=pod =head1 NAME CMS_decrypt - decrypt content from a CMS envelopedData structure =head1 SYNOPSIS #include int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); =head1 DESCRIPTION CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData structure. B is the private key of the recipient, B is the recipient's certificate, B is a BIO to write the content to and B is an optional set of flags. The B parameter is used in the rare case where the encrypted content is detached. It will normally be set to NULL. =head1 NOTES Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the CMS structure. If B is set to NULL all possible recipients are tried. This case however is problematic. To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt the content: this will typically output garbage and may (but is not guaranteed to) ultimately return a padding error only. If CMS_decrypt() just returned an error when all recipient encrypted keys failed to decrypt an attacker could use this in a timing attack. If the special flag B is set then the above behaviour is modified and an error B returned if no recipient encrypted key can be decrypted B generating a random content encryption key. Applications should use this flag with B especially in automated gateways as it can leave them open to attack. It is possible to determine the correct recipient key by other means (for example looking them up in a database) and setting them in the CMS structure in advance using the CMS utility functions such as CMS_set1_pkey(). In this case both B and B should be set to NULL. To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key() and CMS_ReceipientInfo_decrypt() should be called before CMS_decrypt() and B and B set to NULL. The following flags can be passed in the B parameter. If the B flag is set MIME headers for type B are deleted from the content. If the content is not of type B then an error is returned. =head1 RETURN VALUES CMS_decrypt() returns either 1 for success or 0 for failure. The error can be obtained from ERR_get_error(3) =head1 BUGS The lack of single pass processing and the need to hold all data in memory as mentioned in CMS_verify() also applies to CMS_decrypt(). =head1 SEE ALSO L, L =head1 COPYRIGHT Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L. =cut