- else if (!strcmp (*args, "-des3"))
- cipher = EVP_des_ede3_cbc();
- else if (!strcmp (*args, "-des"))
- cipher = EVP_des_cbc();
-#endif
-#ifndef OPENSSL_NO_RC2
- else if (!strcmp (*args, "-rc2-40"))
- cipher = EVP_rc2_40_cbc();
- else if (!strcmp (*args, "-rc2-128"))
- cipher = EVP_rc2_cbc();
- else if (!strcmp (*args, "-rc2-64"))
- cipher = EVP_rc2_64_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128"))
- cipher = EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192"))
- cipher = EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256"))
- cipher = EVP_aes_256_cbc();
-#endif
- else if (!strcmp (*args, "-text"))
- flags |= PKCS7_TEXT;
- else if (!strcmp (*args, "-nointern"))
- flags |= PKCS7_NOINTERN;
- else if (!strcmp (*args, "-noverify"))
- flags |= PKCS7_NOVERIFY;
- else if (!strcmp (*args, "-nochain"))
- flags |= PKCS7_NOCHAIN;
- else if (!strcmp (*args, "-nocerts"))
- flags |= PKCS7_NOCERTS;
- else if (!strcmp (*args, "-noattr"))
- flags |= PKCS7_NOATTR;
- else if (!strcmp (*args, "-nodetach"))
- flags &= ~PKCS7_DETACHED;
- else if (!strcmp (*args, "-nosmimecap"))
- flags |= PKCS7_NOSMIMECAP;
- else if (!strcmp (*args, "-binary"))
- flags |= PKCS7_BINARY;
- else if (!strcmp (*args, "-nosigs"))
- flags |= PKCS7_NOSIGS;
- else if (!strcmp (*args, "-nooldmime"))
- flags |= PKCS7_NOOLDMIMETYPE;
- else if (!strcmp (*args, "-crlfeol"))
- flags |= PKCS7_CRLFEOL;
- else if (!strcmp(*args,"-rand"))
- {
- if (args[1])
- {
- args++;
- inrand = *args;
- }
- else
- badarg = 1;
- need_rand = 1;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (!strcmp(*args,"-engine"))
- {
- if (args[1])
- {
- args++;
- engine = *args;
- }
- else badarg = 1;
- }
-#endif
- else if (!strcmp(*args,"-passin"))
- {
- if (args[1])
- {
- args++;
- passargin = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-to"))
- {
- if (args[1])
- {
- args++;
- to = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-from"))
- {
- if (args[1])
- {
- args++;
- from = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-subject"))
- {
- if (args[1])
- {
- args++;
- subject = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-signer"))
- {
- if (args[1])
- {
- args++;
- signerfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-recip"))
- {
- if (args[1])
- {
- args++;
- recipfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-inkey"))
- {
- if (args[1])
- {
- args++;
- keyfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-keyform"))
- {
- if (args[1])
- {
- args++;
- keyform = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-certfile"))
- {
- if (args[1])
- {
- args++;
- certfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-CAfile"))
- {
- if (args[1])
- {
- args++;
- CAfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-CApath"))
- {
- if (args[1])
- {
- args++;
- CApath = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-in"))
- {
- if (args[1])
- {
- args++;
- infile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-inform"))
- {
- if (args[1])
- {
- args++;
- informat = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-outform"))
- {
- if (args[1])
- {
- args++;
- outformat = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-out"))
- {
- if (args[1])
- {
- args++;
- outfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-content"))
- {
- if (args[1])
- {
- args++;
- contfile = *args;
- }
- else
- badarg = 1;
- }
- else if (args_verify(&args, &badarg, bio_err, &vpm))
- continue;
- else
- badarg = 1;
- args++;
- }
-
-
- if (operation == SMIME_SIGN)
- {
- if (!signerfile)
- {
- BIO_printf(bio_err, "No signer certificate specified\n");
- badarg = 1;
- }
- need_rand = 1;
- }
- else if (operation == SMIME_DECRYPT)
- {
- if (!recipfile)
- {
- BIO_printf(bio_err, "No recipient certificate and key specified\n");
- badarg = 1;
- }
- }
- else if (operation == SMIME_ENCRYPT)
- {
- if (!*args)
- {
- BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
- badarg = 1;
- }
- need_rand = 1;
- }
- else if (!operation)
- badarg = 1;
-
- if (badarg)
- {
- BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-encrypt encrypt message\n");
- BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
- BIO_printf (bio_err, "-sign sign message\n");
- BIO_printf (bio_err, "-verify verify signed message\n");
- BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
-#ifndef OPENSSL_NO_DES
- BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf (bio_err, "-des encrypt with DES\n");
-#endif
-#ifndef OPENSSL_NO_RC2
- BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
- BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
- BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
-#endif
- BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
- BIO_printf (bio_err, "-nosigs don't verify message signature\n");
- BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
- BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
- BIO_printf (bio_err, "-nodetach use opaque signing\n");
- BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
- BIO_printf (bio_err, "-binary don't translate message to text\n");
- BIO_printf (bio_err, "-certfile file other certificates file\n");
- BIO_printf (bio_err, "-signer file signer certificate file\n");
- BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
- BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
- BIO_printf (bio_err, "-to addr to address\n");
- BIO_printf (bio_err, "-from ad from address\n");
- BIO_printf (bio_err, "-subject s subject\n");
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (need_rand)
- {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- ret = 2;
-
- if (operation != SMIME_SIGN)
- flags &= ~PKCS7_DETACHED;
-
- if (operation & SMIME_OP)
- {
- if (flags & PKCS7_BINARY)
- inmode = "rb";
- if (outformat == FORMAT_ASN1)
- outmode = "wb";
- }
- else
- {
- if (flags & PKCS7_BINARY)
- outmode = "wb";
- if (informat == FORMAT_ASN1)
- inmode = "rb";
- }
-
- if (operation == SMIME_ENCRYPT)
- {
- if (!cipher)
- {
-#ifndef OPENSSL_NO_RC2
- cipher = EVP_rc2_40_cbc();