Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 56c98a7d 编写于 作者: D Dr. David von Oheimb 提交者: Dr. David von Oheimb
浏览文件
操作

apps/cms: Simplify handling of encerts; add warning if they are ignored 

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14843)
上级 06621ba3
隐藏空白更改
内联 并排
Showing with 22 addition and 20 deletion
apps/cms.c
浏览文件 @ 56c98a7d
...@@ -307,10 +307,10 @@ int cms_main(int argc, char **argv) ...@@ -307,10 +307,10 @@ int cms_main(int argc, char **argv)
EVP_MD *sign_md = NULL; EVP_MD *sign_md = NULL;
STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
STACK_OF(X509) *encerts = NULL, *other = NULL; STACK_OF(X509) *encerts = sk_X509_new_null(), *other = NULL;
X509 *cert = NULL, *recip = NULL, *signer = NULL, *originator = NULL; X509 *cert = NULL, *recip = NULL, *signer = NULL, *originator = NULL;
X509_STORE *store = NULL; X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL; X509_VERIFY_PARAM *vpm = X509_VERIFY_PARAM_new();
char *certfile = NULL, *keyfile = NULL, *contfile = NULL; char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL; const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL;
char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL; char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL;
...@@ -332,8 +332,8 @@ int cms_main(int argc, char **argv) ...@@ -332,8 +332,8 @@ int cms_main(int argc, char **argv)
OPTION_CHOICE o; OPTION_CHOICE o;
OSSL_LIB_CTX *libctx = app_get0_libctx(); OSSL_LIB_CTX *libctx = app_get0_libctx();
if ((vpm = X509_VERIFY_PARAM_new()) == NULL) if (encerts == NULL || vpm == NULL)
return 1; goto end;
prog = opt_init(argc, argv, cms_options); prog = opt_init(argc, argv, cms_options);
while ((o = opt_next()) != OPT_EOF) { while ((o = opt_next()) != OPT_EOF) {
...@@ -641,8 +641,6 @@ int cms_main(int argc, char **argv) ...@@ -641,8 +641,6 @@ int cms_main(int argc, char **argv)
break; break;
case OPT_RECIP: case OPT_RECIP:
if (operation == SMIME_ENCRYPT) { if (operation == SMIME_ENCRYPT) {
if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
goto end;
cert = load_cert(opt_arg(), FORMAT_UNDEF, cert = load_cert(opt_arg(), FORMAT_UNDEF,
"recipient certificate file"); "recipient certificate file");
if (cert == NULL) if (cert == NULL)
...@@ -659,7 +657,7 @@ int cms_main(int argc, char **argv) ...@@ -659,7 +657,7 @@ int cms_main(int argc, char **argv)
case OPT_KEYOPT: case OPT_KEYOPT:
keyidx = -1; keyidx = -1;
if (operation == SMIME_ENCRYPT) { if (operation == SMIME_ENCRYPT) {
if (encerts != NULL) if (sk_X509_num(encerts) > 0)
keyidx += sk_X509_num(encerts); keyidx += sk_X509_num(encerts);
} else { } else {
if (keyfile != NULL || signerfile != NULL) if (keyfile != NULL || signerfile != NULL)
...@@ -797,7 +795,7 @@ int cms_main(int argc, char **argv) ...@@ -797,7 +795,7 @@ int cms_main(int argc, char **argv)
} }
} else if (operation == SMIME_ENCRYPT) { } else if (operation == SMIME_ENCRYPT) {
if (*argv == NULL && secret_key == NULL if (*argv == NULL && secret_key == NULL
&& pwri_pass == NULL && encerts == NULL) { && pwri_pass == NULL && sk_X509_num(encerts) <= 0) {
BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
goto opthelp; goto opthelp;
} }
...@@ -838,16 +836,19 @@ int cms_main(int argc, char **argv) ...@@ -838,16 +836,19 @@ int cms_main(int argc, char **argv)
goto end; goto end;
} }
if (*argv && encerts == NULL) if (*argv != NULL) {
if ((encerts = sk_X509_new_null()) == NULL) if (operation == SMIME_ENCRYPT) {
goto end; for (; *argv != NULL; argv++) {
while (*argv) { cert = load_cert(*argv, FORMAT_UNDEF,
if ((cert = load_cert(*argv, FORMAT_UNDEF, "recipient certificate file");
"recipient certificate file")) == NULL) if (cert == NULL)
goto end; goto end;
sk_X509_push(encerts, cert); sk_X509_push(encerts, cert);
cert = NULL; cert = NULL;
argv++; }
} else {
BIO_printf(bio_err, "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n");
}
} }
} }
...@@ -1182,9 +1183,10 @@ int cms_main(int argc, char **argv) ...@@ -1182,9 +1183,10 @@ int cms_main(int argc, char **argv)
} else if (operation == SMIME_VERIFY) { } else if (operation == SMIME_VERIFY) {
if (CMS_verify(cms, other, store, indata, out, flags) > 0) { if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
BIO_printf(bio_err, "%s Verification successful\n", BIO_printf(bio_err, "%s Verification successful\n",
(flags & CMS_CADES) ? "CAdES" : "CMS"); (flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
} else { } else {
BIO_printf(bio_err, "Verification failure\n"); BIO_printf(bio_err, "%s Verification failure\n",
(flags & CMS_CADES) != 0 ? "CAdES" : "CMS");
if (verify_retcode) if (verify_retcode)
ret = verify_err + 32; ret = verify_err + 32;
goto end; goto end;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册