apps/openssl/smime.c

*de0e0e4dSAntonio Huete Jimenez/* $OpenBSD: smime.c,v 1.17 2022/01/16 07:12:28 inoguchi Exp $ */
f5b1c8a1SJohn Marino/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
f5b1c8a1SJohn Marino * project.
f5b1c8a1SJohn Marino */
f5b1c8a1SJohn Marino/* ====================================================================
f5b1c8a1SJohn Marino * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * Redistribution and use in source and binary forms, with or without
f5b1c8a1SJohn Marino * modification, are permitted provided that the following conditions
f5b1c8a1SJohn Marino * are met:
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * 1. Redistributions of source code must retain the above copyright
f5b1c8a1SJohn Marino *    notice, this list of conditions and the following disclaimer.
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * 2. Redistributions in binary form must reproduce the above copyright
f5b1c8a1SJohn Marino *    notice, this list of conditions and the following disclaimer in
f5b1c8a1SJohn Marino *    the documentation and/or other materials provided with the
f5b1c8a1SJohn Marino *    distribution.
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * 3. All advertising materials mentioning features or use of this
f5b1c8a1SJohn Marino *    software must display the following acknowledgment:
f5b1c8a1SJohn Marino *    "This product includes software developed by the OpenSSL Project
f5b1c8a1SJohn Marino *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
f5b1c8a1SJohn Marino *    endorse or promote products derived from this software without
f5b1c8a1SJohn Marino *    prior written permission. For written permission, please contact
f5b1c8a1SJohn Marino *    licensing@OpenSSL.org.
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * 5. Products derived from this software may not be called "OpenSSL"
f5b1c8a1SJohn Marino *    nor may "OpenSSL" appear in their names without prior written
f5b1c8a1SJohn Marino *    permission of the OpenSSL Project.
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * 6. Redistributions of any form whatsoever must retain the following
f5b1c8a1SJohn Marino *    acknowledgment:
f5b1c8a1SJohn Marino *    "This product includes software developed by the OpenSSL Project
f5b1c8a1SJohn Marino *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
f5b1c8a1SJohn Marino * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
f5b1c8a1SJohn Marino * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
f5b1c8a1SJohn Marino * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
f5b1c8a1SJohn Marino * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
f5b1c8a1SJohn Marino * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
f5b1c8a1SJohn Marino * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
f5b1c8a1SJohn Marino * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
f5b1c8a1SJohn Marino * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
f5b1c8a1SJohn Marino * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
f5b1c8a1SJohn Marino * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
f5b1c8a1SJohn Marino * OF THE POSSIBILITY OF SUCH DAMAGE.
f5b1c8a1SJohn Marino * ====================================================================
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino * This product includes cryptographic software written by Eric Young
f5b1c8a1SJohn Marino * (eay@cryptsoft.com).  This product includes software written by Tim
f5b1c8a1SJohn Marino * Hudson (tjh@cryptsoft.com).
f5b1c8a1SJohn Marino *
f5b1c8a1SJohn Marino */
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino/* S/MIME utility function */
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino#include <stdio.h>
f5b1c8a1SJohn Marino#include <string.h>
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino#include "apps.h"
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino#include <openssl/crypto.h>
f5b1c8a1SJohn Marino#include <openssl/err.h>
f5b1c8a1SJohn Marino#include <openssl/pem.h>
f5b1c8a1SJohn Marino#include <openssl/x509_vfy.h>
f5b1c8a1SJohn Marino#include <openssl/x509v3.h>
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marinostatic int save_certs(char *signerfile, STACK_OF(X509) *signers);
f5b1c8a1SJohn Marinostatic int smime_cb(int ok, X509_STORE_CTX *ctx);
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino#define SMIME_OP	0x10
f5b1c8a1SJohn Marino#define SMIME_IP	0x20
f5b1c8a1SJohn Marino#define SMIME_SIGNERS	0x40
f5b1c8a1SJohn Marino#define SMIME_ENCRYPT	(1 | SMIME_OP)
f5b1c8a1SJohn Marino#define SMIME_DECRYPT	(2 | SMIME_IP)
f5b1c8a1SJohn Marino#define SMIME_SIGN	(3 | SMIME_OP | SMIME_SIGNERS)
f5b1c8a1SJohn Marino#define SMIME_VERIFY	(4 | SMIME_IP)
f5b1c8a1SJohn Marino#define SMIME_PK7OUT	(5 | SMIME_IP | SMIME_OP)
f5b1c8a1SJohn Marino#define SMIME_RESIGN	(6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenezstatic struct {
*de0e0e4dSAntonio Huete Jimenez	char *CAfile;
*de0e0e4dSAntonio Huete Jimenez	char *CApath;
*de0e0e4dSAntonio Huete Jimenez	char *certfile;
*de0e0e4dSAntonio Huete Jimenez	const EVP_CIPHER *cipher;
*de0e0e4dSAntonio Huete Jimenez	char *contfile;
*de0e0e4dSAntonio Huete Jimenez	int flags;
*de0e0e4dSAntonio Huete Jimenez	char *from;
*de0e0e4dSAntonio Huete Jimenez	int indef;
*de0e0e4dSAntonio Huete Jimenez	char *infile;
*de0e0e4dSAntonio Huete Jimenez	int informat;
*de0e0e4dSAntonio Huete Jimenez	char *keyfile;
*de0e0e4dSAntonio Huete Jimenez	int keyform;
*de0e0e4dSAntonio Huete Jimenez	int operation;
*de0e0e4dSAntonio Huete Jimenez	char *outfile;
*de0e0e4dSAntonio Huete Jimenez	int outformat;
*de0e0e4dSAntonio Huete Jimenez	char *passargin;
*de0e0e4dSAntonio Huete Jimenez	char *recipfile;
*de0e0e4dSAntonio Huete Jimenez	const EVP_MD *sign_md;
*de0e0e4dSAntonio Huete Jimenez	char *signerfile;
*de0e0e4dSAntonio Huete Jimenez	STACK_OF(OPENSSL_STRING) *skkeys;
*de0e0e4dSAntonio Huete Jimenez	STACK_OF(OPENSSL_STRING) *sksigners;
*de0e0e4dSAntonio Huete Jimenez	char *subject;
*de0e0e4dSAntonio Huete Jimenez	char *to;
*de0e0e4dSAntonio Huete Jimenez	X509_VERIFY_PARAM *vpm;
*de0e0e4dSAntonio Huete Jimenez} smime_config;
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic const EVP_CIPHER *
*de0e0e4dSAntonio Huete Jimenezget_cipher_by_name(char *name)
*de0e0e4dSAntonio Huete Jimenez{
*de0e0e4dSAntonio Huete Jimenez	if (name == NULL || strcmp(name, "") == 0)
*de0e0e4dSAntonio Huete Jimenez		return (NULL);
*de0e0e4dSAntonio Huete Jimenez#ifndef OPENSSL_NO_AES
*de0e0e4dSAntonio Huete Jimenez	else if (strcmp(name, "aes128") == 0)
*de0e0e4dSAntonio Huete Jimenez		return EVP_aes_128_cbc();
*de0e0e4dSAntonio Huete Jimenez	else if (strcmp(name, "aes192") == 0)
*de0e0e4dSAntonio Huete Jimenez		return EVP_aes_192_cbc();
*de0e0e4dSAntonio Huete Jimenez	else if (strcmp(name, "aes256") == 0)
*de0e0e4dSAntonio Huete Jimenez		return EVP_aes_256_cbc();
*de0e0e4dSAntonio Huete Jimenez#endif
*de0e0e4dSAntonio Huete Jimenez#ifndef OPENSSL_NO_CAMELLIA
*de0e0e4dSAntonio Huete Jimenez	else if (strcmp(name, "camellia128") == 0)
*de0e0e4dSAntonio Huete Jimenez		return EVP_camellia_128_cbc();
*de0e0e4dSAntonio Huete Jimenez	else if (strcmp(name, "camellia192") == 0)
*de0e0e4dSAntonio Huete Jimenez		return EVP_camellia_192_cbc();
*de0e0e4dSAntonio Huete Jimenez	else if (strcmp(name, "camellia256") == 0)
*de0e0e4dSAntonio Huete Jimenez		return EVP_camellia_256_cbc();
*de0e0e4dSAntonio Huete Jimenez#endif
*de0e0e4dSAntonio Huete Jimenez#ifndef OPENSSL_NO_DES
*de0e0e4dSAntonio Huete Jimenez	else if (strcmp(name, "des") == 0)
*de0e0e4dSAntonio Huete Jimenez		return EVP_des_cbc();
*de0e0e4dSAntonio Huete Jimenez	else if (strcmp(name, "des3") == 0)
*de0e0e4dSAntonio Huete Jimenez		return EVP_des_ede3_cbc();
*de0e0e4dSAntonio Huete Jimenez#endif
*de0e0e4dSAntonio Huete Jimenez#ifndef OPENSSL_NO_RC2
*de0e0e4dSAntonio Huete Jimenez	else if (!strcmp(name, "rc2-40"))
*de0e0e4dSAntonio Huete Jimenez		return EVP_rc2_40_cbc();
*de0e0e4dSAntonio Huete Jimenez	else if (!strcmp(name, "rc2-64"))
*de0e0e4dSAntonio Huete Jimenez		return EVP_rc2_64_cbc();
*de0e0e4dSAntonio Huete Jimenez	else if (!strcmp(name, "rc2-128"))
*de0e0e4dSAntonio Huete Jimenez		return EVP_rc2_cbc();
*de0e0e4dSAntonio Huete Jimenez#endif
*de0e0e4dSAntonio Huete Jimenez	else
*de0e0e4dSAntonio Huete Jimenez		return NULL;
*de0e0e4dSAntonio Huete Jimenez}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic int
*de0e0e4dSAntonio Huete Jimenezsmime_opt_cipher(int argc, char **argv, int *argsused)
*de0e0e4dSAntonio Huete Jimenez{
*de0e0e4dSAntonio Huete Jimenez	char *name = argv[0];
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (*name++ != '-')
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if ((smime_config.cipher = get_cipher_by_name(name)) == NULL)
*de0e0e4dSAntonio Huete Jimenez		if ((smime_config.cipher = EVP_get_cipherbyname(name)) == NULL)
*de0e0e4dSAntonio Huete Jimenez			return (1);
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	*argsused = 1;
*de0e0e4dSAntonio Huete Jimenez	return (0);
*de0e0e4dSAntonio Huete Jimenez}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic int
*de0e0e4dSAntonio Huete Jimenezsmime_opt_inkey(char *arg)
*de0e0e4dSAntonio Huete Jimenez{
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.keyfile == NULL) {
*de0e0e4dSAntonio Huete Jimenez		smime_config.keyfile = arg;
*de0e0e4dSAntonio Huete Jimenez		return (0);
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.signerfile == NULL) {
*de0e0e4dSAntonio Huete Jimenez		BIO_puts(bio_err, "Illegal -inkey without -signer\n");
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.sksigners == NULL) {
*de0e0e4dSAntonio Huete Jimenez		if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
*de0e0e4dSAntonio Huete Jimenez			return (1);
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez	if (!sk_OPENSSL_STRING_push(smime_config.sksigners,
*de0e0e4dSAntonio Huete Jimenez	    smime_config.signerfile))
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	smime_config.signerfile = NULL;
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.skkeys == NULL) {
*de0e0e4dSAntonio Huete Jimenez		if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
*de0e0e4dSAntonio Huete Jimenez			return (1);
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez	if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile))
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	smime_config.keyfile = arg;
*de0e0e4dSAntonio Huete Jimenez	return (0);
*de0e0e4dSAntonio Huete Jimenez}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic int
*de0e0e4dSAntonio Huete Jimenezsmime_opt_md(char *arg)
*de0e0e4dSAntonio Huete Jimenez{
*de0e0e4dSAntonio Huete Jimenez	if ((smime_config.sign_md = EVP_get_digestbyname(arg)) == NULL) {
*de0e0e4dSAntonio Huete Jimenez		BIO_printf(bio_err, "Unknown digest %s\n", arg);
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez	return (0);
*de0e0e4dSAntonio Huete Jimenez}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic int
*de0e0e4dSAntonio Huete Jimenezsmime_opt_signer(char *arg)
*de0e0e4dSAntonio Huete Jimenez{
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.signerfile == NULL) {
*de0e0e4dSAntonio Huete Jimenez		smime_config.signerfile = arg;
*de0e0e4dSAntonio Huete Jimenez		return (0);
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.sksigners == NULL) {
*de0e0e4dSAntonio Huete Jimenez		if ((smime_config.sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
*de0e0e4dSAntonio Huete Jimenez			return (1);
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez	if (!sk_OPENSSL_STRING_push(smime_config.sksigners,
*de0e0e4dSAntonio Huete Jimenez	    smime_config.signerfile))
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.keyfile == NULL)
*de0e0e4dSAntonio Huete Jimenez		smime_config.keyfile = smime_config.signerfile;
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.skkeys == NULL) {
*de0e0e4dSAntonio Huete Jimenez		if ((smime_config.skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
*de0e0e4dSAntonio Huete Jimenez			return (1);
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez	if (!sk_OPENSSL_STRING_push(smime_config.skkeys, smime_config.keyfile))
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	smime_config.keyfile = NULL;
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	smime_config.signerfile = arg;
*de0e0e4dSAntonio Huete Jimenez	return (0);
*de0e0e4dSAntonio Huete Jimenez}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic int
*de0e0e4dSAntonio Huete Jimenezsmime_opt_verify_param(int argc, char **argv, int *argsused)
*de0e0e4dSAntonio Huete Jimenez{
*de0e0e4dSAntonio Huete Jimenez	int oargc = argc;
*de0e0e4dSAntonio Huete Jimenez	int badarg = 0;
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (!args_verify(&argv, &argc, &badarg, bio_err, &smime_config.vpm))
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez	if (badarg)
*de0e0e4dSAntonio Huete Jimenez		return (1);
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	*argsused = oargc - argc;
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	return (0);
*de0e0e4dSAntonio Huete Jimenez}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic const struct option smime_options[] = {
*de0e0e4dSAntonio Huete Jimenez#ifndef OPENSSL_NO_AES
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "aes128",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt PEM output with CBC AES",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "aes192",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt PEM output with CBC AES",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "aes256",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt PEM output with CBC AES",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez#endif
*de0e0e4dSAntonio Huete Jimenez#ifndef OPENSSL_NO_CAMELLIA
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "camellia128",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt PEM output with CBC Camellia",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "camellia192",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt PEM output with CBC Camellia",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "camellia256",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt PEM output with CBC Camellia",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez#endif
*de0e0e4dSAntonio Huete Jimenez#ifndef OPENSSL_NO_DES
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "des",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt with DES",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "des3",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt with triple DES",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez#endif
*de0e0e4dSAntonio Huete Jimenez#ifndef OPENSSL_NO_RC2
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "rc2-40",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt with RC2-40 (default)",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "rc2-64",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt with RC2-64",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "rc2-128",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt with RC2-128",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez#endif
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "CAfile",
*de0e0e4dSAntonio Huete Jimenez		.argname = "file",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Certificate Authority file",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.CAfile,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "CApath",
*de0e0e4dSAntonio Huete Jimenez		.argname = "path",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Certificate Authority path",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.CApath,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "binary",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Do not translate message to text",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_BINARY,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "certfile",
*de0e0e4dSAntonio Huete Jimenez		.argname = "file",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Other certificates file",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.certfile,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "content",
*de0e0e4dSAntonio Huete Jimenez		.argname = "file",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Supply or override content for detached signature",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.contfile,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "crlfeol",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Use CRLF as EOL termination instead of CR only",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_CRLFEOL,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "decrypt",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Decrypt encrypted message",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.operation,
*de0e0e4dSAntonio Huete Jimenez		.value = SMIME_DECRYPT,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "encrypt",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Encrypt message",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.operation,
*de0e0e4dSAntonio Huete Jimenez		.value = SMIME_ENCRYPT,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "from",
*de0e0e4dSAntonio Huete Jimenez		.argname = "addr",
*de0e0e4dSAntonio Huete Jimenez		.desc = "From address",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.from,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "in",
*de0e0e4dSAntonio Huete Jimenez		.argname = "file",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Input file",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.infile,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "indef",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Same as -stream",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.indef,
*de0e0e4dSAntonio Huete Jimenez		.value = 1,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "inform",
*de0e0e4dSAntonio Huete Jimenez		.argname = "fmt",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Input format (DER, PEM or SMIME (default))",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG_FORMAT,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.informat,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "inkey",
*de0e0e4dSAntonio Huete Jimenez		.argname = "file",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Input key file",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argfunc = smime_opt_inkey,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "keyform",
*de0e0e4dSAntonio Huete Jimenez		.argname = "fmt",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Input key format (DER or PEM (default))",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG_FORMAT,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.keyform,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "md",
*de0e0e4dSAntonio Huete Jimenez		.argname = "digest",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Digest to use when signing or resigning",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argfunc = smime_opt_md,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "noattr",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Do not include any signed attributes",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_NOATTR,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "nocerts",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Do not include signer's certificate when signing",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_NOCERTS,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "nochain",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Do not chain verification of signer's certificates",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_NOCHAIN,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "nodetach",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Use opaque signing",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_AND,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = ~PKCS7_DETACHED,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "noindef",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Disable streaming I/O",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.indef,
*de0e0e4dSAntonio Huete Jimenez		.value = 0,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "nointern",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Do not search certificates in message for signer",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_NOINTERN,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "nooldmime",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Output old S/MIME content type",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_NOOLDMIMETYPE,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "nosigs",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Do not verify message signature",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_NOSIGS,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "nosmimecap",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Omit the SMIMECapabilities attribute",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_NOSMIMECAP,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "noverify",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Do not verify signer's certificate",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_NOVERIFY,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "out",
*de0e0e4dSAntonio Huete Jimenez		.argname = "file",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Output file",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.outfile,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "outform",
*de0e0e4dSAntonio Huete Jimenez		.argname = "fmt",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Output format (DER, PEM or SMIME (default))",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG_FORMAT,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.outformat,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "passin",
*de0e0e4dSAntonio Huete Jimenez		.argname = "src",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Private key password source",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.passargin,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "pk7out",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Output PKCS#7 structure",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.operation,
*de0e0e4dSAntonio Huete Jimenez		.value = SMIME_PK7OUT,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "recip",
*de0e0e4dSAntonio Huete Jimenez		.argname = "file",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Recipient certificate file for decryption",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.recipfile,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "resign",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Resign a signed message",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.operation,
*de0e0e4dSAntonio Huete Jimenez		.value = SMIME_RESIGN,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "sign",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Sign message",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.operation,
*de0e0e4dSAntonio Huete Jimenez		.value = SMIME_SIGN,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "signer",
*de0e0e4dSAntonio Huete Jimenez		.argname = "file",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Signer certificate file",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argfunc = smime_opt_signer,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "stream",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Enable streaming I/O",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.indef,
*de0e0e4dSAntonio Huete Jimenez		.value = 1,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "subject",
*de0e0e4dSAntonio Huete Jimenez		.argname = "s",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Subject",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.subject,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "text",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Include or delete text MIME headers",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE_OR,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.flags,
*de0e0e4dSAntonio Huete Jimenez		.value = PKCS7_TEXT,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "to",
*de0e0e4dSAntonio Huete Jimenez		.argname = "addr",
*de0e0e4dSAntonio Huete Jimenez		.desc = "To address",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARG,
*de0e0e4dSAntonio Huete Jimenez		.opt.arg = &smime_config.to,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "verify",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Verify signed message",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_VALUE,
*de0e0e4dSAntonio Huete Jimenez		.opt.value = &smime_config.operation,
*de0e0e4dSAntonio Huete Jimenez		.value = SMIME_VERIFY,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "check_ss_sig",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_verify_param,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "crl_check",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_verify_param,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "crl_check_all",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_verify_param,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "extended_crl",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_verify_param,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "ignore_critical",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_verify_param,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "issuer_checks",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_verify_param,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "policy_check",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_verify_param,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "x509_strict",
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_verify_param,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = NULL,
*de0e0e4dSAntonio Huete Jimenez		.type = OPTION_ARGV_FUNC,
*de0e0e4dSAntonio Huete Jimenez		.opt.argvfunc = smime_opt_cipher,
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{ NULL },
*de0e0e4dSAntonio Huete Jimenez};
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic const struct option verify_shared_options[] = {
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "check_ss_sig",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Check the root CA self-signed certificate signature",
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "crl_check",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Enable CRL checking for the leaf certificate",
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "crl_check_all",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Enable CRL checking for the entire certificate chain",
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "extended_crl",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Enable extended CRL support",
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "ignore_critical",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Disable critical extension checking",
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "issuer_checks",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Enable debugging of certificate issuer checks",
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "policy_check",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Enable certificate policy checking",
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{
*de0e0e4dSAntonio Huete Jimenez		.name = "x509_strict",
*de0e0e4dSAntonio Huete Jimenez		.desc = "Use strict X.509 rules (disables workarounds)",
*de0e0e4dSAntonio Huete Jimenez	},
*de0e0e4dSAntonio Huete Jimenez	{ NULL },
*de0e0e4dSAntonio Huete Jimenez};
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenezstatic void
*de0e0e4dSAntonio Huete Jimenezsmime_usage(void)
*de0e0e4dSAntonio Huete Jimenez{
*de0e0e4dSAntonio Huete Jimenez	fprintf(stderr, "usage: smime "
*de0e0e4dSAntonio Huete Jimenez	    "[-aes128 | -aes192 | -aes256 | -des |\n"
*de0e0e4dSAntonio Huete Jimenez	    "    -des3 | -rc2-40 | -rc2-64 | -rc2-128] [-binary]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-CAfile file] [-CApath directory] [-certfile file]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-content file]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-decrypt] [-encrypt]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-from addr] [-in file] [-indef]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-inform der | pem | smime] [-inkey file]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-keyform der | pem] [-md digest] [-noattr] [-nocerts]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-nochain] [-nodetach] [-noindef] [-nointern] [-nosigs]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-nosmimecap] [-noverify] [-out file]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-outform der | pem | smime] [-passin arg] [-pk7out]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-recip file] [-resign] [-sign]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-signer file] [-stream] [-subject s] [-text] [-to addr]\n"
*de0e0e4dSAntonio Huete Jimenez	    "    [-verify] [cert.pem ...]\n\n");
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	options_usage(smime_options);
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	fprintf(stderr, "\nVerification options:\n\n");
*de0e0e4dSAntonio Huete Jimenez	options_usage(verify_shared_options);
*de0e0e4dSAntonio Huete Jimenez}
*de0e0e4dSAntonio Huete Jimenez
f5b1c8a1SJohn Marinoint
f5b1c8a1SJohn Marinosmime_main(int argc, char **argv)
f5b1c8a1SJohn Marino{
f5b1c8a1SJohn Marino	int ret = 0;
f5b1c8a1SJohn Marino	char **args;
*de0e0e4dSAntonio Huete Jimenez	int argsused = 0;
f5b1c8a1SJohn Marino	const char *inmode = "r", *outmode = "w";
f5b1c8a1SJohn Marino	PKCS7 *p7 = NULL;
f5b1c8a1SJohn Marino	X509_STORE *store = NULL;
f5b1c8a1SJohn Marino	X509 *cert = NULL, *recip = NULL, *signer = NULL;
f5b1c8a1SJohn Marino	EVP_PKEY *key = NULL;
f5b1c8a1SJohn Marino	STACK_OF(X509) *encerts = NULL, *other = NULL;
f5b1c8a1SJohn Marino	BIO *in = NULL, *out = NULL, *indata = NULL;
f5b1c8a1SJohn Marino	int badarg = 0;
*de0e0e4dSAntonio Huete Jimenez	char *passin = NULL;
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino	if (single_execution) {
72c33676SMaxim Ag		if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
f5b1c8a1SJohn Marino			perror("pledge");
f5b1c8a1SJohn Marino			exit(1);
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino	}
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	memset(&smime_config, 0, sizeof(smime_config));
*de0e0e4dSAntonio Huete Jimenez	smime_config.flags = PKCS7_DETACHED;
*de0e0e4dSAntonio Huete Jimenez	smime_config.informat = FORMAT_SMIME;
*de0e0e4dSAntonio Huete Jimenez	smime_config.outformat = FORMAT_SMIME;
*de0e0e4dSAntonio Huete Jimenez	smime_config.keyform = FORMAT_PEM;
*de0e0e4dSAntonio Huete Jimenez	if (options_parse(argc, argv, smime_options, NULL, &argsused) != 0) {
*de0e0e4dSAntonio Huete Jimenez		goto argerr;
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez	args = argv + argsused;
f5b1c8a1SJohn Marino	ret = 1;
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (!(smime_config.operation & SMIME_SIGNERS) &&
*de0e0e4dSAntonio Huete Jimenez	    (smime_config.skkeys != NULL || smime_config.sksigners != NULL)) {
f5b1c8a1SJohn Marino		BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
f5b1c8a1SJohn Marino		goto argerr;
f5b1c8a1SJohn Marino	}
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation & SMIME_SIGNERS) {
f5b1c8a1SJohn Marino		/* Check to see if any final signer needs to be appended */
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.keyfile != NULL &&
*de0e0e4dSAntonio Huete Jimenez		    smime_config.signerfile == NULL) {
f5b1c8a1SJohn Marino			BIO_puts(bio_err, "Illegal -inkey without -signer\n");
f5b1c8a1SJohn Marino			goto argerr;
f5b1c8a1SJohn Marino		}
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.signerfile != NULL) {
*de0e0e4dSAntonio Huete Jimenez			if (smime_config.sksigners == NULL) {
*de0e0e4dSAntonio Huete Jimenez				if ((smime_config.sksigners =
*de0e0e4dSAntonio Huete Jimenez				    sk_OPENSSL_STRING_new_null()) == NULL)
*de0e0e4dSAntonio Huete Jimenez					goto end;
f5b1c8a1SJohn Marino			}
*de0e0e4dSAntonio Huete Jimenez			if (!sk_OPENSSL_STRING_push(smime_config.sksigners,
*de0e0e4dSAntonio Huete Jimenez			    smime_config.signerfile))
*de0e0e4dSAntonio Huete Jimenez				goto end;
*de0e0e4dSAntonio Huete Jimenez			if (smime_config.skkeys == NULL) {
*de0e0e4dSAntonio Huete Jimenez				if ((smime_config.skkeys =
*de0e0e4dSAntonio Huete Jimenez				    sk_OPENSSL_STRING_new_null()) == NULL)
*de0e0e4dSAntonio Huete Jimenez					goto end;
*de0e0e4dSAntonio Huete Jimenez			}
*de0e0e4dSAntonio Huete Jimenez			if (smime_config.keyfile == NULL)
*de0e0e4dSAntonio Huete Jimenez				smime_config.keyfile = smime_config.signerfile;
*de0e0e4dSAntonio Huete Jimenez			if (!sk_OPENSSL_STRING_push(smime_config.skkeys,
*de0e0e4dSAntonio Huete Jimenez			    smime_config.keyfile))
*de0e0e4dSAntonio Huete Jimenez				goto end;
*de0e0e4dSAntonio Huete Jimenez		}
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.sksigners == NULL) {
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez			    "No signer certificate specified\n");
f5b1c8a1SJohn Marino			badarg = 1;
f5b1c8a1SJohn Marino		}
*de0e0e4dSAntonio Huete Jimenez		smime_config.signerfile = NULL;
*de0e0e4dSAntonio Huete Jimenez		smime_config.keyfile = NULL;
*de0e0e4dSAntonio Huete Jimenez	} else if (smime_config.operation == SMIME_DECRYPT) {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.recipfile == NULL &&
*de0e0e4dSAntonio Huete Jimenez		    smime_config.keyfile == NULL) {
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez			    "No recipient certificate or key specified\n");
f5b1c8a1SJohn Marino			badarg = 1;
f5b1c8a1SJohn Marino		}
*de0e0e4dSAntonio Huete Jimenez	} else if (smime_config.operation == SMIME_ENCRYPT) {
*de0e0e4dSAntonio Huete Jimenez		if (*args == NULL) {
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez			    "No recipient(s) certificate(s) specified\n");
f5b1c8a1SJohn Marino			badarg = 1;
f5b1c8a1SJohn Marino		}
*de0e0e4dSAntonio Huete Jimenez	} else if (!smime_config.operation) {
f5b1c8a1SJohn Marino		badarg = 1;
*de0e0e4dSAntonio Huete Jimenez	}
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino	if (badarg) {
f5b1c8a1SJohn Marino argerr:
*de0e0e4dSAntonio Huete Jimenez		smime_usage();
f5b1c8a1SJohn Marino		goto end;
f5b1c8a1SJohn Marino	}
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (!app_passwd(bio_err, smime_config.passargin, NULL, &passin, NULL)) {
f5b1c8a1SJohn Marino		BIO_printf(bio_err, "Error getting password\n");
f5b1c8a1SJohn Marino		goto end;
f5b1c8a1SJohn Marino	}
f5b1c8a1SJohn Marino	ret = 2;
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (!(smime_config.operation & SMIME_SIGNERS))
*de0e0e4dSAntonio Huete Jimenez		smime_config.flags &= ~PKCS7_DETACHED;
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation & SMIME_OP) {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.outformat == FORMAT_ASN1)
f5b1c8a1SJohn Marino			outmode = "wb";
f5b1c8a1SJohn Marino	} else {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.flags & PKCS7_BINARY)
f5b1c8a1SJohn Marino			outmode = "wb";
f5b1c8a1SJohn Marino	}
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation & SMIME_IP) {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.informat == FORMAT_ASN1)
f5b1c8a1SJohn Marino			inmode = "rb";
f5b1c8a1SJohn Marino	} else {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.flags & PKCS7_BINARY)
f5b1c8a1SJohn Marino			inmode = "rb";
f5b1c8a1SJohn Marino	}
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation == SMIME_ENCRYPT) {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.cipher == NULL) {
f5b1c8a1SJohn Marino#ifndef OPENSSL_NO_RC2
*de0e0e4dSAntonio Huete Jimenez			smime_config.cipher = EVP_rc2_40_cbc();
f5b1c8a1SJohn Marino#else
f5b1c8a1SJohn Marino			BIO_printf(bio_err, "No cipher selected\n");
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino#endif
f5b1c8a1SJohn Marino		}
*de0e0e4dSAntonio Huete Jimenez		if ((encerts = sk_X509_new_null()) == NULL)
*de0e0e4dSAntonio Huete Jimenez			goto end;
*de0e0e4dSAntonio Huete Jimenez		while (*args != NULL) {
*de0e0e4dSAntonio Huete Jimenez			if ((cert = load_cert(bio_err, *args, FORMAT_PEM,
*de0e0e4dSAntonio Huete Jimenez			    NULL, "recipient certificate file")) == NULL) {
f5b1c8a1SJohn Marino				goto end;
f5b1c8a1SJohn Marino			}
*de0e0e4dSAntonio Huete Jimenez			if (!sk_X509_push(encerts, cert))
*de0e0e4dSAntonio Huete Jimenez				goto end;
f5b1c8a1SJohn Marino			cert = NULL;
f5b1c8a1SJohn Marino			args++;
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino	}
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.certfile != NULL) {
*de0e0e4dSAntonio Huete Jimenez		if ((other = load_certs(bio_err, smime_config.certfile,
*de0e0e4dSAntonio Huete Jimenez		    FORMAT_PEM, NULL, "certificate file")) == NULL) {
f5b1c8a1SJohn Marino			ERR_print_errors(bio_err);
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino	}
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.recipfile != NULL &&
*de0e0e4dSAntonio Huete Jimenez	    (smime_config.operation == SMIME_DECRYPT)) {
*de0e0e4dSAntonio Huete Jimenez		if ((recip = load_cert(bio_err, smime_config.recipfile,
*de0e0e4dSAntonio Huete Jimenez		    FORMAT_PEM, NULL, "recipient certificate file")) == NULL) {
f5b1c8a1SJohn Marino			ERR_print_errors(bio_err);
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino	}
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation == SMIME_DECRYPT) {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.keyfile == NULL)
*de0e0e4dSAntonio Huete Jimenez			smime_config.keyfile = smime_config.recipfile;
*de0e0e4dSAntonio Huete Jimenez	} else if (smime_config.operation == SMIME_SIGN) {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.keyfile == NULL)
*de0e0e4dSAntonio Huete Jimenez			smime_config.keyfile = smime_config.signerfile;
*de0e0e4dSAntonio Huete Jimenez	} else {
*de0e0e4dSAntonio Huete Jimenez		smime_config.keyfile = NULL;
*de0e0e4dSAntonio Huete Jimenez	}
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.keyfile != NULL) {
*de0e0e4dSAntonio Huete Jimenez		key = load_key(bio_err, smime_config.keyfile,
*de0e0e4dSAntonio Huete Jimenez		    smime_config.keyform, 0, passin, "signing key file");
*de0e0e4dSAntonio Huete Jimenez		if (key == NULL)
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino	}
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.infile != NULL) {
*de0e0e4dSAntonio Huete Jimenez		if ((in = BIO_new_file(smime_config.infile, inmode)) == NULL) {
f5b1c8a1SJohn Marino			BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez			    "Can't open input file %s\n", smime_config.infile);
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino	} else {
*de0e0e4dSAntonio Huete Jimenez		if ((in = BIO_new_fp(stdin, BIO_NOCLOSE)) == NULL)
*de0e0e4dSAntonio Huete Jimenez			goto end;
f5b1c8a1SJohn Marino	}
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation & SMIME_IP) {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.informat == FORMAT_SMIME)
*de0e0e4dSAntonio Huete Jimenez			p7 = SMIME_read_PKCS7(in, &indata);
*de0e0e4dSAntonio Huete Jimenez		else if (smime_config.informat == FORMAT_PEM)
*de0e0e4dSAntonio Huete Jimenez			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
*de0e0e4dSAntonio Huete Jimenez		else if (smime_config.informat == FORMAT_ASN1)
*de0e0e4dSAntonio Huete Jimenez			p7 = d2i_PKCS7_bio(in, NULL);
*de0e0e4dSAntonio Huete Jimenez		else {
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez			    "Bad input format for PKCS#7 file\n");
*de0e0e4dSAntonio Huete Jimenez			goto end;
*de0e0e4dSAntonio Huete Jimenez		}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez		if (p7 == NULL) {
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(bio_err, "Error reading S/MIME message\n");
*de0e0e4dSAntonio Huete Jimenez			goto end;
*de0e0e4dSAntonio Huete Jimenez		}
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.contfile != NULL) {
*de0e0e4dSAntonio Huete Jimenez			BIO_free(indata);
*de0e0e4dSAntonio Huete Jimenez			if ((indata = BIO_new_file(smime_config.contfile,
*de0e0e4dSAntonio Huete Jimenez			    "rb")) == NULL) {
*de0e0e4dSAntonio Huete Jimenez				BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez				    "Can't read content file %s\n",
*de0e0e4dSAntonio Huete Jimenez				    smime_config.contfile);
*de0e0e4dSAntonio Huete Jimenez				goto end;
*de0e0e4dSAntonio Huete Jimenez			}
*de0e0e4dSAntonio Huete Jimenez		}
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.outfile != NULL) {
*de0e0e4dSAntonio Huete Jimenez		if ((out = BIO_new_file(smime_config.outfile, outmode)) == NULL) {
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez			    "Can't open output file %s\n",
*de0e0e4dSAntonio Huete Jimenez			    smime_config.outfile);
*de0e0e4dSAntonio Huete Jimenez			goto end;
*de0e0e4dSAntonio Huete Jimenez		}
*de0e0e4dSAntonio Huete Jimenez	} else {
*de0e0e4dSAntonio Huete Jimenez		if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL)
*de0e0e4dSAntonio Huete Jimenez			goto end;
*de0e0e4dSAntonio Huete Jimenez	}
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation == SMIME_VERIFY) {
*de0e0e4dSAntonio Huete Jimenez		if ((store = setup_verify(bio_err, smime_config.CAfile,
*de0e0e4dSAntonio Huete Jimenez		    smime_config.CApath)) == NULL)
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino		X509_STORE_set_verify_cb(store, smime_cb);
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.vpm != NULL) {
*de0e0e4dSAntonio Huete Jimenez			if (!X509_STORE_set1_param(store, smime_config.vpm))
*de0e0e4dSAntonio Huete Jimenez				goto end;
*de0e0e4dSAntonio Huete Jimenez		}
f5b1c8a1SJohn Marino	}
f5b1c8a1SJohn Marino	ret = 3;
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation == SMIME_ENCRYPT) {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.indef)
*de0e0e4dSAntonio Huete Jimenez			smime_config.flags |= PKCS7_STREAM;
*de0e0e4dSAntonio Huete Jimenez		p7 = PKCS7_encrypt(encerts, in, smime_config.cipher,
*de0e0e4dSAntonio Huete Jimenez		    smime_config.flags);
*de0e0e4dSAntonio Huete Jimenez	} else if (smime_config.operation & SMIME_SIGNERS) {
f5b1c8a1SJohn Marino		int i;
f5b1c8a1SJohn Marino		/*
f5b1c8a1SJohn Marino		 * If detached data content we only enable streaming if
f5b1c8a1SJohn Marino		 * S/MIME output format.
f5b1c8a1SJohn Marino		 */
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.operation == SMIME_SIGN) {
*de0e0e4dSAntonio Huete Jimenez			if (smime_config.flags & PKCS7_DETACHED) {
*de0e0e4dSAntonio Huete Jimenez				if (smime_config.outformat == FORMAT_SMIME)
*de0e0e4dSAntonio Huete Jimenez					smime_config.flags |= PKCS7_STREAM;
*de0e0e4dSAntonio Huete Jimenez			} else if (smime_config.indef) {
*de0e0e4dSAntonio Huete Jimenez				smime_config.flags |= PKCS7_STREAM;
*de0e0e4dSAntonio Huete Jimenez			}
*de0e0e4dSAntonio Huete Jimenez			smime_config.flags |= PKCS7_PARTIAL;
*de0e0e4dSAntonio Huete Jimenez			p7 = PKCS7_sign(NULL, NULL, other, in,
*de0e0e4dSAntonio Huete Jimenez			    smime_config.flags);
*de0e0e4dSAntonio Huete Jimenez			if (p7 == NULL)
f5b1c8a1SJohn Marino				goto end;
*de0e0e4dSAntonio Huete Jimenez		} else {
*de0e0e4dSAntonio Huete Jimenez			smime_config.flags |= PKCS7_REUSE_DIGEST;
*de0e0e4dSAntonio Huete Jimenez		}
*de0e0e4dSAntonio Huete Jimenez		for (i = 0; i < sk_OPENSSL_STRING_num(smime_config.sksigners); i++) {
*de0e0e4dSAntonio Huete Jimenez			smime_config.signerfile =
*de0e0e4dSAntonio Huete Jimenez			    sk_OPENSSL_STRING_value(smime_config.sksigners, i);
*de0e0e4dSAntonio Huete Jimenez			smime_config.keyfile =
*de0e0e4dSAntonio Huete Jimenez			    sk_OPENSSL_STRING_value(smime_config.skkeys, i);
*de0e0e4dSAntonio Huete Jimenez			signer = load_cert(bio_err, smime_config.signerfile,
*de0e0e4dSAntonio Huete Jimenez			    FORMAT_PEM, NULL, "signer certificate");
*de0e0e4dSAntonio Huete Jimenez			if (signer == NULL)
f5b1c8a1SJohn Marino				goto end;
*de0e0e4dSAntonio Huete Jimenez			key = load_key(bio_err, smime_config.keyfile,
*de0e0e4dSAntonio Huete Jimenez			    smime_config.keyform, 0, passin,
f5b1c8a1SJohn Marino			    "signing key file");
*de0e0e4dSAntonio Huete Jimenez			if (key == NULL)
f5b1c8a1SJohn Marino				goto end;
*de0e0e4dSAntonio Huete Jimenez			if (PKCS7_sign_add_signer(p7, signer, key,
*de0e0e4dSAntonio Huete Jimenez			    smime_config.sign_md, smime_config.flags) == NULL)
f5b1c8a1SJohn Marino				goto end;
f5b1c8a1SJohn Marino			X509_free(signer);
f5b1c8a1SJohn Marino			signer = NULL;
f5b1c8a1SJohn Marino			EVP_PKEY_free(key);
f5b1c8a1SJohn Marino			key = NULL;
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino		/* If not streaming or resigning finalize structure */
*de0e0e4dSAntonio Huete Jimenez		if ((smime_config.operation == SMIME_SIGN) &&
*de0e0e4dSAntonio Huete Jimenez		    !(smime_config.flags & PKCS7_STREAM)) {
*de0e0e4dSAntonio Huete Jimenez			if (!PKCS7_final(p7, in, smime_config.flags))
f5b1c8a1SJohn Marino				goto end;
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino	}
*de0e0e4dSAntonio Huete Jimenez	if (p7 == NULL) {
f5b1c8a1SJohn Marino		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
f5b1c8a1SJohn Marino		goto end;
f5b1c8a1SJohn Marino	}
f5b1c8a1SJohn Marino	ret = 4;
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (smime_config.operation == SMIME_DECRYPT) {
*de0e0e4dSAntonio Huete Jimenez		if (!PKCS7_decrypt(p7, key, recip, out, smime_config.flags)) {
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez			    "Error decrypting PKCS#7 structure\n");
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino		}
*de0e0e4dSAntonio Huete Jimenez	} else if (smime_config.operation == SMIME_VERIFY) {
f5b1c8a1SJohn Marino		STACK_OF(X509) *signers;
*de0e0e4dSAntonio Huete Jimenez		if (PKCS7_verify(p7, other, store, indata, out,
*de0e0e4dSAntonio Huete Jimenez		    smime_config.flags)) {
f5b1c8a1SJohn Marino			BIO_printf(bio_err, "Verification successful\n");
*de0e0e4dSAntonio Huete Jimenez		} else {
f5b1c8a1SJohn Marino			BIO_printf(bio_err, "Verification failure\n");
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino		}
*de0e0e4dSAntonio Huete Jimenez		if ((signers = PKCS7_get0_signers(p7, other,
*de0e0e4dSAntonio Huete Jimenez		    smime_config.flags)) == NULL)
*de0e0e4dSAntonio Huete Jimenez			goto end;
*de0e0e4dSAntonio Huete Jimenez		if (!save_certs(smime_config.signerfile, signers)) {
f5b1c8a1SJohn Marino			BIO_printf(bio_err, "Error writing signers to %s\n",
*de0e0e4dSAntonio Huete Jimenez			    smime_config.signerfile);
*de0e0e4dSAntonio Huete Jimenez			sk_X509_free(signers);
f5b1c8a1SJohn Marino			ret = 5;
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino		sk_X509_free(signers);
*de0e0e4dSAntonio Huete Jimenez	} else if (smime_config.operation == SMIME_PK7OUT) {
f5b1c8a1SJohn Marino		PEM_write_bio_PKCS7(out, p7);
*de0e0e4dSAntonio Huete Jimenez	} else {
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.to != NULL)
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(out, "To: %s\n", smime_config.to);
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.from != NULL)
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(out, "From: %s\n", smime_config.from);
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.subject != NULL)
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(out, "Subject: %s\n", smime_config.subject);
*de0e0e4dSAntonio Huete Jimenez		if (smime_config.outformat == FORMAT_SMIME) {
*de0e0e4dSAntonio Huete Jimenez			if (smime_config.operation == SMIME_RESIGN) {
*de0e0e4dSAntonio Huete Jimenez				if (!SMIME_write_PKCS7(out, p7, indata,
*de0e0e4dSAntonio Huete Jimenez				    smime_config.flags))
*de0e0e4dSAntonio Huete Jimenez					goto end;
*de0e0e4dSAntonio Huete Jimenez			} else {
*de0e0e4dSAntonio Huete Jimenez				if (!SMIME_write_PKCS7(out, p7, in,
*de0e0e4dSAntonio Huete Jimenez				    smime_config.flags))
*de0e0e4dSAntonio Huete Jimenez					goto end;
*de0e0e4dSAntonio Huete Jimenez			}
*de0e0e4dSAntonio Huete Jimenez		} else if (smime_config.outformat == FORMAT_PEM) {
*de0e0e4dSAntonio Huete Jimenez			if (!PEM_write_bio_PKCS7_stream(out, p7, in,
*de0e0e4dSAntonio Huete Jimenez			    smime_config.flags))
*de0e0e4dSAntonio Huete Jimenez				goto end;
*de0e0e4dSAntonio Huete Jimenez		} else if (smime_config.outformat == FORMAT_ASN1) {
*de0e0e4dSAntonio Huete Jimenez			if (!i2d_PKCS7_bio_stream(out, p7, in,
*de0e0e4dSAntonio Huete Jimenez			    smime_config.flags))
*de0e0e4dSAntonio Huete Jimenez				goto end;
*de0e0e4dSAntonio Huete Jimenez		} else {
*de0e0e4dSAntonio Huete Jimenez			BIO_printf(bio_err,
*de0e0e4dSAntonio Huete Jimenez			    "Bad output format for PKCS#7 file\n");
f5b1c8a1SJohn Marino			goto end;
f5b1c8a1SJohn Marino		}
f5b1c8a1SJohn Marino	}
*de0e0e4dSAntonio Huete Jimenez
f5b1c8a1SJohn Marino	ret = 0;
*de0e0e4dSAntonio Huete Jimenez
f5b1c8a1SJohn Marino end:
f5b1c8a1SJohn Marino	if (ret)
f5b1c8a1SJohn Marino		ERR_print_errors(bio_err);
f5b1c8a1SJohn Marino	sk_X509_pop_free(encerts, X509_free);
f5b1c8a1SJohn Marino	sk_X509_pop_free(other, X509_free);
*de0e0e4dSAntonio Huete Jimenez	X509_VERIFY_PARAM_free(smime_config.vpm);
*de0e0e4dSAntonio Huete Jimenez	sk_OPENSSL_STRING_free(smime_config.sksigners);
*de0e0e4dSAntonio Huete Jimenez	sk_OPENSSL_STRING_free(smime_config.skkeys);
f5b1c8a1SJohn Marino	X509_STORE_free(store);
f5b1c8a1SJohn Marino	X509_free(cert);
f5b1c8a1SJohn Marino	X509_free(recip);
f5b1c8a1SJohn Marino	X509_free(signer);
f5b1c8a1SJohn Marino	EVP_PKEY_free(key);
f5b1c8a1SJohn Marino	PKCS7_free(p7);
f5b1c8a1SJohn Marino	BIO_free(in);
f5b1c8a1SJohn Marino	BIO_free(indata);
f5b1c8a1SJohn Marino	BIO_free_all(out);
f5b1c8a1SJohn Marino	free(passin);
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino	return (ret);
f5b1c8a1SJohn Marino}
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marinostatic int
f5b1c8a1SJohn Marinosave_certs(char *signerfile, STACK_OF(X509) *signers)
f5b1c8a1SJohn Marino{
f5b1c8a1SJohn Marino	int i;
f5b1c8a1SJohn Marino	BIO *tmp;
*de0e0e4dSAntonio Huete Jimenez
*de0e0e4dSAntonio Huete Jimenez	if (signerfile == NULL)
f5b1c8a1SJohn Marino		return 1;
f5b1c8a1SJohn Marino	tmp = BIO_new_file(signerfile, "w");
*de0e0e4dSAntonio Huete Jimenez	if (tmp == NULL)
f5b1c8a1SJohn Marino		return 0;
f5b1c8a1SJohn Marino	for (i = 0; i < sk_X509_num(signers); i++)
f5b1c8a1SJohn Marino		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
f5b1c8a1SJohn Marino	BIO_free(tmp);
*de0e0e4dSAntonio Huete Jimenez
f5b1c8a1SJohn Marino	return 1;
f5b1c8a1SJohn Marino}
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino/* Minimal callback just to output policy info (if any) */
f5b1c8a1SJohn Marinostatic int
f5b1c8a1SJohn Marinosmime_cb(int ok, X509_STORE_CTX *ctx)
f5b1c8a1SJohn Marino{
f5b1c8a1SJohn Marino	int error;
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino	error = X509_STORE_CTX_get_error(ctx);
f5b1c8a1SJohn Marino
*de0e0e4dSAntonio Huete Jimenez	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) &&
*de0e0e4dSAntonio Huete Jimenez	    ((error != X509_V_OK) || (ok != 2)))
f5b1c8a1SJohn Marino		return ok;
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino	policies_print(NULL, ctx);
f5b1c8a1SJohn Marino
f5b1c8a1SJohn Marino	return ok;
f5b1c8a1SJohn Marino}