diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-04-12 01:52:26 +0200 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-04-12 01:52:26 +0200 |
commit | 1728756255e182dcbdbea7b5b9fcfe46fc39ef9a (patch) | |
tree | b8ff92a264237a56fa053d27b2603c00f24773f3 | |
parent | Correct argument order for CMS_decrypt() in docs. (diff) | |
download | openssl-1728756255e182dcbdbea7b5b9fcfe46fc39ef9a.tar.xz openssl-1728756255e182dcbdbea7b5b9fcfe46fc39ef9a.zip |
Detached encrypt/decrypt example, fix decrypt sample.
-rw-r--r-- | demos/cms/cms_ddec.c | 89 | ||||
-rw-r--r-- | demos/cms/cms_dec.c | 8 | ||||
-rw-r--r-- | demos/cms/cms_denc.c | 97 |
3 files changed, 190 insertions, 4 deletions
diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c new file mode 100644 index 0000000000..ba68cfdf76 --- /dev/null +++ b/demos/cms/cms_ddec.c @@ -0,0 +1,89 @@ +/* S/MIME detached data decrypt example: rarely done but + * should the need arise this is an example.... + */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open PEM file containing enveloped data */ + + in = BIO_new_file("smencr.pem", "r"); + + if (!in) + goto err; + + /* Parse PEM content */ + cms = PEM_read_bio_CMS(in, NULL, 0, NULL); + + if (!cms) + goto err; + + /* Open file containing detached content */ + dcont = BIO_new_file("smencr.out", "rb"); + + if (!in) + goto err; + + out = BIO_new_file("encrout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Decrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (rkey) + EVP_PKEY_free(rkey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + if (dcont) + BIO_free(dcont); + + return ret; + + } diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c index 18e7157eda..7ddf653269 100644 --- a/demos/cms/cms_dec.c +++ b/demos/cms/cms_dec.c @@ -29,20 +29,20 @@ int main(int argc, char **argv) if (!rcert || !rkey) goto err; - /* Open content being signed */ + /* Open S/MIME message to decrypt */ in = BIO_new_file("smencr.txt", "r"); if (!in) goto err; - /* Sign content */ + /* Parse message */ cms = SMIME_read_CMS(in, NULL); if (!cms) goto err; - out = BIO_new_file("encrout.txt", "w"); + out = BIO_new_file("decout.txt", "w"); if (!out) goto err; @@ -56,7 +56,7 @@ int main(int argc, char **argv) if (ret) { - fprintf(stderr, "Error Signing Data\n"); + fprintf(stderr, "Error Decrypting Data\n"); ERR_print_errors_fp(stderr); } diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c new file mode 100644 index 0000000000..9265e47bf9 --- /dev/null +++ b/demos/cms/cms_denc.c @@ -0,0 +1,97 @@ +/* S/MIME detached data encrypt example: rarely done but + * should the need arise this is an example.... + */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + int flags = CMS_STREAM|CMS_DETACHED; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* sk_X509_pop_free will free up recipient STACK and its contents + * so set rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + dout = BIO_new_file("smencr.out", "wb"); + + if (!in) + goto err; + + /* encrypt content */ + cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!cms) + goto err; + + out = BIO_new_file("smencr.pem", "w"); + if (!out) + goto err; + + if (!CMS_final(cms, in, dout, flags)) + goto err; + + /* Write out CMS structure without content */ + if (!PEM_write_bio_CMS(out, cms)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (recips) + sk_X509_pop_free(recips, X509_free); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (dout) + BIO_free(dout); + if (tbio) + BIO_free(tbio); + + return ret; + + } |