mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

Support CMS decrypt without a certificate for all key types

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)
This commit is contained in:
Dr. Stephen Henson 2017-08-08 15:20:07 +01:00
parent 6d8aba7b8c
commit 3f1d1704f2
1 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
crypto/cms/cms_smime.c
View File

@ -583,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
STACK_OF(CMS_RecipientEncryptedKey) *reks;
CMS_RecipientEncryptedKey *rek;
reks = CMS_RecipientInfo_kari_get0_reks(ri);
if (!cert)
return 0;
for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
int rv;
rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
continue;
CMS_RecipientInfo_kari_set0_pkey(ri, pk);
rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
if (rv > 0)
return 1;
return -1;
return cert == NULL ? 0 : -1;
}
return 0;
}
@ -659,8 +657,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
return 1;
}
}
/* If no cert and not debugging always return success */
if (match_ri && !cert && !debug) {
/* If no cert, key transport and not debugging always return success */
if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
ERR_clear_error();
return 1;
}