d2e82906c6c5e35fdd28876b3d10aa47726a2985
[openssl.git] / crypto / cms / cms_env.c
1 /* crypto/cms/cms_env.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project.
4  */
5 /* ====================================================================
6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer. 
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  */
53
54 #include "cryptlib.h"
55 #include <openssl/asn1t.h>
56 #include <openssl/pem.h>
57 #include <openssl/x509v3.h>
58 #include <openssl/err.h>
59 #include <openssl/cms.h>
60 #include <openssl/rand.h>
61 #include <openssl/aes.h>
62 #include "cms_lcl.h"
63 #include "asn1_locl.h"
64
65 /* CMS EnvelopedData Utilities */
66
67 DECLARE_ASN1_ITEM(CMS_EnvelopedData)
68 DECLARE_ASN1_ITEM(CMS_RecipientInfo)
69 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
70 DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
71 DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
72
73 DECLARE_STACK_OF(CMS_RecipientInfo)
74
75 static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
76         {
77         if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
78                 {
79                 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
80                                 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
81                 return NULL;
82                 }
83         return cms->d.envelopedData;
84         }
85
86 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
87         {
88         if (cms->d.other == NULL)
89                 {
90                 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
91                 if (!cms->d.envelopedData)
92                         {
93                         CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
94                                                         ERR_R_MALLOC_FAILURE);
95                         return NULL;
96                         }
97                 cms->d.envelopedData->version = 0;
98                 cms->d.envelopedData->encryptedContentInfo->contentType =
99                                                 OBJ_nid2obj(NID_pkcs7_data);
100                 ASN1_OBJECT_free(cms->contentType);
101                 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
102                 return cms->d.envelopedData;
103                 }
104         return cms_get0_enveloped(cms);
105         }
106
107 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
108         {
109         CMS_EnvelopedData *env;
110         env = cms_get0_enveloped(cms);
111         if (!env)
112                 return NULL;
113         return env->recipientInfos;
114         }
115
116 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
117         {
118         return ri->type;
119         }
120
121 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
122         {
123         CMS_ContentInfo *cms;
124         CMS_EnvelopedData *env;
125         cms = CMS_ContentInfo_new();
126         if (!cms)
127                 goto merr;
128         env = cms_enveloped_data_init(cms);
129         if (!env)
130                 goto merr;
131         if (!cms_EncryptedContent_init(env->encryptedContentInfo,
132                                         cipher, NULL, 0))
133                 goto merr;
134         return cms;
135         merr:
136         if (cms)
137                 CMS_ContentInfo_free(cms);
138         CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
139         return NULL;
140         }
141
142 /* Add a recipient certificate. For now only handle key transport.
143  * If we ever handle key agreement will need updating.
144  */
145 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
146                                         X509 *recip, unsigned int flags)
147         {
148         CMS_RecipientInfo *ri = NULL;
149         CMS_KeyTransRecipientInfo *ktri;
150         CMS_EnvelopedData *env;
151         EVP_PKEY *pk = NULL;
152         int i, type;
153         env = cms_get0_enveloped(cms);
154         if (!env)
155                 goto err;
156
157         /* Initialize recipient info */
158         ri = M_ASN1_new_of(CMS_RecipientInfo);
159         if (!ri)
160                 goto merr;
161
162         /* Initialize and add key transport recipient info */
163
164         ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
165         if (!ri->d.ktri)
166                 goto merr;
167         ri->type = CMS_RECIPINFO_TRANS;
168
169         ktri = ri->d.ktri;
170
171         X509_check_purpose(recip, -1, -1);
172         pk = X509_get_pubkey(recip);
173         if (!pk)
174                 {
175                 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
176                                 CMS_R_ERROR_GETTING_PUBLIC_KEY);
177                 goto err;
178                 }
179         CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
180         ktri->pkey = pk;
181         ktri->recip = recip;
182
183         if (flags & CMS_USE_KEYID)
184                 {
185                 ktri->version = 2;
186                 type = CMS_RECIPINFO_KEYIDENTIFIER;
187                 }
188         else
189                 {
190                 ktri->version = 0;
191                 type = CMS_RECIPINFO_ISSUER_SERIAL;
192                 }
193
194         /* Not a typo: RecipientIdentifier and SignerIdentifier are the
195          * same structure.
196          */
197
198         if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
199                 goto err;
200
201         if (pk->ameth && pk->ameth->pkey_ctrl)
202                 {
203                 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
204                                                 0, ri);
205                 if (i == -2)
206                         {
207                         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
208                                 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
209                         goto err;
210                         }
211                 if (i <= 0)
212                         {
213                         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
214                                 CMS_R_CTRL_FAILURE);
215                         goto err;
216                         }
217                 }
218
219         if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
220                 goto merr;
221
222         return ri;
223
224         merr:
225         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
226         err:
227         if (ri)
228                 M_ASN1_free_of(ri, CMS_RecipientInfo);
229         return NULL;
230
231         }
232
233 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
234                                         X509_ALGOR **palg,
235                                         ASN1_OCTET_STRING **pid,
236                                         ASN1_GENERALIZEDTIME **pdate,
237                                         ASN1_OBJECT **potherid,
238                                         ASN1_TYPE **pothertype)
239         {
240         CMS_KEKIdentifier *rkid;
241         if (ri->type != CMS_RECIPINFO_KEK)
242                 {
243                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
244                 return 0;
245                 }
246         rkid =  ri->d.kekri->kekid;
247         if (palg)
248                 *palg = ri->d.kekri->keyEncryptionAlgorithm;
249         if (pid)
250                 *pid = rkid->keyIdentifier;
251         if (pdate)
252                 *pdate = rkid->date;
253         if (potherid)
254                 {
255                 if (rkid->other)
256                         *potherid = rkid->other->keyAttrId;
257                 else
258                         *potherid = NULL;
259                 }
260         if (pothertype)
261                 {
262                 if (rkid->other)
263                         *pothertype = rkid->other->keyAttr;
264                 else
265                         *pothertype = NULL;
266                 }
267         return 1;
268         }
269
270 /* For now hard code AES key wrap info */
271
272 static int aes_wrap_keylen(int nid)
273         {
274         switch (nid)
275                 {
276                 case NID_id_aes128_wrap:
277                 return 16;
278
279                 case NID_id_aes192_wrap:
280                 return  24;
281
282                 case NID_id_aes256_wrap:
283                 return  32;
284
285                 default:
286                 return 0;
287                 }
288         }
289
290
291 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
292                                         unsigned char *key, size_t keylen,
293                                         unsigned char *id, size_t idlen,
294                                         ASN1_GENERALIZEDTIME *date,
295                                         ASN1_OBJECT *otherTypeId,
296                                         ASN1_TYPE *otherType)
297         {
298         CMS_RecipientInfo *ri = NULL;
299         CMS_EnvelopedData *env;
300         CMS_KEKRecipientInfo *kekri;
301         size_t exp_keylen = 0;
302         env = cms_get0_enveloped(cms);
303         if (!env)
304                 goto err;
305
306         exp_keylen = aes_wrap_keylen(nid);
307
308         if (!exp_keylen)
309                 {
310                 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
311                                 CMS_R_UNSUPPORTED_KEK_ALGORITHM);
312                 goto err;
313                 }
314
315         if (keylen != exp_keylen)
316                 {
317                 CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
318                 goto err;
319                 }
320
321         /* Initialize recipient info */
322         ri = M_ASN1_new_of(CMS_RecipientInfo);
323         if (!ri)
324                 goto merr;
325
326         ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
327         if (!ri->d.kekri)
328                 goto merr;
329         ri->type = CMS_RECIPINFO_KEK;
330
331         kekri = ri->d.kekri;
332
333         if (otherTypeId)
334                 {
335                 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
336                 if (kekri->kekid->other == NULL)
337                         goto merr;
338                 }
339
340         if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
341                 goto merr;
342
343         /* After this point no calls can fail */
344
345         kekri->version = 4;
346
347         kekri->key = key;
348         kekri->keylen = keylen;
349
350         ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
351
352         kekri->kekid->date = date;
353
354         kekri->kekid->other->keyAttrId = otherTypeId;
355         kekri->kekid->other->keyAttr = otherType;
356
357         X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
358                                 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
359
360         return ri;
361
362         merr:
363         CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
364         err:
365         if (ri)
366                 M_ASN1_free_of(ri, CMS_RecipientInfo);
367         return NULL;
368
369         }
370
371 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
372                                         EVP_PKEY **pk, X509 **recip,
373                                         X509_ALGOR **palg)
374         {
375         CMS_KeyTransRecipientInfo *ktri;
376         if (ri->type != CMS_RECIPINFO_TRANS)
377                 {
378                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
379                         CMS_R_NOT_KEY_TRANSPORT);
380                 return 0;
381                 }
382
383         ktri = ri->d.ktri;
384
385         if (pk)
386                 *pk = ktri->pkey;
387         if (recip)
388                 *recip = ktri->recip;
389         if (palg)
390                 *palg = ktri->keyEncryptionAlgorithm;
391         return 1;
392         }
393
394 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
395                                         ASN1_OCTET_STRING **keyid,
396                                         X509_NAME **issuer, ASN1_INTEGER **sno)
397         {
398         CMS_KeyTransRecipientInfo *ktri;
399         if (ri->type != CMS_RECIPINFO_TRANS)
400                 {
401                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
402                         CMS_R_NOT_KEY_TRANSPORT);
403                 return 0;
404                 }
405         ktri = ri->d.ktri;
406
407         return cms_SignerIdentifier_get0_signer_id(ktri->rid,
408                                                         keyid, issuer, sno);
409         }
410
411 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
412         {
413         if (ri->type != CMS_RECIPINFO_TRANS)
414                 {
415                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
416                         CMS_R_NOT_KEY_TRANSPORT);
417                 return -2;
418                 }
419         return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
420         }
421
422 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
423         {
424         if (ri->type != CMS_RECIPINFO_TRANS)
425                 {
426                 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
427                         CMS_R_NOT_KEY_TRANSPORT);
428                 return 0;
429                 }
430         ri->d.ktri->pkey = pkey;
431         return 1;
432         }
433
434 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
435                                 unsigned char *key, size_t keylen)
436         {
437         CMS_KEKRecipientInfo *kekri;
438         int wrap_nid;
439         if (ri->type != CMS_RECIPINFO_KEK)
440                 {
441                 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
442                 return 0;
443                 }
444         kekri = ri->d.kekri;
445         wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
446         if (aes_wrap_keylen(wrap_nid) != keylen)
447                 {
448                 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY,
449                         CMS_R_INVALID_KEY_LENGTH);
450                 return 0;
451                 }
452         kekri->key = key;
453         kekri->keylen = keylen;
454         return 1;
455         }
456                         
457 /* Encrypt content key in key transport recipient info */
458
459 static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
460                                         CMS_RecipientInfo *ri)
461         {
462         CMS_KeyTransRecipientInfo *ktri;
463         CMS_EncryptedContentInfo *ec;
464         EVP_PKEY_CTX *pctx = NULL;
465         unsigned char *ek = NULL;
466         size_t eklen;
467
468         int ret = 0;
469
470         if (ri->type != CMS_RECIPINFO_TRANS)
471                 {
472                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
473                         CMS_R_NOT_KEY_TRANSPORT);
474                 return 0;
475                 }
476         ktri = ri->d.ktri;
477         ec = cms->d.envelopedData->encryptedContentInfo;
478
479         pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
480         if (!pctx)
481                 return 0;
482
483         if (EVP_PKEY_encrypt_init(pctx) <= 0)
484                 goto err;
485
486         if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
487                                 EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
488                 {
489                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
490                 goto err;
491                 }
492
493         if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
494                 goto err;
495
496         ek = OPENSSL_malloc(eklen);
497
498         if (ek == NULL)
499                 {
500                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
501                                                         ERR_R_MALLOC_FAILURE);
502                 goto err;
503                 }
504
505         if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
506                 goto err;
507
508         ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
509         ek = NULL;
510
511         ret = 1;
512
513         err:
514         if (pctx)
515                 EVP_PKEY_CTX_free(pctx);
516         if (ek)
517                 OPENSSL_free(ek);
518         return ret;
519
520         }
521
522 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
523                                                         CMS_RecipientInfo *ri)
524         {
525         CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
526         EVP_PKEY_CTX *pctx = NULL;
527         unsigned char *ek = NULL;
528         size_t eklen;
529         int ret = 0;
530
531         if (ktri->pkey == NULL)
532                 {
533                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
534                         CMS_R_NO_PRIVATE_KEY);
535                 return 0;
536                 }
537
538         pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
539         if (!pctx)
540                 return 0;
541
542         if (EVP_PKEY_decrypt_init(pctx) <= 0)
543                 goto err;
544
545         if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
546                                 EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
547                 {
548                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
549                 goto err;
550                 }
551
552         if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
553                                 ktri->encryptedKey->data,
554                                 ktri->encryptedKey->length) <= 0)
555                 goto err;
556
557         ek = OPENSSL_malloc(eklen);
558
559         if (ek == NULL)
560                 {
561                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
562                                                         ERR_R_MALLOC_FAILURE);
563                 goto err;
564                 }
565
566         if (EVP_PKEY_decrypt(pctx, ek, &eklen,
567                                 ktri->encryptedKey->data,
568                                 ktri->encryptedKey->length) <= 0)
569                 {
570                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
571                 goto err;
572                 }
573
574         ret = 1;
575
576         cms->d.envelopedData->encryptedContentInfo->key = ek;
577         cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
578
579         err:
580         if (pctx)
581                 EVP_PKEY_CTX_free(pctx);
582         if (!ret && ek)
583                 OPENSSL_free(ek);
584
585         return ret;
586         }
587
588
589 /* Encrypt content key in KEK recipient info */
590
591 static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
592                                         CMS_RecipientInfo *ri)
593         {
594         CMS_EncryptedContentInfo *ec;
595         CMS_KEKRecipientInfo *kekri;
596         AES_KEY actx;
597         unsigned char *wkey = NULL;
598         int wkeylen;
599         int r = 0;
600
601         ec = cms->d.envelopedData->encryptedContentInfo;
602
603         kekri = ri->d.kekri;
604
605         if (!kekri->key)
606                 {
607                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
608                 return 0;
609                 }
610
611         if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
612                 { 
613                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
614                                                 CMS_R_ERROR_SETTING_KEY);
615                 goto err;
616                 }
617
618         wkey = OPENSSL_malloc(ec->keylen + 8);
619
620         if (!wkey)
621                 { 
622                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
623                                                 ERR_R_MALLOC_FAILURE);
624                 goto err;
625                 }
626
627         wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
628
629         if (wkeylen <= 0)
630                 {
631                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
632                 goto err;
633                 }
634
635         ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
636
637         r = 1;
638
639         err:
640
641         if (!r && wkey)
642                 OPENSSL_free(wkey);
643         OPENSSL_cleanse(&actx, sizeof(actx));
644
645         return r;
646
647         }
648
649 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
650                                         CMS_RecipientInfo *ri)
651         {
652         CMS_EncryptedContentInfo *ec;
653         CMS_KEKRecipientInfo *kekri;
654         AES_KEY actx;
655         unsigned char *ukey = NULL;
656         int ukeylen;
657         int r = 0;
658
659         ec = cms->d.envelopedData->encryptedContentInfo;
660
661         kekri = ri->d.kekri;
662
663         if (!kekri->key)
664                 {
665                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
666                 return 0;
667                 }
668
669         /* If encrypted key length is invalid don't bother */
670
671         if (kekri->encryptedKey->length < 16)
672                 { 
673                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
674                                         CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
675                 goto err;
676                 }
677
678         if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
679                 { 
680                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
681                                                 CMS_R_ERROR_SETTING_KEY);
682                 goto err;
683                 }
684
685         ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
686
687         if (!ukey)
688                 { 
689                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
690                                                 ERR_R_MALLOC_FAILURE);
691                 goto err;
692                 }
693
694         ukeylen = AES_unwrap_key(&actx, NULL, ukey,
695                                         kekri->encryptedKey->data,
696                                         kekri->encryptedKey->length);
697
698         if (ukeylen <= 0)
699                 {
700                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
701                                                         CMS_R_UNWRAP_ERROR);
702                 goto err;
703                 }
704
705         ec->key = ukey;
706         ec->keylen = ukeylen;
707
708         r = 1;
709
710         err:
711
712         if (!r && ukey)
713                 OPENSSL_free(ukey);
714         OPENSSL_cleanse(&actx, sizeof(actx));
715
716         return r;
717
718         }
719
720 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
721         {
722         switch(ri->type)
723                 {
724                 case CMS_RECIPINFO_TRANS:
725                 return cms_RecipientInfo_ktri_decrypt(cms, ri);
726
727                 case CMS_RECIPINFO_KEK:
728                 return cms_RecipientInfo_kekri_decrypt(cms, ri);
729
730                 default:
731                 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
732                         CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
733                 return 0;
734                 }
735         }
736
737 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
738         {
739         CMS_EncryptedContentInfo *ec;
740         STACK_OF(CMS_RecipientInfo) *rinfos;
741         CMS_RecipientInfo *ri;
742         int i, r, ok = 0;
743         BIO *ret;
744
745         /* Get BIO first to set up key */
746
747         ec = cms->d.envelopedData->encryptedContentInfo;
748         ret = cms_EncryptedContent_init_bio(ec);
749
750         /* If error or no cipher end of processing */
751
752         if (!ret || !ec->cipher)
753                 return ret;
754
755         rinfos = cms->d.envelopedData->recipientInfos;
756
757         for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
758                 {
759                 ri = sk_CMS_RecipientInfo_value(rinfos, i);
760
761                 switch (ri->type)
762                         {
763                         case CMS_RECIPINFO_TRANS:
764                         r = cms_RecipientInfo_ktri_encrypt(cms, ri);
765                         break;
766
767                         case CMS_RECIPINFO_KEK:
768                         r = cms_RecipientInfo_kekri_encrypt(cms, ri);
769                         break;
770
771                         default:
772                         CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
773                                 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
774                         goto err;
775                         }
776
777                 if (r <= 0)
778                         {
779                         CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
780                                 CMS_R_ERROR_SETTING_RECIPIENTINFO);
781                         goto err;
782                         }
783                 }
784
785         ok = 1;
786
787         err:
788         ec->cipher = NULL;
789         if (ec->key)
790                 {
791                 OPENSSL_cleanse(ec->key, ec->keylen);
792                 OPENSSL_free(ec->key);
793                 ec->key = NULL;
794                 ec->keylen = 0;
795                 }
796         if (ok)
797                 return ret;
798         BIO_free(ret);
799         return NULL;
800
801         }