aboutsummaryrefslogtreecommitdiff
path: root/apps/cms.c
diff options
context:
space:
mode:
Diffstat (limited to 'apps/cms.c')
-rw-r--r--apps/cms.c39
1 files changed, 28 insertions, 11 deletions
diff --git a/apps/cms.c b/apps/cms.c
index abb9f196a760..dce227ef2db5 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -494,13 +494,15 @@ int cms_main(int argc, char **argv)
if (rr_from == NULL
&& (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(rr_from, opt_arg());
+ if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
+ goto end;
break;
case OPT_RR_TO:
if (rr_to == NULL
&& (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(rr_to, opt_arg());
+ if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
+ goto end;
break;
case OPT_PRINT:
noout = print = 1;
@@ -577,13 +579,15 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
if (keyfile == NULL)
keyfile = signerfile;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
keyfile = NULL;
}
signerfile = opt_arg();
@@ -601,12 +605,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
signerfile = NULL;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
}
keyfile = opt_arg();
break;
@@ -660,7 +666,8 @@ int cms_main(int argc, char **argv)
key_param->next = nparam;
key_param = nparam;
}
- sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+ if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
+ goto end;
break;
case OPT_V_CASES:
if (!opt_verify(o, vpm))
@@ -749,12 +756,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
- sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+ goto end;
if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (keyfile == NULL)
keyfile = signerfile;
- sk_OPENSSL_STRING_push(skkeys, keyfile);
+ if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+ goto end;
}
if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n");
@@ -1014,8 +1023,15 @@ int cms_main(int argc, char **argv)
pwri_tmp = NULL;
}
if (!(flags & CMS_STREAM)) {
- if (!CMS_final(cms, in, NULL, flags))
+ if (!CMS_final(cms, in, NULL, flags)) {
+ if (originator != NULL
+ && ERR_GET_REASON(ERR_peek_error())
+ == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) {
+ BIO_printf(bio_err, "Cannot use originator for encryption\n");
+ goto end;
+ }
goto end;
+ }
}
} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
@@ -1261,6 +1277,7 @@ int cms_main(int argc, char **argv)
X509_free(cert);
X509_free(recip);
X509_free(signer);
+ X509_free(originator);
EVP_PKEY_free(key);
EVP_CIPHER_free(cipher);
EVP_CIPHER_free(wrap_cipher);
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-26 20:48:33 +0000