diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2008-03-19 13:53:52 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2008-03-19 13:53:52 +0000 |
| commit | ab124380301794abe87583b7a88156eaff1c2eae (patch) | |
| tree | fe116e37dc17d2a0b62013ee1a3a8caa6d93998c /apps/cms.c | |
| parent | c220e58f9e6e16890ebf8bb321ff45d94f4800a8 (diff) | |
Add support for KEKRecipientInfo in cms application.
Diffstat (limited to 'apps/cms.c')
| -rw-r--r-- | apps/cms.c | 57 |
1 files changed, 48 insertions, 9 deletions
diff --git a/apps/cms.c b/apps/cms.c index a280d8e19c..6c5c4eb819 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -122,8 +122,8 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif - unsigned char *secret_key = NULL; - size_t secret_keylen = 0; + unsigned char *secret_key = NULL, *secret_keyid = NULL; + size_t secret_keylen = 0, secret_keyidlen = 0; X509_VERIFY_PARAM *vpm = NULL; @@ -254,6 +254,20 @@ int MAIN(int argc, char **argv) } secret_keylen = (size_t)ltmp; } + else if (!strcmp(*args,"-secretkeyid")) + { + long ltmp; + if (!args[1]) + goto argerr; + args++; + secret_keyid = string_to_hex(*args, <mp); + if (!secret_keyid) + { + BIO_printf(bio_err, "Invalid id %s\n", *args); + goto argerr; + } + secret_keyidlen = (size_t)ltmp; + } else if (!strcmp(*args,"-rand")) { if (!args[1]) @@ -459,7 +473,7 @@ int MAIN(int argc, char **argv) } else if (operation == SMIME_ENCRYPT) { - if (!*args) + if (!*args && !secret_key) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); badarg = 1; @@ -592,17 +606,20 @@ int MAIN(int argc, char **argv) goto end; #endif } - encerts = sk_X509_new_null(); + + if (secret_key && !secret_keyid) + { + BIO_printf(bio_err, "No sectre key id\n"); + goto end; + } + + if (*args) + encerts = sk_X509_new_null(); while (*args) { if (!(cert = load_cert(bio_err,*args,FORMAT_PEM, NULL, e, "recipient certificate file"))) - { -#if 0 /* An appropriate message is already printed */ - BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args); -#endif goto end; - } sk_X509_push(encerts, cert); cert = NULL; args++; @@ -737,13 +754,33 @@ int MAIN(int argc, char **argv) } else if (operation == SMIME_ENCRYPT) { + flags |= CMS_PARTIAL; cms = CMS_encrypt(encerts, in, cipher, flags); + if (!cms) + goto end; + if (secret_key) + { + if (!CMS_add0_recipient_key(cms, NID_undef, + secret_key, secret_keylen, + secret_keyid, secret_keyidlen, + NULL, NULL, NULL)) + goto end; + /* NULL these because call absorbs them */ + secret_key = NULL; + secret_keyid = NULL; + } + if (!(flags & CMS_STREAM)) + { + if (!CMS_final(cms, in, flags)) + goto end; + } } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { cms = CMS_EncryptedData_encrypt(in, cipher, secret_key, secret_keylen, flags); + } else if (operation & SMIME_SIGNERS) { @@ -903,6 +940,8 @@ end: sk_free(skkeys); if (secret_key) OPENSSL_free(secret_key); + if (secret_keyid) + OPENSSL_free(secret_keyid); X509_STORE_free(store); X509_free(cert); X509_free(recip); |