Add -keyopt option to cms utility.

static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,

						int rr_allorfirst,

					STACK_OF(OPENSSL_STRING) *rr_from);

static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,

			STACK_OF(OPENSSL_STRING) *param);

#define SMIME_OP	0x10

#define SMIME_IP	0x20

int verify_err = 0;

typedef struct cms_key_param_st cms_key_param;

struct cms_key_param_st

	{

	int idx;

	STACK_OF(OPENSSL_STRING)*param;

	cms_key_param *next;

	};

int MAIN(int, char **);

int MAIN(int argc, char **argv)

	unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;

	size_t secret_keylen = 0, secret_keyidlen = 0;

	cms_key_param *key_first = NULL, *key_param = NULL;

	ASN1_OBJECT *econtent_type = NULL;

	X509_VERIFY_PARAM *vpm = NULL;

			{

			if (!args[1])

				goto argerr;

			if (operation == SMIME_ENCRYPT)

				{

				if (!encerts)

					encerts = sk_X509_new_null();

				cert = load_cert(bio_err,*++args,FORMAT_PEM,

						NULL, e,

						"recipient certificate file");

				if (!cert)

					goto end;

				sk_X509_push(encerts, cert);

				cert = NULL;

				}

			else	

				recipfile = *++args;

			}

		else if (!strcmp (*args, "-certsout"))

				goto argerr;

			keyform = str2fmt(*++args);

			}

		else if (!strcmp (*args, "-keyopt"))

			{

			int keyidx = -1;

			if (!args[1])

				goto argerr;

			if (operation == SMIME_ENCRYPT)

				{

				if (encerts)

					keyidx += sk_X509_num(encerts);

				}

			else

				{

				if (keyfile || signerfile)

					keyidx++;

				if (skkeys)

					keyidx += sk_OPENSSL_STRING_num(skkeys);

				}

			if (keyidx < 0)

				{

				BIO_printf(bio_err, "No key specified\n");

				goto argerr;

				}

			if (key_param == NULL || key_param->idx != keyidx)

				{

				cms_key_param *nparam;

				nparam = OPENSSL_malloc(sizeof(cms_key_param));

				nparam->idx = keyidx;

				nparam->param = sk_OPENSSL_STRING_new_null();

				nparam->next = NULL;

				if (key_first == NULL)

					key_first = nparam;

				else

					key_param->next = nparam;

				key_param = nparam;

				}

			sk_OPENSSL_STRING_push(key_param->param, *++args);

			}

		else if (!strcmp (*args, "-rctform"))

			{

			if (!args[1])

		}

	else if (operation == SMIME_ENCRYPT)

		{

		if (!*args && !secret_key && !pwri_pass)

		if (!*args && !secret_key && !pwri_pass && !encerts)

			{

			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");

			badarg = 1;

		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");

		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");

		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");

		BIO_printf (bio_err, "-keyopt nm:v   set public key parameters\n");

		BIO_printf (bio_err, "-out file      output file\n");

		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");

		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");

			goto end;

			}

		if (*args)

		if (*args && !encerts)

			encerts = sk_X509_new_null();

		while (*args)

			{

		}

	else if (operation == SMIME_ENCRYPT)

		{

		int i;

		flags |= CMS_PARTIAL;

		cms = CMS_encrypt(encerts, in, cipher, flags);

		cms = CMS_encrypt(NULL, in, cipher, flags);

		if (!cms)

			goto end;

		for (i = 0; i < sk_X509_num(encerts); i++)

			{

			CMS_RecipientInfo *ri;

			cms_key_param *kparam;

			int tflags = flags;

			X509 *x = sk_X509_value(encerts, i);

			for(kparam = key_first; kparam; kparam = kparam->next)

				{

				if(kparam->idx == i)

					{

					tflags |= CMS_KEY_PARAM;

					break;

					}

				}

			ri = CMS_add1_recipient_cert(cms, x, tflags);

			if (!ri)

				goto end;

			if (kparam)

				{

				EVP_PKEY_CTX *pctx;

				pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);

				if (!cms_set_pkey_param(pctx, kparam->param))

					goto end;

				}

			}

		if (secret_key)

			{

			if (!CMS_add0_recipient_key(cms, NID_undef, 

		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)

			{

			CMS_SignerInfo *si;

			cms_key_param *kparam;

			int tflags = flags;

			signerfile = sk_OPENSSL_STRING_value(sksigners, i);

			keyfile = sk_OPENSSL_STRING_value(skkeys, i);

			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,

					e, "signer certificate");

			if (!signer)

			       "signing key file");

			if (!key)

				goto end;

			si = CMS_add1_signer(cms, signer, key, sign_md, flags);

			for(kparam = key_first; kparam; kparam = kparam->next)

				{

				if(kparam->idx == i)

					{

					tflags |= CMS_KEY_PARAM;

					break;

					}

				}

			si = CMS_add1_signer(cms, signer, key, sign_md, tflags);

			if (!si)

				goto end;

			if (kparam)

				{

				EVP_PKEY_CTX *pctx;

				pctx = CMS_SignerInfo_get0_pkey_ctx(si);

				if (!cms_set_pkey_param(pctx, kparam->param))

					goto end;

				}

			if (rr && !CMS_add1_ReceiptRequest(si, rr))

				goto end;

			X509_free(signer);

		sk_OPENSSL_STRING_free(rr_to);

	if (rr_from)

		sk_OPENSSL_STRING_free(rr_from);

	for(key_param = key_first; key_param;)

		{

		cms_key_param *tparam;

		sk_OPENSSL_STRING_free(key_param->param);

		tparam = key_param->next;

		OPENSSL_free(key_param);

		key_param = tparam;

		}

	X509_STORE_free(store);

	X509_free(cert);

	X509_free(recip);

	return NULL;

	}

static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,

			STACK_OF(OPENSSL_STRING) *param)

	{

	char *keyopt;

	int i;

	if (sk_OPENSSL_STRING_num(param) <= 0)

		return 1;

	for (i = 0; i < sk_OPENSSL_STRING_num(param); i++)

		{

		keyopt = sk_OPENSSL_STRING_value(param, i);

		if (pkey_ctrl_string(pctx, keyopt) <= 0)

			{

			BIO_printf(bio_err, "parameter error \"%s\"\n",

						keyopt);

			ERR_print_errors(bio_err);

			return 0;

			}

		}

	return 1;

	}

#endif