Add ECP_NISTZ256 by Shay Gueron, Intel Corp.

[oweals/openssl.git] / crypto / cms / cms_smime.c

diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 8c56e3a8520d73802c7ea00f81e81c1d574bc49b..d2b9eec3ddba3b143cce5378cb5f786c79999f89 100644 (file)
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -58,6 +58,7 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include "cms_lcl.h"
+#include "asn1_locl.h"
 
 static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
        {
@@ -606,24 +607,66 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
        return NULL;
        }
 
+static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                               EVP_PKEY *pk, X509 *cert)
+       {
+       int i;
+       STACK_OF(CMS_RecipientEncryptedKey) *reks;
+       CMS_RecipientEncryptedKey *rek;
+       reks = CMS_RecipientInfo_kari_get0_reks(ri);
+       if (!cert)
+               return 0;
+       for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++)
+               {
+               int rv;
+               rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
+               if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+                       continue;
+               CMS_RecipientInfo_kari_set0_pkey(ri, pk);
+               rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
+               CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
+               if (rv > 0)
+                       return 1;
+               return -1;
+               }
+       return 0;
+       }
+
 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
        {
        STACK_OF(CMS_RecipientInfo) *ris;
        CMS_RecipientInfo *ri;
-       int i, r;
-       int debug = 0;
+       int i, r, ri_type;
+       int debug = 0, match_ri = 0;
        ris = CMS_get0_RecipientInfos(cms);
        if (ris)
                debug = cms->d.envelopedData->encryptedContentInfo->debug;
+       ri_type = cms_pkey_get_ri_type(pk);
+       if (ri_type == CMS_RECIPINFO_NONE)
+               {
+               CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+                                       CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+               return 0;
+               }
+
        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
                {
                ri = sk_CMS_RecipientInfo_value(ris, i);
-               if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
+               if (CMS_RecipientInfo_type(ri) != ri_type)
                                continue;
+               match_ri = 1;
+               if (ri_type == CMS_RECIPINFO_AGREE)
+                       {
+                       r = cms_kari_set1_pkey(cms, ri, pk, cert);
+                       if (r > 0)
+                               return 1;
+                       if (r < 0)
+                               return 0;
+                       }
                /* If we have a cert try matching RecipientInfo
                 * otherwise try them all.
                 */
-               if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
+               else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert))
                        {
                        CMS_RecipientInfo_set0_pkey(ri, pk);
                        r = CMS_RecipientInfo_decrypt(cms, ri);
@@ -655,7 +698,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                        }
                }
        /* If no cert and not debugging always return success */
-       if (!cert && !debug)
+       if (match_ri && !cert && !debug)
                {
                ERR_clear_error();
                return 1;