Encrypted Data type processing. Add options to cms utility and run section 7 tests in RFC4134.
diff --git a/apps/cms.c b/apps/cms.c index 9fd0aa0..908e05a 100644 --- a/apps/cms.c +++ b/apps/cms.c
@@ -86,6 +86,7 @@ #define SMIME_DIGEST_CREATE (10 | SMIME_OP) #define SMIME_UNCOMPRESS (11 | SMIME_IP) #define SMIME_COMPRESS (12 | SMIME_OP) +#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) int MAIN(int, char **); @@ -121,6 +122,8 @@ #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif + unsigned char *secret_key = NULL; + size_t secret_keylen; X509_VERIFY_PARAM *vpm = NULL; @@ -164,6 +167,8 @@ operation = SMIME_COMPRESS; else if (!strcmp (*args, "-uncompress")) operation = SMIME_UNCOMPRESS; + else if (!strcmp (*args, "-EncrypedData_decrypt")) + operation = SMIME_ENCRYPTED_DECRYPT; #ifndef OPENSSL_NO_DES else if (!strcmp (*args, "-des3")) cipher = EVP_des_ede3_cbc(); @@ -233,6 +238,20 @@ flags |= CMS_NOOLDMIMETYPE; else if (!strcmp (*args, "-crlfeol")) flags |= CMS_CRLFEOL; + else if (!strcmp(*args,"-secretkey")) + { + long ltmp; + if (!args[1]) + goto argerr; + args++; + secret_key = string_to_hex(*args, <mp); + if (!secret_key) + { + BIO_printf(bio_err, "Invalid key %s\n", *args); + goto argerr; + } + secret_keylen = (size_t)ltmp; + } else if (!strcmp(*args,"-rand")) { if (!args[1]) @@ -810,6 +829,12 @@ goto end; } } + else if (operation == SMIME_ENCRYPTED_DECRYPT) + { + if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, + indata, out, flags)) + goto end; + } else if (operation == SMIME_VERIFY) { if (CMS_verify(cms, other, store, indata, out, flags) > 0) @@ -878,6 +903,8 @@ sk_free(sksigners); if (skkeys) sk_free(skkeys); + if (secret_key) + OPENSSL_free(secret_key); X509_STORE_free(store); X509_free(cert); X509_free(recip);