smime.c 17.6 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
/* smime.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
 * project 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

/* S/MIME utility function */

#include <stdio.h>
#include <string.h>
63
#include "apps.h"
64
#include <openssl/crypto.h>
65 66 67 68 69
#include <openssl/pem.h>
#include <openssl/err.h>

#undef PROG
#define PROG smime_main
70
static int save_certs(char *signerfile, STACK_OF(X509) *signers);
71 72 73 74 75 76 77 78

#define SMIME_OP	0x10
#define SMIME_ENCRYPT	(1 | SMIME_OP)
#define SMIME_DECRYPT	2
#define SMIME_SIGN	(3 | SMIME_OP)
#define SMIME_VERIFY	4
#define SMIME_PK7OUT	5

79 80
int MAIN(int, char **);

81 82
int MAIN(int argc, char **argv)
{
83
	ENGINE *e = NULL;
84 85 86 87 88 89
	int operation = 0;
	int ret = 0;
	char **args;
	char *inmode = "r", *outmode = "w";
	char *infile = NULL, *outfile = NULL;
	char *signerfile = NULL, *recipfile = NULL;
90
	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
D
 
Dr. Stephen Henson 已提交
91
	const EVP_CIPHER *cipher = NULL;
92 93 94 95 96 97 98
	PKCS7 *p7 = NULL;
	X509_STORE *store = NULL;
	X509 *cert = NULL, *recip = NULL, *signer = NULL;
	EVP_PKEY *key = NULL;
	STACK_OF(X509) *encerts = NULL, *other = NULL;
	BIO *in = NULL, *out = NULL, *indata = NULL;
	int badarg = 0;
99
	int flags = PKCS7_DETACHED, store_flags = 0;
100
	char *to = NULL, *from = NULL, *subject = NULL;
D
Dr. Stephen Henson 已提交
101 102
	char *CAfile = NULL, *CApath = NULL;
	char *passargin = NULL, *passin = NULL;
103
	char *inrand = NULL;
104
	int need_rand = 0;
105
	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
R
Richard Levitte 已提交
106
        int keyform = FORMAT_PEM;
107
	char *engine=NULL;
108

109
	args = argv + 1;
110 111
	ret = 1;

D
Dr. Stephen Henson 已提交
112 113 114
	if (!load_config(bio_err, NULL))
		goto end;

115 116 117 118 119 120
	while (!badarg && *args && *args[0] == '-') {
		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
121
#ifndef OPENSSL_NO_DES
122 123 124 125
		else if (!strcmp (*args, "-des3")) 
				cipher = EVP_des_ede3_cbc();
		else if (!strcmp (*args, "-des")) 
				cipher = EVP_des_cbc();
B
Bodo Möller 已提交
126
#endif
127
#ifndef OPENSSL_NO_RC2
128 129 130 131 132 133
		else if (!strcmp (*args, "-rc2-40")) 
				cipher = EVP_rc2_40_cbc();
		else if (!strcmp (*args, "-rc2-128")) 
				cipher = EVP_rc2_cbc();
		else if (!strcmp (*args, "-rc2-64")) 
				cipher = EVP_rc2_64_cbc();
134 135
#endif
#ifndef OPENSSL_NO_AES
D
 
Dr. Stephen Henson 已提交
136
		else if (!strcmp(*args,"-aes128"))
137
				cipher = EVP_aes_128_cbc();
D
 
Dr. Stephen Henson 已提交
138
		else if (!strcmp(*args,"-aes192"))
139
				cipher = EVP_aes_192_cbc();
D
 
Dr. Stephen Henson 已提交
140
		else if (!strcmp(*args,"-aes256"))
141
				cipher = EVP_aes_256_cbc();
B
Bodo Möller 已提交
142
#endif
143 144 145 146 147 148 149 150 151 152 153 154 155 156
		else if (!strcmp (*args, "-text")) 
				flags |= PKCS7_TEXT;
		else if (!strcmp (*args, "-nointern")) 
				flags |= PKCS7_NOINTERN;
		else if (!strcmp (*args, "-noverify")) 
				flags |= PKCS7_NOVERIFY;
		else if (!strcmp (*args, "-nochain")) 
				flags |= PKCS7_NOCHAIN;
		else if (!strcmp (*args, "-nocerts")) 
				flags |= PKCS7_NOCERTS;
		else if (!strcmp (*args, "-noattr")) 
				flags |= PKCS7_NOATTR;
		else if (!strcmp (*args, "-nodetach")) 
				flags &= ~PKCS7_DETACHED;
157 158
		else if (!strcmp (*args, "-nosmimecap"))
				flags |= PKCS7_NOSMIMECAP;
159 160
		else if (!strcmp (*args, "-binary"))
				flags |= PKCS7_BINARY;
161 162
		else if (!strcmp (*args, "-nosigs"))
				flags |= PKCS7_NOSIGS;
163 164 165 166
		else if (!strcmp (*args, "-crl_check"))
				store_flags |= X509_V_FLAG_CRL_CHECK;
		else if (!strcmp (*args, "-crl_check_all"))
				store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
167 168 169 170 171 172
		else if (!strcmp(*args,"-rand")) {
			if (args[1]) {
				args++;
				inrand = *args;
			} else badarg = 1;
			need_rand = 1;
173 174 175 176 177
		} else if (!strcmp(*args,"-engine")) {
			if (args[1]) {
				args++;
				engine = *args;
			} else badarg = 1;
178 179 180
		} else if (!strcmp(*args,"-passin")) {
			if (args[1]) {
				args++;
D
Dr. Stephen Henson 已提交
181
				passargin = *args;
182
			} else badarg = 1;
183
		} else if (!strcmp (*args, "-to")) {
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212
			if (args[1]) {
				args++;
				to = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-from")) {
			if (args[1]) {
				args++;
				from = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-subject")) {
			if (args[1]) {
				args++;
				subject = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-signer")) {
			if (args[1]) {
				args++;
				signerfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-recip")) {
			if (args[1]) {
				args++;
				recipfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-inkey")) {
			if (args[1]) {
				args++;
				keyfile = *args;
			} else badarg = 1;
R
Richard Levitte 已提交
213 214 215 216 217
		} else if (!strcmp (*args, "-keyform")) {
			if (args[1]) {
				args++;
				keyform = str2fmt(*args);
			} else badarg = 1;
218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237
		} else if (!strcmp (*args, "-certfile")) {
			if (args[1]) {
				args++;
				certfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-CAfile")) {
			if (args[1]) {
				args++;
				CAfile = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-CApath")) {
			if (args[1]) {
				args++;
				CApath = *args;
			} else badarg = 1;
		} else if (!strcmp (*args, "-in")) {
			if (args[1]) {
				args++;
				infile = *args;
			} else badarg = 1;
238 239 240 241 242 243 244 245 246 247
		} else if (!strcmp (*args, "-inform")) {
			if (args[1]) {
				args++;
				informat = str2fmt(*args);
			} else badarg = 1;
		} else if (!strcmp (*args, "-outform")) {
			if (args[1]) {
				args++;
				outformat = str2fmt(*args);
			} else badarg = 1;
248 249 250 251 252
		} else if (!strcmp (*args, "-out")) {
			if (args[1]) {
				args++;
				outfile = *args;
			} else badarg = 1;
253 254 255 256 257
		} else if (!strcmp (*args, "-content")) {
			if (args[1]) {
				args++;
				contfile = *args;
			} else badarg = 1;
258 259 260 261 262 263 264 265 266
		} else badarg = 1;
		args++;
	}

	if(operation == SMIME_SIGN) {
		if(!signerfile) {
			BIO_printf(bio_err, "No signer certificate specified\n");
			badarg = 1;
		}
267
		need_rand = 1;
268 269 270 271 272 273 274 275 276 277
	} else if(operation == SMIME_DECRYPT) {
		if(!recipfile) {
			BIO_printf(bio_err, "No recipient certificate and key specified\n");
			badarg = 1;
		}
	} else if(operation == SMIME_ENCRYPT) {
		if(!*args) {
			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
			badarg = 1;
		}
278
		need_rand = 1;
279 280 281 282 283 284 285 286 287 288
	} else if(!operation) badarg = 1;

	if (badarg) {
		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
		BIO_printf (bio_err, "where options are\n");
		BIO_printf (bio_err, "-encrypt       encrypt message\n");
		BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
		BIO_printf (bio_err, "-sign          sign message\n");
		BIO_printf (bio_err, "-verify        verify signed message\n");
		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
289
#ifndef OPENSSL_NO_DES
290
		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
B
Bodo Möller 已提交
291 292
		BIO_printf (bio_err, "-des           encrypt with DES\n");
#endif
293
#ifndef OPENSSL_NO_RC2
B
Bodo Möller 已提交
294
		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
295 296
		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
297 298 299 300
#endif
#ifndef OPENSSL_NO_AES
		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
B
Bodo Möller 已提交
301
#endif
302 303 304 305 306 307 308
		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
		BIO_printf (bio_err, "-binary        don't translate message to text\n");
309 310
		BIO_printf (bio_err, "-certfile file other certificates file\n");
		BIO_printf (bio_err, "-signer file   signer certificate file\n");
B
Bodo Möller 已提交
311
		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
312
		BIO_printf (bio_err, "-in file       input file\n");
D
 
Dr. Stephen Henson 已提交
313
		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
314
		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
R
Richard Levitte 已提交
315
		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
316
		BIO_printf (bio_err, "-out file      output file\n");
D
 
Dr. Stephen Henson 已提交
317 318
		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
319 320 321 322
		BIO_printf (bio_err, "-to addr       to address\n");
		BIO_printf (bio_err, "-from ad       from address\n");
		BIO_printf (bio_err, "-subject s     subject\n");
		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
323 324
		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
325 326
		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
327
		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
328
		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
B
Bodo Möller 已提交
329
		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
330 331
		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
		BIO_printf(bio_err,  "               the random number generator\n");
B
Bodo Möller 已提交
332
		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
333 334 335
		goto end;
	}

336
        e = setup_engine(bio_err, engine, 0);
337

D
Dr. Stephen Henson 已提交
338 339 340 341 342
	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
		BIO_printf(bio_err, "Error getting password\n");
		goto end;
	}

343
	if (need_rand) {
344
		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
345 346 347 348 349
		if (inrand != NULL)
			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
				app_RAND_load_files(inrand));
	}

350 351 352 353
	ret = 2;

	if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;

354 355 356 357 358 359
	if(operation & SMIME_OP) {
		if(flags & PKCS7_BINARY) inmode = "rb";
		if(outformat == FORMAT_ASN1) outmode = "wb";
	} else {
		if(flags & PKCS7_BINARY) outmode = "wb";
		if(informat == FORMAT_ASN1) inmode = "rb";
360 361 362
	}

	if(operation == SMIME_ENCRYPT) {
B
Bodo Möller 已提交
363
		if (!cipher) {
364
#ifndef OPENSSL_NO_RC2			
B
Bodo Möller 已提交
365 366 367 368 369 370
			cipher = EVP_rc2_40_cbc();
#else
			BIO_printf(bio_err, "No cipher selected\n");
			goto end;
#endif
		}
371
		encerts = sk_X509_new_null();
372
		while (*args) {
373 374 375
			if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
				NULL, e, "recipient certificate file"))) {
#if 0				/* An appropriate message is already printed */
U
Ulf Möller 已提交
376
				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
377
#endif
378 379
				goto end;
			}
380
			sk_X509_push(encerts, cert);
381 382 383 384 385
			cert = NULL;
			args++;
		}
	}

386
	if(signerfile && (operation == SMIME_SIGN)) {
387 388 389
		if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
			e, "signer certificate"))) {
#if 0			/* An appropri message has already been printed */
390
			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
391
#endif
392 393 394 395 396
			goto end;
		}
	}

	if(certfile) {
397 398 399
		if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
			e, "certificate file"))) {
#if 0			/* An appropriate message has already been printed */
400
			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
401
#endif
402 403 404 405 406
			ERR_print_errors(bio_err);
			goto end;
		}
	}

407
	if(recipfile && (operation == SMIME_DECRYPT)) {
408 409 410
		if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
			e, "recipient certificate file"))) {
#if 0			/* An appropriate message has alrady been printed */
411
			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
412
#endif
413 414 415 416 417 418 419 420 421 422 423 424
			ERR_print_errors(bio_err);
			goto end;
		}
	}

	if(operation == SMIME_DECRYPT) {
		if(!keyfile) keyfile = recipfile;
	} else if(operation == SMIME_SIGN) {
		if(!keyfile) keyfile = signerfile;
	} else keyfile = NULL;

	if(keyfile) {
425 426 427 428
		key = load_key(bio_err, keyfile, keyform, passin, e,
			       "signing key file");
		if (!key) {
			goto end;
R
Richard Levitte 已提交
429
                }
430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445
	}

	if (infile) {
		if (!(in = BIO_new_file(infile, inmode))) {
			BIO_printf (bio_err,
				 "Can't open input file %s\n", infile);
			goto end;
		}
	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

	if (outfile) {
		if (!(out = BIO_new_file(outfile, outmode))) {
			BIO_printf (bio_err,
				 "Can't open output file %s\n", outfile);
			goto end;
		}
446 447
	} else {
		out = BIO_new_fp(stdout, BIO_NOCLOSE);
448
#ifdef OPENSSL_SYS_VMS
449 450 451 452 453 454
		{
		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
		    out = BIO_push(tmpbio, out);
		}
#endif
	}
455 456

	if(operation == SMIME_VERIFY) {
D
 
Dr. Stephen Henson 已提交
457
		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
458
		X509_STORE_set_flags(store, store_flags);
459
	}
460

461

462
	ret = 3;
463

464 465 466 467 468 469
	if(operation == SMIME_ENCRYPT) {
		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
	} else if(operation == SMIME_SIGN) {
		p7 = PKCS7_sign(signer, key, other, in, flags);
		BIO_reset(in);
	} else {
470 471 472 473 474 475 476 477 478 479 480 481
		if(informat == FORMAT_SMIME) 
			p7 = SMIME_read_PKCS7(in, &indata);
		else if(informat == FORMAT_PEM) 
			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
		else if(informat == FORMAT_ASN1) 
			p7 = d2i_PKCS7_bio(in, NULL);
		else {
			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
			goto end;
		}

		if(!p7) {
482 483 484
			BIO_printf(bio_err, "Error reading S/MIME message\n");
			goto end;
		}
485 486 487 488 489 490 491
		if(contfile) {
			BIO_free(indata);
			if(!(indata = BIO_new_file(contfile, "rb"))) {
				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
				goto end;
			}
		}
492
	}
493

494 495 496 497 498
	if(!p7) {
		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
		goto end;
	}

499
	ret = 4;
500
	if(operation == SMIME_DECRYPT) {
501
		if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
502
			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
503 504
			goto end;
		}
505
	} else if(operation == SMIME_VERIFY) {
506
		STACK_OF(X509) *signers;
507
		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
B
Bodo Möller 已提交
508
			BIO_printf(bio_err, "Verification successful\n");
509
		} else {
B
Bodo Möller 已提交
510
			BIO_printf(bio_err, "Verification failure\n");
511
			goto end;
512
		}
513
		signers = PKCS7_get0_signers(p7, other, flags);
514 515 516
		if(!save_certs(signerfile, signers)) {
			BIO_printf(bio_err, "Error writing signers to %s\n",
								signerfile);
517 518
			ret = 5;
			goto end;
519 520
		}
		sk_X509_free(signers);
521 522 523 524 525 526
	} else if(operation == SMIME_PK7OUT) {
		PEM_write_bio_PKCS7(out, p7);
	} else {
		if(to) BIO_printf(out, "To: %s\n", to);
		if(from) BIO_printf(out, "From: %s\n", from);
		if(subject) BIO_printf(out, "Subject: %s\n", subject);
527 528 529 530 531 532 533 534 535 536
		if(outformat == FORMAT_SMIME) 
			SMIME_write_PKCS7(out, p7, in, flags);
		else if(outformat == FORMAT_PEM) 
			PEM_write_bio_PKCS7(out,p7);
		else if(outformat == FORMAT_ASN1) 
			i2d_PKCS7_bio(out,p7);
		else {
			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
			goto end;
		}
537
	}
538
	ret = 0;
539
end:
540 541
	if (need_rand)
		app_RAND_write_file(NULL, bio_err);
542 543 544 545 546 547 548 549 550 551 552
	if(ret) ERR_print_errors(bio_err);
	sk_X509_pop_free(encerts, X509_free);
	sk_X509_pop_free(other, X509_free);
	X509_STORE_free(store);
	X509_free(cert);
	X509_free(recip);
	X509_free(signer);
	EVP_PKEY_free(key);
	PKCS7_free(p7);
	BIO_free(in);
	BIO_free(indata);
553
	BIO_free_all(out);
554
	if(passin) OPENSSL_free(passin);
555 556 557
	return (ret);
}

B
Bodo Möller 已提交
558
static int save_certs(char *signerfile, STACK_OF(X509) *signers)
559 560 561 562 563 564 565 566 567 568 569 570
{
	int i;
	BIO *tmp;
	if(!signerfile) return 1;
	tmp = BIO_new_file(signerfile, "w");
	if(!tmp) return 0;
	for(i = 0; i < sk_X509_num(signers); i++)
		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
	BIO_free(tmp);
	return 1;
}