crypto/cms/cms_smime.c

   1 /* crypto/cms/cms_smime.c */
   2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   3  * project.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  */
  53
  54 #include "cryptlib.h"
  55 #include <openssl/asn1t.h>
  56 #include <openssl/x509.h>
  57 #include <openssl/x509v3.h>
  58 #include <openssl/err.h>
  59 #include <openssl/cms.h>
  60 #include "cms_lcl.h"
  61
  62 static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
  63         {
  64         unsigned char buf[4096];
  65         int r = 0, i;
  66         BIO *tmpout = NULL;
  67
  68         if (out == NULL)
  69                 tmpout = BIO_new(BIO_s_null());
  70         else if (flags & CMS_TEXT)
  71                 tmpout = BIO_new(BIO_s_mem());
  72         else
  73                 tmpout = out;
  74
  75         if(!tmpout)
  76                 {
  77                 CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
  78                 goto err;
  79                 }
  80
  81         /* Read all content through chain to process digest, decrypt etc */
  82         for (;;)
  83         {
  84                 i=BIO_read(in,buf,sizeof(buf));
  85                 if (i <= 0)
  86                         {
  87                         if (BIO_method_type(in) == BIO_TYPE_CIPHER)
  88                                 {
  89                                 if (!BIO_get_cipher_status(in))
  90                                         goto err;
  91                                 }
  92                         break;
  93                         }
  94
  95                 if (tmpout)
  96                         BIO_write(tmpout, buf, i);
  97         }
  98
  99         if(flags & CMS_TEXT)
 100                 {
 101                 if(!SMIME_text(tmpout, out))
 102                         {
 103                         CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
 104                         goto err;
 105                         }
 106                 }
 107
 108         r = 1;
 109
 110         err:
 111         if (tmpout && (tmpout != out))
 112                 BIO_free(tmpout);
 113         return r;
 114
 115         }
 116
 117 static int check_content(CMS_ContentInfo *cms)
 118         {
 119         ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
 120         if (!pos || !*pos)
 121                 {
 122                 CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
 123                 return 0;
 124                 }
 125         return 1;
 126         }
 127
 128 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
 129         {
 130         BIO *cont;
 131         int r;
 132         if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
 133                 {
 134                 CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
 135                 return 0;
 136                 }
 137         cont = CMS_dataInit(cms, NULL);
 138         if (!cont)
 139                 return 0;
 140         r = cms_copy_content(out, cont, flags);
 141         BIO_free_all(cont);
 142         return r;
 143         }
 144
 145 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
 146         {
 147         CMS_ContentInfo *cms;
 148         cms = cms_Data_create();
 149         if (!cms)
 150                 return NULL;
 151
 152         if (CMS_final(cms, in, NULL, flags))
 153                 return cms;
 154
 155         CMS_ContentInfo_free(cms);
 156
 157         return NULL;
 158         }
 159
 160 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 161                                                         unsigned int flags)
 162         {
 163         BIO *cont;
 164         int r;
 165         if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
 166                 {
 167                 CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
 168                 return 0;
 169                 }
 170
 171         if (!dcont && !check_content(cms))
 172                 return 0;
 173
 174         cont = CMS_dataInit(cms, dcont);
 175         if (!cont)
 176                 return 0;
 177         r = cms_copy_content(out, cont, flags);
 178         if (r)
 179                 r = cms_DigestedData_do_final(cms, cont, 1);
 180         BIO_free_all(cont);
 181         return r;
 182         }
 183
 184 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
 185                                         unsigned int flags)
 186         {
 187         CMS_ContentInfo *cms;
 188         if (!md)
 189                 md = EVP_sha1();
 190         cms = cms_DigestedData_create(md);
 191         if (!cms)
 192                 return NULL;
 193
 194         if(!(flags & CMS_DETACHED))
 195                 {
 196                 flags &= ~CMS_STREAM;
 197                 CMS_set_detached(cms, 0);
 198                 }
 199
 200         if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
 201                 return cms;
 202
 203         CMS_ContentInfo_free(cms);
 204         return NULL;
 205         }
 206
 207 int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 208                                 const unsigned char *key, size_t keylen,
 209                                 BIO *dcont, BIO *out, unsigned int flags)
 210         {
 211         BIO *cont;
 212         int r;
 213         if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
 214                 {
 215                 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
 216                                         CMS_R_TYPE_NOT_ENCRYPTED_DATA);
 217                 return 0;
 218                 }
 219
 220         if (!dcont && !check_content(cms))
 221                 return 0;
 222
 223         if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
 224                 return 0;
 225         cont = CMS_dataInit(cms, dcont);
 226         if (!cont)
 227                 return 0;
 228         r = cms_copy_content(out, cont, flags);
 229         BIO_free_all(cont);
 230         return r;
 231         }
 232
 233 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
 234                                         const unsigned char *key, size_t keylen,
 235                                         unsigned int flags)
 236         {
 237         CMS_ContentInfo *cms;
 238         if (!cipher)
 239                 {
 240                 CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
 241                 return NULL;
 242                 }
 243         cms = CMS_ContentInfo_new();
 244         if (!cms)
 245                 return NULL;
 246         if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
 247                 return NULL;
 248
 249         if(!(flags & CMS_DETACHED))
 250                 {
 251                 flags &= ~CMS_STREAM;
 252                 CMS_set_detached(cms, 0);
 253                 }
 254
 255         if ((flags & (CMS_STREAM|CMS_PARTIAL))
 256                 || CMS_final(cms, in, NULL, flags))
 257                 return cms;
 258
 259         CMS_ContentInfo_free(cms);
 260         return NULL;
 261         }
 262
 263 static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
 264                                         X509_STORE *store,
 265                                         STACK_OF(X509) *certs,
 266                                         STACK_OF(X509_CRL) *crls,
 267                                         unsigned int flags)
 268         {
 269         X509_STORE_CTX ctx;
 270         X509 *signer;
 271         int i, j, r = 0;
 272         CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
 273         if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
 274                 {
 275                 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
 276                                                 CMS_R_STORE_INIT_ERROR);
 277                 goto err;
 278                 }
 279         X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_SMIME_SIGN);
 280         if (crls)
 281                 X509_STORE_CTX_set0_crls(&ctx, crls);
 282
 283         i = X509_verify_cert(&ctx);
 284         if (i <= 0)
 285                 {
 286                 j = X509_STORE_CTX_get_error(&ctx);
 287                 CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
 288                                                 CMS_R_CERTIFICATE_VERIFY_ERROR);
 289                 ERR_add_error_data(2, "Verify error:",
 290                                          X509_verify_cert_error_string(j));
 291                 goto err;
 292                 }
 293         r = 1;
 294         err:
 295         X509_STORE_CTX_cleanup(&ctx);
 296         return r;
 297
 298         }
 299
 300 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 301                  X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
 302         {
 303         CMS_SignerInfo *si;
 304         STACK_OF(CMS_SignerInfo) *sinfos;
 305         STACK_OF(X509) *cms_certs = NULL;
 306         STACK_OF(X509_CRL) *crls = NULL;
 307         X509 *signer;
 308         int i, scount = 0, ret = 0;
 309         BIO *cmsbio = NULL, *tmpin = NULL;
 310
 311         if (!dcont && !check_content(cms))
 312                 return 0;
 313
 314         /* Attempt to find all signer certificates */
 315
 316         sinfos = CMS_get0_SignerInfos(cms);
 317
 318         if (sk_CMS_SignerInfo_num(sinfos) <= 0)
 319                 {
 320                 CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
 321                 goto err;
 322                 }
 323
 324         for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
 325                 {
 326                 si = sk_CMS_SignerInfo_value(sinfos, i);
 327                 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
 328                 if (signer)
 329                         scount++;
 330                 }
 331
 332         if (scount != sk_CMS_SignerInfo_num(sinfos))
 333                 scount += CMS_set1_signers_certs(cms, certs, flags);
 334
 335         if (scount != sk_CMS_SignerInfo_num(sinfos))
 336                 {
 337                 CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
 338                 goto err;
 339                 }
 340
 341         /* Attempt to verify all signers certs */
 342
 343         if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
 344                 {
 345                 cms_certs = CMS_get1_certs(cms);
 346                 if (!(flags & CMS_NOCRL))
 347                         crls = CMS_get1_crls(cms);
 348                 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
 349                         {
 350                         si = sk_CMS_SignerInfo_value(sinfos, i);
 351                         if (!cms_signerinfo_verify_cert(si, store,
 352                                                         cms_certs, crls, flags))
 353                                 goto err;
 354                         }
 355                 }
 356
 357         /* Attempt to verify all SignerInfo signed attribute signatures */
 358
 359         if (!(flags & CMS_NO_ATTR_VERIFY))
 360                 {
 361                 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
 362                         {
 363                         si = sk_CMS_SignerInfo_value(sinfos, i);
 364                         if (CMS_signed_get_attr_count(si) < 0)
 365                                 continue;
 366                         if (CMS_SignerInfo_verify(si) <= 0)
 367                                 goto err;
 368                         }
 369                 }
 370
 371         /* Performance optimization: if the content is a memory BIO then
 372          * store its contents in a temporary read only memory BIO. This
 373          * avoids potentially large numbers of slow copies of data which will
 374          * occur when reading from a read write memory BIO when signatures
 375          * are calculated.
 376          */
 377
 378         if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
 379                 {
 380                 char *ptr;
 381                 long len;
 382                 len = BIO_get_mem_data(dcont, &ptr);
 383                 tmpin = BIO_new_mem_buf(ptr, len);
 384                 if (tmpin == NULL)
 385                         {
 386                         CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
 387                         return 0;
 388                         }
 389                 }
 390         else
 391                 tmpin = dcont;
 392
 393
 394         cmsbio=CMS_dataInit(cms, tmpin);
 395         if (!cmsbio)
 396                 goto err;
 397
 398         if (!cms_copy_content(out, cmsbio, flags))
 399                 goto err;
 400
 401         if (!(flags & CMS_NO_CONTENT_VERIFY))
 402                 {
 403                 for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
 404                         {
 405                         si = sk_CMS_SignerInfo_value(sinfos, i);
 406                         if (!CMS_SignerInfo_verify_content(si, cmsbio))
 407                                 {
 408                                 CMSerr(CMS_F_CMS_VERIFY,
 409                                         CMS_R_CONTENT_VERIFY_ERROR);
 410                                 goto err;
 411                                 }
 412                         }
 413                 }
 414
 415         ret = 1;
 416
 417         err:
 418
 419         if (dcont && (tmpin == dcont))
 420                 BIO_pop(cmsbio);
 421         BIO_free_all(cmsbio);
 422
 423         if (cms_certs)
 424                 sk_X509_pop_free(cms_certs, X509_free);
 425         if (crls)
 426                 sk_X509_CRL_pop_free(crls, X509_CRL_free);
 427
 428         return ret;
 429         }
 430
 431 int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
 432                         STACK_OF(X509) *certs,
 433                         X509_STORE *store, unsigned int flags)
 434         {
 435         int r;
 436         r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
 437         if (r <= 0)
 438                 return r;
 439         return cms_Receipt_verify(rcms, ocms);
 440         }
 441
 442 CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 443                                                 BIO *data, unsigned int flags)
 444         {
 445         CMS_ContentInfo *cms;
 446         int i;
 447         cms = CMS_ContentInfo_new();
 448         if (!cms)
 449                 goto merr;
 450         if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
 451                 {
 452                 CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
 453                 goto err;
 454                 }
 455         for (i = 0; i < sk_X509_num(certs); i++)
 456                 {
 457                 X509 *x = sk_X509_value(certs, i);
 458                 if (!CMS_add1_cert(cms, x))
 459                         goto merr;
 460                 }
 461         /* If no signer or certs initialize signedData */
 462         if (!pkey && !i && !CMS_SignedData_init(cms))
 463                 goto merr;
 464
 465         if(!(flags & CMS_DETACHED))
 466                 {
 467                 flags &= ~CMS_STREAM;
 468                 CMS_set_detached(cms, 0);
 469                 }
 470
 471         if ((flags & (CMS_STREAM|CMS_PARTIAL))
 472                 || CMS_final(cms, data, NULL, flags))
 473                 return cms;
 474         else
 475                 goto err;
 476
 477         merr:
 478         CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
 479
 480         err:
 481         if (cms)
 482                 CMS_ContentInfo_free(cms);
 483         return NULL;
 484         }
 485
 486 CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 487                                         X509 *signcert, EVP_PKEY *pkey,
 488                                         STACK_OF(X509) *certs,
 489                                         unsigned int flags)
 490         {
 491         CMS_SignerInfo *rct_si;
 492         CMS_ContentInfo *cms = NULL;
 493         ASN1_OCTET_STRING **pos, *os;
 494         BIO *rct_cont = NULL;
 495         int r = 0;
 496
 497         flags &= ~CMS_STREAM;
 498         /* Not really detached but avoids content being allocated */
 499         flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
 500         if (!pkey || !signcert)
 501                 {
 502                 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
 503                 return NULL;
 504                 }
 505
 506         /* Initialize signed data */
 507
 508         cms = CMS_sign(NULL, NULL, certs, NULL, flags);
 509         if (!cms)
 510                 goto err;
 511
 512         /* Set inner content type to signed receipt */
 513         if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
 514                 goto err;
 515
 516         rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
 517         if (!rct_si)
 518                 {
 519                 CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
 520                 goto err;
 521                 }
 522
 523         os = cms_encode_Receipt(si);
 524
 525         if (!os)
 526                 goto err;
 527
 528         /* Set content to digest */
 529         rct_cont = BIO_new_mem_buf(os->data, os->length);
 530         if (!rct_cont)
 531                 goto err;
 532
 533         /* Add msgSigDigest attribute */
 534
 535         if (!cms_msgSigDigest_add1(rct_si, si))
 536                 goto err;
 537
 538         /* Finalize structure */
 539         if (!CMS_final(cms, rct_cont, NULL, flags))
 540                 goto err;
 541
 542         /* Set embedded content */
 543         pos = CMS_get0_content(cms);
 544         *pos = os;
 545
 546         r = 1;
 547
 548         err:
 549         if (rct_cont)
 550                 BIO_free(rct_cont);
 551         if (r)
 552                 return cms;
 553         CMS_ContentInfo_free(cms);
 554         return NULL;
 555
 556         }
 557
 558 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
 559                                 const EVP_CIPHER *cipher, unsigned int flags)
 560         {
 561         CMS_ContentInfo *cms;
 562         int i;
 563         X509 *recip;
 564         cms = CMS_EnvelopedData_create(cipher);
 565         if (!cms)
 566                 goto merr;
 567         for (i = 0; i < sk_X509_num(certs); i++)
 568                 {
 569                 recip = sk_X509_value(certs, i);
 570                 if (!CMS_add1_recipient_cert(cms, recip, flags))
 571                         {
 572                         CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
 573                         goto err;
 574                         }
 575                 }
 576
 577         if(!(flags & CMS_DETACHED))
 578                 {
 579                 flags &= ~CMS_STREAM;
 580                 CMS_set_detached(cms, 0);
 581                 }
 582
 583         if ((flags & (CMS_STREAM|CMS_PARTIAL))
 584                 || CMS_final(cms, data, NULL, flags))
 585                 return cms;
 586         else
 587                 goto err;
 588
 589         merr:
 590         CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
 591         err:
 592         if (cms)
 593                 CMS_ContentInfo_free(cms);
 594         return NULL;
 595         }
 596
 597 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
 598         {
 599         STACK_OF(CMS_RecipientInfo) *ris;
 600         CMS_RecipientInfo *ri;
 601         int i, r;
 602         ris = CMS_get0_RecipientInfos(cms);
 603         for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
 604                 {
 605                 ri = sk_CMS_RecipientInfo_value(ris, i);
 606                 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
 607                                 continue;
 608                 /* If we have a cert try matching RecipientInfo
 609                  * otherwise try them all.
 610                  */
 611                 if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
 612                         {
 613                         CMS_RecipientInfo_set0_pkey(ri, pk);
 614                         r = CMS_RecipientInfo_decrypt(cms, ri);
 615                         CMS_RecipientInfo_set0_pkey(ri, NULL);
 616                         if (r > 0)
 617                                 return 1;
 618                         if (cert)
 619                                 {
 620                                 CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
 621                                                 CMS_R_DECRYPT_ERROR);
 622                                 return 0;
 623                                 }
 624                         ERR_clear_error();
 625                         }
 626                 }
 627
 628         CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
 629         return 0;
 630
 631         }
 632
 633 int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
 634                                 unsigned char *key, size_t keylen,
 635                                 unsigned char *id, size_t idlen)
 636         {
 637         STACK_OF(CMS_RecipientInfo) *ris;
 638         CMS_RecipientInfo *ri;
 639         int i, r;
 640         ris = CMS_get0_RecipientInfos(cms);
 641         for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
 642                 {
 643                 ri = sk_CMS_RecipientInfo_value(ris, i);
 644                 if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
 645                                 continue;
 646
 647                 /* If we have an id try matching RecipientInfo
 648                  * otherwise try them all.
 649                  */
 650                 if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
 651                         {
 652                         CMS_RecipientInfo_set0_key(ri, key, keylen);
 653                         r = CMS_RecipientInfo_decrypt(cms, ri);
 654                         CMS_RecipientInfo_set0_key(ri, NULL, 0);
 655                         if (r > 0)
 656                                 return 1;
 657                         if (id)
 658                                 {
 659                                 CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
 660                                                 CMS_R_DECRYPT_ERROR);
 661                                 return 0;
 662                                 }
 663                         ERR_clear_error();
 664                         }
 665                 }
 666
 667         CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
 668         return 0;
 669
 670         }
 671
 672 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
 673                                 BIO *dcont, BIO *out,
 674                                 unsigned int flags)
 675         {
 676         int r;
 677         BIO *cont;
 678         if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
 679                 {
 680                 CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
 681                 return 0;
 682                 }
 683         if (!dcont && !check_content(cms))
 684                 return 0;
 685         if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
 686                 return 0;
 687
 688         cont = CMS_dataInit(cms, dcont);
 689         if (!cont)
 690                 return 0;
 691         r = cms_copy_content(out, cont, flags);
 692         BIO_free_all(cont);
 693         return r;
 694         }
 695
 696 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
 697         {
 698         BIO *cmsbio;
 699         int ret = 0;
 700         if (!(cmsbio = CMS_dataInit(cms, dcont)))
 701                 {
 702                 CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
 703                 return 0;
 704                 }
 705
 706         SMIME_crlf_copy(data, cmsbio, flags);
 707
 708         (void)BIO_flush(cmsbio);
 709
 710
 711         if (!CMS_dataFinal(cms, cmsbio))
 712                 {
 713                 CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
 714                 goto err;
 715                 }
 716
 717         ret = 1;
 718
 719         err:
 720         BIO_free_all(cmsbio);
 721
 722         return ret;
 723
 724         }
 725
 726 #ifdef ZLIB
 727
 728 int CMS_uncompress(CMS_ContentInfo *cms, BIO *out, BIO *dcont,
 729                                                         unsigned int flags)
 730         {
 731         BIO *cont;
 732         int r;
 733         if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
 734                 {
 735                 CMSerr(CMS_F_CMS_UNCOMPRESS,
 736                                         CMS_R_TYPE_NOT_COMPRESSED_DATA);
 737                 return 0;
 738                 }
 739
 740         if (!dcont && !check_content(cms))
 741                 return 0;
 742
 743         cont = CMS_dataInit(cms, dcont);
 744         if (!cont)
 745                 return 0;
 746         r = cms_copy_content(out, cont, flags);
 747         BIO_free_all(cont);
 748         return r;
 749         }
 750
 751 CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
 752         {
 753         CMS_ContentInfo *cms;
 754         if (comp_nid <= 0)
 755                 comp_nid = NID_zlib_compression;
 756         cms = cms_CompressedData_create(comp_nid);
 757         if (!cms)
 758                 return NULL;
 759
 760         if(!(flags & CMS_DETACHED))
 761                 {
 762                 flags &= ~CMS_STREAM;
 763                 CMS_set_detached(cms, 0);
 764                 }
 765
 766         if (CMS_final(cms, in, NULL, flags))
 767                 return cms;
 768
 769         CMS_ContentInfo_free(cms);
 770         return NULL;
 771         }
 772
 773 #else
 774
 775 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 776                                                         unsigned int flags)
 777         {
 778         CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 779         return 0;
 780         }
 781
 782 CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
 783         {
 784         CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 785         return NULL;
 786         }
 787
 788 #endif