diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-03-17 13:38:51 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-03-17 13:38:51 +0000 |
commit | 761ffa729f396dc4b8607a64ad522f6104eaa7bd (patch) | |
tree | 3e9da641cd4f4a5b11fd3c85858ac2605fff0f22 /crypto/cms/cms_smime.c | |
parent | 1e26a8baedbc74036ada80deb16296e7d4eedb18 (diff) | |
download | openssl-761ffa729f396dc4b8607a64ad522f6104eaa7bd.tar.gz |
Preliminary support for enveloped data content type creation.
Fix signed data creation so versions are only corrected if structure is
being created.
Diffstat (limited to 'crypto/cms/cms_smime.c')
-rw-r--r-- | crypto/cms/cms_smime.c | 49 |
1 files changed, 38 insertions, 11 deletions
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 7a2498d735..3a813de246 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -459,11 +459,38 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, return NULL; } -/* Placeholder for now... */ - -CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher, unsigned int flags) { + CMS_ContentInfo *cms; + int i; + X509 *recip; + cms = CMS_EnvelopedData_create(cipher); + if (!cms) + goto merr; + for (i = 0; i < sk_X509_num(certs); i++) + { + recip = sk_X509_value(certs, i); + if (!CMS_add1_recipient_cert(cms, recip, flags)) + { + CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR); + goto err; + } + } + + if(!(flags & CMS_DETACHED)) + CMS_set_detached(cms, 0); + + if ((flags & (CMS_STREAM|CMS_PARTIAL)) || CMS_final(cms, data, flags)) + return cms; + + return cms; + + merr: + CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); + err: + if (cms) + CMS_ContentInfo_free(cms); return NULL; } @@ -488,15 +515,15 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, ri = sk_CMS_RecipientInfo_value(ris, i); if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS) continue; - if (cert) + /* If we have a cert try matching RecipientInfo otherwise + * try them all. + */ + if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) { - if (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0) - { - if (CMS_RecipientInfo_decrypt(cms, ri, pk) <=0) - return 0; - else - break; - } + if (CMS_RecipientInfo_decrypt(cms, ri, pk) > 0) + break; + else if (cert) + return 0; } } |