Lines Matching +full:no +full:- +full:cms
2 * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
10 /* CMS utility function */
22 #include <openssl/cms.h>
26 static void receipt_request_print(CMS_ContentInfo *cms);
91 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
92 {"help", OPT_HELP, '-', "Display this summary"},
100 {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
101 {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
102 {"sign", OPT_SIGN, '-', "Sign message"},
103 {"verify", OPT_VERIFY, '-', "Verify signed message"},
104 {"resign", OPT_RESIGN, '-', "Resign a signed message"},
105 {"sign_receipt", OPT_SIGN_RECEIPT, '-',
109 {"digest_create", OPT_DIGEST_CREATE, '-',
110 "Create a CMS \"DigestedData\" object"},
111 {"digest_verify", OPT_DIGEST_VERIFY, '-',
112 "Verify a CMS \"DigestedData\" object and output it"},
113 {"compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object"},
114 {"uncompress", OPT_UNCOMPRESS, '-',
115 "Uncompress a CMS \"CompressedData\" object"},
116 {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-',
117 "Create CMS \"EncryptedData\" object using symmetric key"},
118 {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-',
119 "Decrypt CMS \"EncryptedData\" object using symmetric key"},
120 {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"},
121 {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"},
122 {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
129 {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
130 {"indef", OPT_INDEF, '-', "Same as -stream"},
131 {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
132 {"binary", OPT_BINARY, '-',
134 {"crlfeol", OPT_CRLFEOL, '-',
136 {"asciicrlf", OPT_ASCIICRLF, '-',
143 "Use specified hex-encoded key to decrypt/encrypt recipients or content"},
145 "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"},
163 {"", OPT_CIPHER, '-',
167 {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
168 {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
169 {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
170 {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
171 {"debug_decrypt", OPT_DEBUG_DECRYPT, '-',
172 "Disable MMA protection, return error if no recipient found (see doc)"},
178 {"cades", OPT_CADES, '-',
179 "Include signingCertificate attribute (CAdES-BES)"},
180 {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
181 {"nocerts", OPT_NOCERTS, '-',
183 {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
184 {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
185 {"receipt_request_all", OPT_RR_ALL, '-',
187 {"receipt_request_first", OPT_RR_FIRST, '-',
198 {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-',
200 {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-',
202 {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
203 {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
204 {"nointern", OPT_NOINTERN, '-',
206 {"cades", OPT_DUP, '-', "Check signingCertificate (CAdES-BES)"},
207 {"verify_retcode", OPT_VERIFY_RETCODE, '-',
208 "Exit non-zero on verification failure"},
212 {"no-CAfile", OPT_NOCAFILE, '-',
214 {"no-CApath", OPT_NOCAPATH, '-',
216 {"no-CAstore", OPT_NOCASTORE, '-',
220 {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
222 {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
229 {"noout", OPT_NOOUT, '-',
230 "For the -cmsout operation do not output the parsed CMS structure"},
231 {"print", OPT_PRINT, '-',
232 "For the -cmsout operation print out all fields of the CMS structure"},
234 "For the -print option specifies various strings printing options"},
235 {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
280 CMS_ContentInfo *cms = NULL, *rcms = NULL; in cms_main() local
302 int noout = 0, print = 0, keyidx = -1, vpmtouched = 0; in cms_main()
304 int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1; in cms_main()
323 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); in cms_main()
575 /* If previous -signer argument add signer to list */ in cms_main()
595 /* If previous -inkey argument add signer to list */ in cms_main()
598 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); in cms_main()
633 keyidx = -1; in cms_main()
644 BIO_printf(bio_err, "No key specified\n"); in cms_main()
647 if (key_param == NULL || key_param->idx != keyidx) { in cms_main()
650 if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) { in cms_main()
654 nparam->idx = keyidx; in cms_main()
655 nparam->next = NULL; in cms_main()
659 key_param->next = nparam; in cms_main()
662 sk_OPENSSL_STRING_push(key_param->param, opt_arg()); in cms_main()
713 if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) { in cms_main()
714 BIO_puts(bio_err, "No Signed Receipts Recipients\n"); in cms_main()
719 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); in cms_main()
743 BIO_puts(bio_err, "Illegal -inkey without -signer\n"); in cms_main()
759 BIO_printf(bio_err, "No signer certificate specified\n"); in cms_main()
768 "No recipient certificate or key specified\n"); in cms_main()
774 BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); in cms_main()
778 … BIO_printf(bio_err, "No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.\n"); in cms_main()
792 "Warning: -nodetach option is ignored for non-signing operation\n"); in cms_main()
798 "Warning: -contfile option is ignored for the given operation\n"); in cms_main()
816 BIO_printf(bio_err, "No cipher selected\n"); in cms_main()
822 BIO_printf(bio_err, "No secret key id\n"); in cms_main()
837 …err, "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n"); in cms_main()
895 cms = load_content_info(informat, in, flags, &indata, "SMIME"); in cms_main()
896 if (cms == NULL) in cms_main()
907 allcerts = CMS_get1_certs(cms); in cms_main()
948 cms = CMS_data_create_ex(in, flags, libctx, app_get0_propq()); in cms_main()
950 cms = CMS_digest_create_ex(in, sign_md, flags, libctx, app_get0_propq()); in cms_main()
952 cms = CMS_compress(in, -1, flags); in cms_main()
956 cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, app_get0_propq()); in cms_main()
957 if (cms == NULL) in cms_main()
968 for (kparam = key_first; kparam; kparam = kparam->next) { in cms_main()
969 if (kparam->idx == i) { in cms_main()
973 ri = CMS_add1_recipient(cms, x, key, originator, tflags); in cms_main()
979 if (!cms_set_pkey_param(pctx, kparam->param)) in cms_main()
983 res = EVP_PKEY_CTX_ctrl(pctx, -1, -1, in cms_main()
986 if (res <= 0 && res != -2) in cms_main()
998 if (!CMS_add0_recipient_key(cms, NID_undef, in cms_main()
1011 if (CMS_add0_recipient_password(cms, in cms_main()
1012 -1, NID_undef, NID_undef, in cms_main()
1013 pwri_tmp, -1, NULL) == NULL) in cms_main()
1018 if (!CMS_final(cms, in, NULL, flags)) in cms_main()
1022 cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key, in cms_main()
1029 sis = CMS_get0_SignerInfos(cms); in cms_main()
1036 CMS_ContentInfo_free(cms); in cms_main()
1037 cms = srcms; in cms_main()
1051 cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq()); in cms_main()
1052 if (cms == NULL) in cms_main()
1055 CMS_set1_eContentType(cms, econtent_type); in cms_main()
1084 for (kparam = key_first; kparam; kparam = kparam->next) { in cms_main()
1085 if (kparam->idx == i) { in cms_main()
1090 si = CMS_add1_signer(cms, signer, key, sign_md, tflags); in cms_main()
1096 if (!cms_set_pkey_param(pctx, kparam->param)) in cms_main()
1108 if (!CMS_final(cms, in, NULL, flags)) in cms_main()
1113 if (cms == NULL) { in cms_main()
1114 BIO_printf(bio_err, "Error creating CMS structure\n"); in cms_main()
1121 CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); in cms_main()
1124 if (!CMS_decrypt_set1_key(cms, in cms_main()
1127 BIO_puts(bio_err, "Error decrypting CMS using secret key\n"); in cms_main()
1133 if (!CMS_decrypt_set1_pkey_and_peer(cms, key, recip, originator)) { in cms_main()
1134 BIO_puts(bio_err, "Error decrypting CMS using private key\n"); in cms_main()
1140 if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { in cms_main()
1141 BIO_puts(bio_err, "Error decrypting CMS using password\n"); in cms_main()
1146 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) { in cms_main()
1147 BIO_printf(bio_err, "Error decrypting CMS structure\n"); in cms_main()
1151 if (!CMS_data(cms, out, flags)) in cms_main()
1154 if (!CMS_uncompress(cms, indata, out, flags)) in cms_main()
1157 if (CMS_digest_verify(cms, indata, out, flags) > 0) { in cms_main()
1164 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, in cms_main()
1168 if (CMS_verify(cms, other, store, indata, out, flags) > 0) { in cms_main()
1170 (flags & CMS_CADES) != 0 ? "CAdES" : "CMS"); in cms_main()
1173 (flags & CMS_CADES) != 0 ? "CAdES" : "CMS"); in cms_main()
1179 STACK_OF(X509) *signers = CMS_get0_signers(cms); in cms_main()
1190 receipt_request_print(cms); in cms_main()
1193 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) { in cms_main()
1211 CMS_ContentInfo_print_ctx(out, cms, 0, pctx); in cms_main()
1222 ret = SMIME_write_CMS(out, cms, indata, flags); in cms_main()
1224 ret = SMIME_write_CMS(out, cms, in, flags); in cms_main()
1226 ret = PEM_write_bio_CMS_stream(out, cms, in, flags); in cms_main()
1228 ret = i2d_CMS_bio_stream(out, cms, in, flags); in cms_main()
1230 BIO_printf(bio_err, "Bad output format for CMS file\n"); in cms_main()
1256 sk_OPENSSL_STRING_free(key_param->param); in cms_main()
1257 tparam = key_param->next; in cms_main()
1269 CMS_ContentInfo_free(cms); in cms_main()
1334 static void receipt_request_print(CMS_ContentInfo *cms) in receipt_request_print() argument
1343 sis = CMS_get0_SignerInfos(cms); in receipt_request_print()
1349 BIO_puts(bio_err, " No Receipt Request\n"); in receipt_request_print()
1430 return CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from, in make_receipt_request()