Initial support for Encrypted Data type generation.

d9f5f07e · Dr. Stephen Henson · b31db9ee · d9f5f07e · d9f5f07e · d9f5f07e
隐藏空白更改
内联并排

Showing with 31 addition and 2 deletion

apps/cms.c apps/cms.c +11 -0

crypto/cms/cms.h crypto/cms/cms.h +4 -0

crypto/cms/cms_enc.c crypto/cms/cms_enc.c +15 -2

crypto/cms/cms_lib.c crypto/cms/cms_lib.c +1 -0

未找到文件。
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -87,6 +87,7 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx);
 #define SMIME_UNCOMPRESS	(11 | SMIME_IP)
 #define SMIME_COMPRESS		(12 | SMIME_OP)
 #define SMIME_ENCRYPTED_DECRYPT	(13 | SMIME_IP)
+#define SMIME_ENCRYPTED_ENCRYPT	(14 | SMIME_OP)

 int MAIN(int, char **);

@@ -169,6 +170,8 @@ int MAIN(int argc, char **argv)
 			operation = SMIME_UNCOMPRESS;
 		else if (!strcmp (*args, "-EncryptedData_decrypt"))
 			operation = SMIME_ENCRYPTED_DECRYPT;
+		else if (!strcmp (*args, "-EncryptedData_encrypt"))
+			operation = SMIME_ENCRYPTED_ENCRYPT;
 #ifndef OPENSSL_NO_DES
 		else if (!strcmp (*args, "-des3")) 
 				cipher = EVP_des_ede3_cbc();
@@ -745,6 +748,14 @@ int MAIN(int argc, char **argv)
 			flags |= CMS_STREAM;
 		cms = CMS_encrypt(encerts, in, cipher, flags);
 		}
+	else if (operation == SMIME_ENCRYPTED_ENCRYPT)
+		{
+		if (indef)
+			flags |= CMS_STREAM;
+		cms = CMS_EncryptedData_encrypt(in, cipher,
+						secret_key, secret_keylen,
+						flags);
+		}
 	else if (operation & SMIME_SIGNERS)
 		{
 		int i;

--- a/crypto/cms/cms.h
+++ b/crypto/cms/cms.h
@@ -142,6 +142,10 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 				const unsigned char *key, size_t keylen,
 				BIO *dcont, BIO *out, unsigned int flags);

+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+					const unsigned char *key, size_t keylen,
+					unsigned int flags);
+
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
 				const unsigned char *key, size_t keylen);


--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -75,6 +75,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 	X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
 	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;

+	int ok = 0;
+
 	int enc;

 	enc = ec->cipher ? 1 : 0;
@@ -90,7 +92,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 	BIO_get_cipher_ctx(b, &ctx);

 	if (enc)
-		calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+		ciph = ec->cipher;
 	else
 		{
 		ciph = EVP_get_cipherbyobj(calg->algorithm);
@@ -110,6 +112,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 		goto err;
 		}

+	if (enc)
+		calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+
 	/* If necessary set key length */

 	if (ec->keylen != EVP_CIPHER_CTX_key_length(ctx))
@@ -164,9 +169,17 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 			goto err;
 			}
 		}
-	return b;
+	ok = 1;

 	err:
+	if (ec->key)
+		{
+		OPENSSL_cleanse(ec->key, ec->keylen);
+		OPENSSL_free(ec->key);
+		ec->key = NULL;
+		}
+	if (ok)
+		return b;
 	BIO_free(b);
 	return NULL;
 	}

--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -180,6 +180,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
 		{

 		case NID_pkcs7_data:
+		case NID_pkcs7_encrypted:
 		case NID_id_smime_ct_compressedData:
 		/* Nothing to do */
 		return 1;