From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 14 Mar 2008 23:30:56 +0000 (+0000)
Subject: Initial support for Encrypted Data type generation.
X-Git-Tag: OpenSSL_0_9_8k^2~529
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=d9f5f07e286bfc7a2a81756199a3e94444e0f6ce

Initial support for Encrypted Data type generation.
---

diff --git a/apps/cms.c b/apps/cms.c
index ea538576a3..29e43999e2 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -87,6 +87,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx);
 #define SMIME_UNCOMPRESS	(11 | SMIME_IP)
 #define SMIME_COMPRESS		(12 | SMIME_OP)
 #define SMIME_ENCRYPTED_DECRYPT	(13 | SMIME_IP)
+#define SMIME_ENCRYPTED_ENCRYPT	(14 | SMIME_OP)
 
 int MAIN(int, char **);
 
@@ -169,6 +170,8 @@ int MAIN(int argc, char **argv)
 			operation = SMIME_UNCOMPRESS;
 		else if (!strcmp (*args, "-EncryptedData_decrypt"))
 			operation = SMIME_ENCRYPTED_DECRYPT;
+		else if (!strcmp (*args, "-EncryptedData_encrypt"))
+			operation = SMIME_ENCRYPTED_ENCRYPT;
 #ifndef OPENSSL_NO_DES
 		else if (!strcmp (*args, "-des3")) 
 				cipher = EVP_des_ede3_cbc();
@@ -745,6 +748,14 @@ int MAIN(int argc, char **argv)
 			flags |= CMS_STREAM;
 		cms = CMS_encrypt(encerts, in, cipher, flags);
 		}
+	else if (operation == SMIME_ENCRYPTED_ENCRYPT)
+		{
+		if (indef)
+			flags |= CMS_STREAM;
+		cms = CMS_EncryptedData_encrypt(in, cipher,
+						secret_key, secret_keylen,
+						flags);
+		}
 	else if (operation & SMIME_SIGNERS)
 		{
 		int i;
diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
index cfe49ec9f4..f10a5817b4 100644
--- a/crypto/cms/cms.h
+++ b/crypto/cms/cms.h
@@ -142,6 +142,10 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 				const unsigned char *key, size_t keylen,
 				BIO *dcont, BIO *out, unsigned int flags);
 
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+					const unsigned char *key, size_t keylen,
+					unsigned int flags);
+
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
 				const unsigned char *key, size_t keylen);
 
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index ccb436f098..54a1e431c2 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -75,6 +75,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 	X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
 	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
 
+	int ok = 0;
+
 	int enc;
 
 	enc = ec->cipher ? 1 : 0;
@@ -90,7 +92,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 	BIO_get_cipher_ctx(b, &ctx);
 
 	if (enc)
-		calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+		ciph = ec->cipher;
 	else
 		{
 		ciph = EVP_get_cipherbyobj(calg->algorithm);
@@ -110,6 +112,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 		goto err;
 		}
 
+	if (enc)
+		calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+
 	/* If necessary set key length */
 
 	if (ec->keylen != EVP_CIPHER_CTX_key_length(ctx))
@@ -164,9 +169,17 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 			goto err;
 			}
 		}
-	return b;
+	ok = 1;
 
 	err:
+	if (ec->key)
+		{
+		OPENSSL_cleanse(ec->key, ec->keylen);
+		OPENSSL_free(ec->key);
+		ec->key = NULL;
+		}
+	if (ok)
+		return b;
 	BIO_free(b);
 	return NULL;
 	}
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 606abafccb..e691ca3a7c 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -180,6 +180,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
 		{
 
 		case NID_pkcs7_data:
+		case NID_pkcs7_encrypted:
 		case NID_id_smime_ct_compressedData:
 		/* Nothing to do */
 		return 1;