summaryrefslogtreecommitdiffstats
path: root/crypto/cms/cms_smime.c
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2008-03-18 01:00:38 +0000
committerDr. Stephen Henson <steve@openssl.org>2008-03-18 01:00:38 +0000
commit6e3bc4f0730a3cb7d2d263153cb234da51637b38 (patch)
tree4014d7cad18d13c1483b6f5fd580c2deda17ccee /crypto/cms/cms_smime.c
parentc36e936b60abcc426b74135b9ce4fd2950725c68 (diff)
More support for KEK RecipientInfo.
Generalise RecipientInfo and enveloped data handling so applications can add their own key lookup routines as well as using the standard ones.
Diffstat (limited to 'crypto/cms/cms_smime.c')
-rw-r--r--crypto/cms/cms_smime.c47
1 files changed, 27 insertions, 20 deletions
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 3a813de246..dcc0e6ba10 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -498,8 +498,6 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
BIO *dcont, BIO *out,
unsigned int flags)
{
- STACK_OF(CMS_RecipientInfo) *ris;
- CMS_RecipientInfo *ri;
int i, r;
BIO *cont;
if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
@@ -509,28 +507,37 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
}
if (!dcont && !check_content(cms))
return 0;
- ris = CMS_get0_RecipientInfos(cms);
- for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+ if (pk)
{
- ri = sk_CMS_RecipientInfo_value(ris, i);
- if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
- continue;
- /* If we have a cert try matching RecipientInfo otherwise
- * try them all.
- */
- if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
+ STACK_OF(CMS_RecipientInfo) *ris;
+ CMS_RecipientInfo *ri;
+ ris = CMS_get0_RecipientInfos(cms);
+ for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
{
- if (CMS_RecipientInfo_decrypt(cms, ri, pk) > 0)
- break;
- else if (cert)
- return 0;
+ ri = sk_CMS_RecipientInfo_value(ris, i);
+ if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
+ continue;
+ /* If we have a cert try matching RecipientInfo
+ * otherwise try them all.
+ */
+ if (!cert ||
+ (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
+ {
+ CMS_RecipientInfo_set0_pkey(ri, pk);
+ r = CMS_RecipientInfo_decrypt(cms, ri);
+ CMS_RecipientInfo_set0_pkey(ri, NULL);
+ if (r > 0)
+ break;
+ if (cert)
+ return 0;
+ }
}
- }
- if (i == sk_CMS_RecipientInfo_num(ris))
- {
- CMSerr(CMS_F_CMS_DECRYPT, CMS_R_NO_MATCHING_RECIPIENT);
- return 0;
+ if (i == sk_CMS_RecipientInfo_num(ris))
+ {
+ CMSerr(CMS_F_CMS_DECRYPT, CMS_R_NO_MATCHING_RECIPIENT);
+ return 0;
+ }
}
cont = CMS_dataInit(cms, dcont);
if (!cont)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-28 13:46:21 +0000