make depend
[openssl.git] / apps / smime.c
index dc28ced..c583f8a 100644 (file)
@@ -1,5 +1,5 @@
 /* smime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -73,11 +73,14 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers);
 static int smime_cb(int ok, X509_STORE_CTX *ctx);
 
 #define SMIME_OP       0x10
+#define SMIME_IP       0x20
+#define SMIME_SIGNERS  0x40
 #define SMIME_ENCRYPT  (1 | SMIME_OP)
-#define SMIME_DECRYPT  2
-#define SMIME_SIGN     (3 | SMIME_OP)
-#define SMIME_VERIFY   4
-#define SMIME_PK7OUT   5
+#define SMIME_DECRYPT  (2 | SMIME_IP)
+#define SMIME_SIGN     (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY   (4 | SMIME_IP)
+#define SMIME_PK7OUT   (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN   (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
 
 int MAIN(int, char **);
 
@@ -90,7 +93,7 @@ int MAIN(int argc, char **argv)
        const char *inmode = "r", *outmode = "w";
        char *infile = NULL, *outfile = NULL;
        char *signerfile = NULL, *recipfile = NULL;
-       STACK *sksigners = NULL, *skkeys = NULL;
+       STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
        char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
        const EVP_CIPHER *cipher = NULL;
        PKCS7 *p7 = NULL;
@@ -106,6 +109,8 @@ int MAIN(int argc, char **argv)
        char *passargin = NULL, *passin = NULL;
        char *inrand = NULL;
        int need_rand = 0;
+       int indef = 0;
+       const EVP_MD *sign_md = NULL;
        int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
         int keyform = FORMAT_PEM;
 #ifndef OPENSSL_NO_ENGINE
@@ -136,6 +141,8 @@ int MAIN(int argc, char **argv)
                        operation = SMIME_DECRYPT;
                else if (!strcmp (*args, "-sign"))
                        operation = SMIME_SIGN;
+               else if (!strcmp (*args, "-resign"))
+                       operation = SMIME_RESIGN;
                else if (!strcmp (*args, "-verify"))
                        operation = SMIME_VERIFY;
                else if (!strcmp (*args, "-pk7out"))
@@ -146,6 +153,10 @@ int MAIN(int argc, char **argv)
                else if (!strcmp (*args, "-des")) 
                                cipher = EVP_des_cbc();
 #endif
+#ifndef OPENSSL_NO_SEED
+               else if (!strcmp (*args, "-seed")) 
+                               cipher = EVP_seed_cbc();
+#endif
 #ifndef OPENSSL_NO_RC2
                else if (!strcmp (*args, "-rc2-40")) 
                                cipher = EVP_rc2_40_cbc();
@@ -161,6 +172,14 @@ int MAIN(int argc, char **argv)
                                cipher = EVP_aes_192_cbc();
                else if (!strcmp(*args,"-aes256"))
                                cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               else if (!strcmp(*args,"-camellia128"))
+                               cipher = EVP_camellia_128_cbc();
+               else if (!strcmp(*args,"-camellia192"))
+                               cipher = EVP_camellia_192_cbc();
+               else if (!strcmp(*args,"-camellia256"))
+                               cipher = EVP_camellia_256_cbc();
 #endif
                else if (!strcmp (*args, "-text")) 
                                flags |= PKCS7_TEXT;
@@ -182,6 +201,12 @@ int MAIN(int argc, char **argv)
                                flags |= PKCS7_BINARY;
                else if (!strcmp (*args, "-nosigs"))
                                flags |= PKCS7_NOSIGS;
+               else if (!strcmp (*args, "-stream"))
+                               indef = 1;
+               else if (!strcmp (*args, "-indef"))
+                               indef = 1;
+               else if (!strcmp (*args, "-noindef"))
+                               indef = 0;
                else if (!strcmp (*args, "-nooldmime"))
                                flags |= PKCS7_NOOLDMIMETYPE;
                else if (!strcmp (*args, "-crlfeol"))
@@ -235,13 +260,13 @@ int MAIN(int argc, char **argv)
                        if (signerfile)
                                {
                                if (!sksigners)
-                                       sksigners = sk_new_null();
-                               sk_push(sksigners, signerfile);
+                                       sksigners = sk_OPENSSL_STRING_new_null();
+                               sk_OPENSSL_STRING_push(sksigners, signerfile);
                                if (!keyfile)
                                        keyfile = signerfile;
                                if (!skkeys)
-                                       skkeys = sk_new_null();
-                               sk_push(skkeys, keyfile);
+                                       skkeys = sk_OPENSSL_STRING_new_null();
+                               sk_OPENSSL_STRING_push(skkeys, keyfile);
                                keyfile = NULL;
                                }
                        signerfile = *++args;
@@ -252,6 +277,18 @@ int MAIN(int argc, char **argv)
                                goto argerr;
                        recipfile = *++args;
                        }
+               else if (!strcmp (*args, "-md"))
+                       {
+                       if (!args[1])
+                               goto argerr;
+                       sign_md = EVP_get_digestbyname(*++args);
+                       if (sign_md == NULL)
+                               {
+                               BIO_printf(bio_err, "Unknown digest %s\n",
+                                                       *args);
+                               goto argerr;
+                               }
+                       }
                else if (!strcmp (*args, "-inkey"))
                        {
                        if (!args[1])   
@@ -265,12 +302,12 @@ int MAIN(int argc, char **argv)
                                        goto argerr;
                                        }
                                if (!sksigners)
-                                       sksigners = sk_new_null();
-                               sk_push(sksigners, signerfile);
+                                       sksigners = sk_OPENSSL_STRING_new_null();
+                               sk_OPENSSL_STRING_push(sksigners, signerfile);
                                signerfile = NULL;
                                if (!skkeys)
-                                       skkeys = sk_new_null();
-                               sk_push(skkeys, keyfile);
+                                       skkeys = sk_OPENSSL_STRING_new_null();
+                               sk_OPENSSL_STRING_push(skkeys, keyfile);
                                }
                        keyfile = *++args;
                        }
@@ -330,18 +367,18 @@ int MAIN(int argc, char **argv)
                        }
                else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
                        continue;
-               else
+               else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
                        badarg = 1;
                args++;
                }
 
-       if ((operation != SMIME_SIGN) && (skkeys || sksigners))
+       if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
                {
                BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
                goto argerr;
                }
 
-       if (operation == SMIME_SIGN)
+       if (operation & SMIME_SIGNERS)
                {
                /* Check to see if any final signer needs to be appended */
                if (keyfile && !signerfile)
@@ -352,13 +389,13 @@ int MAIN(int argc, char **argv)
                if (signerfile)
                        {
                        if (!sksigners)
-                               sksigners = sk_new_null();
-                       sk_push(sksigners, signerfile);
+                               sksigners = sk_OPENSSL_STRING_new_null();
+                       sk_OPENSSL_STRING_push(sksigners, signerfile);
                        if (!skkeys)
-                               skkeys = sk_new_null();
+                               skkeys = sk_OPENSSL_STRING_new_null();
                        if (!keyfile)
                                keyfile = signerfile;
-                       sk_push(skkeys, keyfile);
+                       sk_OPENSSL_STRING_push(skkeys, keyfile);
                        }
                if (!sksigners)
                        {
@@ -403,6 +440,9 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
                BIO_printf (bio_err, "-des           encrypt with DES\n");
 #endif
+#ifndef OPENSSL_NO_SEED
+               BIO_printf (bio_err, "-seed          encrypt with SEED\n");
+#endif
 #ifndef OPENSSL_NO_RC2
                BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
                BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
@@ -411,6 +451,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
                BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
                BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+               BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
 #endif
                BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
                BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
@@ -468,13 +512,11 @@ int MAIN(int argc, char **argv)
 
        ret = 2;
 
-       if (operation != SMIME_SIGN)
+       if (!(operation & SMIME_SIGNERS))
                flags &= ~PKCS7_DETACHED;
 
        if (operation & SMIME_OP)
                {
-               if (flags & PKCS7_BINARY)
-                       inmode = "rb";
                if (outformat == FORMAT_ASN1)
                        outmode = "wb";
                }
@@ -482,9 +524,18 @@ int MAIN(int argc, char **argv)
                {
                if (flags & PKCS7_BINARY)
                        outmode = "wb";
+               }
+
+       if (operation & SMIME_IP)
+               {
                if (informat == FORMAT_ASN1)
                        inmode = "rb";
                }
+       else
+               {
+               if (flags & PKCS7_BINARY)
+                       inmode = "rb";
+               }
 
        if (operation == SMIME_ENCRYPT)
                {
@@ -514,26 +565,11 @@ int MAIN(int argc, char **argv)
                        }
                }
 
-       if (signerfile && (operation == SMIME_SIGN))
-               {
-               if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
-                       e, "signer certificate")))
-                       {
-#if 0                  /* An appropri message has already been printed */
-                       BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
-#endif
-                       goto end;
-                       }
-               }
-
        if (certfile)
                {
                if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
                        e, "certificate file")))
                        {
-#if 0                  /* An appropriate message has already been printed */
-                       BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
-#endif
                        ERR_print_errors(bio_err);
                        goto end;
                        }
@@ -544,9 +580,6 @@ int MAIN(int argc, char **argv)
                if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
                        e, "recipient certificate file")))
                        {
-#if 0                  /* An appropriate message has alrady been printed */
-                       BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
-#endif
                        ERR_print_errors(bio_err);
                        goto end;
                        }
@@ -584,6 +617,36 @@ int MAIN(int argc, char **argv)
        else
                in = BIO_new_fp(stdin, BIO_NOCLOSE);
 
+       if (operation & SMIME_IP)
+               {
+               if (informat == FORMAT_SMIME) 
+                       p7 = SMIME_read_PKCS7(in, &indata);
+               else if (informat == FORMAT_PEM) 
+                       p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+               else if (informat == FORMAT_ASN1) 
+                       p7 = d2i_PKCS7_bio(in, NULL);
+               else
+                       {
+                       BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+                       goto end;
+                       }
+
+               if (!p7)
+                       {
+                       BIO_printf(bio_err, "Error reading S/MIME message\n");
+                       goto end;
+                       }
+               if (contfile)
+                       {
+                       BIO_free(indata);
+                       if (!(indata = BIO_new_file(contfile, "rb")))
+                               {
+                               BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                               goto end;
+                               }
+                       }
+               }
+
        if (outfile)
                {
                if (!(out = BIO_new_file(outfile, outmode)))
@@ -608,7 +671,7 @@ int MAIN(int argc, char **argv)
                {
                if (!(store = setup_verify(bio_err, CAfile, CApath)))
                        goto end;
-               X509_STORE_set_verify_cb_func(store, smime_cb);
+               X509_STORE_set_verify_cb(store, smime_cb);
                if (vpm)
                        X509_STORE_set1_param(store, vpm);
                }
@@ -617,21 +680,37 @@ int MAIN(int argc, char **argv)
        ret = 3;
 
        if (operation == SMIME_ENCRYPT)
+               {
+               if (indef)
+                       flags |= PKCS7_STREAM;
                p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-       else if (operation == SMIME_SIGN)
+               }
+       else if (operation & SMIME_SIGNERS)
                {
                int i;
-               /* If detached data and SMIME output enable partial
-                * signing.
+               /* If detached data content we only enable streaming if
+                * S/MIME output format.
                 */
-               if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
-                       flags |= PKCS7_STREAM;
-               flags |= PKCS7_PARTIAL;
-               p7 = PKCS7_sign(NULL, NULL, other, in, flags);
-               for (i = 0; i < sk_num(sksigners); i++)
+               if (operation == SMIME_SIGN)
+                       {
+                       if (flags & PKCS7_DETACHED)
+                               {
+                               if (outformat == FORMAT_SMIME)
+                                       flags |= PKCS7_STREAM;
+                               }
+                       else if (indef)
+                               flags |= PKCS7_STREAM;
+                       flags |= PKCS7_PARTIAL;
+                       p7 = PKCS7_sign(NULL, NULL, other, in, flags);
+                       if (!p7)
+                               goto end;
+                       }
+               else
+                       flags |= PKCS7_REUSE_DIGEST;
+               for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
                        {
-                       signerfile = sk_value(sksigners, i);
-                       keyfile = sk_value(skkeys, i);
+                       signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+                       keyfile = sk_OPENSSL_STRING_value(skkeys, i);
                        signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
                                        e, "signer certificate");
                        if (!signer)
@@ -641,52 +720,18 @@ int MAIN(int argc, char **argv)
                        if (!key)
                                goto end;
                        if (!PKCS7_sign_add_signer(p7, signer, key,
-                                               NULL, flags))
+                                               sign_md, flags))
                                goto end;
                        X509_free(signer);
                        signer = NULL;
                        EVP_PKEY_free(key);
                        key = NULL;
                        }
-               /* If not streaming finalize structure */
-               if (!(flags & PKCS7_STREAM))
+               /* If not streaming or resigning finalize structure */
+               if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM))
                        {
                        if (!PKCS7_final(p7, in, flags))
                                goto end;
-                       if (BIO_reset(in) != 0)
-                               {
-                               BIO_puts(bio_err, "Can't rewind input file\n");
-                               goto end;
-                               }
-                       }
-               }
-       else
-               {
-               if (informat == FORMAT_SMIME) 
-                       p7 = SMIME_read_PKCS7(in, &indata);
-               else if (informat == FORMAT_PEM) 
-                       p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
-               else if (informat == FORMAT_ASN1) 
-                       p7 = d2i_PKCS7_bio(in, NULL);
-               else
-                       {
-                       BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
-                       goto end;
-                       }
-
-               if (!p7)
-                       {
-                       BIO_printf(bio_err, "Error reading S/MIME message\n");
-                       goto end;
-                       }
-               if (contfile)
-                       {
-                       BIO_free(indata);
-                       if (!(indata = BIO_new_file(contfile, "rb")))
-                               {
-                               BIO_printf(bio_err, "Can't read content file %s\n", contfile);
-                               goto end;
-                               }
                        }
                }
 
@@ -736,11 +781,16 @@ int MAIN(int argc, char **argv)
                if (subject)
                        BIO_printf(out, "Subject: %s\n", subject);
                if (outformat == FORMAT_SMIME) 
-                       SMIME_write_PKCS7(out, p7, in, flags);
+                       {
+                       if (operation == SMIME_RESIGN)
+                               SMIME_write_PKCS7(out, p7, indata, flags);
+                       else
+                               SMIME_write_PKCS7(out, p7, in, flags);
+                       }
                else if (outformat == FORMAT_PEM) 
-                       PEM_write_bio_PKCS7(out,p7);
+                       PEM_write_bio_PKCS7_stream(out, p7, in, flags);
                else if (outformat == FORMAT_ASN1) 
-                       i2d_PKCS7_bio(out,p7);
+                       i2d_PKCS7_bio_stream(out,p7, in, flags);
                else
                        {
                        BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
@@ -757,9 +807,9 @@ end:
        if (vpm)
                X509_VERIFY_PARAM_free(vpm);
        if (sksigners)
-               sk_free(sksigners);
+               sk_OPENSSL_STRING_free(sksigners);
        if (skkeys)
-               sk_free(skkeys);
+               sk_OPENSSL_STRING_free(skkeys);
        X509_STORE_free(store);
        X509_free(cert);
        X509_free(recip);