Initial support for Encrypted Data type generation.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 14 Mar 2008 23:30:56 +0000 (23:30 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 14 Mar 2008 23:30:56 +0000 (23:30 +0000)
apps/cms.c
crypto/cms/cms.h
crypto/cms/cms_enc.c
crypto/cms/cms_lib.c

index ea53857..29e4399 100644 (file)
@@ -87,6 +87,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx);
 #define SMIME_UNCOMPRESS       (11 | SMIME_IP)
 #define SMIME_COMPRESS         (12 | SMIME_OP)
 #define SMIME_ENCRYPTED_DECRYPT        (13 | SMIME_IP)
+#define SMIME_ENCRYPTED_ENCRYPT        (14 | SMIME_OP)
 
 int MAIN(int, char **);
 
@@ -169,6 +170,8 @@ int MAIN(int argc, char **argv)
                        operation = SMIME_UNCOMPRESS;
                else if (!strcmp (*args, "-EncryptedData_decrypt"))
                        operation = SMIME_ENCRYPTED_DECRYPT;
+               else if (!strcmp (*args, "-EncryptedData_encrypt"))
+                       operation = SMIME_ENCRYPTED_ENCRYPT;
 #ifndef OPENSSL_NO_DES
                else if (!strcmp (*args, "-des3")) 
                                cipher = EVP_des_ede3_cbc();
@@ -745,6 +748,14 @@ int MAIN(int argc, char **argv)
                        flags |= CMS_STREAM;
                cms = CMS_encrypt(encerts, in, cipher, flags);
                }
+       else if (operation == SMIME_ENCRYPTED_ENCRYPT)
+               {
+               if (indef)
+                       flags |= CMS_STREAM;
+               cms = CMS_EncryptedData_encrypt(in, cipher,
+                                               secret_key, secret_keylen,
+                                               flags);
+               }
        else if (operation & SMIME_SIGNERS)
                {
                int i;
index cfe49ec..f10a581 100644 (file)
@@ -142,6 +142,10 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
                                const unsigned char *key, size_t keylen,
                                BIO *dcont, BIO *out, unsigned int flags);
 
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                       const unsigned char *key, size_t keylen,
+                                       unsigned int flags);
+
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
                                const unsigned char *key, size_t keylen);
 
index ccb436f..54a1e43 100644 (file)
@@ -75,6 +75,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
        X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
        unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
 
+       int ok = 0;
+
        int enc;
 
        enc = ec->cipher ? 1 : 0;
@@ -90,7 +92,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
        BIO_get_cipher_ctx(b, &ctx);
 
        if (enc)
-               calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+               ciph = ec->cipher;
        else
                {
                ciph = EVP_get_cipherbyobj(calg->algorithm);
@@ -110,6 +112,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                goto err;
                }
 
+       if (enc)
+               calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+
        /* If necessary set key length */
 
        if (ec->keylen != EVP_CIPHER_CTX_key_length(ctx))
@@ -164,9 +169,17 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                        goto err;
                        }
                }
-       return b;
+       ok = 1;
 
        err:
+       if (ec->key)
+               {
+               OPENSSL_cleanse(ec->key, ec->keylen);
+               OPENSSL_free(ec->key);
+               ec->key = NULL;
+               }
+       if (ok)
+               return b;
        BIO_free(b);
        return NULL;
        }
index 606abaf..e691ca3 100644 (file)
@@ -180,6 +180,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
                {
 
                case NID_pkcs7_data:
+               case NID_pkcs7_encrypted:
                case NID_id_smime_ct_compressedData:
                /* Nothing to do */
                return 1;