diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2008-03-14 23:30:56 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2008-03-14 23:30:56 +0000 |
| commit | d9f5f07e286bfc7a2a81756199a3e94444e0f6ce (patch) | |
| tree | 958d67c1dde917f30716dc49cb8405dbae6a89bb | |
| parent | b31db9ee96c76c964085c09768b3c10cca0c807f (diff) | |
Initial support for Encrypted Data type generation.
| -rw-r--r-- | apps/cms.c | 11 | ||||
| -rw-r--r-- | crypto/cms/cms.h | 4 | ||||
| -rw-r--r-- | crypto/cms/cms_enc.c | 17 | ||||
| -rw-r--r-- | crypto/cms/cms_lib.c | 1 |
4 files changed, 31 insertions, 2 deletions
diff --git a/apps/cms.c b/apps/cms.c index ea538576a3..29e43999e2 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -87,6 +87,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx); #define SMIME_UNCOMPRESS (11 | SMIME_IP) #define SMIME_COMPRESS (12 | SMIME_OP) #define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) +#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) int MAIN(int, char **); @@ -169,6 +170,8 @@ int MAIN(int argc, char **argv) operation = SMIME_UNCOMPRESS; else if (!strcmp (*args, "-EncryptedData_decrypt")) operation = SMIME_ENCRYPTED_DECRYPT; + else if (!strcmp (*args, "-EncryptedData_encrypt")) + operation = SMIME_ENCRYPTED_ENCRYPT; #ifndef OPENSSL_NO_DES else if (!strcmp (*args, "-des3")) cipher = EVP_des_ede3_cbc(); @@ -745,6 +748,14 @@ int MAIN(int argc, char **argv) flags |= CMS_STREAM; cms = CMS_encrypt(encerts, in, cipher, flags); } + else if (operation == SMIME_ENCRYPTED_ENCRYPT) + { + if (indef) + flags |= CMS_STREAM; + cms = CMS_EncryptedData_encrypt(in, cipher, + secret_key, secret_keylen, + flags); + } else if (operation & SMIME_SIGNERS) { int i; diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h index cfe49ec9f4..f10a5817b4 100644 --- a/crypto/cms/cms.h +++ b/crypto/cms/cms.h @@ -142,6 +142,10 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key, size_t keylen, BIO *dcont, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, + unsigned int flags); + int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, const unsigned char *key, size_t keylen); diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index ccb436f098..54a1e431c2 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -75,6 +75,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) X509_ALGOR *calg = ec->contentEncryptionAlgorithm; unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; + int ok = 0; + int enc; enc = ec->cipher ? 1 : 0; @@ -90,7 +92,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) BIO_get_cipher_ctx(b, &ctx); if (enc) - calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); + ciph = ec->cipher; else { ciph = EVP_get_cipherbyobj(calg->algorithm); @@ -110,6 +112,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) goto err; } + if (enc) + calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); + /* If necessary set key length */ if (ec->keylen != EVP_CIPHER_CTX_key_length(ctx)) @@ -164,9 +169,17 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) goto err; } } - return b; + ok = 1; err: + if (ec->key) + { + OPENSSL_cleanse(ec->key, ec->keylen); + OPENSSL_free(ec->key); + ec->key = NULL; + } + if (ok) + return b; BIO_free(b); return NULL; } diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 606abafccb..e691ca3a7c 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -180,6 +180,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) { case NID_pkcs7_data: + case NID_pkcs7_encrypted: case NID_id_smime_ct_compressedData: /* Nothing to do */ return 1; |