OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
17-Mar-2008 14:38:52
Branch: HEAD Handle:
2008031713385100
Modified files:
openssl/crypto/cms cms.h cms_enc.c cms_env.c
cms_err.c cms_lcl.h
cms_sd.c cms_smime.c
Log:
Preliminary support for enveloped data content type
creation.
Fix signed data creation so versions are only corrected
if structure is
being created.
Summary:
Revision Changes Path
1.10 +10 -0 openssl/crypto/cms/cms.h
1.9 +14 -9 openssl/crypto/cms/cms_enc.c
1.5 +142 -9 openssl/crypto/cms/cms_env.c
1.8 +8 -1 openssl/crypto/cms/cms_err.c
1.6 +5 -0 openssl/crypto/cms/cms_lcl.h
1.4 +4 -1 openssl/crypto/cms/cms_sd.c
1.7 +38 -11 openssl/crypto/cms/cms_smime.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/crypto/cms/cms.h
============================================================
================
$ cvs diff -u -r1.9 -r1.10 cms.h
--- openssl/crypto/cms/cms.h 16 Mar 2008 18:41:19
-0000 1.9
+++ openssl/crypto/cms/cms.h 17 Mar 2008 13:38:51
-0000 1.10
-169,6 +169,9
STACK_OF(CMS_RecipientInfo)
*CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const
EVP_CIPHER *cipher);
+CMS_RecipientInfo
*CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+ X509 *recip, unsigned int flags);
int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo
*ri, X509 *cert);
int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo
*ri,
EVP_PKEY **pk, X509 **recip,
-290,6 +293,7
#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 111
#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 112
#define CMS_F_CMS_DIGEST_VERIFY 113
+#define CMS_F_CMS_ENCRYPT 154
#define CMS_F_CMS_ENCRYPTEDCONTENT_DECRYPT_BIO 146
#define CMS_F_CMS_ENCRYPTEDCONTENT_ENCRYPT_BIO 144
#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 148
-299,6 +303,8
#define CMS_F_CMS_ENCRYPTEDDATA_INIT_BIO 147
#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 141
#define CMS_F_CMS_ENCRYPTED_DATA_DECRYPT 139
+#define CMS_F_CMS_ENVELOPEDDATA_CREATE 153
+#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 156
#define CMS_F_CMS_ENVELOPED_DATA_INIT 114
#define CMS_F_CMS_FINAL 115
#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 116
-309,6 +315,7
#define CMS_F_CMS_GET0_SIGNED 121
#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 150
#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 122
+#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 155
#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 123
#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 124
#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 125
-340,6 +347,7
#define CMS_R_CTRL_FAILURE 108
#define CMS_R_ERROR_GETTING_PUBLIC_KEY 109
#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 110
+#define CMS_R_ERROR_SETTING_RECIPIENTINFO 150
#define CMS_R_INVALID_KEY_LENGTH 140
#define CMS_R_MD_BIO_INIT_ERROR 111
#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 112
-358,6 +366,7
#define CMS_R_NO_PUBLIC_KEY 121
#define CMS_R_NO_SIGNERS 122
#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE
123
+#define CMS_R_RECIPIENT_ERROR 149
#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 124
#define CMS_R_SIGNFINAL_ERROR 125
#define CMS_R_SMIME_TEXT_ERROR 126
-373,6 +382,7
#define CMS_R_UNKNOWN_ID 133
#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 134
#define CMS_R_UNSUPPORTED_CONTENT_TYPE 135
+#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 151
#define CMS_R_UNSUPPORTED_TYPE 136
#define CMS_R_VERIFICATION_FAILURE 137
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_enc.c
============================================================
================
$ cvs diff -u -r1.8 -r1.9 cms_enc.c
--- openssl/crypto/cms/cms_enc.c 16 Mar 2008 21:05:37
-0000 1.8
+++ openssl/crypto/cms/cms_enc.c 17 Mar 2008 13:38:51
-0000 1.9
-92,7 +92,14
BIO_get_cipher_ctx(b, &ctx);
if (enc)
+ {
ciph = ec->cipher;
+ /* If not keeping key set cipher to NULL so subsequent
calls
+ * decrypt.
+ */
+ if (ec->key)
+ ec->cipher = NULL;
+ }
else
{
ciph = EVP_get_cipherbyobj(calg->algorithm);
-113,11 +120,9
}
if (enc)
- calg->algorithm =
OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
-
- if (enc)
{
int ivlen;
+ calg->algorithm =
OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0)
-128,11 +133,11
}
}
else if (EVP_CIPHER_asn1_to_param(ctx,
calg->parameter) <= 0)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
- goto err;
- }
+ goto err;
+ }
if (enc && !ec->key)
-200,7 +205,7
return NULL;
}
-static int
cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo
*ec,
const EVP_CIPHER *cipher,
const unsigned char *key, size_t keylen)
{
-252,7 +257,7
BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
{
CMS_EncryptedData *enc = cms->d.encryptedData;
- if (enc->unprotectedAttrs)
+ if (enc->encryptedContentInfo->cipher &&
enc->unprotectedAttrs)
enc->version = 2;
return
cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
}
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_env.c
============================================================
================
$ cvs diff -u -r1.4 -r1.5 cms_env.c
--- openssl/crypto/cms/cms_env.c 16 Mar 2008 21:05:37
-0000 1.4
+++ openssl/crypto/cms/cms_env.c 17 Mar 2008 13:38:51
-0000 1.5
-104,7 +104,7
STACK_OF(CMS_RecipientInfo)
*CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
{
CMS_EnvelopedData *env;
- env = cms_enveloped_data_init(cms);
+ env = cms_get0_enveloped(cms);
if (!env)
return NULL;
return env->recipientInfos;
-115,10 +115,30
return ri->type;
}
+CMS_ContentInfo *CMS_EnvelopedData_create(const
EVP_CIPHER *cipher)
+ {
+ CMS_ContentInfo *cms;
+ CMS_EnvelopedData *env;
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ goto merr;
+ env = cms_enveloped_data_init(cms);
+ if (!env)
+ goto merr;
+ if
(!cms_EncryptedContent_init(env->encryptedContentInfo,
+ cipher, NULL, 0))
+ goto merr;
+ return cms;
+ merr:
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE,
ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
/* Add a recipient certificate. For now only handle key
transport.
* If we ever handle key agreement will need updating.
*/
-#if 0 /* currently unused/undeclared */
CMS_RecipientInfo
*CMS_add1_recipient_cert(CMS_ContentInfo *cms,
X509 *recip, unsigned int flags)
{
-127,17 +147,16
CMS_EnvelopedData *env;
EVP_PKEY *pk = NULL;
int i, type;
- /* Init enveloped data */
- env = cms_enveloped_data_init(cms);
+ env = cms_get0_enveloped(cms);
if (!env)
goto err;
- /* Initialized recipient info */
+ /* Initialize recipient info */
ri = M_ASN1_new_of(CMS_RecipientInfo);
if (!ri)
goto merr;
- /* Initialize and add key transrport recipient info */
+ /* Initialize and add key transport recipient info */
ri->d.ktri =
M_ASN1_new_of(CMS_KeyTransRecipientInfo);
if (!ri->d.ktri)
-155,7 +174,6
goto err;
}
CRYPTO_add(&recip->references, 1,
CRYPTO_LOCK_X509);
- CRYPTO_add(&pk->references, 1,
CRYPTO_LOCK_EVP_PKEY);
ktri->pkey = pk;
ktri->recip = recip;
-208,7 +226,6
return NULL;
}
-#endif
int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo
*ri,
EVP_PKEY **pk, X509 **recip,
-262,6 +279,71
return
cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
}
+/* Encrypt content key in key transport recipient info
*/
+
+static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo
*cms,
+ CMS_RecipientInfo *ri)
+ {
+ CMS_KeyTransRecipientInfo *ktri;
+ CMS_EncryptedContentInfo *ec;
+ EVP_PKEY_CTX *pctx = NULL;
+ unsigned char *ek = NULL;
+ size_t eklen;
+
+ int ret = 0;
+
+ if (ri->type != CMS_RECIPINFO_TRANS)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+ ktri = ri->d.ktri;
+ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+ if (!pctx)
+ return 0;
+
+ if (EVP_PKEY_encrypt_init(pctx) <= 0)
+ goto err;
+
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+ EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
CMS_R_CTRL_ERROR);
+ goto err;
+ }
+
+ if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key,
ec->keylen) <= 0)
+ goto err;
+
+ ek = OPENSSL_malloc(eklen);
+
+ if (ek == NULL)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key,
ec->keylen) <= 0)
+ goto err;
+
+ ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
+ ek = NULL;
+
+ ret = 1;
+
+ err:
+ if (pctx)
+ EVP_PKEY_CTX_free(pctx);
+ if (ek)
+ OPENSSL_free(ek);
+ return ret;
+
+ }
+
int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri,
EVP_PKEY *pkey)
{
-332,6 +414,57
BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
{
CMS_EncryptedContentInfo *ec;
+ STACK_OF(CMS_RecipientInfo) *rinfos;
+ CMS_RecipientInfo *ri;
+ int i, r, ok = 0;
+ BIO *ret;
+
+ /* Get BIO first to set up key */
+
ec = cms->d.envelopedData->encryptedContentInfo;
- return cms_EncryptedContent_init_bio(ec);
+ ret = cms_EncryptedContent_init_bio(ec);
+
+ /* If error or no cipher end of processing */
+
+ if (!ret || !ec->cipher)
+ return ret;
+
+
+ rinfos = cms->d.envelopedData->recipientInfos;
+
+ for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos);
i++)
+ {
+ ri = sk_CMS_RecipientInfo_value(rinfos, i);
+ if (ri->type == CMS_RECIPINFO_TRANS)
+ r = cms_RecipientInfo_ktri_encrypt(cms, ri);
+ else
+ {
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+ CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+ goto err;
+ }
+ if (r <= 0)
+ {
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+ CMS_R_ERROR_SETTING_RECIPIENTINFO);
+ goto err;
+ }
+ }
+
+ ok = 1;
+
+ err:
+ ec->cipher = NULL;
+ if (ec->key)
+ {
+ OPENSSL_cleanse(ec->key, ec->keylen);
+ OPENSSL_free(ec->key);
+ ec->key = NULL;
+ ec->keylen = 0;
+ }
+ if (ok)
+ return ret;
+ BIO_free(ret);
+ return NULL;
+
}
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_err.c
============================================================
================
$ cvs diff -u -r1.7 -r1.8 cms_err.c
--- openssl/crypto/cms/cms_err.c 16 Mar 2008 13:05:03
-0000 1.7
+++ openssl/crypto/cms/cms_err.c 17 Mar 2008 13:38:51
-0000 1.8
-71,7 +71,7
static ERR_STRING_DATA CMS_str_functs[]=
{
{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
-{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_ADD1_RE
CIPIENT_CERT"},
+{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_re
cipient_cert"},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"
;},
{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNIN
GTIME"},
{ERR_FUNC(CMS_F_CMS_BIO_TO_ENCRYPTEDCONTENT), "CMS_BIO_
TO_ENCRYPTEDCONTENT"},
-91,6 +91,7
{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "CMS_DIG
ESTALGORITHM_INIT_BIO"},
{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "CMS_DIGEST
EDDATA_DO_FINAL"},
{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify&
quot;},
+{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_DECRYPT_BIO), "CMS
_ENCRYPTEDCONTENT_DECRYPT_BIO"},
{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_ENCRYPT_BIO), "CMS
_ENCRYPTEDCONTENT_ENCRYPT_BIO"},
{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "CMS_EN
CRYPTEDCONTENT_INIT_BIO"},
-100,6 +101,8
{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_INIT_BIO), "CMS_ENCRY
PTEDDATA_INIT_BIO"},
{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_Encry
ptedData_set1_key"},
{ERR_FUNC(CMS_F_CMS_ENCRYPTED_DATA_DECRYPT), "CMS_ENCRY
PTED_DATA_DECRYPT"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_Envelo
pedData_create"},
+{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "CMS_ENVE
LOPEDDATA_INIT_BIO"},
{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPE
D_DATA_INIT"},
{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET
0_CERTIFICATE_CHOICES"},
-110,6 +113,7
{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"
;},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_Recipi
entInfo_decrypt"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_
RecipientInfo_ktri_cert_cmp"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_
RECIPIENTINFO_KTRI_ENCRYPT"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS
_RecipientInfo_ktri_get0_algs"},
{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), &quo
t;CMS_RecipientInfo_ktri_get0_signer_id"},
{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "CMS_SET1_S
IGNERIDENTIFIER"},
-144,6 +148,7
{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl
failure"},
{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error
getting public key"},
{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),&qu
ot;error reading messagedigest attribute"},
+{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error
setting recipientinfo"},
{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid
key length"},
{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio
init error"},
{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),&quo
t;messagedigest attribute wrong length"},
-162,6 +167,7
{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public
key"},
{ERR_REASON(CMS_R_NO_SIGNERS) ,"no
signers"},
{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),&q
uot;private key does not match certificate"},
+{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient
error"},
{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer
certificate not found"},
{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal
error"},
{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime
text error"},
-177,6 +183,7
{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown
id"},
{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"u
nsupported compression algorithm"},
{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupporte
d content type"},
+{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsuppo
rted recipient type"},
{ERR_REASON(CMS_R_UNSUPPORTED_TYPE)
,"unsupported type"},
{ERR_REASON(CMS_R_VERIFICATION_FAILURE)
,"verification failure"},
{0,NULL}
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_lcl.h
============================================================
================
$ cvs diff -u -r1.5 -r1.6 cms_lcl.h
--- openssl/crypto/cms/cms_lcl.h 15 Mar 2008 23:21:31
-0000 1.5
+++ openssl/crypto/cms/cms_lcl.h 17 Mar 2008 13:38:51
-0000 1.6
-123,6 +123,8
{
ASN1_OBJECT *eContentType;
ASN1_OCTET_STRING *eContent;
+ /* Set to 1 if incomplete structure only part set up */
+ int partial;
};
struct CMS_SignerInfo_st
-411,6 +413,9
BIO
*cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo
*ec);
BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo
*ec,
+ const EVP_CIPHER *cipher,
+ const unsigned char *key, size_t keylen);
BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_sd.c
============================================================
================
$ cvs diff -u -r1.3 -r1.4 cms_sd.c
--- openssl/crypto/cms/cms_sd.c 16 Mar 2008 21:05:37
-0000 1.3
+++ openssl/crypto/cms/cms_sd.c 17 Mar 2008 13:38:51
-0000 1.4
-87,6 +87,7
cms->d.signedData->version = 1;
cms->d.signedData->encapContentInfo->eContentType
=
OBJ_nid2obj(NID_pkcs7_data);
+ cms->d.signedData->encapContentInfo->partial =
1;
ASN1_OBJECT_free(cms->contentType);
cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
return cms->d.signedData;
-679,6 +680,7
if (!cms_SignerInfo_content_sign(si, chain))
return 0;
}
+ cms->d.signedData->encapContentInfo->partial =
0;
return 1;
}
-800,7 +802,8
sd = cms_get0_signed(cms);
if (!sd)
return NULL;
- cms_sd_set_version(sd);
+ if
(cms->d.signedData->encapContentInfo->partial)
+ cms_sd_set_version(sd);
for (i = 0; i <
sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
{
X509_ALGOR *digestAlgorithm;
.
patch -p0 <<' .'
Index: openssl/crypto/cms/cms_smime.c
============================================================
================
$ cvs diff -u -r1.6 -r1.7 cms_smime.c
--- openssl/crypto/cms/cms_smime.c 15 Mar 2008 23:21:31
-0000 1.6
+++ openssl/crypto/cms/cms_smime.c 17 Mar 2008 13:38:51
-0000 1.7
-459,11 +459,38
return NULL;
}
-/* Placeholder for now... */
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO
*in,
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO
*data,
const EVP_CIPHER *cipher, unsigned int flags)
{
+ CMS_ContentInfo *cms;
+ int i;
+ X509 *recip;
+ cms = CMS_EnvelopedData_create(cipher);
+ if (!cms)
+ goto merr;
+ for (i = 0; i < sk_X509_num(certs); i++)
+ {
+ recip = sk_X509_value(certs, i);
+ if (!CMS_add1_recipient_cert(cms, recip, flags))
+ {
+ CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
+ goto err;
+ }
+ }
+
+ if(!(flags & CMS_DETACHED))
+ CMS_set_detached(cms, 0);
+
+ if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
CMS_final(cms, data, flags))
+ return cms;
+
+ return cms;
+
+ merr:
+ CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ err:
+ if (cms)
+ CMS_ContentInfo_free(cms);
return NULL;
}
-488,15 +515,15
ri = sk_CMS_RecipientInfo_value(ris, i);
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
continue;
- if (cert)
+ /* If we have a cert try matching RecipientInfo
otherwise
+ * try them all.
+ */
+ if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert)
== 0))
{
- if (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)
- {
- if (CMS_RecipientInfo_decrypt(cms, ri, pk) <=0)
- return 0;
- else
- break;
- }
+ if (CMS_RecipientInfo_decrypt(cms, ri, pk) > 0)
+ break;
+ else if (cert)
+ return 0;
}
}
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
