Changeset View
Changeset View
Standalone View
Standalone View
crypto/cms/cms_smime.c
/* | /* | ||||
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. | * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. | ||||
* | * | ||||
* Licensed under the Apache License 2.0 (the "License"). You may not use | * Licensed under the Apache License 2.0 (the "License"). You may not use | ||||
* this file except in compliance with the License. You can obtain a copy | * this file except in compliance with the License. You can obtain a copy | ||||
Context not available. | |||||
int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, | int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, | ||||
X509 *cert, X509 *peer) | X509 *cert, X509 *peer) | ||||
{ | { | ||||
STACK_OF(CMS_RecipientInfo) *ris; | STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); | ||||
CMS_RecipientInfo *ri; | CMS_RecipientInfo *ri; | ||||
int i, r, cms_pkey_ri_type; | int i, r, cms_pkey_ri_type; | ||||
int debug = 0, match_ri = 0; | int debug = 0, match_ri = 0; | ||||
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms); | |||||
ris = CMS_get0_RecipientInfos(cms); | /* Prevent mem leak on earlier CMS_decrypt_set1_{pkey_and_peer,password} */ | ||||
if (ris != NULL) | if (ec != NULL) { | ||||
debug = ossl_cms_get0_env_enc_content(cms)->debug; | OPENSSL_clear_free(ec->key, ec->keylen); | ||||
ec->key = NULL; | |||||
ec->keylen = 0; | |||||
} | |||||
if (ris != NULL && ec != NULL) | |||||
debug = ec->debug; | |||||
cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk); | cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk); | ||||
if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) { | if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) { | ||||
Context not available. | |||||
if (r < 0) | if (r < 0) | ||||
return 0; | return 0; | ||||
} | } | ||||
/* | /* If we have a cert, try matching RecipientInfo, else try them all */ | ||||
* If we have a cert try matching RecipientInfo otherwise try them | else if (cert == NULL || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { | ||||
* all. | |||||
*/ | |||||
else if (cert == NULL|| !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { | |||||
EVP_PKEY_up_ref(pk); | EVP_PKEY_up_ref(pk); | ||||
CMS_RecipientInfo_set0_pkey(ri, pk); | CMS_RecipientInfo_set0_pkey(ri, pk); | ||||
r = CMS_RecipientInfo_decrypt(cms, ri); | r = CMS_RecipientInfo_decrypt(cms, ri); | ||||
Context not available. | |||||
return 1; | return 1; | ||||
} | } | ||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); | if (!match_ri) | ||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); | |||||
return 0; | return 0; | ||||
} | } | ||||
Context not available. | |||||
{ | { | ||||
STACK_OF(CMS_RecipientInfo) *ris; | STACK_OF(CMS_RecipientInfo) *ris; | ||||
CMS_RecipientInfo *ri; | CMS_RecipientInfo *ri; | ||||
int i, r; | int i, r, match_ri = 0; | ||||
ris = CMS_get0_RecipientInfos(cms); | ris = CMS_get0_RecipientInfos(cms); | ||||
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { | for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { | ||||
Context not available. | |||||
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) | if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) | ||||
continue; | continue; | ||||
/* | /* If we have an id, try matching RecipientInfo, else try them all */ | ||||
* If we have an id try matching RecipientInfo otherwise try them | if (id == NULL | ||||
* all. | || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) { | ||||
*/ | match_ri = 1; | ||||
if (id == NULL || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) { | |||||
CMS_RecipientInfo_set0_key(ri, key, keylen); | CMS_RecipientInfo_set0_key(ri, key, keylen); | ||||
r = CMS_RecipientInfo_decrypt(cms, ri); | r = CMS_RecipientInfo_decrypt(cms, ri); | ||||
CMS_RecipientInfo_set0_key(ri, NULL, 0); | CMS_RecipientInfo_set0_key(ri, NULL, 0); | ||||
Context not available. | |||||
} | } | ||||
} | } | ||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); | if (!match_ri) | ||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); | |||||
return 0; | return 0; | ||||
} | } | ||||
Context not available. | |||||
int CMS_decrypt_set1_password(CMS_ContentInfo *cms, | int CMS_decrypt_set1_password(CMS_ContentInfo *cms, | ||||
unsigned char *pass, ossl_ssize_t passlen) | unsigned char *pass, ossl_ssize_t passlen) | ||||
{ | { | ||||
STACK_OF(CMS_RecipientInfo) *ris; | STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); | ||||
CMS_RecipientInfo *ri; | CMS_RecipientInfo *ri; | ||||
int i, r; | int i, r, match_ri = 0; | ||||
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cms); | |||||
/* Prevent mem leak on earlier CMS_decrypt_set1_{pkey_and_peer,password} */ | |||||
if (ec != NULL) { | |||||
OPENSSL_clear_free(ec->key, ec->keylen); | |||||
ec->key = NULL; | |||||
ec->keylen = 0; | |||||
} | |||||
ris = CMS_get0_RecipientInfos(cms); | |||||
for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { | for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { | ||||
ri = sk_CMS_RecipientInfo_value(ris, i); | ri = sk_CMS_RecipientInfo_value(ris, i); | ||||
if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS) | if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS) | ||||
continue; | continue; | ||||
/* Must try each PasswordRecipientInfo */ | |||||
match_ri = 1; | |||||
CMS_RecipientInfo_set0_password(ri, pass, passlen); | CMS_RecipientInfo_set0_password(ri, pass, passlen); | ||||
r = CMS_RecipientInfo_decrypt(cms, ri); | r = CMS_RecipientInfo_decrypt(cms, ri); | ||||
CMS_RecipientInfo_set0_password(ri, NULL, 0); | CMS_RecipientInfo_set0_password(ri, NULL, 0); | ||||
Context not available. | |||||
return 1; | return 1; | ||||
} | } | ||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); | if (!match_ri) | ||||
ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); | |||||
return 0; | return 0; | ||||
} | } | ||||
Context not available. | |||||
{ | { | ||||
int r; | int r; | ||||
BIO *cont; | BIO *cont; | ||||
CMS_EncryptedContentInfo *ec; | |||||
int nid = OBJ_obj2nid(CMS_get0_type(cms)); | int nid = OBJ_obj2nid(CMS_get0_type(cms)); | ||||
if (nid != NID_pkcs7_enveloped | if (nid != NID_pkcs7_enveloped | ||||
Context not available. | |||||
} | } | ||||
if (dcont == NULL && !check_content(cms)) | if (dcont == NULL && !check_content(cms)) | ||||
return 0; | return 0; | ||||
if (flags & CMS_DEBUG_DECRYPT) | ec = ossl_cms_get0_env_enc_content(cms); | ||||
ossl_cms_get0_env_enc_content(cms)->debug = 1; | ec->debug = (flags & CMS_DEBUG_DECRYPT) != 0; | ||||
else | ec->havenocert = cert == NULL; | ||||
ossl_cms_get0_env_enc_content(cms)->debug = 0; | |||||
if (cert == NULL) | |||||
ossl_cms_get0_env_enc_content(cms)->havenocert = 1; | |||||
else | |||||
ossl_cms_get0_env_enc_content(cms)->havenocert = 0; | |||||
if (pk == NULL && cert == NULL && dcont == NULL && out == NULL) | if (pk == NULL && cert == NULL && dcont == NULL && out == NULL) | ||||
return 1; | return 1; | ||||
if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert)) | if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert)) | ||||
Context not available. |