fix printout of expiry days if -enddate is used in ca
[openssl.git] / apps / cms.c
1 /* apps/cms.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project.
4  */
5 /* ====================================================================
6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer. 
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  */
53
54 /* CMS utility function */
55
56 #include <stdio.h>
57 #include <string.h>
58 #include "apps.h"
59
60 #ifndef OPENSSL_NO_CMS
61
62 #include <openssl/crypto.h>
63 #include <openssl/pem.h>
64 #include <openssl/err.h>
65 #include <openssl/x509_vfy.h>
66 #include <openssl/x509v3.h>
67 #include <openssl/cms.h>
68
69 #undef PROG
70 #define PROG cms_main
71 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
72 static int cms_cb(int ok, X509_STORE_CTX *ctx);
73 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
74 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
75                                                 int rr_allorfirst,
76                                         STACK_OF(OPENSSL_STRING) *rr_from);
77
78 #define SMIME_OP        0x10
79 #define SMIME_IP        0x20
80 #define SMIME_SIGNERS   0x40
81 #define SMIME_ENCRYPT           (1 | SMIME_OP)
82 #define SMIME_DECRYPT           (2 | SMIME_IP)
83 #define SMIME_SIGN              (3 | SMIME_OP | SMIME_SIGNERS)
84 #define SMIME_VERIFY            (4 | SMIME_IP)
85 #define SMIME_CMSOUT            (5 | SMIME_IP | SMIME_OP)
86 #define SMIME_RESIGN            (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
87 #define SMIME_DATAOUT           (7 | SMIME_IP)
88 #define SMIME_DATA_CREATE       (8 | SMIME_OP)
89 #define SMIME_DIGEST_VERIFY     (9 | SMIME_IP)
90 #define SMIME_DIGEST_CREATE     (10 | SMIME_OP)
91 #define SMIME_UNCOMPRESS        (11 | SMIME_IP)
92 #define SMIME_COMPRESS          (12 | SMIME_OP)
93 #define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
94 #define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
95 #define SMIME_SIGN_RECEIPT      (15 | SMIME_IP | SMIME_OP)
96 #define SMIME_VERIFY_RECEIPT    (16 | SMIME_IP)
97
98 int verify_err = 0;
99
100 int MAIN(int, char **);
101
102 int MAIN(int argc, char **argv)
103         {
104         ENGINE *e = NULL;
105         int operation = 0;
106         int ret = 0;
107         char **args;
108         const char *inmode = "r", *outmode = "w";
109         char *infile = NULL, *outfile = NULL, *rctfile = NULL;
110         char *signerfile = NULL, *recipfile = NULL;
111         STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
112         char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
113         char *certsoutfile = NULL;
114         const EVP_CIPHER *cipher = NULL;
115         CMS_ContentInfo *cms = NULL, *rcms = NULL;
116         X509_STORE *store = NULL;
117         X509 *cert = NULL, *recip = NULL, *signer = NULL;
118         EVP_PKEY *key = NULL;
119         STACK_OF(X509) *encerts = NULL, *other = NULL;
120         BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
121         int badarg = 0;
122         int flags = CMS_DETACHED, noout = 0, print = 0;
123         int verify_retcode = 0;
124         int rr_print = 0, rr_allorfirst = -1;
125         STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
126         CMS_ReceiptRequest *rr = NULL;
127         char *to = NULL, *from = NULL, *subject = NULL;
128         char *CAfile = NULL, *CApath = NULL;
129         char *passargin = NULL, *passin = NULL;
130         char *inrand = NULL;
131         int need_rand = 0;
132         const EVP_MD *sign_md = NULL;
133         int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
134         int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
135 #ifndef OPENSSL_NO_ENGINE
136         char *engine=NULL;
137 #endif
138         unsigned char *secret_key = NULL, *secret_keyid = NULL;
139         unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
140         size_t secret_keylen = 0, secret_keyidlen = 0;
141
142         ASN1_OBJECT *econtent_type = NULL;
143
144         X509_VERIFY_PARAM *vpm = NULL;
145
146         args = argv + 1;
147         ret = 1;
148
149         apps_startup();
150
151         if (bio_err == NULL)
152                 {
153                 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
154                         BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
155                 }
156
157         if (!load_config(bio_err, NULL))
158                 goto end;
159
160         while (!badarg && *args && *args[0] == '-')
161                 {
162                 if (!strcmp (*args, "-encrypt"))
163                         operation = SMIME_ENCRYPT;
164                 else if (!strcmp (*args, "-decrypt"))
165                         operation = SMIME_DECRYPT;
166                 else if (!strcmp (*args, "-sign"))
167                         operation = SMIME_SIGN;
168                 else if (!strcmp (*args, "-sign_receipt"))
169                         operation = SMIME_SIGN_RECEIPT;
170                 else if (!strcmp (*args, "-resign"))
171                         operation = SMIME_RESIGN;
172                 else if (!strcmp (*args, "-verify"))
173                         operation = SMIME_VERIFY;
174                 else if (!strcmp (*args, "-verify_retcode"))
175                         verify_retcode = 1;
176                 else if (!strcmp(*args,"-verify_receipt"))
177                         {
178                         operation = SMIME_VERIFY_RECEIPT;
179                         if (!args[1])
180                                 goto argerr;
181                         args++;
182                         rctfile = *args;
183                         }
184                 else if (!strcmp (*args, "-cmsout"))
185                         operation = SMIME_CMSOUT;
186                 else if (!strcmp (*args, "-data_out"))
187                         operation = SMIME_DATAOUT;
188                 else if (!strcmp (*args, "-data_create"))
189                         operation = SMIME_DATA_CREATE;
190                 else if (!strcmp (*args, "-digest_verify"))
191                         operation = SMIME_DIGEST_VERIFY;
192                 else if (!strcmp (*args, "-digest_create"))
193                         operation = SMIME_DIGEST_CREATE;
194                 else if (!strcmp (*args, "-compress"))
195                         operation = SMIME_COMPRESS;
196                 else if (!strcmp (*args, "-uncompress"))
197                         operation = SMIME_UNCOMPRESS;
198                 else if (!strcmp (*args, "-EncryptedData_decrypt"))
199                         operation = SMIME_ENCRYPTED_DECRYPT;
200                 else if (!strcmp (*args, "-EncryptedData_encrypt"))
201                         operation = SMIME_ENCRYPTED_ENCRYPT;
202 #ifndef OPENSSL_NO_DES
203                 else if (!strcmp (*args, "-des3")) 
204                                 cipher = EVP_des_ede3_cbc();
205                 else if (!strcmp (*args, "-des")) 
206                                 cipher = EVP_des_cbc();
207 #endif
208 #ifndef OPENSSL_NO_SEED
209                 else if (!strcmp (*args, "-seed")) 
210                                 cipher = EVP_seed_cbc();
211 #endif
212 #ifndef OPENSSL_NO_RC2
213                 else if (!strcmp (*args, "-rc2-40")) 
214                                 cipher = EVP_rc2_40_cbc();
215                 else if (!strcmp (*args, "-rc2-128")) 
216                                 cipher = EVP_rc2_cbc();
217                 else if (!strcmp (*args, "-rc2-64")) 
218                                 cipher = EVP_rc2_64_cbc();
219 #endif
220 #ifndef OPENSSL_NO_AES
221                 else if (!strcmp(*args,"-aes128"))
222                                 cipher = EVP_aes_128_cbc();
223                 else if (!strcmp(*args,"-aes192"))
224                                 cipher = EVP_aes_192_cbc();
225                 else if (!strcmp(*args,"-aes256"))
226                                 cipher = EVP_aes_256_cbc();
227 #endif
228 #ifndef OPENSSL_NO_CAMELLIA
229                 else if (!strcmp(*args,"-camellia128"))
230                                 cipher = EVP_camellia_128_cbc();
231                 else if (!strcmp(*args,"-camellia192"))
232                                 cipher = EVP_camellia_192_cbc();
233                 else if (!strcmp(*args,"-camellia256"))
234                                 cipher = EVP_camellia_256_cbc();
235 #endif
236                 else if (!strcmp (*args, "-debug_decrypt")) 
237                                 flags |= CMS_DEBUG_DECRYPT;
238                 else if (!strcmp (*args, "-text")) 
239                                 flags |= CMS_TEXT;
240                 else if (!strcmp (*args, "-nointern")) 
241                                 flags |= CMS_NOINTERN;
242                 else if (!strcmp (*args, "-noverify") 
243                         || !strcmp (*args, "-no_signer_cert_verify")) 
244                                 flags |= CMS_NO_SIGNER_CERT_VERIFY;
245                 else if (!strcmp (*args, "-nocerts")) 
246                                 flags |= CMS_NOCERTS;
247                 else if (!strcmp (*args, "-noattr")) 
248                                 flags |= CMS_NOATTR;
249                 else if (!strcmp (*args, "-nodetach")) 
250                                 flags &= ~CMS_DETACHED;
251                 else if (!strcmp (*args, "-nosmimecap"))
252                                 flags |= CMS_NOSMIMECAP;
253                 else if (!strcmp (*args, "-binary"))
254                                 flags |= CMS_BINARY;
255                 else if (!strcmp (*args, "-keyid"))
256                                 flags |= CMS_USE_KEYID;
257                 else if (!strcmp (*args, "-nosigs"))
258                                 flags |= CMS_NOSIGS;
259                 else if (!strcmp (*args, "-no_content_verify"))
260                                 flags |= CMS_NO_CONTENT_VERIFY;
261                 else if (!strcmp (*args, "-no_attr_verify"))
262                                 flags |= CMS_NO_ATTR_VERIFY;
263                 else if (!strcmp (*args, "-stream"))
264                                 flags |= CMS_STREAM;
265                 else if (!strcmp (*args, "-indef"))
266                                 flags |= CMS_STREAM;
267                 else if (!strcmp (*args, "-noindef"))
268                                 flags &= ~CMS_STREAM;
269                 else if (!strcmp (*args, "-nooldmime"))
270                                 flags |= CMS_NOOLDMIMETYPE;
271                 else if (!strcmp (*args, "-crlfeol"))
272                                 flags |= CMS_CRLFEOL;
273                 else if (!strcmp (*args, "-noout"))
274                                 noout = 1;
275                 else if (!strcmp (*args, "-receipt_request_print"))
276                                 rr_print = 1;
277                 else if (!strcmp (*args, "-receipt_request_all"))
278                                 rr_allorfirst = 0;
279                 else if (!strcmp (*args, "-receipt_request_first"))
280                                 rr_allorfirst = 1;
281                 else if (!strcmp(*args,"-receipt_request_from"))
282                         {
283                         if (!args[1])
284                                 goto argerr;
285                         args++;
286                         if (!rr_from)
287                                 rr_from = sk_OPENSSL_STRING_new_null();
288                         sk_OPENSSL_STRING_push(rr_from, *args);
289                         }
290                 else if (!strcmp(*args,"-receipt_request_to"))
291                         {
292                         if (!args[1])
293                                 goto argerr;
294                         args++;
295                         if (!rr_to)
296                                 rr_to = sk_OPENSSL_STRING_new_null();
297                         sk_OPENSSL_STRING_push(rr_to, *args);
298                         }
299                 else if (!strcmp (*args, "-print"))
300                                 {
301                                 noout = 1;
302                                 print = 1;
303                                 }
304                 else if (!strcmp(*args,"-secretkey"))
305                         {
306                         long ltmp;
307                         if (!args[1])
308                                 goto argerr;
309                         args++;
310                         secret_key = string_to_hex(*args, &ltmp);
311                         if (!secret_key)
312                                 {
313                                 BIO_printf(bio_err, "Invalid key %s\n", *args);
314                                 goto argerr;
315                                 }
316                         secret_keylen = (size_t)ltmp;
317                         }
318                 else if (!strcmp(*args,"-secretkeyid"))
319                         {
320                         long ltmp;
321                         if (!args[1])
322                                 goto argerr;
323                         args++;
324                         secret_keyid = string_to_hex(*args, &ltmp);
325                         if (!secret_keyid)
326                                 {
327                                 BIO_printf(bio_err, "Invalid id %s\n", *args);
328                                 goto argerr;
329                                 }
330                         secret_keyidlen = (size_t)ltmp;
331                         }
332                 else if (!strcmp(*args,"-pwri_password"))
333                         {
334                         if (!args[1])
335                                 goto argerr;
336                         args++;
337                         pwri_pass = (unsigned char *)*args;
338                         }
339                 else if (!strcmp(*args,"-econtent_type"))
340                         {
341                         if (!args[1])
342                                 goto argerr;
343                         args++;
344                         econtent_type = OBJ_txt2obj(*args, 0);
345                         if (!econtent_type)
346                                 {
347                                 BIO_printf(bio_err, "Invalid OID %s\n", *args);
348                                 goto argerr;
349                                 }
350                         }
351                 else if (!strcmp(*args,"-rand"))
352                         {
353                         if (!args[1])
354                                 goto argerr;
355                         args++;
356                         inrand = *args;
357                         need_rand = 1;
358                         }
359 #ifndef OPENSSL_NO_ENGINE
360                 else if (!strcmp(*args,"-engine"))
361                         {
362                         if (!args[1])
363                                 goto argerr;
364                         engine = *++args;
365                         }
366 #endif
367                 else if (!strcmp(*args,"-passin"))
368                         {
369                         if (!args[1])
370                                 goto argerr;
371                         passargin = *++args;
372                         }
373                 else if (!strcmp (*args, "-to"))
374                         {
375                         if (!args[1])
376                                 goto argerr;
377                         to = *++args;
378                         }
379                 else if (!strcmp (*args, "-from"))
380                         {
381                         if (!args[1])
382                                 goto argerr;
383                         from = *++args;
384                         }
385                 else if (!strcmp (*args, "-subject"))
386                         {
387                         if (!args[1])
388                                 goto argerr;
389                         subject = *++args;
390                         }
391                 else if (!strcmp (*args, "-signer"))
392                         {
393                         if (!args[1])
394                                 goto argerr;
395                         /* If previous -signer argument add signer to list */
396
397                         if (signerfile)
398                                 {
399                                 if (!sksigners)
400                                         sksigners = sk_OPENSSL_STRING_new_null();
401                                 sk_OPENSSL_STRING_push(sksigners, signerfile);
402                                 if (!keyfile)
403                                         keyfile = signerfile;
404                                 if (!skkeys)
405                                         skkeys = sk_OPENSSL_STRING_new_null();
406                                 sk_OPENSSL_STRING_push(skkeys, keyfile);
407                                 keyfile = NULL;
408                                 }
409                         signerfile = *++args;
410                         }
411                 else if (!strcmp (*args, "-recip"))
412                         {
413                         if (!args[1])
414                                 goto argerr;
415                         recipfile = *++args;
416                         }
417                 else if (!strcmp (*args, "-certsout"))
418                         {
419                         if (!args[1])
420                                 goto argerr;
421                         certsoutfile = *++args;
422                         }
423                 else if (!strcmp (*args, "-md"))
424                         {
425                         if (!args[1])
426                                 goto argerr;
427                         sign_md = EVP_get_digestbyname(*++args);
428                         if (sign_md == NULL)
429                                 {
430                                 BIO_printf(bio_err, "Unknown digest %s\n",
431                                                         *args);
432                                 goto argerr;
433                                 }
434                         }
435                 else if (!strcmp (*args, "-inkey"))
436                         {
437                         if (!args[1])   
438                                 goto argerr;
439                         /* If previous -inkey arument add signer to list */
440                         if (keyfile)
441                                 {
442                                 if (!signerfile)
443                                         {
444                                         BIO_puts(bio_err, "Illegal -inkey without -signer\n");
445                                         goto argerr;
446                                         }
447                                 if (!sksigners)
448                                         sksigners = sk_OPENSSL_STRING_new_null();
449                                 sk_OPENSSL_STRING_push(sksigners, signerfile);
450                                 signerfile = NULL;
451                                 if (!skkeys)
452                                         skkeys = sk_OPENSSL_STRING_new_null();
453                                 sk_OPENSSL_STRING_push(skkeys, keyfile);
454                                 }
455                         keyfile = *++args;
456                         }
457                 else if (!strcmp (*args, "-keyform"))
458                         {
459                         if (!args[1])
460                                 goto argerr;
461                         keyform = str2fmt(*++args);
462                         }
463                 else if (!strcmp (*args, "-rctform"))
464                         {
465                         if (!args[1])
466                                 goto argerr;
467                         rctformat = str2fmt(*++args);
468                         }
469                 else if (!strcmp (*args, "-certfile"))
470                         {
471                         if (!args[1])
472                                 goto argerr;
473                         certfile = *++args;
474                         }
475                 else if (!strcmp (*args, "-CAfile"))
476                         {
477                         if (!args[1])
478                                 goto argerr;
479                         CAfile = *++args;
480                         }
481                 else if (!strcmp (*args, "-CApath"))
482                         {
483                         if (!args[1])
484                                 goto argerr;
485                         CApath = *++args;
486                         }
487                 else if (!strcmp (*args, "-in"))
488                         {
489                         if (!args[1])
490                                 goto argerr;
491                         infile = *++args;
492                         }
493                 else if (!strcmp (*args, "-inform"))
494                         {
495                         if (!args[1])
496                                 goto argerr;
497                         informat = str2fmt(*++args);
498                         }
499                 else if (!strcmp (*args, "-outform"))
500                         {
501                         if (!args[1])
502                                 goto argerr;
503                         outformat = str2fmt(*++args);
504                         }
505                 else if (!strcmp (*args, "-out"))
506                         {
507                         if (!args[1])
508                                 goto argerr;
509                         outfile = *++args;
510                         }
511                 else if (!strcmp (*args, "-content"))
512                         {
513                         if (!args[1])
514                                 goto argerr;
515                         contfile = *++args;
516                         }
517                 else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
518                         continue;
519                 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
520                         badarg = 1;
521                 args++;
522                 }
523
524         if (((rr_allorfirst != -1) || rr_from) && !rr_to)
525                 {
526                 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
527                 goto argerr;
528                 }
529
530         if (!(operation & SMIME_SIGNERS)  && (rr_to || rr_from))
531                 {
532                 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
533                 goto argerr;
534                 }
535         if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
536                 {
537                 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
538                 goto argerr;
539                 }
540
541         if (operation & SMIME_SIGNERS)
542                 {
543                 if (keyfile && !signerfile)
544                         {
545                         BIO_puts(bio_err, "Illegal -inkey without -signer\n");
546                         goto argerr;
547                         }
548                 /* Check to see if any final signer needs to be appended */
549                 if (signerfile)
550                         {
551                         if (!sksigners)
552                                 sksigners = sk_OPENSSL_STRING_new_null();
553                         sk_OPENSSL_STRING_push(sksigners, signerfile);
554                         if (!skkeys)
555                                 skkeys = sk_OPENSSL_STRING_new_null();
556                         if (!keyfile)
557                                 keyfile = signerfile;
558                         sk_OPENSSL_STRING_push(skkeys, keyfile);
559                         }
560                 if (!sksigners)
561                         {
562                         BIO_printf(bio_err, "No signer certificate specified\n");
563                         badarg = 1;
564                         }
565                 signerfile = NULL;
566                 keyfile = NULL;
567                 need_rand = 1;
568                 }
569
570         else if (operation == SMIME_DECRYPT)
571                 {
572                 if (!recipfile && !keyfile && !secret_key && !pwri_pass)
573                         {
574                         BIO_printf(bio_err, "No recipient certificate or key specified\n");
575                         badarg = 1;
576                         }
577                 }
578         else if (operation == SMIME_ENCRYPT)
579                 {
580                 if (!*args && !secret_key && !pwri_pass)
581                         {
582                         BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
583                         badarg = 1;
584                         }
585                 need_rand = 1;
586                 }
587         else if (!operation)
588                 badarg = 1;
589
590         if (badarg)
591                 {
592                 argerr:
593                 BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
594                 BIO_printf (bio_err, "where options are\n");
595                 BIO_printf (bio_err, "-encrypt       encrypt message\n");
596                 BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
597                 BIO_printf (bio_err, "-sign          sign message\n");
598                 BIO_printf (bio_err, "-verify        verify signed message\n");
599                 BIO_printf (bio_err, "-cmsout        output CMS structure\n");
600 #ifndef OPENSSL_NO_DES
601                 BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
602                 BIO_printf (bio_err, "-des           encrypt with DES\n");
603 #endif
604 #ifndef OPENSSL_NO_SEED
605                 BIO_printf (bio_err, "-seed          encrypt with SEED\n");
606 #endif
607 #ifndef OPENSSL_NO_RC2
608                 BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
609                 BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
610                 BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
611 #endif
612 #ifndef OPENSSL_NO_AES
613                 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
614                 BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
615 #endif
616 #ifndef OPENSSL_NO_CAMELLIA
617                 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
618                 BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
619 #endif
620                 BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
621                 BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
622                 BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
623                 BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
624                 BIO_printf (bio_err, "-nodetach      use opaque signing\n");
625                 BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
626                 BIO_printf (bio_err, "-binary        don't translate message to text\n");
627                 BIO_printf (bio_err, "-certfile file other certificates file\n");
628                 BIO_printf (bio_err, "-certsout file certificate output file\n");
629                 BIO_printf (bio_err, "-signer file   signer certificate file\n");
630                 BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
631                 BIO_printf (bio_err, "-keyid         use subject key identifier\n");
632                 BIO_printf (bio_err, "-in file       input file\n");
633                 BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
634                 BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
635                 BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
636                 BIO_printf (bio_err, "-out file      output file\n");
637                 BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
638                 BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
639                 BIO_printf (bio_err, "-to addr       to address\n");
640                 BIO_printf (bio_err, "-from ad       from address\n");
641                 BIO_printf (bio_err, "-subject s     subject\n");
642                 BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
643                 BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
644                 BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
645                 BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
646                 BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
647 #ifndef OPENSSL_NO_ENGINE
648                 BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
649 #endif
650                 BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
651                 BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
652                 BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
653                 BIO_printf(bio_err,  "               the random number generator\n");
654                 BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
655                 goto end;
656                 }
657
658 #ifndef OPENSSL_NO_ENGINE
659         e = setup_engine(bio_err, engine, 0);
660 #endif
661
662         if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
663                 {
664                 BIO_printf(bio_err, "Error getting password\n");
665                 goto end;
666                 }
667
668         if (need_rand)
669                 {
670                 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
671                 if (inrand != NULL)
672                         BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
673                                 app_RAND_load_files(inrand));
674                 }
675
676         ret = 2;
677
678         if (!(operation & SMIME_SIGNERS))
679                 flags &= ~CMS_DETACHED;
680
681         if (operation & SMIME_OP)
682                 {
683                 if (outformat == FORMAT_ASN1)
684                         outmode = "wb";
685                 }
686         else
687                 {
688                 if (flags & CMS_BINARY)
689                         outmode = "wb";
690                 }
691
692         if (operation & SMIME_IP)
693                 {
694                 if (informat == FORMAT_ASN1)
695                         inmode = "rb";
696                 }
697         else
698                 {
699                 if (flags & CMS_BINARY)
700                         inmode = "rb";
701                 }
702
703         if (operation == SMIME_ENCRYPT)
704                 {
705                 if (!cipher)
706                         {
707 #ifndef OPENSSL_NO_DES                  
708                         cipher = EVP_des_ede3_cbc();
709 #else
710                         BIO_printf(bio_err, "No cipher selected\n");
711                         goto end;
712 #endif
713                         }
714
715                 if (secret_key && !secret_keyid)
716                         {
717                         BIO_printf(bio_err, "No secret key id\n");
718                         goto end;
719                         }
720
721                 if (*args)
722                         encerts = sk_X509_new_null();
723                 while (*args)
724                         {
725                         if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
726                                 NULL, e, "recipient certificate file")))
727                                 goto end;
728                         sk_X509_push(encerts, cert);
729                         cert = NULL;
730                         args++;
731                         }
732                 }
733
734         if (certfile)
735                 {
736                 if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
737                         e, "certificate file")))
738                         {
739                         ERR_print_errors(bio_err);
740                         goto end;
741                         }
742                 }
743
744         if (recipfile && (operation == SMIME_DECRYPT))
745                 {
746                 if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
747                         e, "recipient certificate file")))
748                         {
749                         ERR_print_errors(bio_err);
750                         goto end;
751                         }
752                 }
753
754         if (operation == SMIME_SIGN_RECEIPT)
755                 {
756                 if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
757                         e, "receipt signer certificate file")))
758                         {
759                         ERR_print_errors(bio_err);
760                         goto end;
761                         }
762                 }
763
764         if (operation == SMIME_DECRYPT)
765                 {
766                 if (!keyfile)
767                         keyfile = recipfile;
768                 }
769         else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
770                 {
771                 if (!keyfile)
772                         keyfile = signerfile;
773                 }
774         else keyfile = NULL;
775
776         if (keyfile)
777                 {
778                 key = load_key(bio_err, keyfile, keyform, 0, passin, e,
779                                "signing key file");
780                 if (!key)
781                         goto end;
782                 }
783
784         if (infile)
785                 {
786                 if (!(in = BIO_new_file(infile, inmode)))
787                         {
788                         BIO_printf (bio_err,
789                                  "Can't open input file %s\n", infile);
790                         goto end;
791                         }
792                 }
793         else
794                 in = BIO_new_fp(stdin, BIO_NOCLOSE);
795
796         if (operation & SMIME_IP)
797                 {
798                 if (informat == FORMAT_SMIME) 
799                         cms = SMIME_read_CMS(in, &indata);
800                 else if (informat == FORMAT_PEM) 
801                         cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
802                 else if (informat == FORMAT_ASN1) 
803                         cms = d2i_CMS_bio(in, NULL);
804                 else
805                         {
806                         BIO_printf(bio_err, "Bad input format for CMS file\n");
807                         goto end;
808                         }
809
810                 if (!cms)
811                         {
812                         BIO_printf(bio_err, "Error reading S/MIME message\n");
813                         goto end;
814                         }
815                 if (contfile)
816                         {
817                         BIO_free(indata);
818                         if (!(indata = BIO_new_file(contfile, "rb")))
819                                 {
820                                 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
821                                 goto end;
822                                 }
823                         }
824                 if (certsoutfile)
825                         {
826                         STACK_OF(X509) *allcerts;
827                         allcerts = CMS_get1_certs(cms);
828                         if (!save_certs(certsoutfile, allcerts))
829                                 {
830                                 BIO_printf(bio_err,
831                                                 "Error writing certs to %s\n",
832                                                                 certsoutfile);
833                                 ret = 5;
834                                 goto end;
835                                 }
836                         sk_X509_pop_free(allcerts, X509_free);
837                         }
838                 }
839
840         if (rctfile)
841                 {
842                 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
843                 if (!(rctin = BIO_new_file(rctfile, rctmode)))
844                         {
845                         BIO_printf (bio_err,
846                                  "Can't open receipt file %s\n", rctfile);
847                         goto end;
848                         }
849                 
850                 if (rctformat == FORMAT_SMIME) 
851                         rcms = SMIME_read_CMS(rctin, NULL);
852                 else if (rctformat == FORMAT_PEM) 
853                         rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
854                 else if (rctformat == FORMAT_ASN1) 
855                         rcms = d2i_CMS_bio(rctin, NULL);
856                 else
857                         {
858                         BIO_printf(bio_err, "Bad input format for receipt\n");
859                         goto end;
860                         }
861
862                 if (!rcms)
863                         {
864                         BIO_printf(bio_err, "Error reading receipt\n");
865                         goto end;
866                         }
867                 }
868
869         if (outfile)
870                 {
871                 if (!(out = BIO_new_file(outfile, outmode)))
872                         {
873                         BIO_printf (bio_err,
874                                  "Can't open output file %s\n", outfile);
875                         goto end;
876                         }
877                 }
878         else
879                 {
880                 out = BIO_new_fp(stdout, BIO_NOCLOSE);
881 #ifdef OPENSSL_SYS_VMS
882                 {
883                     BIO *tmpbio = BIO_new(BIO_f_linebuffer());
884                     out = BIO_push(tmpbio, out);
885                 }
886 #endif
887                 }
888
889         if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
890                 {
891                 if (!(store = setup_verify(bio_err, CAfile, CApath)))
892                         goto end;
893                 X509_STORE_set_verify_cb(store, cms_cb);
894                 if (vpm)
895                         X509_STORE_set1_param(store, vpm);
896                 }
897
898
899         ret = 3;
900
901         if (operation == SMIME_DATA_CREATE)
902                 {
903                 cms = CMS_data_create(in, flags);
904                 }
905         else if (operation == SMIME_DIGEST_CREATE)
906                 {
907                 cms = CMS_digest_create(in, sign_md, flags);
908                 }
909         else if (operation == SMIME_COMPRESS)
910                 {
911                 cms = CMS_compress(in, -1, flags);
912                 }
913         else if (operation == SMIME_ENCRYPT)
914                 {
915                 flags |= CMS_PARTIAL;
916                 cms = CMS_encrypt(encerts, in, cipher, flags);
917                 if (!cms)
918                         goto end;
919                 if (secret_key)
920                         {
921                         if (!CMS_add0_recipient_key(cms, NID_undef, 
922                                                 secret_key, secret_keylen,
923                                                 secret_keyid, secret_keyidlen,
924                                                 NULL, NULL, NULL))
925                                 goto end;
926                         /* NULL these because call absorbs them */
927                         secret_key = NULL;
928                         secret_keyid = NULL;
929                         }
930                 if (pwri_pass)
931                         {
932                         pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
933                         if (!pwri_tmp)
934                                 goto end;
935                         if (!CMS_add0_recipient_password(cms,
936                                                 -1, NID_undef, NID_undef,
937                                                  pwri_tmp, -1, NULL))
938                                 goto end;
939                         pwri_tmp = NULL;
940                         }
941                 if (!(flags & CMS_STREAM))
942                         {
943                         if (!CMS_final(cms, in, NULL, flags))
944                                 goto end;
945                         }
946                 }
947         else if (operation == SMIME_ENCRYPTED_ENCRYPT)
948                 {
949                 cms = CMS_EncryptedData_encrypt(in, cipher,
950                                                 secret_key, secret_keylen,
951                                                 flags);
952
953                 }
954         else if (operation == SMIME_SIGN_RECEIPT)
955                 {
956                 CMS_ContentInfo *srcms = NULL;
957                 STACK_OF(CMS_SignerInfo) *sis;
958                 CMS_SignerInfo *si;
959                 sis = CMS_get0_SignerInfos(cms);
960                 if (!sis)
961                         goto end;
962                 si = sk_CMS_SignerInfo_value(sis, 0);
963                 srcms = CMS_sign_receipt(si, signer, key, other, flags);
964                 if (!srcms)
965                         goto end;
966                 CMS_ContentInfo_free(cms);
967                 cms = srcms;
968                 }
969         else if (operation & SMIME_SIGNERS)
970                 {
971                 int i;
972                 /* If detached data content we enable streaming if
973                  * S/MIME output format.
974                  */
975                 if (operation == SMIME_SIGN)
976                         {
977                                 
978                         if (flags & CMS_DETACHED)
979                                 {
980                                 if (outformat == FORMAT_SMIME)
981                                         flags |= CMS_STREAM;
982                                 }
983                         flags |= CMS_PARTIAL;
984                         cms = CMS_sign(NULL, NULL, other, in, flags);
985                         if (!cms)
986                                 goto end;
987                         if (econtent_type)
988                                 CMS_set1_eContentType(cms, econtent_type);
989
990                         if (rr_to)
991                                 {
992                                 rr = make_receipt_request(rr_to, rr_allorfirst,
993                                                                 rr_from);
994                                 if (!rr)
995                                         {
996                                         BIO_puts(bio_err,
997                                 "Signed Receipt Request Creation Error\n");
998                                         goto end;
999                                         }
1000                                 }
1001                         }
1002                 else
1003                         flags |= CMS_REUSE_DIGEST;
1004                 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
1005                         {
1006                         CMS_SignerInfo *si;
1007                         signerfile = sk_OPENSSL_STRING_value(sksigners, i);
1008                         keyfile = sk_OPENSSL_STRING_value(skkeys, i);
1009                         signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
1010                                         e, "signer certificate");
1011                         if (!signer)
1012                                 goto end;
1013                         key = load_key(bio_err, keyfile, keyform, 0, passin, e,
1014                                "signing key file");
1015                         if (!key)
1016                                 goto end;
1017                         si = CMS_add1_signer(cms, signer, key, sign_md, flags);
1018                         if (!si)
1019                                 goto end;
1020                         if (rr && !CMS_add1_ReceiptRequest(si, rr))
1021                                 goto end;
1022                         X509_free(signer);
1023                         signer = NULL;
1024                         EVP_PKEY_free(key);
1025                         key = NULL;
1026                         }
1027                 /* If not streaming or resigning finalize structure */
1028                 if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
1029                         {
1030                         if (!CMS_final(cms, in, NULL, flags))
1031                                 goto end;
1032                         }
1033                 }
1034
1035         if (!cms)
1036                 {
1037                 BIO_printf(bio_err, "Error creating CMS structure\n");
1038                 goto end;
1039                 }
1040
1041         ret = 4;
1042         if (operation == SMIME_DECRYPT)
1043                 {
1044                 if (flags & CMS_DEBUG_DECRYPT)
1045                         CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
1046
1047                 if (secret_key)
1048                         {
1049                         if (!CMS_decrypt_set1_key(cms,
1050                                                 secret_key, secret_keylen,
1051                                                 secret_keyid, secret_keyidlen))
1052                                 {
1053                                 BIO_puts(bio_err,
1054                                         "Error decrypting CMS using secret key\n");
1055                                 goto end;
1056                                 }
1057                         }
1058
1059                 if (key)
1060                         {
1061                         if (!CMS_decrypt_set1_pkey(cms, key, recip))
1062                                 {
1063                                 BIO_puts(bio_err,
1064                                         "Error decrypting CMS using private key\n");
1065                                 goto end;
1066                                 }
1067                         }
1068
1069                 if (pwri_pass)
1070                         {
1071                         if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))
1072                                 {
1073                                 BIO_puts(bio_err,
1074                                         "Error decrypting CMS using password\n");
1075                                 goto end;
1076                                 }
1077                         }
1078
1079                 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
1080                         {
1081                         BIO_printf(bio_err, "Error decrypting CMS structure\n");
1082                         goto end;
1083                         }
1084                 }
1085         else if (operation == SMIME_DATAOUT)
1086                 {
1087                 if (!CMS_data(cms, out, flags))
1088                         goto end;
1089                 }
1090         else if (operation == SMIME_UNCOMPRESS)
1091                 {
1092                 if (!CMS_uncompress(cms, indata, out, flags))
1093                         goto end;
1094                 }
1095         else if (operation == SMIME_DIGEST_VERIFY)
1096                 {
1097                 if (CMS_digest_verify(cms, indata, out, flags) > 0)
1098                         BIO_printf(bio_err, "Verification successful\n");
1099                 else
1100                         {
1101                         BIO_printf(bio_err, "Verification failure\n");
1102                         goto end;
1103                         }
1104                 }
1105         else if (operation == SMIME_ENCRYPTED_DECRYPT)
1106                 {
1107                 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
1108                                                 indata, out, flags))
1109                         goto end;
1110                 }
1111         else if (operation == SMIME_VERIFY)
1112                 {
1113                 if (CMS_verify(cms, other, store, indata, out, flags) > 0)
1114                         BIO_printf(bio_err, "Verification successful\n");
1115                 else
1116                         {
1117                         BIO_printf(bio_err, "Verification failure\n");
1118                         if (verify_retcode)
1119                                 ret = verify_err + 32;
1120                         goto end;
1121                         }
1122                 if (signerfile)
1123                         {
1124                         STACK_OF(X509) *signers;
1125                         signers = CMS_get0_signers(cms);
1126                         if (!save_certs(signerfile, signers))
1127                                 {
1128                                 BIO_printf(bio_err,
1129                                                 "Error writing signers to %s\n",
1130                                                                 signerfile);
1131                                 ret = 5;
1132                                 goto end;
1133                                 }
1134                         sk_X509_free(signers);
1135                         }
1136                 if (rr_print)
1137                         receipt_request_print(bio_err, cms);
1138                                         
1139                 }
1140         else if (operation == SMIME_VERIFY_RECEIPT)
1141                 {
1142                 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
1143                         BIO_printf(bio_err, "Verification successful\n");
1144                 else
1145                         {
1146                         BIO_printf(bio_err, "Verification failure\n");
1147                         goto end;
1148                         }
1149                 }
1150         else
1151                 {
1152                 if (noout)
1153                         {
1154                         if (print)
1155                                 CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
1156                         }
1157                 else if (outformat == FORMAT_SMIME)
1158                         {
1159                         if (to)
1160                                 BIO_printf(out, "To: %s\n", to);
1161                         if (from)
1162                                 BIO_printf(out, "From: %s\n", from);
1163                         if (subject)
1164                                 BIO_printf(out, "Subject: %s\n", subject);
1165                         if (operation == SMIME_RESIGN)
1166                                 ret = SMIME_write_CMS(out, cms, indata, flags);
1167                         else
1168                                 ret = SMIME_write_CMS(out, cms, in, flags);
1169                         }
1170                 else if (outformat == FORMAT_PEM) 
1171                         ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
1172                 else if (outformat == FORMAT_ASN1) 
1173                         ret = i2d_CMS_bio_stream(out,cms, in, flags);
1174                 else
1175                         {
1176                         BIO_printf(bio_err, "Bad output format for CMS file\n");
1177                         goto end;
1178                         }
1179                 if (ret <= 0)
1180                         {
1181                         ret = 6;
1182                         goto end;
1183                         }
1184                 }
1185         ret = 0;
1186 end:
1187         if (ret)
1188                 ERR_print_errors(bio_err);
1189         if (need_rand)
1190                 app_RAND_write_file(NULL, bio_err);
1191         sk_X509_pop_free(encerts, X509_free);
1192         sk_X509_pop_free(other, X509_free);
1193         if (vpm)
1194                 X509_VERIFY_PARAM_free(vpm);
1195         if (sksigners)
1196                 sk_OPENSSL_STRING_free(sksigners);
1197         if (skkeys)
1198                 sk_OPENSSL_STRING_free(skkeys);
1199         if (secret_key)
1200                 OPENSSL_free(secret_key);
1201         if (secret_keyid)
1202                 OPENSSL_free(secret_keyid);
1203         if (pwri_tmp)
1204                 OPENSSL_free(pwri_tmp);
1205         if (econtent_type)
1206                 ASN1_OBJECT_free(econtent_type);
1207         if (rr)
1208                 CMS_ReceiptRequest_free(rr);
1209         if (rr_to)
1210                 sk_OPENSSL_STRING_free(rr_to);
1211         if (rr_from)
1212                 sk_OPENSSL_STRING_free(rr_from);
1213         X509_STORE_free(store);
1214         X509_free(cert);
1215         X509_free(recip);
1216         X509_free(signer);
1217         EVP_PKEY_free(key);
1218         CMS_ContentInfo_free(cms);
1219         CMS_ContentInfo_free(rcms);
1220         BIO_free(rctin);
1221         BIO_free(in);
1222         BIO_free(indata);
1223         BIO_free_all(out);
1224         if (passin) OPENSSL_free(passin);
1225         return (ret);
1226 }
1227
1228 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
1229         {
1230         int i;
1231         BIO *tmp;
1232         if (!signerfile)
1233                 return 1;
1234         tmp = BIO_new_file(signerfile, "w");
1235         if (!tmp) return 0;
1236         for(i = 0; i < sk_X509_num(signers); i++)
1237                 PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
1238         BIO_free(tmp);
1239         return 1;
1240         }
1241         
1242
1243 /* Minimal callback just to output policy info (if any) */
1244
1245 static int cms_cb(int ok, X509_STORE_CTX *ctx)
1246         {
1247         int error;
1248
1249         error = X509_STORE_CTX_get_error(ctx);
1250
1251         verify_err = error;
1252
1253         if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
1254                 && ((error != X509_V_OK) || (ok != 2)))
1255                 return ok;
1256
1257         policies_print(NULL, ctx);
1258
1259         return ok;
1260
1261         }
1262
1263 static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
1264         {
1265         STACK_OF(GENERAL_NAME) *gens;
1266         GENERAL_NAME *gen;
1267         int i, j;
1268         for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
1269                 {
1270                 gens = sk_GENERAL_NAMES_value(gns, i);
1271                 for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
1272                         {
1273                         gen = sk_GENERAL_NAME_value(gens, j);
1274                         BIO_puts(out, "    ");
1275                         GENERAL_NAME_print(out, gen);
1276                         BIO_puts(out, "\n");
1277                         }
1278                 }
1279         return;
1280         }
1281
1282 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1283         {
1284         STACK_OF(CMS_SignerInfo) *sis;
1285         CMS_SignerInfo *si;
1286         CMS_ReceiptRequest *rr;
1287         int allorfirst;
1288         STACK_OF(GENERAL_NAMES) *rto, *rlist;
1289         ASN1_STRING *scid;
1290         int i, rv;
1291         sis = CMS_get0_SignerInfos(cms);
1292         for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
1293                 {
1294                 si = sk_CMS_SignerInfo_value(sis, i);
1295                 rv = CMS_get1_ReceiptRequest(si, &rr);
1296                 BIO_printf(bio_err, "Signer %d:\n", i + 1);
1297                 if (rv == 0)
1298                         BIO_puts(bio_err, "  No Receipt Request\n");
1299                 else if (rv < 0)
1300                         {
1301                         BIO_puts(bio_err, "  Receipt Request Parse Error\n");
1302                         ERR_print_errors(bio_err);
1303                         }
1304                 else
1305                         {
1306                         char *id;
1307                         int idlen;
1308                         CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1309                                                         &rlist, &rto);
1310                         BIO_puts(out, "  Signed Content ID:\n");
1311                         idlen = ASN1_STRING_length(scid);
1312                         id = (char *)ASN1_STRING_data(scid);
1313                         BIO_dump_indent(out, id, idlen, 4);
1314                         BIO_puts(out, "  Receipts From");
1315                         if (rlist)
1316                                 {
1317                                 BIO_puts(out, " List:\n");
1318                                 gnames_stack_print(out, rlist);
1319                                 }
1320                         else if (allorfirst == 1)
1321                                 BIO_puts(out, ": First Tier\n");
1322                         else if (allorfirst == 0)
1323                                 BIO_puts(out, ": All\n");
1324                         else
1325                                 BIO_printf(out, " Unknown (%d)\n", allorfirst);
1326                         BIO_puts(out, "  Receipts To:\n");
1327                         gnames_stack_print(out, rto);
1328                         }
1329                 if (rr)
1330                         CMS_ReceiptRequest_free(rr);
1331                 }
1332         }
1333
1334 static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1335         {
1336         int i;
1337         STACK_OF(GENERAL_NAMES) *ret;
1338         GENERAL_NAMES *gens = NULL;
1339         GENERAL_NAME *gen = NULL;
1340         ret = sk_GENERAL_NAMES_new_null();
1341         if (!ret)
1342                 goto err;
1343         for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)
1344                 {
1345                 char *str = sk_OPENSSL_STRING_value(ns, i);
1346                 gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
1347                 if (!gen)
1348                         goto err;
1349                 gens = GENERAL_NAMES_new();
1350                 if (!gens)
1351                         goto err;
1352                 if (!sk_GENERAL_NAME_push(gens, gen))
1353                         goto err;
1354                 gen = NULL;
1355                 if (!sk_GENERAL_NAMES_push(ret, gens))
1356                         goto err;
1357                 gens = NULL;
1358                 }
1359
1360         return ret;
1361
1362         err:
1363         if (ret)
1364                 sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
1365         if (gens)
1366                 GENERAL_NAMES_free(gens);
1367         if (gen)
1368                 GENERAL_NAME_free(gen);
1369         return NULL;
1370         }
1371
1372
1373 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
1374                                                 int rr_allorfirst,
1375                                                 STACK_OF(OPENSSL_STRING) *rr_from)
1376         {
1377         STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
1378         CMS_ReceiptRequest *rr;
1379         rct_to = make_names_stack(rr_to);
1380         if (!rct_to)
1381                 goto err;
1382         if (rr_from)
1383                 {
1384                 rct_from = make_names_stack(rr_from);
1385                 if (!rct_from)
1386                         goto err;
1387                 }
1388         else
1389                 rct_from = NULL;
1390         rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1391                                                 rct_to);
1392         return rr;
1393         err:
1394         return NULL;
1395         }
1396
1397 #endif