else if (!strcmp (*args, "-decrypt")) 164 operation = SMIME_DECRYPT; 165 else if (!strcmp (*args, "-sign")) 166 operation = SMIME_SIGN; 167 else if (!strcmp (*args, "-sign_receipt")) 168 operation = SMIME_SIGN_RECEIPT; 169 else if (!strcmp (*args, "-resign")) 170 operation = SMIME_RESIGN; 171 else if (!strcmp (*args, "-verify")) 172 operation = SMIME_VERIFY; 173 else if (!strcmp (*args, "-verify_retcode")) 174 verify_retcode = 1; 175 else if (!strcmp(*args,"-verify_receipt")) 176 { 177 operation = SMIME_VERIFY_RECEIPT; 178 if (!args[1]) 179 goto argerr; 180 args++; 181 rctfile = *args; 182 } 183 else if (!strcmp (*args, "-cmsout")) 184 operation = SMIME_CMSOUT; 185 else if (!strcmp (*args, "-data_out")) 186 operation = SMIME_DATAOUT; 187 else if (!strcmp (*args, "-data_create")) 188 operation = SMIME_DATA_CREATE; 189 else if (!strcmp (*args, "-digest_verify")) 190 operation = SMIME_DIGEST_VERIFY; 191 else if (!strcmp (*args, "-digest_create")) 192 operation = SMIME_DIGEST_CREATE; 193 else if (!strcmp (*args, "-compress")) 194 operation = SMIME_COMPRESS; 195 else if (!strcmp (*args, "-uncompress")) 196 operation = SMIME_UNCOMPRESS; 197 else if (!strcmp (*args, "-EncryptedData_decrypt")) 198 operation = SMIME_ENCRYPTED_DECRYPT; 199 else if (!strcmp (*args, "-EncryptedData_encrypt")) 200 operation = SMIME_ENCRYPTED_ENCRYPT; 201#ifndef OPENSSL_NO_DES 202 else if (!strcmp (*args, "-des3")) 203 cipher = EVP_des_ede3_cbc(); 204 else if (!strcmp (*args, "-des")) 205 cipher = EVP_des_cbc(); 206#endif 207#ifndef OPENSSL_NO_SEED 208 else if (!strcmp (*args, "-seed")) 209 cipher = EVP_seed_cbc(); 210#endif 211#ifndef OPENSSL_NO_RC2 212 else if (!strcmp (*args, "-rc2-40")) 213 cipher = EVP_rc2_40_cbc(); 214 else if (!strcmp (*args, "-rc2-128")) 215 cipher = EVP_rc2_cbc(); 216 else if (!strcmp (*args, "-rc2-64")) 217 cipher = EVP_rc2_64_cbc(); 218#endif 219#ifndef OPENSSL_NO_AES 220 else if (!strcmp(*args,"-aes128")) 221 cipher = EVP_aes_128_cbc(); 222 else if (!strcmp(*args,"-aes192")) 223 cipher = EVP_aes_192_cbc(); 224 else if (!strcmp(*args,"-aes256")) 225 cipher = EVP_aes_256_cbc(); 226#endif 227#ifndef OPENSSL_NO_CAMELLIA 228 else if (!strcmp(*args,"-camellia128")) 229 cipher = EVP_camellia_128_cbc(); 230 else if (!strcmp(*args,"-camellia192")) 231 cipher = EVP_camellia_192_cbc(); 232 else if (!strcmp(*args,"-camellia256")) 233 cipher = EVP_camellia_256_cbc(); 234#endif 235 else if (!strcmp (*args, "-debug_decrypt")) 236 flags |= CMS_DEBUG_DECRYPT; 237 else if (!strcmp (*args, "-text")) 238 flags |= CMS_TEXT; 239 else if (!strcmp (*args, "-nointern")) 240 flags |= CMS_NOINTERN; 241 else if (!strcmp (*args, "-noverify") 242 || !strcmp (*args, "-no_signer_cert_verify")) 243 flags |= CMS_NO_SIGNER_CERT_VERIFY; 244 else if (!strcmp (*args, "-nocerts")) 245 flags |= CMS_NOCERTS; 246 else if (!strcmp (*args, "-noattr")) 247 flags |= CMS_NOATTR; 248 else if (!strcmp (*args, "-nodetach")) 249 flags &= ~CMS_DETACHED; 250 else if (!strcmp (*args, "-nosmimecap")) 251 flags |= CMS_NOSMIMECAP; 252 else if (!strcmp (*args, "-binary")) 253 flags |= CMS_BINARY; 254 else if (!strcmp (*args, "-keyid")) 255 flags |= CMS_USE_KEYID; 256 else if (!strcmp (*args, "-nosigs")) 257 flags |= CMS_NOSIGS; 258 else if (!strcmp (*args, "-no_content_verify")) 259 flags |= CMS_NO_CONTENT_VERIFY; 260 else if (!strcmp (*args, "-no_attr_verify")) 261 flags |= CMS_NO_ATTR_VERIFY; 262 else if (!strcmp (*args, "-stream")) 263 flags |= CMS_STREAM; 264 else if (!strcmp (*args, "-indef")) 265 flags |= CMS_STREAM; 266 else if (!strcmp (*args, "-noindef")) 267 flags &= ~CMS_STREAM; 268 else if (!strcmp (*args, "-nooldmime")) 269 flags |= CMS_NOOLDMIMETYPE; 270 else if (!strcmp (*args, "-crlfeol")) 271 flags |= CMS_CRLFEOL; 272 else if (!strcmp (*args, "-noout")) 273 noout = 1; 274 else if (!strcmp (*args, "-receipt_request_print")) 275 rr_print = 1; 276 else if (!strcmp (*args, "-receipt_request_all")) 277 rr_allorfirst = 0; 278 else if (!strcmp (*args, "-receipt_request_first")) 279 rr_allorfirst = 1; 280 else if (!strcmp(*args,"-receipt_request_from")) 281 { 282 if (!args[1]) 283 goto argerr; 284 args++; 285 if (!rr_from) 286 rr_from = sk_OPENSSL_STRING_new_null(); 287 sk_OPENSSL_STRING_push(rr_from, *args); 288 } 289 else if (!strcmp(*args,"-receipt_request_to")) 290 { 291 if (!args[1]) 292 goto argerr; 293 args++; 294 if (!rr_to) 295 rr_to = sk_OPENSSL_STRING_new_null(); 296 sk_OPENSSL_STRING_push(rr_to, *args); 297 } 298 else if (!strcmp (*args, "-print")) 299 { 300 noout = 1; 301 print = 1; 302 } 303 else if (!strcmp(*args,"-secretkey")) 304 { 305 long ltmp; 306 if (!args[1]) 307 goto argerr; 308 args++; 309 secret_key = string_to_hex(*args, <mp); 310 if (!secret_key) 311 { 312 BIO_printf(bio_err, "Invalid key %s\n", *args); 313 goto argerr; 314 } 315 secret_keylen = (size_t)ltmp; 316 } 317 else if (!strcmp(*args,"-secretkeyid")) 318 { 319 long ltmp; 320 if (!args[1]) 321 goto argerr; 322 args++; 323 secret_keyid = string_to_hex(*args, <mp); 324 if (!secret_keyid) 325 { 326 BIO_printf(bio_err, "Invalid id %s\n", *args); 327 goto argerr; 328 } 329 secret_keyidlen = (size_t)ltmp; 330 } 331 else if (!strcmp(*args,"-econtent_type")) 332 { 333 if (!args[1]) 334 goto argerr; 335 args++; 336 econtent_type = OBJ_txt2obj(*args, 0); 337 if (!econtent_type) 338 { 339 BIO_printf(bio_err, "Invalid OID %s\n", *args); 340 goto argerr; 341 } 342 } 343 else if (!strcmp(*args,"-rand")) 344 { 345 if (!args[1]) 346 goto argerr; 347 args++; 348 inrand = *args; 349 need_rand = 1; 350 } 351#ifndef OPENSSL_NO_ENGINE 352 else if (!strcmp(*args,"-engine")) 353 { 354 if (!args[1]) 355 goto argerr; 356 engine = *++args; 357 } 358#endif 359 else if (!strcmp(*args,"-passin")) 360 { 361 if (!args[1]) 362 goto argerr; 363 passargin = *++args; 364 } 365 else if (!strcmp (*args, "-to")) 366 { 367 if (!args[1]) 368 goto argerr; 369 to = *++args; 370 } 371 else if (!strcmp (*args, "-from")) 372 { 373 if (!args[1]) 374 goto argerr; 375 from = *++args; 376 } 377 else if (!strcmp (*args, "-subject")) 378 { 379 if (!args[1]) 380 goto argerr; 381 subject = *++args; 382 } 383 else if (!strcmp (*args, "-signer")) 384 { 385 if (!args[1]) 386 goto argerr; 387 /* If previous -signer argument add signer to list */ 388 389 if (signerfile) 390 { 391 if (!sksigners) 392 sksigners = sk_OPENSSL_STRING_new_null(); 393 sk_OPENSSL_STRING_push(sksigners, signerfile); 394 if (!keyfile) 395 keyfile = signerfile; 396 if (!skkeys) 397 skkeys = sk_OPENSSL_STRING_new_null(); 398 sk_OPENSSL_STRING_push(skkeys, keyfile); 399 keyfile = NULL; 400 } 401 signerfile = *++args; 402 } 403 else if (!strcmp (*args, "-recip")) 404 { 405 if (!args[1]) 406 goto argerr; 407 recipfile = *++args; 408 } 409 else if (!strcmp (*args, "-certsout")) 410 { 411 if (!args[1]) 412 goto argerr; 413 certsoutfile = *++args; 414 } 415 else if (!strcmp (*args, "-md")) 416 { 417 if (!args[1]) 418 goto argerr; 419 sign_md = EVP_get_digestbyname(*++args); 420 if (sign_md == NULL) 421 { 422 BIO_printf(bio_err, "Unknown digest %s\n", 423 *args); 424 goto argerr; 425 } 426 } 427 else if (!strcmp (*args, "-inkey")) 428 { 429 if (!args[1]) 430 goto argerr; 431 /* If previous -inkey arument add signer to list */ 432 if (keyfile) 433 { 434 if (!signerfile) 435 { 436 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 437 goto argerr; 438 } 439 if (!sksigners) 440 sksigners = sk_OPENSSL_STRING_new_null(); 441 sk_OPENSSL_STRING_push(sksigners, signerfile); 442 signerfile = NULL; 443 if (!skkeys) 444 skkeys = sk_OPENSSL_STRING_new_null(); 445 sk_OPENSSL_STRING_push(skkeys, keyfile); 446 } 447 keyfile = *++args; 448 } 449 else if (!strcmp (*args, "-keyform")) 450 { 451 if (!args[1]) 452 goto argerr; 453 keyform = str2fmt(*++args); 454 } 455 else if (!strcmp (*args, "-rctform")) 456 { 457 if (!args[1]) 458 goto argerr; 459 rctformat = str2fmt(*++args); 460 } 461 else if (!strcmp (*args, "-certfile")) 462 { 463 if (!args[1]) 464 goto argerr; 465 certfile = *++args; 466 } 467 else if (!strcmp (*args, "-CAfile")) 468 { 469 if (!args[1]) 470 goto argerr; 471 CAfile = *++args; 472 } 473 else if (!strcmp (*args, "-CApath")) 474 { 475 if (!args[1]) 476 goto argerr; 477 CApath = *++args; 478 } 479 else if (!strcmp (*args, "-in")) 480 { 481 if (!args[1]) 482 goto argerr; 483 infile = *++args; 484 } 485 else if (!strcmp (*args, "-inform")) 486 { 487 if (!args[1]) 488 goto argerr; 489 informat = str2fmt(*++args); 490 } 491 else if (!strcmp (*args, "-outform")) 492 { 493 if (!args[1]) 494 goto argerr; 495 outformat = str2fmt(*++args); 496 } 497 else if (!strcmp (*args, "-out")) 498 { 499 if (!args[1]) 500 goto argerr; 501 outfile = *++args; 502 } 503 else if (!strcmp (*args, "-content")) 504 { 505 if (!args[1]) 506 goto argerr; 507 contfile = *++args; 508 } 509 else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) 510 continue; 511 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) 512 badarg = 1; 513 args++; 514 } 515 516 if (((rr_allorfirst != -1) || rr_from) && !rr_to) 517 { 518 BIO_puts(bio_err, "No Signed Receipts Recipients\n"); 519 goto argerr; 520 } 521 522 if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) 523 { 524 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); 525 goto argerr; 526 } 527 if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) 528 { 529 BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); 530 goto argerr; 531 } 532 533 if (operation & SMIME_SIGNERS) 534 { 535 if (keyfile && !signerfile) 536 { 537 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); 538 goto argerr; 539 } 540 /* Check to see if any final signer needs to be appended */ 541 if (signerfile) 542 { 543 if (!sksigners) 544 sksigners = sk_OPENSSL_STRING_new_null(); 545 sk_OPENSSL_STRING_push(sksigners, signerfile); 546 if (!skkeys) 547 skkeys = sk_OPENSSL_STRING_new_null(); 548 if (!keyfile) 549 keyfile = signerfile; 550 sk_OPENSSL_STRING_push(skkeys, keyfile); 551 } 552 if (!sksigners) 553 { 554 BIO_printf(bio_err, "No signer certificate specified\n"); 555 badarg = 1; 556 } 557 signerfile = NULL; 558 keyfile = NULL; 559 need_rand = 1; 560 } 561 562 else if (operation == SMIME_DECRYPT) 563 { 564 if (!recipfile && !keyfile && !secret_key) 565 { 566 BIO_printf(bio_err, "No recipient certificate or key specified\n"); 567 badarg = 1; 568 } 569 } 570 else if (operation == SMIME_ENCRYPT) 571 { 572 if (!*args && !secret_key) 573 { 574 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 575 badarg = 1; 576 } 577 need_rand = 1; 578 } 579 else if (!operation) 580 badarg = 1; 581 582 if (badarg) 583 { 584 argerr: 585 BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); 586 BIO_printf (bio_err, "where options are\n"); 587 BIO_printf (bio_err, "-encrypt encrypt message\n"); 588 BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); 589 BIO_printf (bio_err, "-sign sign message\n"); 590 BIO_printf (bio_err, "-verify verify signed message\n"); 591 BIO_printf (bio_err, "-cmsout output CMS structure\n"); 592#ifndef OPENSSL_NO_DES 593 BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); 594 BIO_printf (bio_err, "-des encrypt with DES\n"); 595#endif 596#ifndef OPENSSL_NO_SEED 597 BIO_printf (bio_err, "-seed encrypt with SEED\n"); 598#endif 599#ifndef OPENSSL_NO_RC2 600 BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); 601 BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); 602 BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); 603#endif 604#ifndef OPENSSL_NO_AES 605 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); 606 BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); 607#endif 608#ifndef OPENSSL_NO_CAMELLIA 609 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n"); 610 BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n"); 611#endif 612 BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); 613 BIO_printf (bio_err, "-nosigs don't verify message signature\n"); 614 BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); 615 BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); 616 BIO_printf (bio_err, "-nodetach use opaque signing\n"); 617 BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); 618 BIO_printf (bio_err, "-binary don't translate message to text\n"); 619 BIO_printf (bio_err, "-certfile file other certificates file\n"); 620 BIO_printf (bio_err, "-certsout file certificate output file\n"); 621 BIO_printf (bio_err, "-signer file signer certificate file\n"); 622 BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); 623 BIO_printf (bio_err, "-keyid use subject key identifier\n"); 624 BIO_printf (bio_err, "-in file input file\n"); 625 BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); 626 BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); 627 BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); 628 BIO_printf (bio_err, "-out file output file\n"); 629 BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); 630 BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); 631 BIO_printf (bio_err, "-to addr to address\n"); 632 BIO_printf (bio_err, "-from ad from address\n"); 633 BIO_printf (bio_err, "-subject s subject\n"); 634 BIO_printf (bio_err, "-text include or delete text MIME headers\n"); 635 BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 636 BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 637 BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); 638 BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); 639#ifndef OPENSSL_NO_ENGINE 640 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); 641#endif 642 BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); 643 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 644 BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); 645 BIO_printf(bio_err, " the random number generator\n"); 646 BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); 647 goto end; 648 } 649 650#ifndef OPENSSL_NO_ENGINE 651 e = setup_engine(bio_err, engine, 0); 652#endif 653 654 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 655 { 656 BIO_printf(bio_err, "Error getting password\n"); 657 goto end; 658 } 659 660 if (need_rand) 661 { 662 app_RAND_load_file(NULL, bio_err, (inrand != NULL)); 663 if (inrand != NULL) 664 BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 665 app_RAND_load_files(inrand)); 666 } 667 668 ret = 2; 669 670 if (!(operation & SMIME_SIGNERS)) 671 flags &= ~CMS_DETACHED; 672 673 if (operation & SMIME_OP) 674 { 675 if (outformat == FORMAT_ASN1) 676 outmode = "wb"; 677 } 678 else 679 { 680 if (flags & CMS_BINARY) 681 outmode = "wb"; 682 } 683 684 if (operation & SMIME_IP) 685 { 686 if (informat == FORMAT_ASN1) 687 inmode = "rb"; 688 } 689 else 690 { 691 if (flags & CMS_BINARY) 692 inmode = "rb"; 693 } 694 695 if (operation == SMIME_ENCRYPT) 696 { 697 if (!cipher) 698 { 699#ifndef OPENSSL_NO_DES 700 cipher = EVP_des_ede3_cbc(); 701#else 702 BIO_printf(bio_err, "No cipher selected\n"); 703 goto end; 704#endif 705 } 706 707 if (secret_key && !secret_keyid) 708 { 709 BIO_printf(bio_err, "No secret key id\n"); 710 goto end; 711 } 712 713 if (*args) 714 encerts = sk_X509_new_null(); 715 while (*args) 716 { 717 if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, 718 NULL, e, "recipient certificate file"))) 719 goto end; 720 sk_X509_push(encerts, cert); 721 cert = NULL; 722 args++; 723 } 724 } 725 726 if (certfile) 727 { 728 if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, 729 e, "certificate file"))) 730 { 731 ERR_print_errors(bio_err); 732 goto end; 733 } 734 } 735 736 if (recipfile && (operation == SMIME_DECRYPT)) 737 { 738 if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, 739 e, "recipient certificate file"))) 740 { 741 ERR_print_errors(bio_err); 742 goto end; 743 } 744 } 745 746 if (operation == SMIME_SIGN_RECEIPT) 747 { 748 if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL, 749 e, "receipt signer certificate file"))) 750 { 751 ERR_print_errors(bio_err); 752 goto end; 753 } 754 } 755 756 if (operation == SMIME_DECRYPT) 757 { 758 if (!keyfile) 759 keyfile = recipfile; 760 } 761 else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) 762 { 763 if (!keyfile) 764 keyfile = signerfile; 765 } 766 else keyfile = NULL; 767 768 if (keyfile) 769 { 770 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 771 "signing key file"); 772 if (!key) 773 goto end; 774 } 775 776 if (infile) 777 { 778 if (!(in = BIO_new_file(infile, inmode))) 779 { 780 BIO_printf (bio_err, 781 "Can't open input file %s\n", infile); 782 goto end; 783 } 784 } 785 else 786 in = BIO_new_fp(stdin, BIO_NOCLOSE); 787 788 if (operation & SMIME_IP) 789 { 790 if (informat == FORMAT_SMIME) 791 cms = SMIME_read_CMS(in, &indata); 792 else if (informat == FORMAT_PEM) 793 cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); 794 else if (informat == FORMAT_ASN1) 795 cms = d2i_CMS_bio(in, NULL); 796 else 797 { 798 BIO_printf(bio_err, "Bad input format for CMS file\n"); 799 goto end; 800 } 801 802 if (!cms) 803 { 804 BIO_printf(bio_err, "Error reading S/MIME message\n"); 805 goto end; 806 } 807 if (contfile) 808 { 809 BIO_free(indata); 810 if (!(indata = BIO_new_file(contfile, "rb"))) 811 { 812 BIO_printf(bio_err, "Can't read content file %s\n", contfile); 813 goto end; 814 } 815 } 816 if (certsoutfile) 817 { 818 STACK_OF(X509) *allcerts; 819 allcerts = CMS_get1_certs(cms); 820 if (!save_certs(certsoutfile, allcerts)) 821 { 822 BIO_printf(bio_err, 823 "Error writing certs to %s\n", 824 certsoutfile); 825 ret = 5; 826 goto end; 827 } 828 sk_X509_pop_free(allcerts, X509_free); 829 } 830 } 831 832 if (rctfile) 833 { 834 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; 835 if (!(rctin = BIO_new_file(rctfile, rctmode))) 836 { 837 BIO_printf (bio_err, 838 "Can't open receipt file %s\n", rctfile); 839 goto end; 840 } 841 842 if (rctformat == FORMAT_SMIME) 843 rcms = SMIME_read_CMS(rctin, NULL); 844 else if (rctformat == FORMAT_PEM) 845 rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL); 846 else if (rctformat == FORMAT_ASN1) 847 rcms = d2i_CMS_bio(rctin, NULL); 848 else 849 { 850 BIO_printf(bio_err, "Bad input format for receipt\n"); 851 goto end; 852 } 853 854 if (!rcms) 855 { 856 BIO_printf(bio_err, "Error reading receipt\n"); 857 goto end; 858 } 859 } 860 861 if (outfile) 862 { 863 if (!(out = BIO_new_file(outfile, outmode))) 864 { 865 BIO_printf (bio_err, 866 "Can't open output file %s\n", outfile); 867 goto end; 868 } 869 } 870 else 871 { 872 out = BIO_new_fp(stdout, BIO_NOCLOSE); 873#ifdef OPENSSL_SYS_VMS 874 { 875 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 876 out = BIO_push(tmpbio, out); 877 } 878#endif 879 } 880 881 if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) 882 { 883 if (!(store = setup_verify(bio_err, CAfile, CApath))) 884 goto end; 885 X509_STORE_set_verify_cb(store, cms_cb); 886 if (vpm) 887 X509_STORE_set1_param(store, vpm); 888 } 889 890 891 ret = 3; 892 893 if (operation == SMIME_DATA_CREATE) 894 { 895 cms = CMS_data_create(in, flags); 896 } 897 else if (operation == SMIME_DIGEST_CREATE) 898 { 899 cms = CMS_digest_create(in, sign_md, flags); 900 } 901 else if (operation == SMIME_COMPRESS) 902 { 903 cms = CMS_compress(in, -1, flags); 904 } 905 else if (operation == SMIME_ENCRYPT) 906 { 907 flags |= CMS_PARTIAL; 908 cms = CMS_encrypt(encerts, in, cipher, flags); 909 if (!cms) 910 goto end; 911 if (secret_key) 912 { 913 if (!CMS_add0_recipient_key(cms, NID_undef, 914 secret_key, secret_keylen, 915 secret_keyid, secret_keyidlen, 916 NULL, NULL, NULL)) 917 goto end; 918 /* NULL these because call absorbs them */ 919 secret_key = NULL; 920 secret_keyid = NULL; 921 } 922 if (!(flags & CMS_STREAM)) 923 { 924 if (!CMS_final(cms, in, NULL, flags)) 925 goto end; 926 } 927 } 928 else if (operation == SMIME_ENCRYPTED_ENCRYPT) 929 { 930 cms = CMS_EncryptedData_encrypt(in, cipher, 931 secret_key, secret_keylen, 932 flags); 933 934 } 935 else if (operation == SMIME_SIGN_RECEIPT) 936 { 937 CMS_ContentInfo *srcms = NULL; 938 STACK_OF(CMS_SignerInfo) *sis; 939 CMS_SignerInfo *si; 940 sis = CMS_get0_SignerInfos(cms); 941 if (!sis) 942 goto end; 943 si = sk_CMS_SignerInfo_value(sis, 0); 944 srcms = CMS_sign_receipt(si, signer, key, other, flags); 945 if (!srcms) 946 goto end; 947 CMS_ContentInfo_free(cms); 948 cms = srcms; 949 } 950 else if (operation & SMIME_SIGNERS) 951 { 952 int i; 953 /* If detached data content we enable streaming if 954 * S/MIME output format. 955 */ 956 if (operation == SMIME_SIGN) 957 { 958 959 if (flags & CMS_DETACHED) 960 { 961 if (outformat == FORMAT_SMIME) 962 flags |= CMS_STREAM; 963 } 964 flags |= CMS_PARTIAL; 965 cms = CMS_sign(NULL, NULL, other, in, flags); 966 if (!cms) 967 goto end; 968 if (econtent_type) 969 CMS_set1_eContentType(cms, econtent_type); 970 971 if (rr_to) 972 { 973 rr = make_receipt_request(rr_to, rr_allorfirst, 974 rr_from); 975 if (!rr) 976 { 977 BIO_puts(bio_err, 978 "Signed Receipt Request Creation Error\n"); 979 goto end; 980 } 981 } 982 } 983 else 984 flags |= CMS_REUSE_DIGEST; 985 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) 986 { 987 CMS_SignerInfo *si; 988 signerfile = sk_OPENSSL_STRING_value(sksigners, i); 989 keyfile = sk_OPENSSL_STRING_value(skkeys, i); 990 signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL, 991 e, "signer certificate"); 992 if (!signer) 993 goto end; 994 key = load_key(bio_err, keyfile, keyform, 0, passin, e, 995 "signing key file"); 996 if (!key) 997 goto end; 998 si = CMS_add1_signer(cms, signer, key, sign_md, flags); 999 if (!si) 1000 goto end; 1001 if (rr && !CMS_add1_ReceiptRequest(si, rr)) 1002 goto end; 1003 X509_free(signer); 1004 signer = NULL; 1005 EVP_PKEY_free(key); 1006 key = NULL; 1007 } 1008 /* If not streaming or resigning finalize structure */ 1009 if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) 1010 { 1011 if (!CMS_final(cms, in, NULL, flags)) 1012 goto end; 1013 } 1014 } 1015 1016 if (!cms) 1017 { 1018 BIO_printf(bio_err, "Error creating CMS structure\n"); 1019 goto end; 1020 } 1021 1022 ret = 4; 1023 if (operation == SMIME_DECRYPT) 1024 { 1025 if (flags & CMS_DEBUG_DECRYPT) 1026 CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); 1027 1028 if (secret_key) 1029 { 1030 if (!CMS_decrypt_set1_key(cms, 1031 secret_key, secret_keylen, 1032 secret_keyid, secret_keyidlen)) 1033 { 1034 BIO_puts(bio_err, 1035 "Error decrypting CMS using secret key\n"); 1036 goto end; 1037 } 1038 } 1039 1040 if (key) 1041 { 1042 if (!CMS_decrypt_set1_pkey(cms, key, recip)) 1043 { 1044 BIO_puts(bio_err, 1045 "Error decrypting CMS using private key\n"); 1046 goto end; 1047 } 1048 } 1049 1050 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) 1051 { 1052 BIO_printf(bio_err, "Error decrypting CMS structure\n"); 1053 goto end; 1054 } 1055 } 1056 else if (operation == SMIME_DATAOUT) 1057 { 1058 if (!CMS_data(cms, out, flags)) 1059 goto end; 1060 } 1061 else if (operation == SMIME_UNCOMPRESS) 1062 { 1063 if (!CMS_uncompress(cms, indata, out, flags)) 1064 goto end; 1065 } 1066 else if (operation == SMIME_DIGEST_VERIFY) 1067 { 1068 if (CMS_digest_verify(cms, indata, out, flags) > 0) 1069 BIO_printf(bio_err, "Verification successful\n"); 1070 else 1071 { 1072 BIO_printf(bio_err, "Verification failure\n"); 1073 goto end; 1074 } 1075 } 1076 else if (operation == SMIME_ENCRYPTED_DECRYPT) 1077 { 1078 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, 1079 indata, out, flags)) 1080 goto end; 1081 } 1082 else if (operation == SMIME_VERIFY) 1083 { 1084 if (CMS_verify(cms, other, store, indata, out, flags) > 0) 1085 BIO_printf(bio_err, "Verification successful\n"); 1086 else 1087 { 1088 BIO_printf(bio_err, "Verification failure\n"); 1089 if (verify_retcode) 1090 ret = verify_err + 32; 1091 goto end; 1092 } 1093 if (signerfile) 1094 { 1095 STACK_OF(X509) *signers; 1096 signers = CMS_get0_signers(cms); 1097 if (!save_certs(signerfile, signers)) 1098 { 1099 BIO_printf(bio_err, 1100 "Error writing signers to %s\n", 1101 signerfile); 1102 ret = 5; 1103 goto end; 1104 } 1105 sk_X509_free(signers); 1106 } 1107 if (rr_print) 1108 receipt_request_print(bio_err, cms); 1109 1110 } 1111 else if (operation == SMIME_VERIFY_RECEIPT) 1112 { 1113 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) 1114 BIO_printf(bio_err, "Verification successful\n"); 1115 else 1116 { 1117 BIO_printf(bio_err, "Verification failure\n"); 1118 goto end; 1119 } 1120 } 1121 else 1122 { 1123 if (noout) 1124 { 1125 if (print) 1126 CMS_ContentInfo_print_ctx(out, cms, 0, NULL); 1127 } 1128 else if (outformat == FORMAT_SMIME) 1129 { 1130 if (to) 1131 BIO_printf(out, "To: %s\n", to); 1132 if (from) 1133 BIO_printf(out, "From: %s\n", from); 1134 if (subject) 1135 BIO_printf(out, "Subject: %s\n", subject); 1136 if (operation == SMIME_RESIGN) 1137 ret = SMIME_write_CMS(out, cms, indata, flags); 1138 else 1139 ret = SMIME_write_CMS(out, cms, in, flags); 1140 } 1141 else if (outformat == FORMAT_PEM) 1142 ret = PEM_write_bio_CMS_stream(out, cms, in, flags); 1143 else if (outformat == FORMAT_ASN1) 1144 ret = i2d_CMS_bio_stream(out,cms, in, flags); 1145 else 1146 { 1147 BIO_printf(bio_err, "Bad output format for CMS file\n"); 1148 goto end; 1149 } 1150 if (ret <= 0) 1151 { 1152 ret = 6; 1153 goto end; 1154 } 1155 } 1156 ret = 0; 1157end: 1158 if (ret) 1159 ERR_print_errors(bio_err); 1160 if (need_rand) 1161 app_RAND_write_file(NULL, bio_err); 1162 sk_X509_pop_free(encerts, X509_free); 1163 sk_X509_pop_free(other, X509_free); 1164 if (vpm) 1165 X509_VERIFY_PARAM_free(vpm); 1166 if (sksigners) 1167 sk_OPENSSL_STRING_free(sksigners); 1168 if (skkeys) 1169 sk_OPENSSL_STRING_free(skkeys); 1170 if (secret_key) 1171 OPENSSL_free(secret_key); 1172 if (secret_keyid) 1173 OPENSSL_free(secret_keyid); 1174 if (econtent_type) 1175 ASN1_OBJECT_free(econtent_type); 1176 if (rr) 1177 CMS_ReceiptRequest_free(rr); 1178 if (rr_to) 1179 sk_OPENSSL_STRING_free(rr_to); 1180 if (rr_from) 1181 sk_OPENSSL_STRING_free(rr_from); 1182 X509_STORE_free(store); 1183 X509_free(cert); 1184 X509_free(recip); 1185 X509_free(signer); 1186 EVP_PKEY_free(key); 1187 CMS_ContentInfo_free(cms); 1188 CMS_ContentInfo_free(rcms); 1189 BIO_free(rctin); 1190 BIO_free(in); 1191 BIO_free(indata); 1192 BIO_free_all(out); 1193 if (passin) OPENSSL_free(passin); 1194 return (ret); 1195} 1196 1197static int save_certs(char *signerfile, STACK_OF(X509) *signers) 1198 { 1199 int i; 1200 BIO *tmp; 1201 if (!signerfile) 1202 return 1; 1203 tmp = BIO_new_file(signerfile, "w"); 1204 if (!tmp) return 0; 1205 for(i = 0; i < sk_X509_num(signers); i++) 1206 PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); 1207 BIO_free(tmp); 1208 return 1; 1209 } 1210 1211 1212/* Minimal callback just to output policy info (if any) */ 1213 1214static int cms_cb(int ok, X509_STORE_CTX *ctx) 1215 { 1216 int error; 1217 1218 error = X509_STORE_CTX_get_error(ctx); 1219 1220 verify_err = error; 1221 1222 if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) 1223 && ((error != X509_V_OK) || (ok != 2))) 1224 return ok; 1225 1226 policies_print(NULL, ctx); 1227 1228 return ok; 1229 1230 } 1231 1232static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns) 1233 { 1234 STACK_OF(GENERAL_NAME) *gens; 1235 GENERAL_NAME *gen; 1236 int i, j; 1237 for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) 1238 { 1239 gens = sk_GENERAL_NAMES_value(gns, i); 1240 for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) 1241 { 1242 gen = sk_GENERAL_NAME_value(gens, j); 1243 BIO_puts(out, " "); 1244 GENERAL_NAME_print(out, gen); 1245 BIO_puts(out, "\n"); 1246 } 1247 } 1248 return; 1249 } 1250 1251static void receipt_request_print(BIO *out, CMS_ContentInfo *cms) 1252 { 1253 STACK_OF(CMS_SignerInfo) *sis; 1254 CMS_SignerInfo *si; 1255 CMS_ReceiptRequest *rr; 1256 int allorfirst; 1257 STACK_OF(GENERAL_NAMES) *rto, *rlist; 1258 ASN1_STRING *scid; 1259 int i, rv; 1260 sis = CMS_get0_SignerInfos(cms); 1261 for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) 1262 { 1263 si = sk_CMS_SignerInfo_value(sis, i); 1264 rv = CMS_get1_ReceiptRequest(si, &rr); 1265 BIO_printf(bio_err, "Signer %d:\n", i + 1); 1266 if (rv == 0) 1267 BIO_puts(bio_err, " No Receipt Request\n"); 1268 else if (rv < 0) 1269 { 1270 BIO_puts(bio_err, " Receipt Request Parse Error\n"); 1271 ERR_print_errors(bio_err); 1272 } 1273 else 1274 { 1275 char *id; 1276 int idlen; 1277 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, 1278 &rlist, &rto); 1279 BIO_puts(out, " Signed Content ID:\n"); 1280 idlen = ASN1_STRING_length(scid); 1281 id = (char *)ASN1_STRING_data(scid); 1282 BIO_dump_indent(out, id, idlen, 4); 1283 BIO_puts(out, " Receipts From"); 1284 if (rlist) 1285 { 1286 BIO_puts(out, " List:\n"); 1287 gnames_stack_print(out, rlist); 1288 } 1289 else if (allorfirst == 1) 1290 BIO_puts(out, ": First Tier\n"); 1291 else if (allorfirst == 0) 1292 BIO_puts(out, ": All\n"); 1293 else 1294 BIO_printf(out, " Unknown (%d)\n", allorfirst); 1295 BIO_puts(out, " Receipts To:\n"); 1296 gnames_stack_print(out, rto); 1297 } 1298 if (rr) 1299 CMS_ReceiptRequest_free(rr); 1300 } 1301 } 1302 1303static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) 1304 { 1305 int i; 1306 STACK_OF(GENERAL_NAMES) *ret; 1307 GENERAL_NAMES *gens = NULL; 1308 GENERAL_NAME *gen = NULL; 1309 ret = sk_GENERAL_NAMES_new_null(); 1310 if (!ret) 1311 goto err; 1312 for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) 1313 { 1314 char *str = sk_OPENSSL_STRING_value(ns, i); 1315 gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); 1316 if (!gen) 1317 goto err; 1318 gens = GENERAL_NAMES_new(); 1319 if (!gens) 1320 goto err; 1321 if (!sk_GENERAL_NAME_push(gens, gen)) 1322 goto err; 1323 gen = NULL; 1324 if (!sk_GENERAL_NAMES_push(ret, gens)) 1325 goto err; 1326 gens = NULL; 1327 } 1328 1329 return ret; 1330 1331 err: 1332 if (ret) 1333 sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); 1334 if (gens) 1335 GENERAL_NAMES_free(gens); 1336 if (gen) 1337 GENERAL_NAME_free(gen); 1338 return NULL; 1339 } 1340 1341 1342static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, 1343 int rr_allorfirst, 1344 STACK_OF(OPENSSL_STRING) *rr_from) 1345 { 1346 STACK_OF(GENERAL_NAMES) *rct_to, *rct_from; 1347 CMS_ReceiptRequest *rr; 1348 rct_to = make_names_stack(rr_to); 1349 if (!rct_to) 1350 goto err; 1351 if (rr_from) 1352 { 1353 rct_from = make_names_stack(rr_from); 1354 if (!rct_from) 1355 goto err; 1356 } 1357 else 1358 rct_from = NULL; 1359 rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from, 1360 rct_to); 1361 return rr; 1362 err: 1363 return NULL; 1364 } 1365 1366#endif 1367