/* smime.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
+ * project.
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
args = argv + 1;
ret = 1;
flags |= PKCS7_BINARY;
else if (!strcmp (*args, "-nosigs"))
flags |= PKCS7_NOSIGS;
+ else if (!strcmp (*args, "-nooldmime"))
+ flags |= PKCS7_NOOLDMIMETYPE;
+ else if (!strcmp (*args, "-crlfeol"))
+ flags |= PKCS7_CRLFEOL;
else if (!strcmp (*args, "-crl_check"))
store_flags |= X509_V_FLAG_CRL_CHECK;
else if (!strcmp (*args, "-crl_check_all"))
inrand = *args;
} else badarg = 1;
need_rand = 1;
+#ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
+#endif
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
} else keyfile = NULL;
if(keyfile) {
- key = load_key(bio_err, keyfile, keyform, passin, e,
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file");
if (!key) {
goto end;
if(operation == SMIME_ENCRYPT) {
p7 = PKCS7_encrypt(encerts, in, cipher, flags);
} else if(operation == SMIME_SIGN) {
+ /* If detached data and SMIME output enable partial
+ * signing.
+ */
+ if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
+ flags |= PKCS7_STREAM;
p7 = PKCS7_sign(signer, key, other, in, flags);
- BIO_reset(in);
+ /* Don't need to rewind for partial signing */
+ if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0)) {
+ BIO_printf(bio_err, "Can't rewind input file\n");
+ goto end;
+ }
} else {
if(informat == FORMAT_SMIME)
p7 = SMIME_read_PKCS7(in, &indata);