1f579bf8eSKris Kennaway /* smime.c */ 2f579bf8eSKris Kennaway /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 33b4e3dcbSSimon L. B. Nielsen * project. 4f579bf8eSKris Kennaway */ 5f579bf8eSKris Kennaway /* ==================================================================== 63b4e3dcbSSimon L. B. Nielsen * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. 7f579bf8eSKris Kennaway * 8f579bf8eSKris Kennaway * Redistribution and use in source and binary forms, with or without 9f579bf8eSKris Kennaway * modification, are permitted provided that the following conditions 10f579bf8eSKris Kennaway * are met: 11f579bf8eSKris Kennaway * 12f579bf8eSKris Kennaway * 1. Redistributions of source code must retain the above copyright 13f579bf8eSKris Kennaway * notice, this list of conditions and the following disclaimer. 14f579bf8eSKris Kennaway * 15f579bf8eSKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright 16f579bf8eSKris Kennaway * notice, this list of conditions and the following disclaimer in 17f579bf8eSKris Kennaway * the documentation and/or other materials provided with the 18f579bf8eSKris Kennaway * distribution. 19f579bf8eSKris Kennaway * 20f579bf8eSKris Kennaway * 3. All advertising materials mentioning features or use of this 21f579bf8eSKris Kennaway * software must display the following acknowledgment: 22f579bf8eSKris Kennaway * "This product includes software developed by the OpenSSL Project 23f579bf8eSKris Kennaway * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24f579bf8eSKris Kennaway * 25f579bf8eSKris Kennaway * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26f579bf8eSKris Kennaway * endorse or promote products derived from this software without 27f579bf8eSKris Kennaway * prior written permission. For written permission, please contact 28f579bf8eSKris Kennaway * licensing@OpenSSL.org. 29f579bf8eSKris Kennaway * 30f579bf8eSKris Kennaway * 5. Products derived from this software may not be called "OpenSSL" 31f579bf8eSKris Kennaway * nor may "OpenSSL" appear in their names without prior written 32f579bf8eSKris Kennaway * permission of the OpenSSL Project. 33f579bf8eSKris Kennaway * 34f579bf8eSKris Kennaway * 6. Redistributions of any form whatsoever must retain the following 35f579bf8eSKris Kennaway * acknowledgment: 36f579bf8eSKris Kennaway * "This product includes software developed by the OpenSSL Project 37f579bf8eSKris Kennaway * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38f579bf8eSKris Kennaway * 39f579bf8eSKris Kennaway * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40f579bf8eSKris Kennaway * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41f579bf8eSKris Kennaway * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42f579bf8eSKris Kennaway * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43f579bf8eSKris Kennaway * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44f579bf8eSKris Kennaway * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45f579bf8eSKris Kennaway * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46f579bf8eSKris Kennaway * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47f579bf8eSKris Kennaway * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48f579bf8eSKris Kennaway * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49f579bf8eSKris Kennaway * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50f579bf8eSKris Kennaway * OF THE POSSIBILITY OF SUCH DAMAGE. 51f579bf8eSKris Kennaway * ==================================================================== 52f579bf8eSKris Kennaway * 53f579bf8eSKris Kennaway * This product includes cryptographic software written by Eric Young 54f579bf8eSKris Kennaway * (eay@cryptsoft.com). This product includes software written by Tim 55f579bf8eSKris Kennaway * Hudson (tjh@cryptsoft.com). 56f579bf8eSKris Kennaway * 57f579bf8eSKris Kennaway */ 58f579bf8eSKris Kennaway 59f579bf8eSKris Kennaway /* S/MIME utility function */ 60f579bf8eSKris Kennaway 61f579bf8eSKris Kennaway #include <stdio.h> 62f579bf8eSKris Kennaway #include <string.h> 63f579bf8eSKris Kennaway #include "apps.h" 64f579bf8eSKris Kennaway #include <openssl/crypto.h> 65f579bf8eSKris Kennaway #include <openssl/pem.h> 66f579bf8eSKris Kennaway #include <openssl/err.h> 673b4e3dcbSSimon L. B. Nielsen #include <openssl/x509_vfy.h> 683b4e3dcbSSimon L. B. Nielsen #include <openssl/x509v3.h> 69f579bf8eSKris Kennaway 70f579bf8eSKris Kennaway #undef PROG 71f579bf8eSKris Kennaway #define PROG smime_main 72f579bf8eSKris Kennaway static int save_certs(char *signerfile, STACK_OF(X509) *signers); 733b4e3dcbSSimon L. B. Nielsen static int smime_cb(int ok, X509_STORE_CTX *ctx); 74f579bf8eSKris Kennaway 75f579bf8eSKris Kennaway #define SMIME_OP 0x10 76f579bf8eSKris Kennaway #define SMIME_ENCRYPT (1 | SMIME_OP) 77f579bf8eSKris Kennaway #define SMIME_DECRYPT 2 78f579bf8eSKris Kennaway #define SMIME_SIGN (3 | SMIME_OP) 79f579bf8eSKris Kennaway #define SMIME_VERIFY 4 80f579bf8eSKris Kennaway #define SMIME_PK7OUT 5 81f579bf8eSKris Kennaway 82f579bf8eSKris Kennaway int MAIN(int, char **); 83f579bf8eSKris Kennaway 84f579bf8eSKris Kennaway int MAIN(int argc, char **argv) 85f579bf8eSKris Kennaway { 865c87c606SMark Murray ENGINE *e = NULL; 87f579bf8eSKris Kennaway int operation = 0; 88f579bf8eSKris Kennaway int ret = 0; 89f579bf8eSKris Kennaway char **args; 903b4e3dcbSSimon L. B. Nielsen const char *inmode = "r", *outmode = "w"; 91f579bf8eSKris Kennaway char *infile = NULL, *outfile = NULL; 92f579bf8eSKris Kennaway char *signerfile = NULL, *recipfile = NULL; 93ddd58736SKris Kennaway char *certfile = NULL, *keyfile = NULL, *contfile=NULL; 945c87c606SMark Murray const EVP_CIPHER *cipher = NULL; 95f579bf8eSKris Kennaway PKCS7 *p7 = NULL; 96f579bf8eSKris Kennaway X509_STORE *store = NULL; 97f579bf8eSKris Kennaway X509 *cert = NULL, *recip = NULL, *signer = NULL; 98f579bf8eSKris Kennaway EVP_PKEY *key = NULL; 99f579bf8eSKris Kennaway STACK_OF(X509) *encerts = NULL, *other = NULL; 100f579bf8eSKris Kennaway BIO *in = NULL, *out = NULL, *indata = NULL; 101f579bf8eSKris Kennaway int badarg = 0; 1023b4e3dcbSSimon L. B. Nielsen int flags = PKCS7_DETACHED; 103f579bf8eSKris Kennaway char *to = NULL, *from = NULL, *subject = NULL; 104f579bf8eSKris Kennaway char *CAfile = NULL, *CApath = NULL; 105f579bf8eSKris Kennaway char *passargin = NULL, *passin = NULL; 106f579bf8eSKris Kennaway char *inrand = NULL; 107f579bf8eSKris Kennaway int need_rand = 0; 108ddd58736SKris Kennaway int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; 1095c87c606SMark Murray int keyform = FORMAT_PEM; 110fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 1115c87c606SMark Murray char *engine=NULL; 112fceca8a3SJacques Vidrine #endif 113f579bf8eSKris Kennaway 1143b4e3dcbSSimon L. B. Nielsen X509_VERIFY_PARAM *vpm = NULL; 1153b4e3dcbSSimon L. B. Nielsen 1165c87c606SMark Murray args = argv + 1; 117f579bf8eSKris Kennaway ret = 1; 118f579bf8eSKris Kennaway 1195c87c606SMark Murray apps_startup(); 1205c87c606SMark Murray 1215c87c606SMark Murray if (bio_err == NULL) 1223b4e3dcbSSimon L. B. Nielsen { 1235c87c606SMark Murray if ((bio_err = BIO_new(BIO_s_file())) != NULL) 1245c87c606SMark Murray BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT); 1253b4e3dcbSSimon L. B. Nielsen } 1265c87c606SMark Murray 1275c87c606SMark Murray if (!load_config(bio_err, NULL)) 1285c87c606SMark Murray goto end; 1295c87c606SMark Murray 1303b4e3dcbSSimon L. B. Nielsen while (!badarg && *args && *args[0] == '-') 1313b4e3dcbSSimon L. B. Nielsen { 1323b4e3dcbSSimon L. B. Nielsen if (!strcmp (*args, "-encrypt")) 1333b4e3dcbSSimon L. B. Nielsen operation = SMIME_ENCRYPT; 1343b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-decrypt")) 1353b4e3dcbSSimon L. B. Nielsen operation = SMIME_DECRYPT; 1363b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-sign")) 1373b4e3dcbSSimon L. B. Nielsen operation = SMIME_SIGN; 1383b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-verify")) 1393b4e3dcbSSimon L. B. Nielsen operation = SMIME_VERIFY; 1403b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-pk7out")) 1413b4e3dcbSSimon L. B. Nielsen operation = SMIME_PK7OUT; 1425c87c606SMark Murray #ifndef OPENSSL_NO_DES 143f579bf8eSKris Kennaway else if (!strcmp (*args, "-des3")) 144f579bf8eSKris Kennaway cipher = EVP_des_ede3_cbc(); 145f579bf8eSKris Kennaway else if (!strcmp (*args, "-des")) 146f579bf8eSKris Kennaway cipher = EVP_des_cbc(); 147f579bf8eSKris Kennaway #endif 1485c87c606SMark Murray #ifndef OPENSSL_NO_RC2 149f579bf8eSKris Kennaway else if (!strcmp (*args, "-rc2-40")) 150f579bf8eSKris Kennaway cipher = EVP_rc2_40_cbc(); 151f579bf8eSKris Kennaway else if (!strcmp (*args, "-rc2-128")) 152f579bf8eSKris Kennaway cipher = EVP_rc2_cbc(); 153f579bf8eSKris Kennaway else if (!strcmp (*args, "-rc2-64")) 154f579bf8eSKris Kennaway cipher = EVP_rc2_64_cbc(); 155f579bf8eSKris Kennaway #endif 1565c87c606SMark Murray #ifndef OPENSSL_NO_AES 1575c87c606SMark Murray else if (!strcmp(*args,"-aes128")) 1585c87c606SMark Murray cipher = EVP_aes_128_cbc(); 1595c87c606SMark Murray else if (!strcmp(*args,"-aes192")) 1605c87c606SMark Murray cipher = EVP_aes_192_cbc(); 1615c87c606SMark Murray else if (!strcmp(*args,"-aes256")) 1625c87c606SMark Murray cipher = EVP_aes_256_cbc(); 1635c87c606SMark Murray #endif 164f579bf8eSKris Kennaway else if (!strcmp (*args, "-text")) 165f579bf8eSKris Kennaway flags |= PKCS7_TEXT; 166f579bf8eSKris Kennaway else if (!strcmp (*args, "-nointern")) 167f579bf8eSKris Kennaway flags |= PKCS7_NOINTERN; 168f579bf8eSKris Kennaway else if (!strcmp (*args, "-noverify")) 169f579bf8eSKris Kennaway flags |= PKCS7_NOVERIFY; 170f579bf8eSKris Kennaway else if (!strcmp (*args, "-nochain")) 171f579bf8eSKris Kennaway flags |= PKCS7_NOCHAIN; 172f579bf8eSKris Kennaway else if (!strcmp (*args, "-nocerts")) 173f579bf8eSKris Kennaway flags |= PKCS7_NOCERTS; 174f579bf8eSKris Kennaway else if (!strcmp (*args, "-noattr")) 175f579bf8eSKris Kennaway flags |= PKCS7_NOATTR; 176f579bf8eSKris Kennaway else if (!strcmp (*args, "-nodetach")) 177f579bf8eSKris Kennaway flags &= ~PKCS7_DETACHED; 178ddd58736SKris Kennaway else if (!strcmp (*args, "-nosmimecap")) 179ddd58736SKris Kennaway flags |= PKCS7_NOSMIMECAP; 180f579bf8eSKris Kennaway else if (!strcmp (*args, "-binary")) 181f579bf8eSKris Kennaway flags |= PKCS7_BINARY; 182f579bf8eSKris Kennaway else if (!strcmp (*args, "-nosigs")) 183f579bf8eSKris Kennaway flags |= PKCS7_NOSIGS; 18450ef0093SJacques Vidrine else if (!strcmp (*args, "-nooldmime")) 18550ef0093SJacques Vidrine flags |= PKCS7_NOOLDMIMETYPE; 18650ef0093SJacques Vidrine else if (!strcmp (*args, "-crlfeol")) 18750ef0093SJacques Vidrine flags |= PKCS7_CRLFEOL; 1883b4e3dcbSSimon L. B. Nielsen else if (!strcmp(*args,"-rand")) 1893b4e3dcbSSimon L. B. Nielsen { 1903b4e3dcbSSimon L. B. Nielsen if (args[1]) 1913b4e3dcbSSimon L. B. Nielsen { 192f579bf8eSKris Kennaway args++; 193f579bf8eSKris Kennaway inrand = *args; 1943b4e3dcbSSimon L. B. Nielsen } 1953b4e3dcbSSimon L. B. Nielsen else 1963b4e3dcbSSimon L. B. Nielsen badarg = 1; 197f579bf8eSKris Kennaway need_rand = 1; 1983b4e3dcbSSimon L. B. Nielsen } 199fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 2003b4e3dcbSSimon L. B. Nielsen else if (!strcmp(*args,"-engine")) 2013b4e3dcbSSimon L. B. Nielsen { 2023b4e3dcbSSimon L. B. Nielsen if (args[1]) 2033b4e3dcbSSimon L. B. Nielsen { 2045c87c606SMark Murray args++; 2055c87c606SMark Murray engine = *args; 2063b4e3dcbSSimon L. B. Nielsen } 2073b4e3dcbSSimon L. B. Nielsen else badarg = 1; 2083b4e3dcbSSimon L. B. Nielsen } 209fceca8a3SJacques Vidrine #endif 2103b4e3dcbSSimon L. B. Nielsen else if (!strcmp(*args,"-passin")) 2113b4e3dcbSSimon L. B. Nielsen { 2123b4e3dcbSSimon L. B. Nielsen if (args[1]) 2133b4e3dcbSSimon L. B. Nielsen { 214f579bf8eSKris Kennaway args++; 215f579bf8eSKris Kennaway passargin = *args; 2163b4e3dcbSSimon L. B. Nielsen } 2173b4e3dcbSSimon L. B. Nielsen else 2183b4e3dcbSSimon L. B. Nielsen badarg = 1; 2193b4e3dcbSSimon L. B. Nielsen } 2203b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-to")) 2213b4e3dcbSSimon L. B. Nielsen { 2223b4e3dcbSSimon L. B. Nielsen if (args[1]) 2233b4e3dcbSSimon L. B. Nielsen { 224f579bf8eSKris Kennaway args++; 225f579bf8eSKris Kennaway to = *args; 2263b4e3dcbSSimon L. B. Nielsen } 2273b4e3dcbSSimon L. B. Nielsen else 2283b4e3dcbSSimon L. B. Nielsen badarg = 1; 2293b4e3dcbSSimon L. B. Nielsen } 2303b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-from")) 2313b4e3dcbSSimon L. B. Nielsen { 2323b4e3dcbSSimon L. B. Nielsen if (args[1]) 2333b4e3dcbSSimon L. B. Nielsen { 234f579bf8eSKris Kennaway args++; 235f579bf8eSKris Kennaway from = *args; 2363b4e3dcbSSimon L. B. Nielsen } 2373b4e3dcbSSimon L. B. Nielsen else badarg = 1; 2383b4e3dcbSSimon L. B. Nielsen } 2393b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-subject")) 2403b4e3dcbSSimon L. B. Nielsen { 2413b4e3dcbSSimon L. B. Nielsen if (args[1]) 2423b4e3dcbSSimon L. B. Nielsen { 243f579bf8eSKris Kennaway args++; 244f579bf8eSKris Kennaway subject = *args; 2453b4e3dcbSSimon L. B. Nielsen } 2463b4e3dcbSSimon L. B. Nielsen else 2473b4e3dcbSSimon L. B. Nielsen badarg = 1; 2483b4e3dcbSSimon L. B. Nielsen } 2493b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-signer")) 2503b4e3dcbSSimon L. B. Nielsen { 2513b4e3dcbSSimon L. B. Nielsen if (args[1]) 2523b4e3dcbSSimon L. B. Nielsen { 253f579bf8eSKris Kennaway args++; 254f579bf8eSKris Kennaway signerfile = *args; 2553b4e3dcbSSimon L. B. Nielsen } 2563b4e3dcbSSimon L. B. Nielsen else 2573b4e3dcbSSimon L. B. Nielsen badarg = 1; 2583b4e3dcbSSimon L. B. Nielsen } 2593b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-recip")) 2603b4e3dcbSSimon L. B. Nielsen { 2613b4e3dcbSSimon L. B. Nielsen if (args[1]) 2623b4e3dcbSSimon L. B. Nielsen { 263f579bf8eSKris Kennaway args++; 264f579bf8eSKris Kennaway recipfile = *args; 2653b4e3dcbSSimon L. B. Nielsen } 2663b4e3dcbSSimon L. B. Nielsen else badarg = 1; 2673b4e3dcbSSimon L. B. Nielsen } 2683b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-inkey")) 2693b4e3dcbSSimon L. B. Nielsen { 2703b4e3dcbSSimon L. B. Nielsen if (args[1]) 2713b4e3dcbSSimon L. B. Nielsen { 272f579bf8eSKris Kennaway args++; 273f579bf8eSKris Kennaway keyfile = *args; 2743b4e3dcbSSimon L. B. Nielsen } 2753b4e3dcbSSimon L. B. Nielsen else 2763b4e3dcbSSimon L. B. Nielsen badarg = 1; 2773b4e3dcbSSimon L. B. Nielsen } 2783b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-keyform")) 2793b4e3dcbSSimon L. B. Nielsen { 2803b4e3dcbSSimon L. B. Nielsen if (args[1]) 2813b4e3dcbSSimon L. B. Nielsen { 2825c87c606SMark Murray args++; 2835c87c606SMark Murray keyform = str2fmt(*args); 2843b4e3dcbSSimon L. B. Nielsen } 2853b4e3dcbSSimon L. B. Nielsen else 2863b4e3dcbSSimon L. B. Nielsen badarg = 1; 2873b4e3dcbSSimon L. B. Nielsen } 2883b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-certfile")) 2893b4e3dcbSSimon L. B. Nielsen { 2903b4e3dcbSSimon L. B. Nielsen if (args[1]) 2913b4e3dcbSSimon L. B. Nielsen { 292f579bf8eSKris Kennaway args++; 293f579bf8eSKris Kennaway certfile = *args; 2943b4e3dcbSSimon L. B. Nielsen } 2953b4e3dcbSSimon L. B. Nielsen else 2963b4e3dcbSSimon L. B. Nielsen badarg = 1; 2973b4e3dcbSSimon L. B. Nielsen } 2983b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-CAfile")) 2993b4e3dcbSSimon L. B. Nielsen { 3003b4e3dcbSSimon L. B. Nielsen if (args[1]) 3013b4e3dcbSSimon L. B. Nielsen { 302f579bf8eSKris Kennaway args++; 303f579bf8eSKris Kennaway CAfile = *args; 3043b4e3dcbSSimon L. B. Nielsen } 3053b4e3dcbSSimon L. B. Nielsen else 3063b4e3dcbSSimon L. B. Nielsen badarg = 1; 3073b4e3dcbSSimon L. B. Nielsen } 3083b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-CApath")) 3093b4e3dcbSSimon L. B. Nielsen { 3103b4e3dcbSSimon L. B. Nielsen if (args[1]) 3113b4e3dcbSSimon L. B. Nielsen { 312f579bf8eSKris Kennaway args++; 313f579bf8eSKris Kennaway CApath = *args; 3143b4e3dcbSSimon L. B. Nielsen } 3153b4e3dcbSSimon L. B. Nielsen else 3163b4e3dcbSSimon L. B. Nielsen badarg = 1; 3173b4e3dcbSSimon L. B. Nielsen } 3183b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-in")) 3193b4e3dcbSSimon L. B. Nielsen { 3203b4e3dcbSSimon L. B. Nielsen if (args[1]) 3213b4e3dcbSSimon L. B. Nielsen { 322f579bf8eSKris Kennaway args++; 323f579bf8eSKris Kennaway infile = *args; 3243b4e3dcbSSimon L. B. Nielsen } 3253b4e3dcbSSimon L. B. Nielsen else 3263b4e3dcbSSimon L. B. Nielsen badarg = 1; 3273b4e3dcbSSimon L. B. Nielsen } 3283b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-inform")) 3293b4e3dcbSSimon L. B. Nielsen { 3303b4e3dcbSSimon L. B. Nielsen if (args[1]) 3313b4e3dcbSSimon L. B. Nielsen { 332ddd58736SKris Kennaway args++; 333ddd58736SKris Kennaway informat = str2fmt(*args); 3343b4e3dcbSSimon L. B. Nielsen } 3353b4e3dcbSSimon L. B. Nielsen else 3363b4e3dcbSSimon L. B. Nielsen badarg = 1; 3373b4e3dcbSSimon L. B. Nielsen } 3383b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-outform")) 3393b4e3dcbSSimon L. B. Nielsen { 3403b4e3dcbSSimon L. B. Nielsen if (args[1]) 3413b4e3dcbSSimon L. B. Nielsen { 342ddd58736SKris Kennaway args++; 343ddd58736SKris Kennaway outformat = str2fmt(*args); 3443b4e3dcbSSimon L. B. Nielsen } 3453b4e3dcbSSimon L. B. Nielsen else 3463b4e3dcbSSimon L. B. Nielsen badarg = 1; 3473b4e3dcbSSimon L. B. Nielsen } 3483b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-out")) 3493b4e3dcbSSimon L. B. Nielsen { 3503b4e3dcbSSimon L. B. Nielsen if (args[1]) 3513b4e3dcbSSimon L. B. Nielsen { 352f579bf8eSKris Kennaway args++; 353f579bf8eSKris Kennaway outfile = *args; 3543b4e3dcbSSimon L. B. Nielsen } 3553b4e3dcbSSimon L. B. Nielsen else 3563b4e3dcbSSimon L. B. Nielsen badarg = 1; 3573b4e3dcbSSimon L. B. Nielsen } 3583b4e3dcbSSimon L. B. Nielsen else if (!strcmp (*args, "-content")) 3593b4e3dcbSSimon L. B. Nielsen { 3603b4e3dcbSSimon L. B. Nielsen if (args[1]) 3613b4e3dcbSSimon L. B. Nielsen { 362ddd58736SKris Kennaway args++; 363ddd58736SKris Kennaway contfile = *args; 3643b4e3dcbSSimon L. B. Nielsen } 3653b4e3dcbSSimon L. B. Nielsen else 3663b4e3dcbSSimon L. B. Nielsen badarg = 1; 3673b4e3dcbSSimon L. B. Nielsen } 3683b4e3dcbSSimon L. B. Nielsen else if (args_verify(&args, NULL, &badarg, bio_err, &vpm)) 3693b4e3dcbSSimon L. B. Nielsen continue; 3703b4e3dcbSSimon L. B. Nielsen else 3713b4e3dcbSSimon L. B. Nielsen badarg = 1; 372f579bf8eSKris Kennaway args++; 373f579bf8eSKris Kennaway } 374f579bf8eSKris Kennaway 3753b4e3dcbSSimon L. B. Nielsen 3763b4e3dcbSSimon L. B. Nielsen if (operation == SMIME_SIGN) 3773b4e3dcbSSimon L. B. Nielsen { 3783b4e3dcbSSimon L. B. Nielsen if (!signerfile) 3793b4e3dcbSSimon L. B. Nielsen { 380f579bf8eSKris Kennaway BIO_printf(bio_err, "No signer certificate specified\n"); 381f579bf8eSKris Kennaway badarg = 1; 382f579bf8eSKris Kennaway } 383f579bf8eSKris Kennaway need_rand = 1; 3843b4e3dcbSSimon L. B. Nielsen } 3853b4e3dcbSSimon L. B. Nielsen else if (operation == SMIME_DECRYPT) 3863b4e3dcbSSimon L. B. Nielsen { 3873b4e3dcbSSimon L. B. Nielsen if (!recipfile && !keyfile) 3883b4e3dcbSSimon L. B. Nielsen { 3893b4e3dcbSSimon L. B. Nielsen BIO_printf(bio_err, "No recipient certificate or key specified\n"); 390f579bf8eSKris Kennaway badarg = 1; 391f579bf8eSKris Kennaway } 3923b4e3dcbSSimon L. B. Nielsen } 3933b4e3dcbSSimon L. B. Nielsen else if (operation == SMIME_ENCRYPT) 3943b4e3dcbSSimon L. B. Nielsen { 3953b4e3dcbSSimon L. B. Nielsen if (!*args) 3963b4e3dcbSSimon L. B. Nielsen { 397f579bf8eSKris Kennaway BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); 398f579bf8eSKris Kennaway badarg = 1; 399f579bf8eSKris Kennaway } 400f579bf8eSKris Kennaway need_rand = 1; 4013b4e3dcbSSimon L. B. Nielsen } 4023b4e3dcbSSimon L. B. Nielsen else if (!operation) 4033b4e3dcbSSimon L. B. Nielsen badarg = 1; 404f579bf8eSKris Kennaway 4053b4e3dcbSSimon L. B. Nielsen if (badarg) 4063b4e3dcbSSimon L. B. Nielsen { 407f579bf8eSKris Kennaway BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); 408f579bf8eSKris Kennaway BIO_printf (bio_err, "where options are\n"); 409f579bf8eSKris Kennaway BIO_printf (bio_err, "-encrypt encrypt message\n"); 410f579bf8eSKris Kennaway BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); 411f579bf8eSKris Kennaway BIO_printf (bio_err, "-sign sign message\n"); 412f579bf8eSKris Kennaway BIO_printf (bio_err, "-verify verify signed message\n"); 413f579bf8eSKris Kennaway BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n"); 4145c87c606SMark Murray #ifndef OPENSSL_NO_DES 415f579bf8eSKris Kennaway BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); 416f579bf8eSKris Kennaway BIO_printf (bio_err, "-des encrypt with DES\n"); 417f579bf8eSKris Kennaway #endif 4185c87c606SMark Murray #ifndef OPENSSL_NO_RC2 419f579bf8eSKris Kennaway BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n"); 420f579bf8eSKris Kennaway BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); 421f579bf8eSKris Kennaway BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); 422f579bf8eSKris Kennaway #endif 4235c87c606SMark Murray #ifndef OPENSSL_NO_AES 4245c87c606SMark Murray BIO_printf (bio_err, "-aes128, -aes192, -aes256\n"); 4255c87c606SMark Murray BIO_printf (bio_err, " encrypt PEM output with cbc aes\n"); 4265c87c606SMark Murray #endif 427f579bf8eSKris Kennaway BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n"); 428f579bf8eSKris Kennaway BIO_printf (bio_err, "-nosigs don't verify message signature\n"); 429f579bf8eSKris Kennaway BIO_printf (bio_err, "-noverify don't verify signers certificate\n"); 430f579bf8eSKris Kennaway BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n"); 431f579bf8eSKris Kennaway BIO_printf (bio_err, "-nodetach use opaque signing\n"); 432f579bf8eSKris Kennaway BIO_printf (bio_err, "-noattr don't include any signed attributes\n"); 433f579bf8eSKris Kennaway BIO_printf (bio_err, "-binary don't translate message to text\n"); 434f579bf8eSKris Kennaway BIO_printf (bio_err, "-certfile file other certificates file\n"); 435f579bf8eSKris Kennaway BIO_printf (bio_err, "-signer file signer certificate file\n"); 436f579bf8eSKris Kennaway BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); 437f579bf8eSKris Kennaway BIO_printf (bio_err, "-in file input file\n"); 438ddd58736SKris Kennaway BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); 439f579bf8eSKris Kennaway BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); 4405c87c606SMark Murray BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n"); 441f579bf8eSKris Kennaway BIO_printf (bio_err, "-out file output file\n"); 442ddd58736SKris Kennaway BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n"); 443ddd58736SKris Kennaway BIO_printf (bio_err, "-content file supply or override content for detached signature\n"); 444f579bf8eSKris Kennaway BIO_printf (bio_err, "-to addr to address\n"); 445f579bf8eSKris Kennaway BIO_printf (bio_err, "-from ad from address\n"); 446f579bf8eSKris Kennaway BIO_printf (bio_err, "-subject s subject\n"); 447f579bf8eSKris Kennaway BIO_printf (bio_err, "-text include or delete text MIME headers\n"); 448f579bf8eSKris Kennaway BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 449f579bf8eSKris Kennaway BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 4505c87c606SMark Murray BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); 4515c87c606SMark Murray BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); 452fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 4535c87c606SMark Murray BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); 454fceca8a3SJacques Vidrine #endif 45526d191b4SKris Kennaway BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); 456f579bf8eSKris Kennaway BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 457f579bf8eSKris Kennaway BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); 458f579bf8eSKris Kennaway BIO_printf(bio_err, " the random number generator\n"); 459f579bf8eSKris Kennaway BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); 460f579bf8eSKris Kennaway goto end; 461f579bf8eSKris Kennaway } 462f579bf8eSKris Kennaway 463fceca8a3SJacques Vidrine #ifndef OPENSSL_NO_ENGINE 4645c87c606SMark Murray e = setup_engine(bio_err, engine, 0); 465fceca8a3SJacques Vidrine #endif 4665c87c606SMark Murray 4673b4e3dcbSSimon L. B. Nielsen if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 4683b4e3dcbSSimon L. B. Nielsen { 469f579bf8eSKris Kennaway BIO_printf(bio_err, "Error getting password\n"); 470f579bf8eSKris Kennaway goto end; 471f579bf8eSKris Kennaway } 472f579bf8eSKris Kennaway 4733b4e3dcbSSimon L. B. Nielsen if (need_rand) 4743b4e3dcbSSimon L. B. Nielsen { 475f579bf8eSKris Kennaway app_RAND_load_file(NULL, bio_err, (inrand != NULL)); 476f579bf8eSKris Kennaway if (inrand != NULL) 477f579bf8eSKris Kennaway BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 478f579bf8eSKris Kennaway app_RAND_load_files(inrand)); 479f579bf8eSKris Kennaway } 480f579bf8eSKris Kennaway 481f579bf8eSKris Kennaway ret = 2; 482f579bf8eSKris Kennaway 4833b4e3dcbSSimon L. B. Nielsen if (operation != SMIME_SIGN) 4843b4e3dcbSSimon L. B. Nielsen flags &= ~PKCS7_DETACHED; 485f579bf8eSKris Kennaway 4863b4e3dcbSSimon L. B. Nielsen if (operation & SMIME_OP) 4873b4e3dcbSSimon L. B. Nielsen { 4883b4e3dcbSSimon L. B. Nielsen if (flags & PKCS7_BINARY) 4893b4e3dcbSSimon L. B. Nielsen inmode = "rb"; 4903b4e3dcbSSimon L. B. Nielsen if (outformat == FORMAT_ASN1) 4913b4e3dcbSSimon L. B. Nielsen outmode = "wb"; 4923b4e3dcbSSimon L. B. Nielsen } 4933b4e3dcbSSimon L. B. Nielsen else 4943b4e3dcbSSimon L. B. Nielsen { 4953b4e3dcbSSimon L. B. Nielsen if (flags & PKCS7_BINARY) 4963b4e3dcbSSimon L. B. Nielsen outmode = "wb"; 4973b4e3dcbSSimon L. B. Nielsen if (informat == FORMAT_ASN1) 4983b4e3dcbSSimon L. B. Nielsen inmode = "rb"; 499f579bf8eSKris Kennaway } 500f579bf8eSKris Kennaway 5013b4e3dcbSSimon L. B. Nielsen if (operation == SMIME_ENCRYPT) 5023b4e3dcbSSimon L. B. Nielsen { 5033b4e3dcbSSimon L. B. Nielsen if (!cipher) 5043b4e3dcbSSimon L. B. Nielsen { 5055c87c606SMark Murray #ifndef OPENSSL_NO_RC2 506f579bf8eSKris Kennaway cipher = EVP_rc2_40_cbc(); 507f579bf8eSKris Kennaway #else 508f579bf8eSKris Kennaway BIO_printf(bio_err, "No cipher selected\n"); 509f579bf8eSKris Kennaway goto end; 510f579bf8eSKris Kennaway #endif 511f579bf8eSKris Kennaway } 512f579bf8eSKris Kennaway encerts = sk_X509_new_null(); 5133b4e3dcbSSimon L. B. Nielsen while (*args) 5143b4e3dcbSSimon L. B. Nielsen { 5155c87c606SMark Murray if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, 5163b4e3dcbSSimon L. B. Nielsen NULL, e, "recipient certificate file"))) 5173b4e3dcbSSimon L. B. Nielsen { 5185c87c606SMark Murray #if 0 /* An appropriate message is already printed */ 519f579bf8eSKris Kennaway BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); 5205c87c606SMark Murray #endif 521f579bf8eSKris Kennaway goto end; 522f579bf8eSKris Kennaway } 523f579bf8eSKris Kennaway sk_X509_push(encerts, cert); 524f579bf8eSKris Kennaway cert = NULL; 525f579bf8eSKris Kennaway args++; 526f579bf8eSKris Kennaway } 527f579bf8eSKris Kennaway } 528f579bf8eSKris Kennaway 5293b4e3dcbSSimon L. B. Nielsen if (signerfile && (operation == SMIME_SIGN)) 5303b4e3dcbSSimon L. B. Nielsen { 5315c87c606SMark Murray if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL, 5323b4e3dcbSSimon L. B. Nielsen e, "signer certificate"))) 5333b4e3dcbSSimon L. B. Nielsen { 5345c87c606SMark Murray #if 0 /* An appropri message has already been printed */ 535f579bf8eSKris Kennaway BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); 5365c87c606SMark Murray #endif 537f579bf8eSKris Kennaway goto end; 538f579bf8eSKris Kennaway } 539f579bf8eSKris Kennaway } 540f579bf8eSKris Kennaway 5413b4e3dcbSSimon L. B. Nielsen if (certfile) 5423b4e3dcbSSimon L. B. Nielsen { 5435c87c606SMark Murray if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL, 5443b4e3dcbSSimon L. B. Nielsen e, "certificate file"))) 5453b4e3dcbSSimon L. B. Nielsen { 5465c87c606SMark Murray #if 0 /* An appropriate message has already been printed */ 547f579bf8eSKris Kennaway BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); 5485c87c606SMark Murray #endif 549f579bf8eSKris Kennaway ERR_print_errors(bio_err); 550f579bf8eSKris Kennaway goto end; 551f579bf8eSKris Kennaway } 552f579bf8eSKris Kennaway } 553f579bf8eSKris Kennaway 5543b4e3dcbSSimon L. B. Nielsen if (recipfile && (operation == SMIME_DECRYPT)) 5553b4e3dcbSSimon L. B. Nielsen { 5565c87c606SMark Murray if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL, 5573b4e3dcbSSimon L. B. Nielsen e, "recipient certificate file"))) 5583b4e3dcbSSimon L. B. Nielsen { 5595c87c606SMark Murray #if 0 /* An appropriate message has alrady been printed */ 560f579bf8eSKris Kennaway BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); 5615c87c606SMark Murray #endif 562f579bf8eSKris Kennaway ERR_print_errors(bio_err); 563f579bf8eSKris Kennaway goto end; 564f579bf8eSKris Kennaway } 565f579bf8eSKris Kennaway } 566f579bf8eSKris Kennaway 5673b4e3dcbSSimon L. B. Nielsen if (operation == SMIME_DECRYPT) 5683b4e3dcbSSimon L. B. Nielsen { 5693b4e3dcbSSimon L. B. Nielsen if (!keyfile) 5703b4e3dcbSSimon L. B. Nielsen keyfile = recipfile; 5713b4e3dcbSSimon L. B. Nielsen } 5723b4e3dcbSSimon L. B. Nielsen else if (operation == SMIME_SIGN) 5733b4e3dcbSSimon L. B. Nielsen { 5743b4e3dcbSSimon L. B. Nielsen if (!keyfile) 5753b4e3dcbSSimon L. B. Nielsen keyfile = signerfile; 5763b4e3dcbSSimon L. B. Nielsen } 5773b4e3dcbSSimon L. B. Nielsen else keyfile = NULL; 578f579bf8eSKris Kennaway 5793b4e3dcbSSimon L. B. Nielsen if (keyfile) 5803b4e3dcbSSimon L. B. Nielsen { 5815c87c606SMark Murray key = load_key(bio_err, keyfile, keyform, 0, passin, e, 5825c87c606SMark Murray "signing key file"); 5833b4e3dcbSSimon L. B. Nielsen if (!key) 584f579bf8eSKris Kennaway goto end; 585f579bf8eSKris Kennaway } 586f579bf8eSKris Kennaway 5873b4e3dcbSSimon L. B. Nielsen if (infile) 5883b4e3dcbSSimon L. B. Nielsen { 5893b4e3dcbSSimon L. B. Nielsen if (!(in = BIO_new_file(infile, inmode))) 5903b4e3dcbSSimon L. B. Nielsen { 591f579bf8eSKris Kennaway BIO_printf (bio_err, 592f579bf8eSKris Kennaway "Can't open input file %s\n", infile); 593f579bf8eSKris Kennaway goto end; 594f579bf8eSKris Kennaway } 5953b4e3dcbSSimon L. B. Nielsen } 5963b4e3dcbSSimon L. B. Nielsen else 5973b4e3dcbSSimon L. B. Nielsen in = BIO_new_fp(stdin, BIO_NOCLOSE); 598f579bf8eSKris Kennaway 5993b4e3dcbSSimon L. B. Nielsen if (outfile) 6003b4e3dcbSSimon L. B. Nielsen { 6013b4e3dcbSSimon L. B. Nielsen if (!(out = BIO_new_file(outfile, outmode))) 6023b4e3dcbSSimon L. B. Nielsen { 603f579bf8eSKris Kennaway BIO_printf (bio_err, 604f579bf8eSKris Kennaway "Can't open output file %s\n", outfile); 605f579bf8eSKris Kennaway goto end; 606f579bf8eSKris Kennaway } 6073b4e3dcbSSimon L. B. Nielsen } 6083b4e3dcbSSimon L. B. Nielsen else 6093b4e3dcbSSimon L. B. Nielsen { 610ddd58736SKris Kennaway out = BIO_new_fp(stdout, BIO_NOCLOSE); 6115c87c606SMark Murray #ifdef OPENSSL_SYS_VMS 612ddd58736SKris Kennaway { 613ddd58736SKris Kennaway BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 614ddd58736SKris Kennaway out = BIO_push(tmpbio, out); 615ddd58736SKris Kennaway } 616ddd58736SKris Kennaway #endif 617ddd58736SKris Kennaway } 618f579bf8eSKris Kennaway 6193b4e3dcbSSimon L. B. Nielsen if (operation == SMIME_VERIFY) 6203b4e3dcbSSimon L. B. Nielsen { 6213b4e3dcbSSimon L. B. Nielsen if (!(store = setup_verify(bio_err, CAfile, CApath))) 6223b4e3dcbSSimon L. B. Nielsen goto end; 6233b4e3dcbSSimon L. B. Nielsen X509_STORE_set_verify_cb_func(store, smime_cb); 6243b4e3dcbSSimon L. B. Nielsen if (vpm) 6253b4e3dcbSSimon L. B. Nielsen X509_STORE_set1_param(store, vpm); 626f579bf8eSKris Kennaway } 627f579bf8eSKris Kennaway 6285c87c606SMark Murray 629f579bf8eSKris Kennaway ret = 3; 630f579bf8eSKris Kennaway 6313b4e3dcbSSimon L. B. Nielsen if (operation == SMIME_ENCRYPT) 632f579bf8eSKris Kennaway p7 = PKCS7_encrypt(encerts, in, cipher, flags); 6333b4e3dcbSSimon L. B. Nielsen else if (operation == SMIME_SIGN) 6343b4e3dcbSSimon L. B. Nielsen { 6353b4e3dcbSSimon L. B. Nielsen /* If detached data and SMIME output enable partial 6363b4e3dcbSSimon L. B. Nielsen * signing. 6373b4e3dcbSSimon L. B. Nielsen */ 6383b4e3dcbSSimon L. B. Nielsen if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME)) 6393b4e3dcbSSimon L. B. Nielsen flags |= PKCS7_STREAM; 640f579bf8eSKris Kennaway p7 = PKCS7_sign(signer, key, other, in, flags); 6413b4e3dcbSSimon L. B. Nielsen /* Don't need to rewind for partial signing */ 6423b4e3dcbSSimon L. B. Nielsen if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) 6433b4e3dcbSSimon L. B. Nielsen { 644c1803d78SJacques Vidrine BIO_printf(bio_err, "Can't rewind input file\n"); 645c1803d78SJacques Vidrine goto end; 646c1803d78SJacques Vidrine } 6473b4e3dcbSSimon L. B. Nielsen } 6483b4e3dcbSSimon L. B. Nielsen else 6493b4e3dcbSSimon L. B. Nielsen { 650ddd58736SKris Kennaway if (informat == FORMAT_SMIME) 651ddd58736SKris Kennaway p7 = SMIME_read_PKCS7(in, &indata); 652ddd58736SKris Kennaway else if (informat == FORMAT_PEM) 653ddd58736SKris Kennaway p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL); 654ddd58736SKris Kennaway else if (informat == FORMAT_ASN1) 655ddd58736SKris Kennaway p7 = d2i_PKCS7_bio(in, NULL); 6563b4e3dcbSSimon L. B. Nielsen else 6573b4e3dcbSSimon L. B. Nielsen { 658ddd58736SKris Kennaway BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); 659ddd58736SKris Kennaway goto end; 660ddd58736SKris Kennaway } 661ddd58736SKris Kennaway 6623b4e3dcbSSimon L. B. Nielsen if (!p7) 6633b4e3dcbSSimon L. B. Nielsen { 664f579bf8eSKris Kennaway BIO_printf(bio_err, "Error reading S/MIME message\n"); 665f579bf8eSKris Kennaway goto end; 666f579bf8eSKris Kennaway } 6673b4e3dcbSSimon L. B. Nielsen if (contfile) 6683b4e3dcbSSimon L. B. Nielsen { 669ddd58736SKris Kennaway BIO_free(indata); 6703b4e3dcbSSimon L. B. Nielsen if (!(indata = BIO_new_file(contfile, "rb"))) 6713b4e3dcbSSimon L. B. Nielsen { 672ddd58736SKris Kennaway BIO_printf(bio_err, "Can't read content file %s\n", contfile); 673ddd58736SKris Kennaway goto end; 674ddd58736SKris Kennaway } 675ddd58736SKris Kennaway } 676f579bf8eSKris Kennaway } 677f579bf8eSKris Kennaway 6783b4e3dcbSSimon L. B. Nielsen if (!p7) 6793b4e3dcbSSimon L. B. Nielsen { 680f579bf8eSKris Kennaway BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); 681f579bf8eSKris Kennaway goto end; 682f579bf8eSKris Kennaway } 683f579bf8eSKris Kennaway 684f579bf8eSKris Kennaway ret = 4; 6853b4e3dcbSSimon L. B. Nielsen if (operation == SMIME_DECRYPT) 6863b4e3dcbSSimon L. B. Nielsen { 6873b4e3dcbSSimon L. B. Nielsen if (!PKCS7_decrypt(p7, key, recip, out, flags)) 6883b4e3dcbSSimon L. B. Nielsen { 689f579bf8eSKris Kennaway BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); 690f579bf8eSKris Kennaway goto end; 691f579bf8eSKris Kennaway } 6923b4e3dcbSSimon L. B. Nielsen } 6933b4e3dcbSSimon L. B. Nielsen else if (operation == SMIME_VERIFY) 6943b4e3dcbSSimon L. B. Nielsen { 695f579bf8eSKris Kennaway STACK_OF(X509) *signers; 6963b4e3dcbSSimon L. B. Nielsen if (PKCS7_verify(p7, other, store, indata, out, flags)) 697c1803d78SJacques Vidrine BIO_printf(bio_err, "Verification successful\n"); 6983b4e3dcbSSimon L. B. Nielsen else 6993b4e3dcbSSimon L. B. Nielsen { 700c1803d78SJacques Vidrine BIO_printf(bio_err, "Verification failure\n"); 701f579bf8eSKris Kennaway goto end; 702f579bf8eSKris Kennaway } 703f579bf8eSKris Kennaway signers = PKCS7_get0_signers(p7, other, flags); 7043b4e3dcbSSimon L. B. Nielsen if (!save_certs(signerfile, signers)) 7053b4e3dcbSSimon L. B. Nielsen { 706f579bf8eSKris Kennaway BIO_printf(bio_err, "Error writing signers to %s\n", 707f579bf8eSKris Kennaway signerfile); 708f579bf8eSKris Kennaway ret = 5; 709f579bf8eSKris Kennaway goto end; 710f579bf8eSKris Kennaway } 711f579bf8eSKris Kennaway sk_X509_free(signers); 7123b4e3dcbSSimon L. B. Nielsen } 7133b4e3dcbSSimon L. B. Nielsen else if (operation == SMIME_PK7OUT) 714f579bf8eSKris Kennaway PEM_write_bio_PKCS7(out, p7); 7153b4e3dcbSSimon L. B. Nielsen else 7163b4e3dcbSSimon L. B. Nielsen { 7173b4e3dcbSSimon L. B. Nielsen if (to) 7183b4e3dcbSSimon L. B. Nielsen BIO_printf(out, "To: %s\n", to); 7193b4e3dcbSSimon L. B. Nielsen if (from) 7203b4e3dcbSSimon L. B. Nielsen BIO_printf(out, "From: %s\n", from); 7213b4e3dcbSSimon L. B. Nielsen if (subject) 7223b4e3dcbSSimon L. B. Nielsen BIO_printf(out, "Subject: %s\n", subject); 723ddd58736SKris Kennaway if (outformat == FORMAT_SMIME) 724f579bf8eSKris Kennaway SMIME_write_PKCS7(out, p7, in, flags); 725ddd58736SKris Kennaway else if (outformat == FORMAT_PEM) 726ddd58736SKris Kennaway PEM_write_bio_PKCS7(out,p7); 727ddd58736SKris Kennaway else if (outformat == FORMAT_ASN1) 728ddd58736SKris Kennaway i2d_PKCS7_bio(out,p7); 7293b4e3dcbSSimon L. B. Nielsen else 7303b4e3dcbSSimon L. B. Nielsen { 731ddd58736SKris Kennaway BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); 732ddd58736SKris Kennaway goto end; 733ddd58736SKris Kennaway } 734f579bf8eSKris Kennaway } 735f579bf8eSKris Kennaway ret = 0; 736f579bf8eSKris Kennaway end: 737f579bf8eSKris Kennaway if (need_rand) 738f579bf8eSKris Kennaway app_RAND_write_file(NULL, bio_err); 739f579bf8eSKris Kennaway if (ret) ERR_print_errors(bio_err); 740f579bf8eSKris Kennaway sk_X509_pop_free(encerts, X509_free); 741f579bf8eSKris Kennaway sk_X509_pop_free(other, X509_free); 7423b4e3dcbSSimon L. B. Nielsen if (vpm) 7433b4e3dcbSSimon L. B. Nielsen X509_VERIFY_PARAM_free(vpm); 744f579bf8eSKris Kennaway X509_STORE_free(store); 745f579bf8eSKris Kennaway X509_free(cert); 746f579bf8eSKris Kennaway X509_free(recip); 747f579bf8eSKris Kennaway X509_free(signer); 748f579bf8eSKris Kennaway EVP_PKEY_free(key); 749f579bf8eSKris Kennaway PKCS7_free(p7); 750f579bf8eSKris Kennaway BIO_free(in); 751f579bf8eSKris Kennaway BIO_free(indata); 752ddd58736SKris Kennaway BIO_free_all(out); 753ddd58736SKris Kennaway if (passin) OPENSSL_free(passin); 754f579bf8eSKris Kennaway return (ret); 755f579bf8eSKris Kennaway } 756f579bf8eSKris Kennaway 757f579bf8eSKris Kennaway static int save_certs(char *signerfile, STACK_OF(X509) *signers) 758f579bf8eSKris Kennaway { 759f579bf8eSKris Kennaway int i; 760f579bf8eSKris Kennaway BIO *tmp; 7613b4e3dcbSSimon L. B. Nielsen if (!signerfile) 7623b4e3dcbSSimon L. B. Nielsen return 1; 763f579bf8eSKris Kennaway tmp = BIO_new_file(signerfile, "w"); 764f579bf8eSKris Kennaway if (!tmp) return 0; 765f579bf8eSKris Kennaway for(i = 0; i < sk_X509_num(signers); i++) 766f579bf8eSKris Kennaway PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); 767f579bf8eSKris Kennaway BIO_free(tmp); 768f579bf8eSKris Kennaway return 1; 769f579bf8eSKris Kennaway } 770f579bf8eSKris Kennaway 7713b4e3dcbSSimon L. B. Nielsen 7723b4e3dcbSSimon L. B. Nielsen /* Minimal callback just to output policy info (if any) */ 7733b4e3dcbSSimon L. B. Nielsen 7743b4e3dcbSSimon L. B. Nielsen static int smime_cb(int ok, X509_STORE_CTX *ctx) 7753b4e3dcbSSimon L. B. Nielsen { 7763b4e3dcbSSimon L. B. Nielsen int error; 7773b4e3dcbSSimon L. B. Nielsen 7783b4e3dcbSSimon L. B. Nielsen error = X509_STORE_CTX_get_error(ctx); 7793b4e3dcbSSimon L. B. Nielsen 7803b4e3dcbSSimon L. B. Nielsen if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) 7813b4e3dcbSSimon L. B. Nielsen && ((error != X509_V_OK) || (ok != 2))) 7823b4e3dcbSSimon L. B. Nielsen return ok; 7833b4e3dcbSSimon L. B. Nielsen 7843b4e3dcbSSimon L. B. Nielsen policies_print(NULL, ctx); 7853b4e3dcbSSimon L. B. Nielsen 7863b4e3dcbSSimon L. B. Nielsen return ok; 7873b4e3dcbSSimon L. B. Nielsen 7883b4e3dcbSSimon L. B. Nielsen } 789