Fix usage indentation
[openssl.git] / apps / cms.c
1 /* apps/cms.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project.
4  */
5 /* ====================================================================
6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer. 
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  */
53
54 /* CMS utility function */
55
56 #include <stdio.h>
57 #include <string.h>
58 #include "apps.h"
59
60 #ifndef OPENSSL_NO_CMS
61
62 #include <openssl/crypto.h>
63 #include <openssl/pem.h>
64 #include <openssl/err.h>
65 #include <openssl/x509_vfy.h>
66 #include <openssl/x509v3.h>
67 #include <openssl/cms.h>
68
69 #undef PROG
70 #define PROG cms_main
71 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
72 static int cms_cb(int ok, X509_STORE_CTX *ctx);
73 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
74 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
75                                                 int rr_allorfirst,
76                                         STACK_OF(OPENSSL_STRING) *rr_from);
77
78 #define SMIME_OP        0x10
79 #define SMIME_IP        0x20
80 #define SMIME_SIGNERS   0x40
81 #define SMIME_ENCRYPT           (1 | SMIME_OP)
82 #define SMIME_DECRYPT           (2 | SMIME_IP)
83 #define SMIME_SIGN              (3 | SMIME_OP | SMIME_SIGNERS)
84 #define SMIME_VERIFY            (4 | SMIME_IP)
85 #define SMIME_CMSOUT            (5 | SMIME_IP | SMIME_OP)
86 #define SMIME_RESIGN            (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
87 #define SMIME_DATAOUT           (7 | SMIME_IP)
88 #define SMIME_DATA_CREATE       (8 | SMIME_OP)
89 #define SMIME_DIGEST_VERIFY     (9 | SMIME_IP)
90 #define SMIME_DIGEST_CREATE     (10 | SMIME_OP)
91 #define SMIME_UNCOMPRESS        (11 | SMIME_IP)
92 #define SMIME_COMPRESS          (12 | SMIME_OP)
93 #define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
94 #define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
95 #define SMIME_SIGN_RECEIPT      (15 | SMIME_IP | SMIME_OP)
96 #define SMIME_VERIFY_RECEIPT    (16 | SMIME_IP)
97
98 int verify_err = 0;
99
100 int MAIN(int, char **);
101
102 int MAIN(int argc, char **argv)
103         {
104         ENGINE *e = NULL;
105         int operation = 0;
106         int ret = 0;
107         char **args;
108         const char *inmode = "r", *outmode = "w";
109         char *infile = NULL, *outfile = NULL, *rctfile = NULL;
110         char *signerfile = NULL, *recipfile = NULL;
111         STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
112         char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
113         char *certsoutfile = NULL;
114         const EVP_CIPHER *cipher = NULL;
115         CMS_ContentInfo *cms = NULL, *rcms = NULL;
116         X509_STORE *store = NULL;
117         X509 *cert = NULL, *recip = NULL, *signer = NULL;
118         EVP_PKEY *key = NULL;
119         STACK_OF(X509) *encerts = NULL, *other = NULL;
120         BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
121         int badarg = 0;
122         int flags = CMS_DETACHED, noout = 0, print = 0;
123         int verify_retcode = 0;
124         int rr_print = 0, rr_allorfirst = -1;
125         STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
126         CMS_ReceiptRequest *rr = NULL;
127         char *to = NULL, *from = NULL, *subject = NULL;
128         char *CAfile = NULL, *CApath = NULL;
129         char *passargin = NULL, *passin = NULL;
130         char *inrand = NULL;
131         int need_rand = 0;
132         const EVP_MD *sign_md = NULL;
133         int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
134         int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
135 #ifndef OPENSSL_NO_ENGINE
136         char *engine=NULL;
137 #endif
138         unsigned char *secret_key = NULL, *secret_keyid = NULL;
139         unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
140         size_t secret_keylen = 0, secret_keyidlen = 0;
141
142         ASN1_OBJECT *econtent_type = NULL;
143
144         X509_VERIFY_PARAM *vpm = NULL;
145
146         args = argv + 1;
147         ret = 1;
148
149         apps_startup();
150
151         if (bio_err == NULL)
152                 {
153                 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
154                         BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
155                 }
156
157         if (!load_config(bio_err, NULL))
158                 goto end;
159
160         while (!badarg && *args && *args[0] == '-')
161                 {
162                 if (!strcmp (*args, "-encrypt"))
163                         operation = SMIME_ENCRYPT;
164                 else if (!strcmp (*args, "-decrypt"))
165                         operation = SMIME_DECRYPT;
166                 else if (!strcmp (*args, "-sign"))
167                         operation = SMIME_SIGN;
168                 else if (!strcmp (*args, "-sign_receipt"))
169                         operation = SMIME_SIGN_RECEIPT;
170                 else if (!strcmp (*args, "-resign"))
171                         operation = SMIME_RESIGN;
172                 else if (!strcmp (*args, "-verify"))
173                         operation = SMIME_VERIFY;
174                 else if (!strcmp (*args, "-verify_retcode"))
175                         verify_retcode = 1;
176                 else if (!strcmp(*args,"-verify_receipt"))
177                         {
178                         operation = SMIME_VERIFY_RECEIPT;
179                         if (!args[1])
180                                 goto argerr;
181                         args++;
182                         rctfile = *args;
183                         }
184                 else if (!strcmp (*args, "-cmsout"))
185                         operation = SMIME_CMSOUT;
186                 else if (!strcmp (*args, "-data_out"))
187                         operation = SMIME_DATAOUT;
188                 else if (!strcmp (*args, "-data_create"))
189                         operation = SMIME_DATA_CREATE;
190                 else if (!strcmp (*args, "-digest_verify"))
191                         operation = SMIME_DIGEST_VERIFY;
192                 else if (!strcmp (*args, "-digest_create"))
193                         operation = SMIME_DIGEST_CREATE;
194                 else if (!strcmp (*args, "-compress"))
195                         operation = SMIME_COMPRESS;
196                 else if (!strcmp (*args, "-uncompress"))
197                         operation = SMIME_UNCOMPRESS;
198                 else if (!strcmp (*args, "-EncryptedData_decrypt"))
199                         operation = SMIME_ENCRYPTED_DECRYPT;
200                 else if (!strcmp (*args, "-EncryptedData_encrypt"))
201                         operation = SMIME_ENCRYPTED_ENCRYPT;
202 #ifndef OPENSSL_NO_DES
203                 else if (!strcmp (*args, "-des3")) 
204                                 cipher = EVP_des_ede3_cbc();
205                 else if (!strcmp (*args, "-des")) 
206                                 cipher = EVP_des_cbc();
207 #endif
208 #ifndef OPENSSL_NO_SEED
209                 else if (!strcmp (*args, "-seed")) 
210                                 cipher = EVP_seed_cbc();
211 #endif
212 #ifndef OPENSSL_NO_RC2
213                 else if (!strcmp (*args, "-rc2-40")) 
214                                 cipher = EVP_rc2_40_cbc();
215                 else if (!strcmp (*args, "-rc2-128")) 
216                                 cipher = EVP_rc2_cbc();
217                 else if (!strcmp (*args, "-rc2-64")) 
218                                 cipher = EVP_rc2_64_cbc();
219 #endif
220 #ifndef OPENSSL_NO_AES
221                 else if (!strcmp(*args,"-aes128"))
222                                 cipher = EVP_aes_128_cbc();
223                 else if (!strcmp(*args,"-aes192"))
224                                 cipher = EVP_aes_192_cbc();
225                 else if (!strcmp(*args,"-aes256"))
226                                 cipher = EVP_aes_256_cbc();
227 #endif
228 #ifndef OPENSSL_NO_CAMELLIA
229                 else if (!strcmp(*args,"-camellia128"))
230                                 cipher = EVP_camellia_128_cbc();
231                 else if (!strcmp(*args,"-camellia192"))
232                                 cipher = EVP_camellia_192_cbc();
233                 else if (!strcmp(*args,"-camellia256"))
234                                 cipher = EVP_camellia_256_cbc();
235 #endif
236                 else if (!strcmp (*args, "-text")) 
237                                 flags |= CMS_TEXT;
238                 else if (!strcmp (*args, "-nointern")) 
239                                 flags |= CMS_NOINTERN;
240                 else if (!strcmp (*args, "-noverify") 
241                         || !strcmp (*args, "-no_signer_cert_verify")) 
242                                 flags |= CMS_NO_SIGNER_CERT_VERIFY;
243                 else if (!strcmp (*args, "-nocerts")) 
244                                 flags |= CMS_NOCERTS;
245                 else if (!strcmp (*args, "-noattr")) 
246                                 flags |= CMS_NOATTR;
247                 else if (!strcmp (*args, "-nodetach")) 
248                                 flags &= ~CMS_DETACHED;
249                 else if (!strcmp (*args, "-nosmimecap"))
250                                 flags |= CMS_NOSMIMECAP;
251                 else if (!strcmp (*args, "-binary"))
252                                 flags |= CMS_BINARY;
253                 else if (!strcmp (*args, "-keyid"))
254                                 flags |= CMS_USE_KEYID;
255                 else if (!strcmp (*args, "-nosigs"))
256                                 flags |= CMS_NOSIGS;
257                 else if (!strcmp (*args, "-no_content_verify"))
258                                 flags |= CMS_NO_CONTENT_VERIFY;
259                 else if (!strcmp (*args, "-no_attr_verify"))
260                                 flags |= CMS_NO_ATTR_VERIFY;
261                 else if (!strcmp (*args, "-stream"))
262                                 flags |= CMS_STREAM;
263                 else if (!strcmp (*args, "-indef"))
264                                 flags |= CMS_STREAM;
265                 else if (!strcmp (*args, "-noindef"))
266                                 flags &= ~CMS_STREAM;
267                 else if (!strcmp (*args, "-nooldmime"))
268                                 flags |= CMS_NOOLDMIMETYPE;
269                 else if (!strcmp (*args, "-crlfeol"))
270                                 flags |= CMS_CRLFEOL;
271                 else if (!strcmp (*args, "-noout"))
272                                 noout = 1;
273                 else if (!strcmp (*args, "-receipt_request_print"))
274                                 rr_print = 1;
275                 else if (!strcmp (*args, "-receipt_request_all"))
276                                 rr_allorfirst = 0;
277                 else if (!strcmp (*args, "-receipt_request_first"))
278                                 rr_allorfirst = 1;
279                 else if (!strcmp(*args,"-receipt_request_from"))
280                         {
281                         if (!args[1])
282                                 goto argerr;
283                         args++;
284                         if (!rr_from)
285                                 rr_from = sk_OPENSSL_STRING_new_null();
286                         sk_OPENSSL_STRING_push(rr_from, *args);
287                         }
288                 else if (!strcmp(*args,"-receipt_request_to"))
289                         {
290                         if (!args[1])
291                                 goto argerr;
292                         args++;
293                         if (!rr_to)
294                                 rr_to = sk_OPENSSL_STRING_new_null();
295                         sk_OPENSSL_STRING_push(rr_to, *args);
296                         }
297                 else if (!strcmp (*args, "-print"))
298                                 {
299                                 noout = 1;
300                                 print = 1;
301                                 }
302                 else if (!strcmp(*args,"-secretkey"))
303                         {
304                         long ltmp;
305                         if (!args[1])
306                                 goto argerr;
307                         args++;
308                         secret_key = string_to_hex(*args, &ltmp);
309                         if (!secret_key)
310                                 {
311                                 BIO_printf(bio_err, "Invalid key %s\n", *args);
312                                 goto argerr;
313                                 }
314                         secret_keylen = (size_t)ltmp;
315                         }
316                 else if (!strcmp(*args,"-secretkeyid"))
317                         {
318                         long ltmp;
319                         if (!args[1])
320                                 goto argerr;
321                         args++;
322                         secret_keyid = string_to_hex(*args, &ltmp);
323                         if (!secret_keyid)
324                                 {
325                                 BIO_printf(bio_err, "Invalid id %s\n", *args);
326                                 goto argerr;
327                                 }
328                         secret_keyidlen = (size_t)ltmp;
329                         }
330                 else if (!strcmp(*args,"-pwri_password"))
331                         {
332                         if (!args[1])
333                                 goto argerr;
334                         args++;
335                         pwri_pass = (unsigned char *)*args;
336                         }
337                 else if (!strcmp(*args,"-econtent_type"))
338                         {
339                         if (!args[1])
340                                 goto argerr;
341                         args++;
342                         econtent_type = OBJ_txt2obj(*args, 0);
343                         if (!econtent_type)
344                                 {
345                                 BIO_printf(bio_err, "Invalid OID %s\n", *args);
346                                 goto argerr;
347                                 }
348                         }
349                 else if (!strcmp(*args,"-rand"))
350                         {
351                         if (!args[1])
352                                 goto argerr;
353                         args++;
354                         inrand = *args;
355                         need_rand = 1;
356                         }
357 #ifndef OPENSSL_NO_ENGINE
358                 else if (!strcmp(*args,"-engine"))
359                         {
360                         if (!args[1])
361                                 goto argerr;
362                         engine = *++args;
363                         }
364 #endif
365                 else if (!strcmp(*args,"-passin"))
366                         {
367                         if (!args[1])
368                                 goto argerr;
369                         passargin = *++args;
370                         }
371                 else if (!strcmp (*args, "-to"))
372                         {
373                         if (!args[1])
374                                 goto argerr;
375                         to = *++args;
376                         }
377                 else if (!strcmp (*args, "-from"))
378                         {
379                         if (!args[1])
380                                 goto argerr;
381                         from = *++args;
382                         }
383                 else if (!strcmp (*args, "-subject"))
384                         {
385                         if (!args[1])
386                                 goto argerr;
387                         subject = *++args;
388                         }
389                 else if (!strcmp (*args, "-signer"))
390                         {
391                         if (!args[1])
392                                 goto argerr;
393                         /* If previous -signer argument add signer to list */
394
395                         if (signerfile)
396                                 {
397                                 if (!sksigners)
398                                         sksigners = sk_OPENSSL_STRING_new_null();
399                                 sk_OPENSSL_STRING_push(sksigners, signerfile);
400                                 if (!keyfile)
401                                         keyfile = signerfile;
402                                 if (!skkeys)
403                                         skkeys = sk_OPENSSL_STRING_new_null();
404                                 sk_OPENSSL_STRING_push(skkeys, keyfile);
405                                 keyfile = NULL;
406                                 }
407                         signerfile = *++args;
408                         }
409                 else if (!strcmp (*args, "-recip"))
410                         {
411                         if (!args[1])
412                                 goto argerr;
413                         recipfile = *++args;
414                         }
415                 else if (!strcmp (*args, "-certsout"))
416                         {
417                         if (!args[1])
418                                 goto argerr;
419                         certsoutfile = *++args;
420                         }
421                 else if (!strcmp (*args, "-md"))
422                         {
423                         if (!args[1])
424                                 goto argerr;
425                         sign_md = EVP_get_digestbyname(*++args);
426                         if (sign_md == NULL)
427                                 {
428                                 BIO_printf(bio_err, "Unknown digest %s\n",
429                                                         *args);
430                                 goto argerr;
431                                 }
432                         }
433                 else if (!strcmp (*args, "-inkey"))
434                         {
435                         if (!args[1])   
436                                 goto argerr;
437                         /* If previous -inkey arument add signer to list */
438                         if (keyfile)
439                                 {
440                                 if (!signerfile)
441                                         {
442                                         BIO_puts(bio_err, "Illegal -inkey without -signer\n");
443                                         goto argerr;
444                                         }
445                                 if (!sksigners)
446                                         sksigners = sk_OPENSSL_STRING_new_null();
447                                 sk_OPENSSL_STRING_push(sksigners, signerfile);
448                                 signerfile = NULL;
449                                 if (!skkeys)
450                                         skkeys = sk_OPENSSL_STRING_new_null();
451                                 sk_OPENSSL_STRING_push(skkeys, keyfile);
452                                 }
453                         keyfile = *++args;
454                         }
455                 else if (!strcmp (*args, "-keyform"))
456                         {
457                         if (!args[1])
458                                 goto argerr;
459                         keyform = str2fmt(*++args);
460                         }
461                 else if (!strcmp (*args, "-rctform"))
462                         {
463                         if (!args[1])
464                                 goto argerr;
465                         rctformat = str2fmt(*++args);
466                         }
467                 else if (!strcmp (*args, "-certfile"))
468                         {
469                         if (!args[1])
470                                 goto argerr;
471                         certfile = *++args;
472                         }
473                 else if (!strcmp (*args, "-CAfile"))
474                         {
475                         if (!args[1])
476                                 goto argerr;
477                         CAfile = *++args;
478                         }
479                 else if (!strcmp (*args, "-CApath"))
480                         {
481                         if (!args[1])
482                                 goto argerr;
483                         CApath = *++args;
484                         }
485                 else if (!strcmp (*args, "-in"))
486                         {
487                         if (!args[1])
488                                 goto argerr;
489                         infile = *++args;
490                         }
491                 else if (!strcmp (*args, "-inform"))
492                         {
493                         if (!args[1])
494                                 goto argerr;
495                         informat = str2fmt(*++args);
496                         }
497                 else if (!strcmp (*args, "-outform"))
498                         {
499                         if (!args[1])
500                                 goto argerr;
501                         outformat = str2fmt(*++args);
502                         }
503                 else if (!strcmp (*args, "-out"))
504                         {
505                         if (!args[1])
506                                 goto argerr;
507                         outfile = *++args;
508                         }
509                 else if (!strcmp (*args, "-content"))
510                         {
511                         if (!args[1])
512                                 goto argerr;
513                         contfile = *++args;
514                         }
515                 else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
516                         continue;
517                 else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
518                         badarg = 1;
519                 args++;
520                 }
521
522         if (((rr_allorfirst != -1) || rr_from) && !rr_to)
523                 {
524                 BIO_puts(bio_err, "No Signed Receipts Recipients\n");
525                 goto argerr;
526                 }
527
528         if (!(operation & SMIME_SIGNERS)  && (rr_to || rr_from))
529                 {
530                 BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
531                 goto argerr;
532                 }
533         if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
534                 {
535                 BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
536                 goto argerr;
537                 }
538
539         if (operation & SMIME_SIGNERS)
540                 {
541                 if (keyfile && !signerfile)
542                         {
543                         BIO_puts(bio_err, "Illegal -inkey without -signer\n");
544                         goto argerr;
545                         }
546                 /* Check to see if any final signer needs to be appended */
547                 if (signerfile)
548                         {
549                         if (!sksigners)
550                                 sksigners = sk_OPENSSL_STRING_new_null();
551                         sk_OPENSSL_STRING_push(sksigners, signerfile);
552                         if (!skkeys)
553                                 skkeys = sk_OPENSSL_STRING_new_null();
554                         if (!keyfile)
555                                 keyfile = signerfile;
556                         sk_OPENSSL_STRING_push(skkeys, keyfile);
557                         }
558                 if (!sksigners)
559                         {
560                         BIO_printf(bio_err, "No signer certificate specified\n");
561                         badarg = 1;
562                         }
563                 signerfile = NULL;
564                 keyfile = NULL;
565                 need_rand = 1;
566                 }
567
568         else if (operation == SMIME_DECRYPT)
569                 {
570                 if (!recipfile && !keyfile && !secret_key && !pwri_pass)
571                         {
572                         BIO_printf(bio_err, "No recipient certificate or key specified\n");
573                         badarg = 1;
574                         }
575                 }
576         else if (operation == SMIME_ENCRYPT)
577                 {
578                 if (!*args && !secret_key && !pwri_pass)
579                         {
580                         BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
581                         badarg = 1;
582                         }
583                 need_rand = 1;
584                 }
585         else if (!operation)
586                 badarg = 1;
587
588         if (badarg)
589                 {
590                 argerr:
591                 BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
592                 BIO_printf (bio_err, "where options are\n");
593                 BIO_printf (bio_err, "-encrypt       encrypt message\n");
594                 BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
595                 BIO_printf (bio_err, "-sign          sign message\n");
596                 BIO_printf (bio_err, "-verify        verify signed message\n");
597                 BIO_printf (bio_err, "-cmsout        output CMS structure\n");
598 #ifndef OPENSSL_NO_DES
599                 BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
600                 BIO_printf (bio_err, "-des           encrypt with DES\n");
601 #endif
602 #ifndef OPENSSL_NO_SEED
603                 BIO_printf (bio_err, "-seed          encrypt with SEED\n");
604 #endif
605 #ifndef OPENSSL_NO_RC2
606                 BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
607                 BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
608                 BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
609 #endif
610 #ifndef OPENSSL_NO_AES
611                 BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
612                 BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
613 #endif
614 #ifndef OPENSSL_NO_CAMELLIA
615                 BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
616                 BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
617 #endif
618                 BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
619                 BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
620                 BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
621                 BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
622                 BIO_printf (bio_err, "-nodetach      use opaque signing\n");
623                 BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
624                 BIO_printf (bio_err, "-binary        don't translate message to text\n");
625                 BIO_printf (bio_err, "-certfile file other certificates file\n");
626                 BIO_printf (bio_err, "-certsout file certificate output file\n");
627                 BIO_printf (bio_err, "-signer file   signer certificate file\n");
628                 BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
629                 BIO_printf (bio_err, "-keyid         use subject key identifier\n");
630                 BIO_printf (bio_err, "-in file       input file\n");
631                 BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
632                 BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
633                 BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
634                 BIO_printf (bio_err, "-out file      output file\n");
635                 BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
636                 BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
637                 BIO_printf (bio_err, "-to addr       to address\n");
638                 BIO_printf (bio_err, "-from ad       from address\n");
639                 BIO_printf (bio_err, "-subject s     subject\n");
640                 BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
641                 BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
642                 BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
643                 BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
644                 BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
645 #ifndef OPENSSL_NO_ENGINE
646                 BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
647 #endif
648                 BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
649                 BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
650                 BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
651                 BIO_printf(bio_err,  "               the random number generator\n");
652                 BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
653                 goto end;
654                 }
655
656 #ifndef OPENSSL_NO_ENGINE
657         e = setup_engine(bio_err, engine, 0);
658 #endif
659
660         if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
661                 {
662                 BIO_printf(bio_err, "Error getting password\n");
663                 goto end;
664                 }
665
666         if (need_rand)
667                 {
668                 app_RAND_load_file(NULL, bio_err, (inrand != NULL));
669                 if (inrand != NULL)
670                         BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
671                                 app_RAND_load_files(inrand));
672                 }
673
674         ret = 2;
675
676         if (!(operation & SMIME_SIGNERS))
677                 flags &= ~CMS_DETACHED;
678
679         if (operation & SMIME_OP)
680                 {
681                 if (outformat == FORMAT_ASN1)
682                         outmode = "wb";
683                 }
684         else
685                 {
686                 if (flags & CMS_BINARY)
687                         outmode = "wb";
688                 }
689
690         if (operation & SMIME_IP)
691                 {
692                 if (informat == FORMAT_ASN1)
693                         inmode = "rb";
694                 }
695         else
696                 {
697                 if (flags & CMS_BINARY)
698                         inmode = "rb";
699                 }
700
701         if (operation == SMIME_ENCRYPT)
702                 {
703                 if (!cipher)
704                         {
705 #ifndef OPENSSL_NO_DES                  
706                         cipher = EVP_des_ede3_cbc();
707 #else
708                         BIO_printf(bio_err, "No cipher selected\n");
709                         goto end;
710 #endif
711                         }
712
713                 if (secret_key && !secret_keyid)
714                         {
715                         BIO_printf(bio_err, "No secret key id\n");
716                         goto end;
717                         }
718
719                 if (*args)
720                         encerts = sk_X509_new_null();
721                 while (*args)
722                         {
723                         if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
724                                 NULL, e, "recipient certificate file")))
725                                 goto end;
726                         sk_X509_push(encerts, cert);
727                         cert = NULL;
728                         args++;
729                         }
730                 }
731
732         if (certfile)
733                 {
734                 if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
735                         e, "certificate file")))
736                         {
737                         ERR_print_errors(bio_err);
738                         goto end;
739                         }
740                 }
741
742         if (recipfile && (operation == SMIME_DECRYPT))
743                 {
744                 if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
745                         e, "recipient certificate file")))
746                         {
747                         ERR_print_errors(bio_err);
748                         goto end;
749                         }
750                 }
751
752         if (operation == SMIME_SIGN_RECEIPT)
753                 {
754                 if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
755                         e, "receipt signer certificate file")))
756                         {
757                         ERR_print_errors(bio_err);
758                         goto end;
759                         }
760                 }
761
762         if (operation == SMIME_DECRYPT)
763                 {
764                 if (!keyfile)
765                         keyfile = recipfile;
766                 }
767         else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
768                 {
769                 if (!keyfile)
770                         keyfile = signerfile;
771                 }
772         else keyfile = NULL;
773
774         if (keyfile)
775                 {
776                 key = load_key(bio_err, keyfile, keyform, 0, passin, e,
777                                "signing key file");
778                 if (!key)
779                         goto end;
780                 }
781
782         if (infile)
783                 {
784                 if (!(in = BIO_new_file(infile, inmode)))
785                         {
786                         BIO_printf (bio_err,
787                                  "Can't open input file %s\n", infile);
788                         goto end;
789                         }
790                 }
791         else
792                 in = BIO_new_fp(stdin, BIO_NOCLOSE);
793
794         if (operation & SMIME_IP)
795                 {
796                 if (informat == FORMAT_SMIME) 
797                         cms = SMIME_read_CMS(in, &indata);
798                 else if (informat == FORMAT_PEM) 
799                         cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
800                 else if (informat == FORMAT_ASN1) 
801                         cms = d2i_CMS_bio(in, NULL);
802                 else
803                         {
804                         BIO_printf(bio_err, "Bad input format for CMS file\n");
805                         goto end;
806                         }
807
808                 if (!cms)
809                         {
810                         BIO_printf(bio_err, "Error reading S/MIME message\n");
811                         goto end;
812                         }
813                 if (contfile)
814                         {
815                         BIO_free(indata);
816                         if (!(indata = BIO_new_file(contfile, "rb")))
817                                 {
818                                 BIO_printf(bio_err, "Can't read content file %s\n", contfile);
819                                 goto end;
820                                 }
821                         }
822                 if (certsoutfile)
823                         {
824                         STACK_OF(X509) *allcerts;
825                         allcerts = CMS_get1_certs(cms);
826                         if (!save_certs(certsoutfile, allcerts))
827                                 {
828                                 BIO_printf(bio_err,
829                                                 "Error writing certs to %s\n",
830                                                                 certsoutfile);
831                                 ret = 5;
832                                 goto end;
833                                 }
834                         sk_X509_pop_free(allcerts, X509_free);
835                         }
836                 }
837
838         if (rctfile)
839                 {
840                 char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
841                 if (!(rctin = BIO_new_file(rctfile, rctmode)))
842                         {
843                         BIO_printf (bio_err,
844                                  "Can't open receipt file %s\n", rctfile);
845                         goto end;
846                         }
847                 
848                 if (rctformat == FORMAT_SMIME) 
849                         rcms = SMIME_read_CMS(rctin, NULL);
850                 else if (rctformat == FORMAT_PEM) 
851                         rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
852                 else if (rctformat == FORMAT_ASN1) 
853                         rcms = d2i_CMS_bio(rctin, NULL);
854                 else
855                         {
856                         BIO_printf(bio_err, "Bad input format for receipt\n");
857                         goto end;
858                         }
859
860                 if (!rcms)
861                         {
862                         BIO_printf(bio_err, "Error reading receipt\n");
863                         goto end;
864                         }
865                 }
866
867         if (outfile)
868                 {
869                 if (!(out = BIO_new_file(outfile, outmode)))
870                         {
871                         BIO_printf (bio_err,
872                                  "Can't open output file %s\n", outfile);
873                         goto end;
874                         }
875                 }
876         else
877                 {
878                 out = BIO_new_fp(stdout, BIO_NOCLOSE);
879 #ifdef OPENSSL_SYS_VMS
880                 {
881                     BIO *tmpbio = BIO_new(BIO_f_linebuffer());
882                     out = BIO_push(tmpbio, out);
883                 }
884 #endif
885                 }
886
887         if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
888                 {
889                 if (!(store = setup_verify(bio_err, CAfile, CApath)))
890                         goto end;
891                 X509_STORE_set_verify_cb(store, cms_cb);
892                 if (vpm)
893                         X509_STORE_set1_param(store, vpm);
894                 }
895
896
897         ret = 3;
898
899         if (operation == SMIME_DATA_CREATE)
900                 {
901                 cms = CMS_data_create(in, flags);
902                 }
903         else if (operation == SMIME_DIGEST_CREATE)
904                 {
905                 cms = CMS_digest_create(in, sign_md, flags);
906                 }
907         else if (operation == SMIME_COMPRESS)
908                 {
909                 cms = CMS_compress(in, -1, flags);
910                 }
911         else if (operation == SMIME_ENCRYPT)
912                 {
913                 flags |= CMS_PARTIAL;
914                 cms = CMS_encrypt(encerts, in, cipher, flags);
915                 if (!cms)
916                         goto end;
917                 if (secret_key)
918                         {
919                         if (!CMS_add0_recipient_key(cms, NID_undef, 
920                                                 secret_key, secret_keylen,
921                                                 secret_keyid, secret_keyidlen,
922                                                 NULL, NULL, NULL))
923                                 goto end;
924                         /* NULL these because call absorbs them */
925                         secret_key = NULL;
926                         secret_keyid = NULL;
927                         }
928                 if (pwri_pass)
929                         {
930                         pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
931                         if (!pwri_tmp)
932                                 goto end;
933                         if (!CMS_add0_recipient_password(cms,
934                                                 -1, NID_undef, NID_undef,
935                                                  pwri_tmp, -1, NULL))
936                                 goto end;
937                         pwri_tmp = NULL;
938                         }
939                 if (!(flags & CMS_STREAM))
940                         {
941                         if (!CMS_final(cms, in, NULL, flags))
942                                 goto end;
943                         }
944                 }
945         else if (operation == SMIME_ENCRYPTED_ENCRYPT)
946                 {
947                 cms = CMS_EncryptedData_encrypt(in, cipher,
948                                                 secret_key, secret_keylen,
949                                                 flags);
950
951                 }
952         else if (operation == SMIME_SIGN_RECEIPT)
953                 {
954                 CMS_ContentInfo *srcms = NULL;
955                 STACK_OF(CMS_SignerInfo) *sis;
956                 CMS_SignerInfo *si;
957                 sis = CMS_get0_SignerInfos(cms);
958                 if (!sis)
959                         goto end;
960                 si = sk_CMS_SignerInfo_value(sis, 0);
961                 srcms = CMS_sign_receipt(si, signer, key, other, flags);
962                 if (!srcms)
963                         goto end;
964                 CMS_ContentInfo_free(cms);
965                 cms = srcms;
966                 }
967         else if (operation & SMIME_SIGNERS)
968                 {
969                 int i;
970                 /* If detached data content we enable streaming if
971                  * S/MIME output format.
972                  */
973                 if (operation == SMIME_SIGN)
974                         {
975                                 
976                         if (flags & CMS_DETACHED)
977                                 {
978                                 if (outformat == FORMAT_SMIME)
979                                         flags |= CMS_STREAM;
980                                 }
981                         flags |= CMS_PARTIAL;
982                         cms = CMS_sign(NULL, NULL, other, in, flags);
983                         if (!cms)
984                                 goto end;
985                         if (econtent_type)
986                                 CMS_set1_eContentType(cms, econtent_type);
987
988                         if (rr_to)
989                                 {
990                                 rr = make_receipt_request(rr_to, rr_allorfirst,
991                                                                 rr_from);
992                                 if (!rr)
993                                         {
994                                         BIO_puts(bio_err,
995                                 "Signed Receipt Request Creation Error\n");
996                                         goto end;
997                                         }
998                                 }
999                         }
1000                 else
1001                         flags |= CMS_REUSE_DIGEST;
1002                 for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
1003                         {
1004                         CMS_SignerInfo *si;
1005                         signerfile = sk_OPENSSL_STRING_value(sksigners, i);
1006                         keyfile = sk_OPENSSL_STRING_value(skkeys, i);
1007                         signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
1008                                         e, "signer certificate");
1009                         if (!signer)
1010                                 goto end;
1011                         key = load_key(bio_err, keyfile, keyform, 0, passin, e,
1012                                "signing key file");
1013                         if (!key)
1014                                 goto end;
1015                         si = CMS_add1_signer(cms, signer, key, sign_md, flags);
1016                         if (!si)
1017                                 goto end;
1018                         if (rr && !CMS_add1_ReceiptRequest(si, rr))
1019                                 goto end;
1020                         X509_free(signer);
1021                         signer = NULL;
1022                         EVP_PKEY_free(key);
1023                         key = NULL;
1024                         }
1025                 /* If not streaming or resigning finalize structure */
1026                 if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
1027                         {
1028                         if (!CMS_final(cms, in, NULL, flags))
1029                                 goto end;
1030                         }
1031                 }
1032
1033         if (!cms)
1034                 {
1035                 BIO_printf(bio_err, "Error creating CMS structure\n");
1036                 goto end;
1037                 }
1038
1039         ret = 4;
1040         if (operation == SMIME_DECRYPT)
1041                 {
1042
1043                 if (secret_key)
1044                         {
1045                         if (!CMS_decrypt_set1_key(cms,
1046                                                 secret_key, secret_keylen,
1047                                                 secret_keyid, secret_keyidlen))
1048                                 {
1049                                 BIO_puts(bio_err,
1050                                         "Error decrypting CMS using secret key\n");
1051                                 goto end;
1052                                 }
1053                         }
1054
1055                 if (key)
1056                         {
1057                         if (!CMS_decrypt_set1_pkey(cms, key, recip))
1058                                 {
1059                                 BIO_puts(bio_err,
1060                                         "Error decrypting CMS using private key\n");
1061                                 goto end;
1062                                 }
1063                         }
1064
1065                 if (pwri_pass)
1066                         {
1067                         if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))
1068                                 {
1069                                 BIO_puts(bio_err,
1070                                         "Error decrypting CMS using password\n");
1071                                 goto end;
1072                                 }
1073                         }
1074
1075                 if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
1076                         {
1077                         BIO_printf(bio_err, "Error decrypting CMS structure\n");
1078                         goto end;
1079                         }
1080                 }
1081         else if (operation == SMIME_DATAOUT)
1082                 {
1083                 if (!CMS_data(cms, out, flags))
1084                         goto end;
1085                 }
1086         else if (operation == SMIME_UNCOMPRESS)
1087                 {
1088                 if (!CMS_uncompress(cms, indata, out, flags))
1089                         goto end;
1090                 }
1091         else if (operation == SMIME_DIGEST_VERIFY)
1092                 {
1093                 if (CMS_digest_verify(cms, indata, out, flags) > 0)
1094                         BIO_printf(bio_err, "Verification successful\n");
1095                 else
1096                         {
1097                         BIO_printf(bio_err, "Verification failure\n");
1098                         goto end;
1099                         }
1100                 }
1101         else if (operation == SMIME_ENCRYPTED_DECRYPT)
1102                 {
1103                 if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
1104                                                 indata, out, flags))
1105                         goto end;
1106                 }
1107         else if (operation == SMIME_VERIFY)
1108                 {
1109                 if (CMS_verify(cms, other, store, indata, out, flags) > 0)
1110                         BIO_printf(bio_err, "Verification successful\n");
1111                 else
1112                         {
1113                         BIO_printf(bio_err, "Verification failure\n");
1114                         if (verify_retcode)
1115                                 ret = verify_err + 32;
1116                         goto end;
1117                         }
1118                 if (signerfile)
1119                         {
1120                         STACK_OF(X509) *signers;
1121                         signers = CMS_get0_signers(cms);
1122                         if (!save_certs(signerfile, signers))
1123                                 {
1124                                 BIO_printf(bio_err,
1125                                                 "Error writing signers to %s\n",
1126                                                                 signerfile);
1127                                 ret = 5;
1128                                 goto end;
1129                                 }
1130                         sk_X509_free(signers);
1131                         }
1132                 if (rr_print)
1133                         receipt_request_print(bio_err, cms);
1134                                         
1135                 }
1136         else if (operation == SMIME_VERIFY_RECEIPT)
1137                 {
1138                 if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
1139                         BIO_printf(bio_err, "Verification successful\n");
1140                 else
1141                         {
1142                         BIO_printf(bio_err, "Verification failure\n");
1143                         goto end;
1144                         }
1145                 }
1146         else
1147                 {
1148                 if (noout)
1149                         {
1150                         if (print)
1151                                 CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
1152                         }
1153                 else if (outformat == FORMAT_SMIME)
1154                         {
1155                         if (to)
1156                                 BIO_printf(out, "To: %s\n", to);
1157                         if (from)
1158                                 BIO_printf(out, "From: %s\n", from);
1159                         if (subject)
1160                                 BIO_printf(out, "Subject: %s\n", subject);
1161                         if (operation == SMIME_RESIGN)
1162                                 ret = SMIME_write_CMS(out, cms, indata, flags);
1163                         else
1164                                 ret = SMIME_write_CMS(out, cms, in, flags);
1165                         }
1166                 else if (outformat == FORMAT_PEM) 
1167                         ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
1168                 else if (outformat == FORMAT_ASN1) 
1169                         ret = i2d_CMS_bio_stream(out,cms, in, flags);
1170                 else
1171                         {
1172                         BIO_printf(bio_err, "Bad output format for CMS file\n");
1173                         goto end;
1174                         }
1175                 if (ret <= 0)
1176                         {
1177                         ret = 6;
1178                         goto end;
1179                         }
1180                 }
1181         ret = 0;
1182 end:
1183         if (ret)
1184                 ERR_print_errors(bio_err);
1185         if (need_rand)
1186                 app_RAND_write_file(NULL, bio_err);
1187         sk_X509_pop_free(encerts, X509_free);
1188         sk_X509_pop_free(other, X509_free);
1189         if (vpm)
1190                 X509_VERIFY_PARAM_free(vpm);
1191         if (sksigners)
1192                 sk_OPENSSL_STRING_free(sksigners);
1193         if (skkeys)
1194                 sk_OPENSSL_STRING_free(skkeys);
1195         if (secret_key)
1196                 OPENSSL_free(secret_key);
1197         if (secret_keyid)
1198                 OPENSSL_free(secret_keyid);
1199         if (pwri_tmp)
1200                 OPENSSL_free(pwri_tmp);
1201         if (econtent_type)
1202                 ASN1_OBJECT_free(econtent_type);
1203         if (rr)
1204                 CMS_ReceiptRequest_free(rr);
1205         if (rr_to)
1206                 sk_OPENSSL_STRING_free(rr_to);
1207         if (rr_from)
1208                 sk_OPENSSL_STRING_free(rr_from);
1209         X509_STORE_free(store);
1210         X509_free(cert);
1211         X509_free(recip);
1212         X509_free(signer);
1213         EVP_PKEY_free(key);
1214         CMS_ContentInfo_free(cms);
1215         CMS_ContentInfo_free(rcms);
1216         BIO_free(rctin);
1217         BIO_free(in);
1218         BIO_free(indata);
1219         BIO_free_all(out);
1220         if (passin) OPENSSL_free(passin);
1221         return (ret);
1222 }
1223
1224 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
1225         {
1226         int i;
1227         BIO *tmp;
1228         if (!signerfile)
1229                 return 1;
1230         tmp = BIO_new_file(signerfile, "w");
1231         if (!tmp) return 0;
1232         for(i = 0; i < sk_X509_num(signers); i++)
1233                 PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
1234         BIO_free(tmp);
1235         return 1;
1236         }
1237         
1238
1239 /* Minimal callback just to output policy info (if any) */
1240
1241 static int cms_cb(int ok, X509_STORE_CTX *ctx)
1242         {
1243         int error;
1244
1245         error = X509_STORE_CTX_get_error(ctx);
1246
1247         verify_err = error;
1248
1249         if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
1250                 && ((error != X509_V_OK) || (ok != 2)))
1251                 return ok;
1252
1253         policies_print(NULL, ctx);
1254
1255         return ok;
1256
1257         }
1258
1259 static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
1260         {
1261         STACK_OF(GENERAL_NAME) *gens;
1262         GENERAL_NAME *gen;
1263         int i, j;
1264         for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
1265                 {
1266                 gens = sk_GENERAL_NAMES_value(gns, i);
1267                 for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
1268                         {
1269                         gen = sk_GENERAL_NAME_value(gens, j);
1270                         BIO_puts(out, "    ");
1271                         GENERAL_NAME_print(out, gen);
1272                         BIO_puts(out, "\n");
1273                         }
1274                 }
1275         return;
1276         }
1277
1278 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1279         {
1280         STACK_OF(CMS_SignerInfo) *sis;
1281         CMS_SignerInfo *si;
1282         CMS_ReceiptRequest *rr;
1283         int allorfirst;
1284         STACK_OF(GENERAL_NAMES) *rto, *rlist;
1285         ASN1_STRING *scid;
1286         int i, rv;
1287         sis = CMS_get0_SignerInfos(cms);
1288         for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
1289                 {
1290                 si = sk_CMS_SignerInfo_value(sis, i);
1291                 rv = CMS_get1_ReceiptRequest(si, &rr);
1292                 BIO_printf(bio_err, "Signer %d:\n", i + 1);
1293                 if (rv == 0)
1294                         BIO_puts(bio_err, "  No Receipt Request\n");
1295                 else if (rv < 0)
1296                         {
1297                         BIO_puts(bio_err, "  Receipt Request Parse Error\n");
1298                         ERR_print_errors(bio_err);
1299                         }
1300                 else
1301                         {
1302                         char *id;
1303                         int idlen;
1304                         CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1305                                                         &rlist, &rto);
1306                         BIO_puts(out, "  Signed Content ID:\n");
1307                         idlen = ASN1_STRING_length(scid);
1308                         id = (char *)ASN1_STRING_data(scid);
1309                         BIO_dump_indent(out, id, idlen, 4);
1310                         BIO_puts(out, "  Receipts From");
1311                         if (rlist)
1312                                 {
1313                                 BIO_puts(out, " List:\n");
1314                                 gnames_stack_print(out, rlist);
1315                                 }
1316                         else if (allorfirst == 1)
1317                                 BIO_puts(out, ": First Tier\n");
1318                         else if (allorfirst == 0)
1319                                 BIO_puts(out, ": All\n");
1320                         else
1321                                 BIO_printf(out, " Unknown (%d)\n", allorfirst);
1322                         BIO_puts(out, "  Receipts To:\n");
1323                         gnames_stack_print(out, rto);
1324                         }
1325                 if (rr)
1326                         CMS_ReceiptRequest_free(rr);
1327                 }
1328         }
1329
1330 static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1331         {
1332         int i;
1333         STACK_OF(GENERAL_NAMES) *ret;
1334         GENERAL_NAMES *gens = NULL;
1335         GENERAL_NAME *gen = NULL;
1336         ret = sk_GENERAL_NAMES_new_null();
1337         if (!ret)
1338                 goto err;
1339         for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)
1340                 {
1341                 char *str = sk_OPENSSL_STRING_value(ns, i);
1342                 gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
1343                 if (!gen)
1344                         goto err;
1345                 gens = GENERAL_NAMES_new();
1346                 if (!gens)
1347                         goto err;
1348                 if (!sk_GENERAL_NAME_push(gens, gen))
1349                         goto err;
1350                 gen = NULL;
1351                 if (!sk_GENERAL_NAMES_push(ret, gens))
1352                         goto err;
1353                 gens = NULL;
1354                 }
1355
1356         return ret;
1357
1358         err:
1359         if (ret)
1360                 sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
1361         if (gens)
1362                 GENERAL_NAMES_free(gens);
1363         if (gen)
1364                 GENERAL_NAME_free(gen);
1365         return NULL;
1366         }
1367
1368
1369 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
1370                                                 int rr_allorfirst,
1371                                                 STACK_OF(OPENSSL_STRING) *rr_from)
1372         {
1373         STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
1374         CMS_ReceiptRequest *rr;
1375         rct_to = make_names_stack(rr_to);
1376         if (!rct_to)
1377                 goto err;
1378         if (rr_from)
1379                 {
1380                 rct_from = make_names_stack(rr_from);
1381                 if (!rct_from)
1382                         goto err;
1383                 }
1384         else
1385                 rct_from = NULL;
1386         rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1387                                                 rct_to);
1388         return rr;
1389         err:
1390         return NULL;
1391         }
1392
1393 #endif