X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fsmime.c;h=0c683f5b3c2446e84bf3a72aaf05fe01f5d3182a;hp=930978fd9b11ffcfab4d884b922e20b40d98e8b4;hb=333b070ec06d7a67538ee9d5312656a19e802dc1;hpb=25690b7f5f3d78a52c1377b823b40c6a0e12022b diff --git a/apps/smime.c b/apps/smime.c index 930978fd9b..0c683f5b3c 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -1,4 +1,3 @@ -/* smime.c */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. @@ -68,8 +67,6 @@ #include #include -#undef PROG -#define PROG smime_main static int save_certs(char *signerfile, STACK_OF(X509) *signers); static int smime_cb(int ok, X509_STORE_CTX *ctx); @@ -83,277 +80,313 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx); #define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP) #define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) -int MAIN(int, char **); +typedef enum OPTION_choice { + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, + OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY, + OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN, + OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, + OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF, + OPT_NOOLDMIME, OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN, + OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD, + OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE, + OPT_V_ENUM, + OPT_CAPATH, OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTFORM, OPT_CONTENT +} OPTION_CHOICE; + +OPTIONS smime_options[] = { + {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"}, + {OPT_HELP_STR, 1, '-', + " cert.pem... recipient certs for encryption\n"}, + {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, + {"help", OPT_HELP, '-', "Display this summary"}, + {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"}, + {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, + {"sign", OPT_SIGN, '-', "Sign message"}, + {"verify", OPT_VERIFY, '-', "Verify signed message"}, + {"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"}, + {"nointern", OPT_NOINTERN, '-', + "Don't search certificates in message for signer"}, + {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, + {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"}, + {"nocerts", OPT_NOCERTS, '-', + "Don't include signers certificate when signing"}, + {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, + {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, + {"binary", OPT_BINARY, '-', "Don't translate message to text"}, + {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, + {"signer", OPT_SIGNER, '<', "Signer certificate file"}, + {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"}, + {"in", OPT_IN, '<', "Input file"}, + {"inform", OPT_INFORM, 'F', "Input format SMIME (default), PEM or DER"}, + {"inkey", OPT_INKEY, '<', + "Input private key (if not signer or recipient)"}, + {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"}, + {"out", OPT_OUT, '>', "Output file"}, + {"outform", OPT_OUTFORM, 'F', + "Output format SMIME (default), PEM or DER"}, + {"content", OPT_CONTENT, '<', + "Supply or override content for detached signature"}, + {"to", OPT_TO, 's', "To address"}, + {"from", OPT_FROM, 's', "From address"}, + {"subject", OPT_SUBJECT, 's', "Subject"}, + {"text", OPT_TEXT, '-', "Include or delete text MIME headers"}, + {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"}, + {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, + {"resign", OPT_RESIGN, '-'}, + {"nochain", OPT_NOCHAIN, '-'}, + {"nosmimecap", OPT_NOSMIMECAP, '-'}, + {"stream", OPT_STREAM, '-'}, + {"indef", OPT_INDEF, '-'}, + {"noindef", OPT_NOINDEF, '-'}, + {"nooldmime", OPT_NOOLDMIME, '-'}, + {"crlfeol", OPT_CRLFEOL, '-'}, + {"rand", OPT_RAND, 's', + "Load the file(s) into the random number generator"}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + {"md", OPT_MD, 's'}, + {"", OPT_CIPHER, '-', "Any supported cipher"}, + OPT_V_OPTIONS, +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif + {NULL} +}; -int MAIN(int argc, char **argv) +int smime_main(int argc, char **argv) { - ENGINE *e = NULL; - int operation = 0; - int ret = 0; - char **args; - const char *inmode = "r", *outmode = "w"; - char *infile = NULL, *outfile = NULL; - char *signerfile = NULL, *recipfile = NULL; - STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile = NULL; - const EVP_CIPHER *cipher = NULL; - PKCS7 *p7 = NULL; - X509_STORE *store = NULL; - X509 *cert = NULL, *recip = NULL, *signer = NULL; + BIO *in = NULL, *out = NULL, *indata = NULL; EVP_PKEY *key = NULL; + PKCS7 *p7 = NULL; + STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; STACK_OF(X509) *encerts = NULL, *other = NULL; - BIO *in = NULL, *out = NULL, *indata = NULL; - int badarg = 0; - int flags = PKCS7_DETACHED; - char *to = NULL, *from = NULL, *subject = NULL; - char *CAfile = NULL, *CApath = NULL; - char *passargin = NULL, *passin = NULL; - char *inrand = NULL; - int need_rand = 0; - int indef = 0; - const EVP_MD *sign_md = NULL; - int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - int keyform = FORMAT_PEM; -#ifndef OPENSSL_NO_ENGINE - char *engine = NULL; -#endif - + X509 *cert = NULL, *recip = NULL, *signer = NULL; + X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; + const EVP_CIPHER *cipher = NULL; + const EVP_MD *sign_md = NULL; + char *CAfile = NULL, *CApath = NULL, *inrand = NULL; + char *certfile = NULL, *keyfile = NULL, *contfile = NULL, *prog; + char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = + NULL; + char *passinarg = NULL, *passin = NULL, *to = NULL, *from = + NULL, *subject = NULL; + const char *inmode = "r", *outmode = "w"; + OPTION_CHOICE o; + int flags = PKCS7_DETACHED, operation = 0, ret = 0, need_rand = 0, indef = + 0; + int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform = + FORMAT_PEM; + int vpmtouched = 0, rv = 0; + ENGINE *e = NULL; - args = argv + 1; - ret = 1; - - apps_startup(); - - if (bio_err == NULL) { - if ((bio_err = BIO_new(BIO_s_file())) != NULL) - BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); - } - - if (!load_config(bio_err, NULL)) - goto end; + if ((vpm = X509_VERIFY_PARAM_new()) == NULL) + return 1; - while (!badarg && *args && *args[0] == '-') { - if (!strcmp(*args, "-encrypt")) + prog = opt_init(argc, argv, smime_options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: + opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + goto end; + case OPT_HELP: + opt_help(smime_options); + ret = 0; + goto end; + case OPT_INFORM: + if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) + goto opthelp; + break; + case OPT_IN: + infile = opt_arg(); + break; + case OPT_OUTFORM: + if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) + goto opthelp; + break; + case OPT_OUT: + outfile = opt_arg(); + break; + case OPT_ENCRYPT: operation = SMIME_ENCRYPT; - else if (!strcmp(*args, "-decrypt")) + break; + case OPT_DECRYPT: operation = SMIME_DECRYPT; - else if (!strcmp(*args, "-sign")) + break; + case OPT_SIGN: operation = SMIME_SIGN; - else if (!strcmp(*args, "-resign")) + break; + case OPT_RESIGN: operation = SMIME_RESIGN; - else if (!strcmp(*args, "-verify")) + break; + case OPT_VERIFY: operation = SMIME_VERIFY; - else if (!strcmp(*args, "-pk7out")) + break; + case OPT_PK7OUT: operation = SMIME_PK7OUT; -#ifndef OPENSSL_NO_DES - else if (!strcmp(*args, "-des3")) - cipher = EVP_des_ede3_cbc(); - else if (!strcmp(*args, "-des")) - cipher = EVP_des_cbc(); -#endif -#ifndef OPENSSL_NO_SEED - else if (!strcmp(*args, "-seed")) - cipher = EVP_seed_cbc(); -#endif -#ifndef OPENSSL_NO_RC2 - else if (!strcmp(*args, "-rc2-40")) - cipher = EVP_rc2_40_cbc(); - else if (!strcmp(*args, "-rc2-128")) - cipher = EVP_rc2_cbc(); - else if (!strcmp(*args, "-rc2-64")) - cipher = EVP_rc2_64_cbc(); -#endif -#ifndef OPENSSL_NO_AES - else if (!strcmp(*args, "-aes128")) - cipher = EVP_aes_128_cbc(); - else if (!strcmp(*args, "-aes192")) - cipher = EVP_aes_192_cbc(); - else if (!strcmp(*args, "-aes256")) - cipher = EVP_aes_256_cbc(); -#endif -#ifndef OPENSSL_NO_CAMELLIA - else if (!strcmp(*args, "-camellia128")) - cipher = EVP_camellia_128_cbc(); - else if (!strcmp(*args, "-camellia192")) - cipher = EVP_camellia_192_cbc(); - else if (!strcmp(*args, "-camellia256")) - cipher = EVP_camellia_256_cbc(); -#endif - else if (!strcmp(*args, "-text")) + break; + case OPT_TEXT: flags |= PKCS7_TEXT; - else if (!strcmp(*args, "-nointern")) + break; + case OPT_NOINTERN: flags |= PKCS7_NOINTERN; - else if (!strcmp(*args, "-noverify")) + break; + case OPT_NOVERIFY: flags |= PKCS7_NOVERIFY; - else if (!strcmp(*args, "-nochain")) + break; + case OPT_NOCHAIN: flags |= PKCS7_NOCHAIN; - else if (!strcmp(*args, "-nocerts")) + break; + case OPT_NOCERTS: flags |= PKCS7_NOCERTS; - else if (!strcmp(*args, "-noattr")) + break; + case OPT_NOATTR: flags |= PKCS7_NOATTR; - else if (!strcmp(*args, "-nodetach")) + break; + case OPT_NODETACH: flags &= ~PKCS7_DETACHED; - else if (!strcmp(*args, "-nosmimecap")) + break; + case OPT_NOSMIMECAP: flags |= PKCS7_NOSMIMECAP; - else if (!strcmp(*args, "-binary")) + break; + case OPT_BINARY: flags |= PKCS7_BINARY; - else if (!strcmp(*args, "-nosigs")) + break; + case OPT_NOSIGS: flags |= PKCS7_NOSIGS; - else if (!strcmp(*args, "-stream")) + break; + case OPT_STREAM: + case OPT_INDEF: indef = 1; - else if (!strcmp(*args, "-indef")) - indef = 1; - else if (!strcmp(*args, "-noindef")) + break; + case OPT_NOINDEF: indef = 0; - else if (!strcmp(*args, "-nooldmime")) + break; + case OPT_NOOLDMIME: flags |= PKCS7_NOOLDMIMETYPE; - else if (!strcmp(*args, "-crlfeol")) + break; + case OPT_CRLFEOL: flags |= PKCS7_CRLFEOL; - else if (!strcmp(*args, "-rand")) { - if (!args[1]) - goto argerr; - args++; - inrand = *args; + break; + case OPT_RAND: + inrand = opt_arg(); need_rand = 1; - } -#ifndef OPENSSL_NO_ENGINE - else if (!strcmp(*args, "-engine")) { - if (!args[1]) - goto argerr; - engine = *++args; - } -#endif - else if (!strcmp(*args, "-passin")) { - if (!args[1]) - goto argerr; - passargin = *++args; - } else if (!strcmp(*args, "-to")) { - if (!args[1]) - goto argerr; - to = *++args; - } else if (!strcmp(*args, "-from")) { - if (!args[1]) - goto argerr; - from = *++args; - } else if (!strcmp(*args, "-subject")) { - if (!args[1]) - goto argerr; - subject = *++args; - } else if (!strcmp(*args, "-signer")) { - if (!args[1]) - goto argerr; + break; + case OPT_ENGINE: + e = setup_engine(opt_arg(), 0); + break; + case OPT_PASSIN: + passinarg = opt_arg(); + break; + case OPT_TO: + to = opt_arg(); + break; + case OPT_FROM: + from = opt_arg(); + break; + case OPT_SUBJECT: + subject = opt_arg(); + break; + case OPT_SIGNER: /* If previous -signer argument add signer to list */ - if (signerfile) { - if (!sksigners) - sksigners = sk_OPENSSL_STRING_new_null(); + if (sksigners == NULL + && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!keyfile) + if (keyfile == NULL) keyfile = signerfile; - if (!skkeys) - skkeys = sk_OPENSSL_STRING_new_null(); + if (skkeys == NULL + && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; sk_OPENSSL_STRING_push(skkeys, keyfile); keyfile = NULL; } - signerfile = *++args; - } else if (!strcmp(*args, "-recip")) { - if (!args[1]) - goto argerr; - recipfile = *++args; - } else if (!strcmp(*args, "-md")) { - if (!args[1]) - goto argerr; - sign_md = EVP_get_digestbyname(*++args); - if (sign_md == NULL) { - BIO_printf(bio_err, "Unknown digest %s\n", *args); - goto argerr; - } - } else if (!strcmp(*args, "-inkey")) { - if (!args[1]) - goto argerr; + signerfile = opt_arg(); + break; + case OPT_RECIP: + recipfile = opt_arg(); + break; + case OPT_MD: + if (!opt_md(opt_arg(), &sign_md)) + goto opthelp; + break; + case OPT_CIPHER: + if (!opt_cipher(opt_unknown(), &cipher)) + goto opthelp; + break; + case OPT_INKEY: /* If previous -inkey arument add signer to list */ if (keyfile) { - if (!signerfile) { - BIO_puts(bio_err, "Illegal -inkey without -signer\n"); - goto argerr; + if (signerfile == NULL) { + BIO_printf(bio_err, + "%s: Must have -signer before -inkey\n", prog); + goto opthelp; } - if (!sksigners) - sksigners = sk_OPENSSL_STRING_new_null(); + if (sksigners == NULL + && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; sk_OPENSSL_STRING_push(sksigners, signerfile); signerfile = NULL; - if (!skkeys) - skkeys = sk_OPENSSL_STRING_new_null(); + if (skkeys == NULL + && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; sk_OPENSSL_STRING_push(skkeys, keyfile); } - keyfile = *++args; - } else if (!strcmp(*args, "-keyform")) { - if (!args[1]) - goto argerr; - keyform = str2fmt(*++args); - } else if (!strcmp(*args, "-certfile")) { - if (!args[1]) - goto argerr; - certfile = *++args; - } else if (!strcmp(*args, "-CAfile")) { - if (!args[1]) - goto argerr; - CAfile = *++args; - } else if (!strcmp(*args, "-CApath")) { - if (!args[1]) - goto argerr; - CApath = *++args; - } else if (!strcmp(*args, "-in")) { - if (!args[1]) - goto argerr; - infile = *++args; - } else if (!strcmp(*args, "-inform")) { - if (!args[1]) - goto argerr; - informat = str2fmt(*++args); - } else if (!strcmp(*args, "-outform")) { - if (!args[1]) - goto argerr; - outformat = str2fmt(*++args); - } else if (!strcmp(*args, "-out")) { - if (!args[1]) - goto argerr; - outfile = *++args; - } else if (!strcmp(*args, "-content")) { - if (!args[1]) - goto argerr; - contfile = *++args; - } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) - continue; - else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL) - badarg = 1; - args++; + keyfile = opt_arg(); + break; + case OPT_KEYFORM: + if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) + goto opthelp; + break; + case OPT_CERTFILE: + certfile = opt_arg(); + break; + case OPT_CAFILE: + CAfile = opt_arg(); + break; + case OPT_CAPATH: + CApath = opt_arg(); + break; + case OPT_CONTENT: + contfile = opt_arg(); + break; + case OPT_V_CASES: + if (!opt_verify(o, vpm)) + goto opthelp; + vpmtouched++; + break; + } } + argc = opt_num_rest(); + argv = opt_rest(); if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) { BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); - goto argerr; + goto opthelp; } if (operation & SMIME_SIGNERS) { /* Check to see if any final signer needs to be appended */ if (keyfile && !signerfile) { BIO_puts(bio_err, "Illegal -inkey without -signer\n"); - goto argerr; + goto opthelp; } if (signerfile) { - if (!sksigners) - sksigners = sk_OPENSSL_STRING_new_null(); + if (!sksigners + && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!skkeys) - skkeys = sk_OPENSSL_STRING_new_null(); + if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) + goto end; if (!keyfile) keyfile = signerfile; sk_OPENSSL_STRING_push(skkeys, keyfile); } if (!sksigners) { BIO_printf(bio_err, "No signer certificate specified\n"); - badarg = 1; + goto opthelp; } signerfile = NULL; keyfile = NULL; @@ -362,118 +395,24 @@ int MAIN(int argc, char **argv) if (!recipfile && !keyfile) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); - badarg = 1; + goto opthelp; } } else if (operation == SMIME_ENCRYPT) { - if (!*args) { + if (argc == 0) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); - badarg = 1; + goto opthelp; } need_rand = 1; } else if (!operation) - badarg = 1; - - if (badarg) { - argerr: - BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n"); - BIO_printf(bio_err, "where options are\n"); - BIO_printf(bio_err, "-encrypt encrypt message\n"); - BIO_printf(bio_err, "-decrypt decrypt encrypted message\n"); - BIO_printf(bio_err, "-sign sign message\n"); - BIO_printf(bio_err, "-verify verify signed message\n"); - BIO_printf(bio_err, "-pk7out output PKCS#7 structure\n"); -#ifndef OPENSSL_NO_DES - BIO_printf(bio_err, "-des3 encrypt with triple DES\n"); - BIO_printf(bio_err, "-des encrypt with DES\n"); -#endif -#ifndef OPENSSL_NO_SEED - BIO_printf(bio_err, "-seed encrypt with SEED\n"); -#endif -#ifndef OPENSSL_NO_RC2 - BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); - BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n"); - BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n"); -#endif -#ifndef OPENSSL_NO_AES - BIO_printf(bio_err, "-aes128, -aes192, -aes256\n"); - BIO_printf(bio_err, - " encrypt PEM output with cbc aes\n"); -#endif -#ifndef OPENSSL_NO_CAMELLIA - BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n"); - BIO_printf(bio_err, - " encrypt PEM output with cbc camellia\n"); -#endif - BIO_printf(bio_err, - "-nointern don't search certificates in message for signer\n"); - BIO_printf(bio_err, - "-nosigs don't verify message signature\n"); - BIO_printf(bio_err, - "-noverify don't verify signers certificate\n"); - BIO_printf(bio_err, - "-nocerts don't include signers certificate when signing\n"); - BIO_printf(bio_err, "-nodetach use opaque signing\n"); - BIO_printf(bio_err, - "-noattr don't include any signed attributes\n"); - BIO_printf(bio_err, - "-binary don't translate message to text\n"); - BIO_printf(bio_err, "-certfile file other certificates file\n"); - BIO_printf(bio_err, "-signer file signer certificate file\n"); - BIO_printf(bio_err, - "-recip file recipient certificate file for decryption\n"); - BIO_printf(bio_err, "-in file input file\n"); - BIO_printf(bio_err, - "-inform arg input format SMIME (default), PEM or DER\n"); - BIO_printf(bio_err, - "-inkey file input private key (if not signer or recipient)\n"); - BIO_printf(bio_err, - "-keyform arg input private key format (PEM or ENGINE)\n"); - BIO_printf(bio_err, "-out file output file\n"); - BIO_printf(bio_err, - "-outform arg output format SMIME (default), PEM or DER\n"); - BIO_printf(bio_err, - "-content file supply or override content for detached signature\n"); - BIO_printf(bio_err, "-to addr to address\n"); - BIO_printf(bio_err, "-from ad from address\n"); - BIO_printf(bio_err, "-subject s subject\n"); - BIO_printf(bio_err, - "-text include or delete text MIME headers\n"); - BIO_printf(bio_err, - "-CApath dir trusted certificates directory\n"); - BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); - BIO_printf(bio_err, - "-trusted_first use locally trusted CA's first when building trust chain\n"); - BIO_printf(bio_err, - "-no_alt_chains only ever use the first certificate chain found\n"); - BIO_printf(bio_err, - "-crl_check check revocation status of signer's certificate using CRLs\n"); - BIO_printf(bio_err, - "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); -#ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err, - "-engine e use engine e, possibly a hardware device.\n"); -#endif - BIO_printf(bio_err, "-passin arg input file pass phrase source\n"); - BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, - LIST_SEPARATOR_CHAR); - BIO_printf(bio_err, - " load the file (or the files in the directory) into\n"); - BIO_printf(bio_err, " the random number generator\n"); - BIO_printf(bio_err, - "cert.pem recipient certificate(s) for encryption\n"); - goto end; - } -#ifndef OPENSSL_NO_ENGINE - e = setup_engine(bio_err, engine, 0); -#endif + goto opthelp; - if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { + if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } if (need_rand) { - app_RAND_load_file(NULL, bio_err, (inrand != NULL)); + app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); @@ -510,19 +449,21 @@ int MAIN(int argc, char **argv) #endif } encerts = sk_X509_new_null(); - while (*args) { - if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, - NULL, e, "recipient certificate file"))) { + if (!encerts) + goto end; + while (*argv) { + cert = load_cert(*argv, FORMAT_PEM, + NULL, e, "recipient certificate file"); + if (cert == NULL) goto end; - } sk_X509_push(encerts, cert); cert = NULL; - args++; + argv++; } } if (certfile) { - if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL, + if (!(other = load_certs(certfile, FORMAT_PEM, NULL, e, "certificate file"))) { ERR_print_errors(bio_err); goto end; @@ -530,7 +471,7 @@ int MAIN(int argc, char **argv) } if (recipfile && (operation == SMIME_DECRYPT)) { - if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL, + if (!(recip = load_cert(recipfile, FORMAT_PEM, NULL, e, "recipient certificate file"))) { ERR_print_errors(bio_err); goto end; @@ -547,19 +488,14 @@ int MAIN(int argc, char **argv) keyfile = NULL; if (keyfile) { - key = load_key(bio_err, keyfile, keyform, 0, passin, e, - "signing key file"); + key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); if (!key) goto end; } - if (infile) { - if (!(in = BIO_new_file(infile, inmode))) { - BIO_printf(bio_err, "Can't open input file %s\n", infile); - goto end; - } - } else - in = BIO_new_fp(stdin, BIO_NOCLOSE); + in = bio_open_default(infile, inmode); + if (in == NULL) + goto end; if (operation & SMIME_IP) { if (informat == FORMAT_SMIME) @@ -586,26 +522,15 @@ int MAIN(int argc, char **argv) } } - if (outfile) { - if (!(out = BIO_new_file(outfile, outmode))) { - BIO_printf(bio_err, "Can't open output file %s\n", outfile); - goto end; - } - } else { - out = BIO_new_fp(stdout, BIO_NOCLOSE); -#ifdef OPENSSL_SYS_VMS - { - BIO *tmpbio = BIO_new(BIO_f_linebuffer()); - out = BIO_push(tmpbio, out); - } -#endif - } + out = bio_open_default(outfile, outmode); + if (out == NULL) + goto end; if (operation == SMIME_VERIFY) { - if (!(store = setup_verify(bio_err, CAfile, CApath))) + if (!(store = setup_verify(CAfile, CApath))) goto end; X509_STORE_set_verify_cb(store, smime_cb); - if (vpm) + if (vpmtouched) X509_STORE_set1_param(store, vpm); } @@ -642,12 +567,11 @@ int MAIN(int argc, char **argv) for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { signerfile = sk_OPENSSL_STRING_value(sksigners, i); keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, + signer = load_cert(signerfile, FORMAT_PEM, NULL, e, "signer certificate"); if (!signer) goto end; - key = load_key(bio_err, keyfile, keyform, 0, passin, e, - "signing key file"); + key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); if (!key) goto end; if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags)) @@ -701,22 +625,27 @@ int MAIN(int argc, char **argv) BIO_printf(out, "Subject: %s\n", subject); if (outformat == FORMAT_SMIME) { if (operation == SMIME_RESIGN) - SMIME_write_PKCS7(out, p7, indata, flags); + rv = SMIME_write_PKCS7(out, p7, indata, flags); else - SMIME_write_PKCS7(out, p7, in, flags); + rv = SMIME_write_PKCS7(out, p7, in, flags); } else if (outformat == FORMAT_PEM) - PEM_write_bio_PKCS7_stream(out, p7, in, flags); + rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags); else if (outformat == FORMAT_ASN1) - i2d_PKCS7_bio_stream(out, p7, in, flags); + rv = i2d_PKCS7_bio_stream(out, p7, in, flags); else { BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); goto end; } + if (rv == 0) { + BIO_printf(bio_err, "Error writing output\n"); + ret = 3; + goto end; + } } ret = 0; end: if (need_rand) - app_RAND_write_file(NULL, bio_err); + app_RAND_write_file(NULL); if (ret) ERR_print_errors(bio_err); sk_X509_pop_free(encerts, X509_free); @@ -768,7 +697,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx) && ((error != X509_V_OK) || (ok != 2))) return ok; - policies_print(NULL, ctx); + policies_print(bio_err, ctx); return ok;