Commit 3f1d1704 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Support CMS decrypt without a certificate for all key types 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4115)
parent 6d8aba7b

crypto/cms/cms_smime.c

+4 −6
Original line number Diff line number Diff line
@@ -583,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, 
    STACK_OF(CMS_RecipientEncryptedKey) *reks;

    CMS_RecipientEncryptedKey *rek;

    reks = CMS_RecipientInfo_kari_get0_reks(ri);

    if (!cert)

        return 0;

    for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {

        int rv;

        rek = sk_CMS_RecipientEncryptedKey_value(reks, i);

        if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert))

        if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))

            continue;

        CMS_RecipientInfo_kari_set0_pkey(ri, pk);

        rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);

        CMS_RecipientInfo_kari_set0_pkey(ri, NULL);

        if (rv > 0)

            return 1;

        return -1;

        return cert == NULL ? 0 : -1;

    }

    return 0;

}
@@ -659,8 +657,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) 
                return 1;

        }

    }

    /* If no cert and not debugging always return success */

    if (match_ri && !cert && !debug) {

    /* If no cert, key transport and not debugging always return success */

    if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {

        ERR_clear_error();

        return 1;

    }