- int operation = 0;
- int ret = 0;
- char **args;
- char *inmode = "r", *outmode = "w";
- char *infile = NULL, *outfile = NULL;
- char *signerfile = NULL, *recipfile = NULL;
- char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
- EVP_CIPHER *cipher = NULL;
- PKCS7 *p7 = NULL;
- X509_STORE *store = NULL;
- X509 *cert = NULL, *recip = NULL, *signer = NULL;
- EVP_PKEY *key = NULL;
- STACK_OF(X509) *encerts = NULL, *other = NULL;
- BIO *in = NULL, *out = NULL, *indata = NULL;
- int badarg = 0;
- int flags = PKCS7_DETACHED;
- char *to = NULL, *from = NULL, *subject = NULL;
- char *CAfile = NULL, *CApath = NULL;
- char *passargin = NULL, *passin = NULL;
- char *inrand = NULL;
- int need_rand = 0;
- int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- args = argv + 1;
-
- ret = 1;
-
- while (!badarg && *args && *args[0] == '-') {
- if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
- else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
- else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
- else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
- else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
-#ifndef NO_DES
- else if (!strcmp (*args, "-des3"))
- cipher = EVP_des_ede3_cbc();
- else if (!strcmp (*args, "-des"))
- cipher = EVP_des_cbc();
-#endif
-#ifndef NO_RC2
- else if (!strcmp (*args, "-rc2-40"))
- cipher = EVP_rc2_40_cbc();
- else if (!strcmp (*args, "-rc2-128"))
- cipher = EVP_rc2_cbc();
- else if (!strcmp (*args, "-rc2-64"))
- cipher = EVP_rc2_64_cbc();
-#endif
- else if (!strcmp (*args, "-text"))
- flags |= PKCS7_TEXT;
- else if (!strcmp (*args, "-nointern"))
- flags |= PKCS7_NOINTERN;
- else if (!strcmp (*args, "-noverify"))
- flags |= PKCS7_NOVERIFY;
- else if (!strcmp (*args, "-nochain"))
- flags |= PKCS7_NOCHAIN;
- else if (!strcmp (*args, "-nocerts"))
- flags |= PKCS7_NOCERTS;
- else if (!strcmp (*args, "-noattr"))
- flags |= PKCS7_NOATTR;
- else if (!strcmp (*args, "-nodetach"))
- flags &= ~PKCS7_DETACHED;
- else if (!strcmp (*args, "-nosmimecap"))
- flags |= PKCS7_NOSMIMECAP;
- else if (!strcmp (*args, "-binary"))
- flags |= PKCS7_BINARY;
- else if (!strcmp (*args, "-nosigs"))
- flags |= PKCS7_NOSIGS;
- else if (!strcmp(*args,"-rand")) {
- if (args[1]) {
- args++;
- inrand = *args;
- } else badarg = 1;
- need_rand = 1;
- } else if (!strcmp(*args,"-passin")) {
- if (args[1]) {
- args++;
- passargin = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-to")) {
- if (args[1]) {
- args++;
- to = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-from")) {
- if (args[1]) {
- args++;
- from = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-subject")) {
- if (args[1]) {
- args++;
- subject = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-signer")) {
- if (args[1]) {
- args++;
- signerfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-recip")) {
- if (args[1]) {
- args++;
- recipfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-inkey")) {
- if (args[1]) {
- args++;
- keyfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-certfile")) {
- if (args[1]) {
- args++;
- certfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-CAfile")) {
- if (args[1]) {
- args++;
- CAfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-CApath")) {
- if (args[1]) {
- args++;
- CApath = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-in")) {
- if (args[1]) {
- args++;
- infile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-inform")) {
- if (args[1]) {
- args++;
- informat = str2fmt(*args);
- } else badarg = 1;
- } else if (!strcmp (*args, "-outform")) {
- if (args[1]) {
- args++;
- outformat = str2fmt(*args);
- } else badarg = 1;
- } else if (!strcmp (*args, "-out")) {
- if (args[1]) {
- args++;
- outfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-content")) {
- if (args[1]) {
- args++;
- contfile = *args;
- } else badarg = 1;
- } else badarg = 1;
- args++;
- }
-
- if(operation == SMIME_SIGN) {
- if(!signerfile) {
- BIO_printf(bio_err, "No signer certificate specified\n");
- badarg = 1;
- }
- need_rand = 1;
- } else if(operation == SMIME_DECRYPT) {
- if(!recipfile) {
- BIO_printf(bio_err, "No recipient certificate and key specified\n");
- badarg = 1;
- }
- } else if(operation == SMIME_ENCRYPT) {
- if(!*args) {
- BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
- badarg = 1;
- }
- need_rand = 1;
- } else if(!operation) badarg = 1;
-
- if (badarg) {
- BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-encrypt encrypt message\n");
- BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
- BIO_printf (bio_err, "-sign sign message\n");
- BIO_printf (bio_err, "-verify verify signed message\n");
- BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
-#ifndef NO_DES
- BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf (bio_err, "-des encrypt with DES\n");
-#endif
-#ifndef NO_RC2
- BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
- BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
- BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
-#endif
- BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
- BIO_printf (bio_err, "-nosigs don't verify message signature\n");
- BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
- BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
- BIO_printf (bio_err, "-nodetach use opaque signing\n");
- BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
- BIO_printf (bio_err, "-binary don't translate message to text\n");
- BIO_printf (bio_err, "-certfile file other certificates file\n");
- BIO_printf (bio_err, "-signer file signer certificate file\n");
- BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
- BIO_printf (bio_err, "-to addr to address\n");
- BIO_printf (bio_err, "-from ad from address\n");
- BIO_printf (bio_err, "-subject s subject\n");
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
- goto end;
- }
-
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (need_rand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- ret = 2;
-
- if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
-
- if(operation & SMIME_OP) {
- if(flags & PKCS7_BINARY) inmode = "rb";
- if(outformat == FORMAT_ASN1) outmode = "wb";
- } else {
- if(flags & PKCS7_BINARY) outmode = "wb";
- if(informat == FORMAT_ASN1) inmode = "rb";
- }
-
- if(operation == SMIME_ENCRYPT) {
- if (!cipher) {
-#ifndef NO_RC2
- cipher = EVP_rc2_40_cbc();
+ BIO *in = NULL, *out = NULL, *indata = NULL;
+ EVP_PKEY *key = NULL;
+ PKCS7 *p7 = NULL;
+ STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ X509_STORE *store = NULL;
+ X509_VERIFY_PARAM *vpm = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ const EVP_MD *sign_md = NULL;
+ char *CAfile = NULL, *CApath = NULL, *inrand = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *prog;
+ char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile =
+ NULL;
+ char *passinarg = NULL, *passin = NULL, *to = NULL, *from =
+ NULL, *subject = NULL;
+ const char *inmode = "r", *outmode = "w";
+ OPTION_CHOICE o;
+ int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef =
+ 0;
+ int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
+ FORMAT_PEM;
+ int vpmtouched = 0, rv = 0;
+ ENGINE *e = NULL;
+
+ if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+ return 1;
+
+ prog = opt_init(argc, argv, smime_options);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+ opthelp:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(smime_options);
+ ret = 0;
+ goto end;
+ case OPT_INFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+ goto opthelp;
+ break;
+ case OPT_IN:
+ infile = opt_arg();
+ break;
+ case OPT_OUTFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+ goto opthelp;
+ break;
+ case OPT_OUT:
+ outfile = opt_arg();
+ break;
+ case OPT_ENCRYPT:
+ operation = SMIME_ENCRYPT;
+ break;
+ case OPT_DECRYPT:
+ operation = SMIME_DECRYPT;
+ break;
+ case OPT_SIGN:
+ operation = SMIME_SIGN;
+ break;
+ case OPT_RESIGN:
+ operation = SMIME_RESIGN;
+ break;
+ case OPT_VERIFY:
+ operation = SMIME_VERIFY;
+ break;
+ case OPT_PK7OUT:
+ operation = SMIME_PK7OUT;
+ break;
+ case OPT_TEXT:
+ flags |= PKCS7_TEXT;
+ break;
+ case OPT_NOINTERN:
+ flags |= PKCS7_NOINTERN;
+ break;
+ case OPT_NOVERIFY:
+ flags |= PKCS7_NOVERIFY;
+ break;
+ case OPT_NOCHAIN:
+ flags |= PKCS7_NOCHAIN;
+ break;
+ case OPT_NOCERTS:
+ flags |= PKCS7_NOCERTS;
+ break;
+ case OPT_NOATTR:
+ flags |= PKCS7_NOATTR;
+ break;
+ case OPT_NODETACH:
+ flags &= ~PKCS7_DETACHED;
+ break;
+ case OPT_NOSMIMECAP:
+ flags |= PKCS7_NOSMIMECAP;
+ break;
+ case OPT_BINARY:
+ flags |= PKCS7_BINARY;
+ break;
+ case OPT_NOSIGS:
+ flags |= PKCS7_NOSIGS;
+ break;
+ case OPT_STREAM:
+ case OPT_INDEF:
+ indef = 1;
+ break;
+ case OPT_NOINDEF:
+ indef = 0;
+ break;
+ case OPT_NOOLDMIME:
+ flags |= PKCS7_NOOLDMIMETYPE;
+ break;
+ case OPT_CRLFEOL:
+ flags |= PKCS7_CRLFEOL;
+ break;
+ case OPT_RAND:
+ inrand = opt_arg();
+ need_rand = 1;
+ break;
+ case OPT_ENGINE:
+ e = setup_engine(opt_arg(), 0);
+ break;
+ case OPT_PASSIN:
+ passinarg = opt_arg();
+ break;
+ case OPT_TO:
+ to = opt_arg();
+ break;
+ case OPT_FROM:
+ from = opt_arg();
+ break;
+ case OPT_SUBJECT:
+ subject = opt_arg();
+ break;
+ case OPT_SIGNER:
+ /* If previous -signer argument add signer to list */
+ if (signerfile) {
+ if (sksigners == NULL
+ && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (keyfile == NULL)
+ keyfile = signerfile;
+ if (skkeys == NULL
+ && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
+ keyfile = NULL;
+ }
+ signerfile = opt_arg();
+ break;
+ case OPT_RECIP:
+ recipfile = opt_arg();
+ break;
+ case OPT_MD:
+ if (!opt_md(opt_arg(), &sign_md))
+ goto opthelp;
+ break;
+ case OPT_CIPHER:
+ if (!opt_cipher(opt_unknown(), &cipher))
+ goto opthelp;
+ break;
+ case OPT_INKEY:
+ /* If previous -inkey arument add signer to list */
+ if (keyfile) {
+ if (signerfile == NULL) {
+ BIO_printf(bio_err,
+ "%s: Must have -signer before -inkey\n", prog);
+ goto opthelp;
+ }
+ if (sksigners == NULL
+ && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
+ signerfile = NULL;
+ if (skkeys == NULL
+ && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
+ }
+ keyfile = opt_arg();
+ break;
+ case OPT_KEYFORM:
+ if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+ goto opthelp;
+ break;
+ case OPT_CERTFILE:
+ certfile = opt_arg();
+ break;
+ case OPT_CAFILE:
+ CAfile = opt_arg();
+ break;
+ case OPT_CAPATH:
+ CApath = opt_arg();
+ break;
+ case OPT_CONTENT:
+ contfile = opt_arg();
+ break;
+ case OPT_V_CASES:
+ if (!opt_verify(o, vpm))
+ goto opthelp;
+ vpmtouched++;
+ break;
+ }
+ }
+ argc = opt_num_rest();
+ argv = opt_rest();
+
+ if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
+ BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+ goto opthelp;
+ }
+
+ if (operation & SMIME_SIGNERS) {
+ /* Check to see if any final signer needs to be appended */
+ if (keyfile && !signerfile) {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto opthelp;
+ }
+ if (signerfile) {
+ if (!sksigners
+ && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+ sk_OPENSSL_STRING_push(sksigners, signerfile);
+ if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+ if (!keyfile)
+ keyfile = signerfile;
+ sk_OPENSSL_STRING_push(skkeys, keyfile);
+ }
+ if (!sksigners) {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ goto opthelp;
+ }
+ signerfile = NULL;
+ keyfile = NULL;
+ need_rand = 1;
+ } else if (operation == SMIME_DECRYPT) {
+ if (!recipfile && !keyfile) {
+ BIO_printf(bio_err,
+ "No recipient certificate or key specified\n");
+ goto opthelp;
+ }
+ } else if (operation == SMIME_ENCRYPT) {
+ if (argc == 0) {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ goto opthelp;
+ }
+ need_rand = 1;
+ } else if (!operation)
+ goto opthelp;
+
+ if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand) {
+ app_RAND_load_file(NULL, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if (!(operation & SMIME_SIGNERS))
+ flags &= ~PKCS7_DETACHED;
+
+ if (operation & SMIME_OP) {
+ if (outformat == FORMAT_ASN1)
+ outmode = "wb";
+ } else {
+ if (flags & PKCS7_BINARY)
+ outmode = "wb";
+ }
+
+ if (operation & SMIME_IP) {
+ if (informat == FORMAT_ASN1)
+ inmode = "rb";
+ } else {
+ if (flags & PKCS7_BINARY)
+ inmode = "rb";
+ }
+
+ if (operation == SMIME_ENCRYPT) {
+ if (!cipher) {
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();