• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* apps/cms.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project.
4  */
5 /* ====================================================================
6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  */
53 
54 /* CMS utility function */
55 
56 #include <stdio.h>
57 #include <string.h>
58 #include "apps.h"
59 
60 #ifndef OPENSSL_NO_CMS
61 
62 #include <openssl/crypto.h>
63 #include <openssl/pem.h>
64 #include <openssl/err.h>
65 #include <openssl/x509_vfy.h>
66 #include <openssl/x509v3.h>
67 #include <openssl/cms.h>
68 
69 #undef PROG
70 #define PROG cms_main
71 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
72 static int cms_cb(int ok, X509_STORE_CTX *ctx);
73 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
74 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
75 						int rr_allorfirst,
76 					STACK_OF(OPENSSL_STRING) *rr_from);
77 
78 #define SMIME_OP	0x10
79 #define SMIME_IP	0x20
80 #define SMIME_SIGNERS	0x40
81 #define SMIME_ENCRYPT		(1 | SMIME_OP)
82 #define SMIME_DECRYPT		(2 | SMIME_IP)
83 #define SMIME_SIGN		(3 | SMIME_OP | SMIME_SIGNERS)
84 #define SMIME_VERIFY		(4 | SMIME_IP)
85 #define SMIME_CMSOUT		(5 | SMIME_IP | SMIME_OP)
86 #define SMIME_RESIGN		(6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
87 #define SMIME_DATAOUT		(7 | SMIME_IP)
88 #define SMIME_DATA_CREATE	(8 | SMIME_OP)
89 #define SMIME_DIGEST_VERIFY	(9 | SMIME_IP)
90 #define SMIME_DIGEST_CREATE	(10 | SMIME_OP)
91 #define SMIME_UNCOMPRESS	(11 | SMIME_IP)
92 #define SMIME_COMPRESS		(12 | SMIME_OP)
93 #define SMIME_ENCRYPTED_DECRYPT	(13 | SMIME_IP)
94 #define SMIME_ENCRYPTED_ENCRYPT	(14 | SMIME_OP)
95 #define SMIME_SIGN_RECEIPT	(15 | SMIME_IP | SMIME_OP)
96 #define SMIME_VERIFY_RECEIPT	(16 | SMIME_IP)
97 
98 int verify_err = 0;
99 
100 int MAIN(int, char **);
101 
MAIN(int argc,char ** argv)102 int MAIN(int argc, char **argv)
103 	{
104 	ENGINE *e = NULL;
105 	int operation = 0;
106 	int ret = 0;
107 	char **args;
108 	const char *inmode = "r", *outmode = "w";
109 	char *infile = NULL, *outfile = NULL, *rctfile = NULL;
110 	char *signerfile = NULL, *recipfile = NULL;
111 	STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
112 	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
113 	char *certsoutfile = NULL;
114 	const EVP_CIPHER *cipher = NULL;
115 	CMS_ContentInfo *cms = NULL, *rcms = NULL;
116 	X509_STORE *store = NULL;
117 	X509 *cert = NULL, *recip = NULL, *signer = NULL;
118 	EVP_PKEY *key = NULL;
119 	STACK_OF(X509) *encerts = NULL, *other = NULL;
120 	BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
121 	int badarg = 0;
122 	int flags = CMS_DETACHED, noout = 0, print = 0;
123 	int verify_retcode = 0;
124 	int rr_print = 0, rr_allorfirst = -1;
125 	STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
126 	CMS_ReceiptRequest *rr = NULL;
127 	char *to = NULL, *from = NULL, *subject = NULL;
128 	char *CAfile = NULL, *CApath = NULL;
129 	char *passargin = NULL, *passin = NULL;
130 	char *inrand = NULL;
131 	int need_rand = 0;
132 	const EVP_MD *sign_md = NULL;
133 	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
134         int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
135 #ifndef OPENSSL_NO_ENGINE
136 	char *engine=NULL;
137 #endif
138 	unsigned char *secret_key = NULL, *secret_keyid = NULL;
139 	unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
140 	size_t secret_keylen = 0, secret_keyidlen = 0;
141 
142 	ASN1_OBJECT *econtent_type = NULL;
143 
144 	X509_VERIFY_PARAM *vpm = NULL;
145 
146 	args = argv + 1;
147 	ret = 1;
148 
149 	apps_startup();
150 
151 	if (bio_err == NULL)
152 		{
153 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
154 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
155 		}
156 
157 	if (!load_config(bio_err, NULL))
158 		goto end;
159 
160 	while (!badarg && *args && *args[0] == '-')
161 		{
162 		if (!strcmp (*args, "-encrypt"))
163 			operation = SMIME_ENCRYPT;
164 		else if (!strcmp (*args, "-decrypt"))
165 			operation = SMIME_DECRYPT;
166 		else if (!strcmp (*args, "-sign"))
167 			operation = SMIME_SIGN;
168 		else if (!strcmp (*args, "-sign_receipt"))
169 			operation = SMIME_SIGN_RECEIPT;
170 		else if (!strcmp (*args, "-resign"))
171 			operation = SMIME_RESIGN;
172 		else if (!strcmp (*args, "-verify"))
173 			operation = SMIME_VERIFY;
174 		else if (!strcmp (*args, "-verify_retcode"))
175 			verify_retcode = 1;
176 		else if (!strcmp(*args,"-verify_receipt"))
177 			{
178 			operation = SMIME_VERIFY_RECEIPT;
179 			if (!args[1])
180 				goto argerr;
181 			args++;
182 			rctfile = *args;
183 			}
184 		else if (!strcmp (*args, "-cmsout"))
185 			operation = SMIME_CMSOUT;
186 		else if (!strcmp (*args, "-data_out"))
187 			operation = SMIME_DATAOUT;
188 		else if (!strcmp (*args, "-data_create"))
189 			operation = SMIME_DATA_CREATE;
190 		else if (!strcmp (*args, "-digest_verify"))
191 			operation = SMIME_DIGEST_VERIFY;
192 		else if (!strcmp (*args, "-digest_create"))
193 			operation = SMIME_DIGEST_CREATE;
194 		else if (!strcmp (*args, "-compress"))
195 			operation = SMIME_COMPRESS;
196 		else if (!strcmp (*args, "-uncompress"))
197 			operation = SMIME_UNCOMPRESS;
198 		else if (!strcmp (*args, "-EncryptedData_decrypt"))
199 			operation = SMIME_ENCRYPTED_DECRYPT;
200 		else if (!strcmp (*args, "-EncryptedData_encrypt"))
201 			operation = SMIME_ENCRYPTED_ENCRYPT;
202 #ifndef OPENSSL_NO_DES
203 		else if (!strcmp (*args, "-des3"))
204 				cipher = EVP_des_ede3_cbc();
205 		else if (!strcmp (*args, "-des"))
206 				cipher = EVP_des_cbc();
207 #endif
208 #ifndef OPENSSL_NO_SEED
209 		else if (!strcmp (*args, "-seed"))
210 				cipher = EVP_seed_cbc();
211 #endif
212 #ifndef OPENSSL_NO_RC2
213 		else if (!strcmp (*args, "-rc2-40"))
214 				cipher = EVP_rc2_40_cbc();
215 		else if (!strcmp (*args, "-rc2-128"))
216 				cipher = EVP_rc2_cbc();
217 		else if (!strcmp (*args, "-rc2-64"))
218 				cipher = EVP_rc2_64_cbc();
219 #endif
220 #ifndef OPENSSL_NO_AES
221 		else if (!strcmp(*args,"-aes128"))
222 				cipher = EVP_aes_128_cbc();
223 		else if (!strcmp(*args,"-aes192"))
224 				cipher = EVP_aes_192_cbc();
225 		else if (!strcmp(*args,"-aes256"))
226 				cipher = EVP_aes_256_cbc();
227 #endif
228 #ifndef OPENSSL_NO_CAMELLIA
229 		else if (!strcmp(*args,"-camellia128"))
230 				cipher = EVP_camellia_128_cbc();
231 		else if (!strcmp(*args,"-camellia192"))
232 				cipher = EVP_camellia_192_cbc();
233 		else if (!strcmp(*args,"-camellia256"))
234 				cipher = EVP_camellia_256_cbc();
235 #endif
236 		else if (!strcmp (*args, "-debug_decrypt"))
237 				flags |= CMS_DEBUG_DECRYPT;
238 		else if (!strcmp (*args, "-text"))
239 				flags |= CMS_TEXT;
240 		else if (!strcmp (*args, "-nointern"))
241 				flags |= CMS_NOINTERN;
242 		else if (!strcmp (*args, "-noverify")
243 			|| !strcmp (*args, "-no_signer_cert_verify"))
244 				flags |= CMS_NO_SIGNER_CERT_VERIFY;
245 		else if (!strcmp (*args, "-nocerts"))
246 				flags |= CMS_NOCERTS;
247 		else if (!strcmp (*args, "-noattr"))
248 				flags |= CMS_NOATTR;
249 		else if (!strcmp (*args, "-nodetach"))
250 				flags &= ~CMS_DETACHED;
251 		else if (!strcmp (*args, "-nosmimecap"))
252 				flags |= CMS_NOSMIMECAP;
253 		else if (!strcmp (*args, "-binary"))
254 				flags |= CMS_BINARY;
255 		else if (!strcmp (*args, "-keyid"))
256 				flags |= CMS_USE_KEYID;
257 		else if (!strcmp (*args, "-nosigs"))
258 				flags |= CMS_NOSIGS;
259 		else if (!strcmp (*args, "-no_content_verify"))
260 				flags |= CMS_NO_CONTENT_VERIFY;
261 		else if (!strcmp (*args, "-no_attr_verify"))
262 				flags |= CMS_NO_ATTR_VERIFY;
263 		else if (!strcmp (*args, "-stream"))
264 				flags |= CMS_STREAM;
265 		else if (!strcmp (*args, "-indef"))
266 				flags |= CMS_STREAM;
267 		else if (!strcmp (*args, "-noindef"))
268 				flags &= ~CMS_STREAM;
269 		else if (!strcmp (*args, "-nooldmime"))
270 				flags |= CMS_NOOLDMIMETYPE;
271 		else if (!strcmp (*args, "-crlfeol"))
272 				flags |= CMS_CRLFEOL;
273 		else if (!strcmp (*args, "-noout"))
274 				noout = 1;
275 		else if (!strcmp (*args, "-receipt_request_print"))
276 				rr_print = 1;
277 		else if (!strcmp (*args, "-receipt_request_all"))
278 				rr_allorfirst = 0;
279 		else if (!strcmp (*args, "-receipt_request_first"))
280 				rr_allorfirst = 1;
281 		else if (!strcmp(*args,"-receipt_request_from"))
282 			{
283 			if (!args[1])
284 				goto argerr;
285 			args++;
286 			if (!rr_from)
287 				rr_from = sk_OPENSSL_STRING_new_null();
288 			sk_OPENSSL_STRING_push(rr_from, *args);
289 			}
290 		else if (!strcmp(*args,"-receipt_request_to"))
291 			{
292 			if (!args[1])
293 				goto argerr;
294 			args++;
295 			if (!rr_to)
296 				rr_to = sk_OPENSSL_STRING_new_null();
297 			sk_OPENSSL_STRING_push(rr_to, *args);
298 			}
299 		else if (!strcmp (*args, "-print"))
300 				{
301 				noout = 1;
302 				print = 1;
303 				}
304 		else if (!strcmp(*args,"-secretkey"))
305 			{
306 			long ltmp;
307 			if (!args[1])
308 				goto argerr;
309 			args++;
310 			secret_key = string_to_hex(*args, &ltmp);
311 			if (!secret_key)
312 				{
313 				BIO_printf(bio_err, "Invalid key %s\n", *args);
314 				goto argerr;
315 				}
316 			secret_keylen = (size_t)ltmp;
317 			}
318 		else if (!strcmp(*args,"-secretkeyid"))
319 			{
320 			long ltmp;
321 			if (!args[1])
322 				goto argerr;
323 			args++;
324 			secret_keyid = string_to_hex(*args, &ltmp);
325 			if (!secret_keyid)
326 				{
327 				BIO_printf(bio_err, "Invalid id %s\n", *args);
328 				goto argerr;
329 				}
330 			secret_keyidlen = (size_t)ltmp;
331 			}
332 		else if (!strcmp(*args,"-pwri_password"))
333 			{
334 			if (!args[1])
335 				goto argerr;
336 			args++;
337 			pwri_pass = (unsigned char *)*args;
338 			}
339 		else if (!strcmp(*args,"-econtent_type"))
340 			{
341 			if (!args[1])
342 				goto argerr;
343 			args++;
344 			econtent_type = OBJ_txt2obj(*args, 0);
345 			if (!econtent_type)
346 				{
347 				BIO_printf(bio_err, "Invalid OID %s\n", *args);
348 				goto argerr;
349 				}
350 			}
351 		else if (!strcmp(*args,"-rand"))
352 			{
353 			if (!args[1])
354 				goto argerr;
355 			args++;
356 			inrand = *args;
357 			need_rand = 1;
358 			}
359 #ifndef OPENSSL_NO_ENGINE
360 		else if (!strcmp(*args,"-engine"))
361 			{
362 			if (!args[1])
363 				goto argerr;
364 			engine = *++args;
365 			}
366 #endif
367 		else if (!strcmp(*args,"-passin"))
368 			{
369 			if (!args[1])
370 				goto argerr;
371 			passargin = *++args;
372 			}
373 		else if (!strcmp (*args, "-to"))
374 			{
375 			if (!args[1])
376 				goto argerr;
377 			to = *++args;
378 			}
379 		else if (!strcmp (*args, "-from"))
380 			{
381 			if (!args[1])
382 				goto argerr;
383 			from = *++args;
384 			}
385 		else if (!strcmp (*args, "-subject"))
386 			{
387 			if (!args[1])
388 				goto argerr;
389 			subject = *++args;
390 			}
391 		else if (!strcmp (*args, "-signer"))
392 			{
393 			if (!args[1])
394 				goto argerr;
395 			/* If previous -signer argument add signer to list */
396 
397 			if (signerfile)
398 				{
399 				if (!sksigners)
400 					sksigners = sk_OPENSSL_STRING_new_null();
401 				sk_OPENSSL_STRING_push(sksigners, signerfile);
402 				if (!keyfile)
403 					keyfile = signerfile;
404 				if (!skkeys)
405 					skkeys = sk_OPENSSL_STRING_new_null();
406 				sk_OPENSSL_STRING_push(skkeys, keyfile);
407 				keyfile = NULL;
408 				}
409 			signerfile = *++args;
410 			}
411 		else if (!strcmp (*args, "-recip"))
412 			{
413 			if (!args[1])
414 				goto argerr;
415 			recipfile = *++args;
416 			}
417 		else if (!strcmp (*args, "-certsout"))
418 			{
419 			if (!args[1])
420 				goto argerr;
421 			certsoutfile = *++args;
422 			}
423 		else if (!strcmp (*args, "-md"))
424 			{
425 			if (!args[1])
426 				goto argerr;
427 			sign_md = EVP_get_digestbyname(*++args);
428 			if (sign_md == NULL)
429 				{
430 				BIO_printf(bio_err, "Unknown digest %s\n",
431 							*args);
432 				goto argerr;
433 				}
434 			}
435 		else if (!strcmp (*args, "-inkey"))
436 			{
437 			if (!args[1])
438 				goto argerr;
439 			/* If previous -inkey arument add signer to list */
440 			if (keyfile)
441 				{
442 				if (!signerfile)
443 					{
444 					BIO_puts(bio_err, "Illegal -inkey without -signer\n");
445 					goto argerr;
446 					}
447 				if (!sksigners)
448 					sksigners = sk_OPENSSL_STRING_new_null();
449 				sk_OPENSSL_STRING_push(sksigners, signerfile);
450 				signerfile = NULL;
451 				if (!skkeys)
452 					skkeys = sk_OPENSSL_STRING_new_null();
453 				sk_OPENSSL_STRING_push(skkeys, keyfile);
454 				}
455 			keyfile = *++args;
456 			}
457 		else if (!strcmp (*args, "-keyform"))
458 			{
459 			if (!args[1])
460 				goto argerr;
461 			keyform = str2fmt(*++args);
462 			}
463 		else if (!strcmp (*args, "-rctform"))
464 			{
465 			if (!args[1])
466 				goto argerr;
467 			rctformat = str2fmt(*++args);
468 			}
469 		else if (!strcmp (*args, "-certfile"))
470 			{
471 			if (!args[1])
472 				goto argerr;
473 			certfile = *++args;
474 			}
475 		else if (!strcmp (*args, "-CAfile"))
476 			{
477 			if (!args[1])
478 				goto argerr;
479 			CAfile = *++args;
480 			}
481 		else if (!strcmp (*args, "-CApath"))
482 			{
483 			if (!args[1])
484 				goto argerr;
485 			CApath = *++args;
486 			}
487 		else if (!strcmp (*args, "-in"))
488 			{
489 			if (!args[1])
490 				goto argerr;
491 			infile = *++args;
492 			}
493 		else if (!strcmp (*args, "-inform"))
494 			{
495 			if (!args[1])
496 				goto argerr;
497 			informat = str2fmt(*++args);
498 			}
499 		else if (!strcmp (*args, "-outform"))
500 			{
501 			if (!args[1])
502 				goto argerr;
503 			outformat = str2fmt(*++args);
504 			}
505 		else if (!strcmp (*args, "-out"))
506 			{
507 			if (!args[1])
508 				goto argerr;
509 			outfile = *++args;
510 			}
511 		else if (!strcmp (*args, "-content"))
512 			{
513 			if (!args[1])
514 				goto argerr;
515 			contfile = *++args;
516 			}
517 		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
518 			continue;
519 		else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
520 			badarg = 1;
521 		args++;
522 		}
523 
524 	if (((rr_allorfirst != -1) || rr_from) && !rr_to)
525 		{
526 		BIO_puts(bio_err, "No Signed Receipts Recipients\n");
527 		goto argerr;
528 		}
529 
530 	if (!(operation & SMIME_SIGNERS)  && (rr_to || rr_from))
531 		{
532 		BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
533 		goto argerr;
534 		}
535 	if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
536 		{
537 		BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
538 		goto argerr;
539 		}
540 
541 	if (operation & SMIME_SIGNERS)
542 		{
543 		if (keyfile && !signerfile)
544 			{
545 			BIO_puts(bio_err, "Illegal -inkey without -signer\n");
546 			goto argerr;
547 			}
548 		/* Check to see if any final signer needs to be appended */
549 		if (signerfile)
550 			{
551 			if (!sksigners)
552 				sksigners = sk_OPENSSL_STRING_new_null();
553 			sk_OPENSSL_STRING_push(sksigners, signerfile);
554 			if (!skkeys)
555 				skkeys = sk_OPENSSL_STRING_new_null();
556 			if (!keyfile)
557 				keyfile = signerfile;
558 			sk_OPENSSL_STRING_push(skkeys, keyfile);
559 			}
560 		if (!sksigners)
561 			{
562 			BIO_printf(bio_err, "No signer certificate specified\n");
563 			badarg = 1;
564 			}
565 		signerfile = NULL;
566 		keyfile = NULL;
567 		need_rand = 1;
568 		}
569 
570 	else if (operation == SMIME_DECRYPT)
571 		{
572 		if (!recipfile && !keyfile && !secret_key && !pwri_pass)
573 			{
574 			BIO_printf(bio_err, "No recipient certificate or key specified\n");
575 			badarg = 1;
576 			}
577 		}
578 	else if (operation == SMIME_ENCRYPT)
579 		{
580 		if (!*args && !secret_key && !pwri_pass)
581 			{
582 			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
583 			badarg = 1;
584 			}
585 		need_rand = 1;
586 		}
587 	else if (!operation)
588 		badarg = 1;
589 
590 	if (badarg)
591 		{
592 		argerr:
593 		BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
594 		BIO_printf (bio_err, "where options are\n");
595 		BIO_printf (bio_err, "-encrypt       encrypt message\n");
596 		BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
597 		BIO_printf (bio_err, "-sign          sign message\n");
598 		BIO_printf (bio_err, "-verify        verify signed message\n");
599 		BIO_printf (bio_err, "-cmsout        output CMS structure\n");
600 #ifndef OPENSSL_NO_DES
601 		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
602 		BIO_printf (bio_err, "-des           encrypt with DES\n");
603 #endif
604 #ifndef OPENSSL_NO_SEED
605 		BIO_printf (bio_err, "-seed          encrypt with SEED\n");
606 #endif
607 #ifndef OPENSSL_NO_RC2
608 		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
609 		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
610 		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
611 #endif
612 #ifndef OPENSSL_NO_AES
613 		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
614 		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
615 #endif
616 #ifndef OPENSSL_NO_CAMELLIA
617 		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
618 		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
619 #endif
620 		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
621 		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
622 		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
623 		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
624 		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
625 		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
626 		BIO_printf (bio_err, "-binary        don't translate message to text\n");
627 		BIO_printf (bio_err, "-certfile file other certificates file\n");
628 		BIO_printf (bio_err, "-certsout file certificate output file\n");
629 		BIO_printf (bio_err, "-signer file   signer certificate file\n");
630 		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
631 		BIO_printf (bio_err, "-keyid         use subject key identifier\n");
632 		BIO_printf (bio_err, "-in file       input file\n");
633 		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
634 		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
635 		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
636 		BIO_printf (bio_err, "-out file      output file\n");
637 		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
638 		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
639 		BIO_printf (bio_err, "-to addr       to address\n");
640 		BIO_printf (bio_err, "-from ad       from address\n");
641 		BIO_printf (bio_err, "-subject s     subject\n");
642 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
643 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
644 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
645 		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
646 		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
647 #ifndef OPENSSL_NO_ENGINE
648 		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
649 #endif
650 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
651 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
652 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
653 		BIO_printf(bio_err,  "               the random number generator\n");
654 		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
655 		goto end;
656 		}
657 
658 #ifndef OPENSSL_NO_ENGINE
659         e = setup_engine(bio_err, engine, 0);
660 #endif
661 
662 	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
663 		{
664 		BIO_printf(bio_err, "Error getting password\n");
665 		goto end;
666 		}
667 
668 	if (need_rand)
669 		{
670 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
671 		if (inrand != NULL)
672 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
673 				app_RAND_load_files(inrand));
674 		}
675 
676 	ret = 2;
677 
678 	if (!(operation & SMIME_SIGNERS))
679 		flags &= ~CMS_DETACHED;
680 
681 	if (operation & SMIME_OP)
682 		{
683 		if (outformat == FORMAT_ASN1)
684 			outmode = "wb";
685 		}
686 	else
687 		{
688 		if (flags & CMS_BINARY)
689 			outmode = "wb";
690 		}
691 
692 	if (operation & SMIME_IP)
693 		{
694 		if (informat == FORMAT_ASN1)
695 			inmode = "rb";
696 		}
697 	else
698 		{
699 		if (flags & CMS_BINARY)
700 			inmode = "rb";
701 		}
702 
703 	if (operation == SMIME_ENCRYPT)
704 		{
705 		if (!cipher)
706 			{
707 #ifndef OPENSSL_NO_DES
708 			cipher = EVP_des_ede3_cbc();
709 #else
710 			BIO_printf(bio_err, "No cipher selected\n");
711 			goto end;
712 #endif
713 			}
714 
715 		if (secret_key && !secret_keyid)
716 			{
717 			BIO_printf(bio_err, "No secret key id\n");
718 			goto end;
719 			}
720 
721 		if (*args)
722 			encerts = sk_X509_new_null();
723 		while (*args)
724 			{
725 			if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
726 				NULL, e, "recipient certificate file")))
727 				goto end;
728 			sk_X509_push(encerts, cert);
729 			cert = NULL;
730 			args++;
731 			}
732 		}
733 
734 	if (certfile)
735 		{
736 		if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
737 			e, "certificate file")))
738 			{
739 			ERR_print_errors(bio_err);
740 			goto end;
741 			}
742 		}
743 
744 	if (recipfile && (operation == SMIME_DECRYPT))
745 		{
746 		if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
747 			e, "recipient certificate file")))
748 			{
749 			ERR_print_errors(bio_err);
750 			goto end;
751 			}
752 		}
753 
754 	if (operation == SMIME_SIGN_RECEIPT)
755 		{
756 		if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
757 			e, "receipt signer certificate file")))
758 			{
759 			ERR_print_errors(bio_err);
760 			goto end;
761 			}
762 		}
763 
764 	if (operation == SMIME_DECRYPT)
765 		{
766 		if (!keyfile)
767 			keyfile = recipfile;
768 		}
769 	else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
770 		{
771 		if (!keyfile)
772 			keyfile = signerfile;
773 		}
774 	else keyfile = NULL;
775 
776 	if (keyfile)
777 		{
778 		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
779 			       "signing key file");
780 		if (!key)
781 			goto end;
782 		}
783 
784 	if (infile)
785 		{
786 		if (!(in = BIO_new_file(infile, inmode)))
787 			{
788 			BIO_printf (bio_err,
789 				 "Can't open input file %s\n", infile);
790 			goto end;
791 			}
792 		}
793 	else
794 		in = BIO_new_fp(stdin, BIO_NOCLOSE);
795 
796 	if (operation & SMIME_IP)
797 		{
798 		if (informat == FORMAT_SMIME)
799 			cms = SMIME_read_CMS(in, &indata);
800 		else if (informat == FORMAT_PEM)
801 			cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
802 		else if (informat == FORMAT_ASN1)
803 			cms = d2i_CMS_bio(in, NULL);
804 		else
805 			{
806 			BIO_printf(bio_err, "Bad input format for CMS file\n");
807 			goto end;
808 			}
809 
810 		if (!cms)
811 			{
812 			BIO_printf(bio_err, "Error reading S/MIME message\n");
813 			goto end;
814 			}
815 		if (contfile)
816 			{
817 			BIO_free(indata);
818 			if (!(indata = BIO_new_file(contfile, "rb")))
819 				{
820 				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
821 				goto end;
822 				}
823 			}
824 		if (certsoutfile)
825 			{
826 			STACK_OF(X509) *allcerts;
827 			allcerts = CMS_get1_certs(cms);
828 			if (!save_certs(certsoutfile, allcerts))
829 				{
830 				BIO_printf(bio_err,
831 						"Error writing certs to %s\n",
832 								certsoutfile);
833 				ret = 5;
834 				goto end;
835 				}
836 			sk_X509_pop_free(allcerts, X509_free);
837 			}
838 		}
839 
840 	if (rctfile)
841 		{
842 		char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
843 		if (!(rctin = BIO_new_file(rctfile, rctmode)))
844 			{
845 			BIO_printf (bio_err,
846 				 "Can't open receipt file %s\n", rctfile);
847 			goto end;
848 			}
849 
850 		if (rctformat == FORMAT_SMIME)
851 			rcms = SMIME_read_CMS(rctin, NULL);
852 		else if (rctformat == FORMAT_PEM)
853 			rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
854 		else if (rctformat == FORMAT_ASN1)
855 			rcms = d2i_CMS_bio(rctin, NULL);
856 		else
857 			{
858 			BIO_printf(bio_err, "Bad input format for receipt\n");
859 			goto end;
860 			}
861 
862 		if (!rcms)
863 			{
864 			BIO_printf(bio_err, "Error reading receipt\n");
865 			goto end;
866 			}
867 		}
868 
869 	if (outfile)
870 		{
871 		if (!(out = BIO_new_file(outfile, outmode)))
872 			{
873 			BIO_printf (bio_err,
874 				 "Can't open output file %s\n", outfile);
875 			goto end;
876 			}
877 		}
878 	else
879 		{
880 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
881 #ifdef OPENSSL_SYS_VMS
882 		{
883 		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
884 		    out = BIO_push(tmpbio, out);
885 		}
886 #endif
887 		}
888 
889 	if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
890 		{
891 		if (!(store = setup_verify(bio_err, CAfile, CApath)))
892 			goto end;
893 		X509_STORE_set_verify_cb(store, cms_cb);
894 		if (vpm)
895 			X509_STORE_set1_param(store, vpm);
896 		}
897 
898 
899 	ret = 3;
900 
901 	if (operation == SMIME_DATA_CREATE)
902 		{
903 		cms = CMS_data_create(in, flags);
904 		}
905 	else if (operation == SMIME_DIGEST_CREATE)
906 		{
907 		cms = CMS_digest_create(in, sign_md, flags);
908 		}
909 	else if (operation == SMIME_COMPRESS)
910 		{
911 		cms = CMS_compress(in, -1, flags);
912 		}
913 	else if (operation == SMIME_ENCRYPT)
914 		{
915 		flags |= CMS_PARTIAL;
916 		cms = CMS_encrypt(encerts, in, cipher, flags);
917 		if (!cms)
918 			goto end;
919 		if (secret_key)
920 			{
921 			if (!CMS_add0_recipient_key(cms, NID_undef,
922 						secret_key, secret_keylen,
923 						secret_keyid, secret_keyidlen,
924 						NULL, NULL, NULL))
925 				goto end;
926 			/* NULL these because call absorbs them */
927 			secret_key = NULL;
928 			secret_keyid = NULL;
929 			}
930 		if (pwri_pass)
931 			{
932 			pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
933 			if (!pwri_tmp)
934 				goto end;
935 			if (!CMS_add0_recipient_password(cms,
936 						-1, NID_undef, NID_undef,
937 						 pwri_tmp, -1, NULL))
938 				goto end;
939 			pwri_tmp = NULL;
940 			}
941 		if (!(flags & CMS_STREAM))
942 			{
943 			if (!CMS_final(cms, in, NULL, flags))
944 				goto end;
945 			}
946 		}
947 	else if (operation == SMIME_ENCRYPTED_ENCRYPT)
948 		{
949 		cms = CMS_EncryptedData_encrypt(in, cipher,
950 						secret_key, secret_keylen,
951 						flags);
952 
953 		}
954 	else if (operation == SMIME_SIGN_RECEIPT)
955 		{
956 		CMS_ContentInfo *srcms = NULL;
957 		STACK_OF(CMS_SignerInfo) *sis;
958 		CMS_SignerInfo *si;
959 		sis = CMS_get0_SignerInfos(cms);
960 		if (!sis)
961 			goto end;
962 		si = sk_CMS_SignerInfo_value(sis, 0);
963 		srcms = CMS_sign_receipt(si, signer, key, other, flags);
964 		if (!srcms)
965 			goto end;
966 		CMS_ContentInfo_free(cms);
967 		cms = srcms;
968 		}
969 	else if (operation & SMIME_SIGNERS)
970 		{
971 		int i;
972 		/* If detached data content we enable streaming if
973 		 * S/MIME output format.
974 		 */
975 		if (operation == SMIME_SIGN)
976 			{
977 
978 			if (flags & CMS_DETACHED)
979 				{
980 				if (outformat == FORMAT_SMIME)
981 					flags |= CMS_STREAM;
982 				}
983 			flags |= CMS_PARTIAL;
984 			cms = CMS_sign(NULL, NULL, other, in, flags);
985 			if (!cms)
986 				goto end;
987 			if (econtent_type)
988 				CMS_set1_eContentType(cms, econtent_type);
989 
990 			if (rr_to)
991 				{
992 				rr = make_receipt_request(rr_to, rr_allorfirst,
993 								rr_from);
994 				if (!rr)
995 					{
996 					BIO_puts(bio_err,
997 				"Signed Receipt Request Creation Error\n");
998 					goto end;
999 					}
1000 				}
1001 			}
1002 		else
1003 			flags |= CMS_REUSE_DIGEST;
1004 		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
1005 			{
1006 			CMS_SignerInfo *si;
1007 			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
1008 			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
1009 			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
1010 					e, "signer certificate");
1011 			if (!signer)
1012 				goto end;
1013 			key = load_key(bio_err, keyfile, keyform, 0, passin, e,
1014 			       "signing key file");
1015 			if (!key)
1016 				goto end;
1017 			si = CMS_add1_signer(cms, signer, key, sign_md, flags);
1018 			if (!si)
1019 				goto end;
1020 			if (rr && !CMS_add1_ReceiptRequest(si, rr))
1021 				goto end;
1022 			X509_free(signer);
1023 			signer = NULL;
1024 			EVP_PKEY_free(key);
1025 			key = NULL;
1026 			}
1027 		/* If not streaming or resigning finalize structure */
1028 		if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
1029 			{
1030 			if (!CMS_final(cms, in, NULL, flags))
1031 				goto end;
1032 			}
1033 		}
1034 
1035 	if (!cms)
1036 		{
1037 		BIO_printf(bio_err, "Error creating CMS structure\n");
1038 		goto end;
1039 		}
1040 
1041 	ret = 4;
1042 	if (operation == SMIME_DECRYPT)
1043 		{
1044 		if (flags & CMS_DEBUG_DECRYPT)
1045 			CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
1046 
1047 		if (secret_key)
1048 			{
1049 			if (!CMS_decrypt_set1_key(cms,
1050 						secret_key, secret_keylen,
1051 						secret_keyid, secret_keyidlen))
1052 				{
1053 				BIO_puts(bio_err,
1054 					"Error decrypting CMS using secret key\n");
1055 				goto end;
1056 				}
1057 			}
1058 
1059 		if (key)
1060 			{
1061 			if (!CMS_decrypt_set1_pkey(cms, key, recip))
1062 				{
1063 				BIO_puts(bio_err,
1064 					"Error decrypting CMS using private key\n");
1065 				goto end;
1066 				}
1067 			}
1068 
1069 		if (pwri_pass)
1070 			{
1071 			if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))
1072 				{
1073 				BIO_puts(bio_err,
1074 					"Error decrypting CMS using password\n");
1075 				goto end;
1076 				}
1077 			}
1078 
1079 		if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
1080 			{
1081 			BIO_printf(bio_err, "Error decrypting CMS structure\n");
1082 			goto end;
1083 			}
1084 		}
1085 	else if (operation == SMIME_DATAOUT)
1086 		{
1087 		if (!CMS_data(cms, out, flags))
1088 			goto end;
1089 		}
1090 	else if (operation == SMIME_UNCOMPRESS)
1091 		{
1092 		if (!CMS_uncompress(cms, indata, out, flags))
1093 			goto end;
1094 		}
1095 	else if (operation == SMIME_DIGEST_VERIFY)
1096 		{
1097 		if (CMS_digest_verify(cms, indata, out, flags) > 0)
1098 			BIO_printf(bio_err, "Verification successful\n");
1099 		else
1100 			{
1101 			BIO_printf(bio_err, "Verification failure\n");
1102 			goto end;
1103 			}
1104 		}
1105 	else if (operation == SMIME_ENCRYPTED_DECRYPT)
1106 		{
1107 		if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
1108 						indata, out, flags))
1109 			goto end;
1110 		}
1111 	else if (operation == SMIME_VERIFY)
1112 		{
1113 		if (CMS_verify(cms, other, store, indata, out, flags) > 0)
1114 			BIO_printf(bio_err, "Verification successful\n");
1115 		else
1116 			{
1117 			BIO_printf(bio_err, "Verification failure\n");
1118 			if (verify_retcode)
1119 				ret = verify_err + 32;
1120 			goto end;
1121 			}
1122 		if (signerfile)
1123 			{
1124 			STACK_OF(X509) *signers;
1125 			signers = CMS_get0_signers(cms);
1126 			if (!save_certs(signerfile, signers))
1127 				{
1128 				BIO_printf(bio_err,
1129 						"Error writing signers to %s\n",
1130 								signerfile);
1131 				ret = 5;
1132 				goto end;
1133 				}
1134 			sk_X509_free(signers);
1135 			}
1136 		if (rr_print)
1137 			receipt_request_print(bio_err, cms);
1138 
1139 		}
1140 	else if (operation == SMIME_VERIFY_RECEIPT)
1141 		{
1142 		if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
1143 			BIO_printf(bio_err, "Verification successful\n");
1144 		else
1145 			{
1146 			BIO_printf(bio_err, "Verification failure\n");
1147 			goto end;
1148 			}
1149 		}
1150 	else
1151 		{
1152 		if (noout)
1153 			{
1154 			if (print)
1155 				CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
1156 			}
1157 		else if (outformat == FORMAT_SMIME)
1158 			{
1159 			if (to)
1160 				BIO_printf(out, "To: %s\n", to);
1161 			if (from)
1162 				BIO_printf(out, "From: %s\n", from);
1163 			if (subject)
1164 				BIO_printf(out, "Subject: %s\n", subject);
1165 			if (operation == SMIME_RESIGN)
1166 				ret = SMIME_write_CMS(out, cms, indata, flags);
1167 			else
1168 				ret = SMIME_write_CMS(out, cms, in, flags);
1169 			}
1170 		else if (outformat == FORMAT_PEM)
1171 			ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
1172 		else if (outformat == FORMAT_ASN1)
1173 			ret = i2d_CMS_bio_stream(out,cms, in, flags);
1174 		else
1175 			{
1176 			BIO_printf(bio_err, "Bad output format for CMS file\n");
1177 			goto end;
1178 			}
1179 		if (ret <= 0)
1180 			{
1181 			ret = 6;
1182 			goto end;
1183 			}
1184 		}
1185 	ret = 0;
1186 end:
1187 	if (ret)
1188 		ERR_print_errors(bio_err);
1189 	if (need_rand)
1190 		app_RAND_write_file(NULL, bio_err);
1191 	sk_X509_pop_free(encerts, X509_free);
1192 	sk_X509_pop_free(other, X509_free);
1193 	if (vpm)
1194 		X509_VERIFY_PARAM_free(vpm);
1195 	if (sksigners)
1196 		sk_OPENSSL_STRING_free(sksigners);
1197 	if (skkeys)
1198 		sk_OPENSSL_STRING_free(skkeys);
1199 	if (secret_key)
1200 		OPENSSL_free(secret_key);
1201 	if (secret_keyid)
1202 		OPENSSL_free(secret_keyid);
1203 	if (pwri_tmp)
1204 		OPENSSL_free(pwri_tmp);
1205 	if (econtent_type)
1206 		ASN1_OBJECT_free(econtent_type);
1207 	if (rr)
1208 		CMS_ReceiptRequest_free(rr);
1209 	if (rr_to)
1210 		sk_OPENSSL_STRING_free(rr_to);
1211 	if (rr_from)
1212 		sk_OPENSSL_STRING_free(rr_from);
1213 	X509_STORE_free(store);
1214 	X509_free(cert);
1215 	X509_free(recip);
1216 	X509_free(signer);
1217 	EVP_PKEY_free(key);
1218 	CMS_ContentInfo_free(cms);
1219 	CMS_ContentInfo_free(rcms);
1220 	BIO_free(rctin);
1221 	BIO_free(in);
1222 	BIO_free(indata);
1223 	BIO_free_all(out);
1224 	if (passin) OPENSSL_free(passin);
1225 	return (ret);
1226 }
1227 
save_certs(char * signerfile,STACK_OF (X509)* signers)1228 static int save_certs(char *signerfile, STACK_OF(X509) *signers)
1229 	{
1230 	int i;
1231 	BIO *tmp;
1232 	if (!signerfile)
1233 		return 1;
1234 	tmp = BIO_new_file(signerfile, "w");
1235 	if (!tmp) return 0;
1236 	for(i = 0; i < sk_X509_num(signers); i++)
1237 		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
1238 	BIO_free(tmp);
1239 	return 1;
1240 	}
1241 
1242 
1243 /* Minimal callback just to output policy info (if any) */
1244 
cms_cb(int ok,X509_STORE_CTX * ctx)1245 static int cms_cb(int ok, X509_STORE_CTX *ctx)
1246 	{
1247 	int error;
1248 
1249 	error = X509_STORE_CTX_get_error(ctx);
1250 
1251 	verify_err = error;
1252 
1253 	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
1254 		&& ((error != X509_V_OK) || (ok != 2)))
1255 		return ok;
1256 
1257 	policies_print(NULL, ctx);
1258 
1259 	return ok;
1260 
1261 	}
1262 
gnames_stack_print(BIO * out,STACK_OF (GENERAL_NAMES)* gns)1263 static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
1264 	{
1265 	STACK_OF(GENERAL_NAME) *gens;
1266 	GENERAL_NAME *gen;
1267 	int i, j;
1268 	for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
1269 		{
1270 		gens = sk_GENERAL_NAMES_value(gns, i);
1271 		for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
1272 			{
1273 			gen = sk_GENERAL_NAME_value(gens, j);
1274 			BIO_puts(out, "    ");
1275 			GENERAL_NAME_print(out, gen);
1276 			BIO_puts(out, "\n");
1277 			}
1278 		}
1279 	return;
1280 	}
1281 
receipt_request_print(BIO * out,CMS_ContentInfo * cms)1282 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1283 	{
1284 	STACK_OF(CMS_SignerInfo) *sis;
1285 	CMS_SignerInfo *si;
1286 	CMS_ReceiptRequest *rr;
1287 	int allorfirst;
1288 	STACK_OF(GENERAL_NAMES) *rto, *rlist;
1289 	ASN1_STRING *scid;
1290 	int i, rv;
1291 	sis = CMS_get0_SignerInfos(cms);
1292 	for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
1293 		{
1294 		si = sk_CMS_SignerInfo_value(sis, i);
1295 		rv = CMS_get1_ReceiptRequest(si, &rr);
1296 		BIO_printf(bio_err, "Signer %d:\n", i + 1);
1297 		if (rv == 0)
1298 			BIO_puts(bio_err, "  No Receipt Request\n");
1299 		else if (rv < 0)
1300 			{
1301 			BIO_puts(bio_err, "  Receipt Request Parse Error\n");
1302 			ERR_print_errors(bio_err);
1303 			}
1304 		else
1305 			{
1306 			char *id;
1307 			int idlen;
1308 			CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1309 							&rlist, &rto);
1310 			BIO_puts(out, "  Signed Content ID:\n");
1311 			idlen = ASN1_STRING_length(scid);
1312 			id = (char *)ASN1_STRING_data(scid);
1313 			BIO_dump_indent(out, id, idlen, 4);
1314 			BIO_puts(out, "  Receipts From");
1315 			if (rlist)
1316 				{
1317 				BIO_puts(out, " List:\n");
1318 				gnames_stack_print(out, rlist);
1319 				}
1320 			else if (allorfirst == 1)
1321 				BIO_puts(out, ": First Tier\n");
1322 			else if (allorfirst == 0)
1323 				BIO_puts(out, ": All\n");
1324 			else
1325 				BIO_printf(out, " Unknown (%d)\n", allorfirst);
1326 			BIO_puts(out, "  Receipts To:\n");
1327 			gnames_stack_print(out, rto);
1328 			}
1329 		if (rr)
1330 			CMS_ReceiptRequest_free(rr);
1331 		}
1332 	}
1333 
STACK_OF(GENERAL_NAMES)1334 static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
1335 	{
1336 	int i;
1337 	STACK_OF(GENERAL_NAMES) *ret;
1338 	GENERAL_NAMES *gens = NULL;
1339 	GENERAL_NAME *gen = NULL;
1340 	ret = sk_GENERAL_NAMES_new_null();
1341 	if (!ret)
1342 		goto err;
1343 	for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)
1344 		{
1345 		char *str = sk_OPENSSL_STRING_value(ns, i);
1346 		gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
1347 		if (!gen)
1348 			goto err;
1349 		gens = GENERAL_NAMES_new();
1350 		if (!gens)
1351 			goto err;
1352 		if (!sk_GENERAL_NAME_push(gens, gen))
1353 			goto err;
1354 		gen = NULL;
1355 		if (!sk_GENERAL_NAMES_push(ret, gens))
1356 			goto err;
1357 		gens = NULL;
1358 		}
1359 
1360 	return ret;
1361 
1362 	err:
1363 	if (ret)
1364 		sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
1365 	if (gens)
1366 		GENERAL_NAMES_free(gens);
1367 	if (gen)
1368 		GENERAL_NAME_free(gen);
1369 	return NULL;
1370 	}
1371 
1372 
make_receipt_request(STACK_OF (OPENSSL_STRING)* rr_to,int rr_allorfirst,STACK_OF (OPENSSL_STRING)* rr_from)1373 static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
1374 						int rr_allorfirst,
1375 						STACK_OF(OPENSSL_STRING) *rr_from)
1376 	{
1377 	STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
1378 	CMS_ReceiptRequest *rr;
1379 	rct_to = make_names_stack(rr_to);
1380 	if (!rct_to)
1381 		goto err;
1382 	if (rr_from)
1383 		{
1384 		rct_from = make_names_stack(rr_from);
1385 		if (!rct_from)
1386 			goto err;
1387 		}
1388 	else
1389 		rct_from = NULL;
1390 	rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
1391 						rct_to);
1392 	return rr;
1393 	err:
1394 	return NULL;
1395 	}
1396 
1397 #endif
1398