Merge branch 'vendor/LIBPCAP'
[dragonfly.git] / crypto / openssl / crypto / cms / cms_env.c
1 /* crypto/cms/cms_env.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project.
4  */
5 /* ====================================================================
6  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer. 
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  */
53
54 #include "cryptlib.h"
55 #include <openssl/asn1t.h>
56 #include <openssl/pem.h>
57 #include <openssl/x509v3.h>
58 #include <openssl/err.h>
59 #include <openssl/cms.h>
60 #include <openssl/rand.h>
61 #include <openssl/aes.h>
62 #include "cms_lcl.h"
63
64 /* CMS EnvelopedData Utilities */
65
66 DECLARE_ASN1_ITEM(CMS_EnvelopedData)
67 DECLARE_ASN1_ITEM(CMS_RecipientInfo)
68 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
69 DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
70 DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
71
72 DECLARE_STACK_OF(CMS_RecipientInfo)
73
74 static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
75         {
76         if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
77                 {
78                 CMSerr(CMS_F_CMS_GET0_ENVELOPED,
79                                 CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
80                 return NULL;
81                 }
82         return cms->d.envelopedData;
83         }
84
85 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
86         {
87         if (cms->d.other == NULL)
88                 {
89                 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
90                 if (!cms->d.envelopedData)
91                         {
92                         CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
93                                                         ERR_R_MALLOC_FAILURE);
94                         return NULL;
95                         }
96                 cms->d.envelopedData->version = 0;
97                 cms->d.envelopedData->encryptedContentInfo->contentType =
98                                                 OBJ_nid2obj(NID_pkcs7_data);
99                 ASN1_OBJECT_free(cms->contentType);
100                 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
101                 return cms->d.envelopedData;
102                 }
103         return cms_get0_enveloped(cms);
104         }
105
106 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
107         {
108         CMS_EnvelopedData *env;
109         env = cms_get0_enveloped(cms);
110         if (!env)
111                 return NULL;
112         return env->recipientInfos;
113         }
114
115 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
116         {
117         return ri->type;
118         }
119
120 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
121         {
122         CMS_ContentInfo *cms;
123         CMS_EnvelopedData *env;
124         cms = CMS_ContentInfo_new();
125         if (!cms)
126                 goto merr;
127         env = cms_enveloped_data_init(cms);
128         if (!env)
129                 goto merr;
130         if (!cms_EncryptedContent_init(env->encryptedContentInfo,
131                                         cipher, NULL, 0))
132                 goto merr;
133         return cms;
134         merr:
135         if (cms)
136                 CMS_ContentInfo_free(cms);
137         CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
138         return NULL;
139         }
140
141 /* Key Transport Recipient Info (KTRI) routines */
142
143 /* Add a recipient certificate. For now only handle key transport.
144  * If we ever handle key agreement will need updating.
145  */
146
147 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
148                                         X509 *recip, unsigned int flags)
149         {
150         CMS_RecipientInfo *ri = NULL;
151         CMS_KeyTransRecipientInfo *ktri;
152         CMS_EnvelopedData *env;
153         EVP_PKEY *pk = NULL;
154         int type;
155         env = cms_get0_enveloped(cms);
156         if (!env)
157                 goto err;
158
159         /* Initialize recipient info */
160         ri = M_ASN1_new_of(CMS_RecipientInfo);
161         if (!ri)
162                 goto merr;
163
164         /* Initialize and add key transport recipient info */
165
166         ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
167         if (!ri->d.ktri)
168                 goto merr;
169         ri->type = CMS_RECIPINFO_TRANS;
170
171         ktri = ri->d.ktri;
172
173         X509_check_purpose(recip, -1, -1);
174         pk = X509_get_pubkey(recip);
175         if (!pk)
176                 {
177                 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
178                                 CMS_R_ERROR_GETTING_PUBLIC_KEY);
179                 goto err;
180                 }
181         CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
182         ktri->pkey = pk;
183         ktri->recip = recip;
184
185         if (flags & CMS_USE_KEYID)
186                 {
187                 ktri->version = 2;
188                 type = CMS_RECIPINFO_KEYIDENTIFIER;
189                 }
190         else
191                 {
192                 ktri->version = 0;
193                 type = CMS_RECIPINFO_ISSUER_SERIAL;
194                 }
195
196         /* Not a typo: RecipientIdentifier and SignerIdentifier are the
197          * same structure.
198          */
199
200         if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
201                 goto err;
202
203         /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
204          * hard code algorithm parameters.
205          */
206
207         if (pk->type == EVP_PKEY_RSA)
208                 {
209                 X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
210                                         OBJ_nid2obj(NID_rsaEncryption), 
211                                         V_ASN1_NULL, 0);
212                 }
213         else
214                 {
215                 CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
216                                 CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
217                 goto err;
218                 }
219
220         if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
221                 goto merr;
222
223         return ri;
224
225         merr:
226         CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
227         err:
228         if (ri)
229                 M_ASN1_free_of(ri, CMS_RecipientInfo);
230         return NULL;
231
232         }
233
234 int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
235                                         EVP_PKEY **pk, X509 **recip,
236                                         X509_ALGOR **palg)
237         {
238         CMS_KeyTransRecipientInfo *ktri;
239         if (ri->type != CMS_RECIPINFO_TRANS)
240                 {
241                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
242                         CMS_R_NOT_KEY_TRANSPORT);
243                 return 0;
244                 }
245
246         ktri = ri->d.ktri;
247
248         if (pk)
249                 *pk = ktri->pkey;
250         if (recip)
251                 *recip = ktri->recip;
252         if (palg)
253                 *palg = ktri->keyEncryptionAlgorithm;
254         return 1;
255         }
256
257 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
258                                         ASN1_OCTET_STRING **keyid,
259                                         X509_NAME **issuer, ASN1_INTEGER **sno)
260         {
261         CMS_KeyTransRecipientInfo *ktri;
262         if (ri->type != CMS_RECIPINFO_TRANS)
263                 {
264                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
265                         CMS_R_NOT_KEY_TRANSPORT);
266                 return 0;
267                 }
268         ktri = ri->d.ktri;
269
270         return cms_SignerIdentifier_get0_signer_id(ktri->rid,
271                                                         keyid, issuer, sno);
272         }
273
274 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
275         {
276         if (ri->type != CMS_RECIPINFO_TRANS)
277                 {
278                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
279                         CMS_R_NOT_KEY_TRANSPORT);
280                 return -2;
281                 }
282         return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
283         }
284
285 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
286         {
287         if (ri->type != CMS_RECIPINFO_TRANS)
288                 {
289                 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
290                         CMS_R_NOT_KEY_TRANSPORT);
291                 return 0;
292                 }
293         ri->d.ktri->pkey = pkey;
294         return 1;
295         }
296
297 /* Encrypt content key in key transport recipient info */
298
299 static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
300                                         CMS_RecipientInfo *ri)
301         {
302         CMS_KeyTransRecipientInfo *ktri;
303         CMS_EncryptedContentInfo *ec;
304         unsigned char *ek = NULL;
305         int eklen;
306
307         int ret = 0;
308
309         if (ri->type != CMS_RECIPINFO_TRANS)
310                 {
311                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
312                         CMS_R_NOT_KEY_TRANSPORT);
313                 return 0;
314                 }
315         ktri = ri->d.ktri;
316         ec = cms->d.envelopedData->encryptedContentInfo;
317
318         eklen = EVP_PKEY_size(ktri->pkey);
319
320         ek = OPENSSL_malloc(eklen);
321
322         if (ek == NULL)
323                 {
324                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
325                                                         ERR_R_MALLOC_FAILURE);
326                 goto err;
327                 }
328
329         eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
330
331         if (eklen <= 0)
332                 goto err;
333
334         ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
335         ek = NULL;
336
337         ret = 1;
338
339         err:
340         if (ek)
341                 OPENSSL_free(ek);
342         return ret;
343
344         }
345
346 /* Decrypt content key from KTRI */
347
348 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
349                                                         CMS_RecipientInfo *ri)
350         {
351         CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
352         unsigned char *ek = NULL;
353         int eklen;
354         int ret = 0;
355
356         if (ktri->pkey == NULL)
357                 {
358                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
359                         CMS_R_NO_PRIVATE_KEY);
360                 return 0;
361                 }
362
363         eklen = EVP_PKEY_size(ktri->pkey);
364
365         ek = OPENSSL_malloc(eklen);
366
367         if (ek == NULL)
368                 {
369                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
370                                                         ERR_R_MALLOC_FAILURE);
371                 goto err;
372                 }
373
374         eklen = EVP_PKEY_decrypt(ek, 
375                                 ktri->encryptedKey->data,
376                                 ktri->encryptedKey->length, ktri->pkey);
377         if (eklen <= 0)
378                 {
379                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
380                 goto err;
381                 }
382
383         ret = 1;
384
385         cms->d.envelopedData->encryptedContentInfo->key = ek;
386         cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
387
388         err:
389         if (!ret && ek)
390                 OPENSSL_free(ek);
391
392         return ret;
393         }
394
395 /* Key Encrypted Key (KEK) RecipientInfo routines */
396
397 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
398                                         const unsigned char *id, size_t idlen)
399         {
400         ASN1_OCTET_STRING tmp_os;
401         CMS_KEKRecipientInfo *kekri;
402         if (ri->type != CMS_RECIPINFO_KEK)
403                 {
404                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
405                 return -2;
406                 }
407         kekri = ri->d.kekri;
408         tmp_os.type = V_ASN1_OCTET_STRING;
409         tmp_os.flags = 0;
410         tmp_os.data = (unsigned char *)id;
411         tmp_os.length = (int)idlen;
412         return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
413         }
414
415 /* For now hard code AES key wrap info */
416
417 static size_t aes_wrap_keylen(int nid)
418         {
419         switch (nid)
420                 {
421                 case NID_id_aes128_wrap:
422                 return 16;
423
424                 case NID_id_aes192_wrap:
425                 return  24;
426
427                 case NID_id_aes256_wrap:
428                 return  32;
429
430                 default:
431                 return 0;
432                 }
433         }
434
435 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
436                                         unsigned char *key, size_t keylen,
437                                         unsigned char *id, size_t idlen,
438                                         ASN1_GENERALIZEDTIME *date,
439                                         ASN1_OBJECT *otherTypeId,
440                                         ASN1_TYPE *otherType)
441         {
442         CMS_RecipientInfo *ri = NULL;
443         CMS_EnvelopedData *env;
444         CMS_KEKRecipientInfo *kekri;
445         env = cms_get0_enveloped(cms);
446         if (!env)
447                 goto err;
448
449         if (nid == NID_undef)
450                 {
451                 switch (keylen)
452                         {
453                         case 16:
454                         nid = NID_id_aes128_wrap;
455                         break;
456
457                         case  24:
458                         nid = NID_id_aes192_wrap;
459                         break;
460
461                         case  32:
462                         nid = NID_id_aes256_wrap;
463                         break;
464
465                         default:
466                         CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
467                                                 CMS_R_INVALID_KEY_LENGTH);
468                         goto err;
469                         }
470
471                 }
472         else
473                 {
474
475                 size_t exp_keylen = aes_wrap_keylen(nid);
476
477                 if (!exp_keylen)
478                         {
479                         CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
480                                         CMS_R_UNSUPPORTED_KEK_ALGORITHM);
481                         goto err;
482                         }
483
484                 if (keylen != exp_keylen)
485                         {
486                         CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
487                                         CMS_R_INVALID_KEY_LENGTH);
488                         goto err;
489                         }
490
491                 }
492
493         /* Initialize recipient info */
494         ri = M_ASN1_new_of(CMS_RecipientInfo);
495         if (!ri)
496                 goto merr;
497
498         ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
499         if (!ri->d.kekri)
500                 goto merr;
501         ri->type = CMS_RECIPINFO_KEK;
502
503         kekri = ri->d.kekri;
504
505         if (otherTypeId)
506                 {
507                 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
508                 if (kekri->kekid->other == NULL)
509                         goto merr;
510                 }
511
512         if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
513                 goto merr;
514
515
516         /* After this point no calls can fail */
517
518         kekri->version = 4;
519
520         kekri->key = key;
521         kekri->keylen = keylen;
522
523         ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
524
525         kekri->kekid->date = date;
526
527         if (kekri->kekid->other)
528                 {
529                 kekri->kekid->other->keyAttrId = otherTypeId;
530                 kekri->kekid->other->keyAttr = otherType;
531                 }
532
533         X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
534                                 OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
535
536         return ri;
537
538         merr:
539         CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
540         err:
541         if (ri)
542                 M_ASN1_free_of(ri, CMS_RecipientInfo);
543         return NULL;
544
545         }
546
547 int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
548                                         X509_ALGOR **palg,
549                                         ASN1_OCTET_STRING **pid,
550                                         ASN1_GENERALIZEDTIME **pdate,
551                                         ASN1_OBJECT **potherid,
552                                         ASN1_TYPE **pothertype)
553         {
554         CMS_KEKIdentifier *rkid;
555         if (ri->type != CMS_RECIPINFO_KEK)
556                 {
557                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
558                 return 0;
559                 }
560         rkid =  ri->d.kekri->kekid;
561         if (palg)
562                 *palg = ri->d.kekri->keyEncryptionAlgorithm;
563         if (pid)
564                 *pid = rkid->keyIdentifier;
565         if (pdate)
566                 *pdate = rkid->date;
567         if (potherid)
568                 {
569                 if (rkid->other)
570                         *potherid = rkid->other->keyAttrId;
571                 else
572                         *potherid = NULL;
573                 }
574         if (pothertype)
575                 {
576                 if (rkid->other)
577                         *pothertype = rkid->other->keyAttr;
578                 else
579                         *pothertype = NULL;
580                 }
581         return 1;
582         }
583
584 int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
585                                 unsigned char *key, size_t keylen)
586         {
587         CMS_KEKRecipientInfo *kekri;
588         if (ri->type != CMS_RECIPINFO_KEK)
589                 {
590                 CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
591                 return 0;
592                 }
593
594         kekri = ri->d.kekri;
595         kekri->key = key;
596         kekri->keylen = keylen;
597         return 1;
598         }
599
600
601 /* Encrypt content key in KEK recipient info */
602
603 static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
604                                         CMS_RecipientInfo *ri)
605         {
606         CMS_EncryptedContentInfo *ec;
607         CMS_KEKRecipientInfo *kekri;
608         AES_KEY actx;
609         unsigned char *wkey = NULL;
610         int wkeylen;
611         int r = 0;
612
613         ec = cms->d.envelopedData->encryptedContentInfo;
614
615         kekri = ri->d.kekri;
616
617         if (!kekri->key)
618                 {
619                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
620                 return 0;
621                 }
622
623         if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
624                 { 
625                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
626                                                 CMS_R_ERROR_SETTING_KEY);
627                 goto err;
628                 }
629
630         wkey = OPENSSL_malloc(ec->keylen + 8);
631
632         if (!wkey)
633                 { 
634                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
635                                                 ERR_R_MALLOC_FAILURE);
636                 goto err;
637                 }
638
639         wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
640
641         if (wkeylen <= 0)
642                 {
643                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
644                 goto err;
645                 }
646
647         ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
648
649         r = 1;
650
651         err:
652
653         if (!r && wkey)
654                 OPENSSL_free(wkey);
655         OPENSSL_cleanse(&actx, sizeof(actx));
656
657         return r;
658
659         }
660
661 /* Decrypt content key in KEK recipient info */
662
663 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
664                                         CMS_RecipientInfo *ri)
665         {
666         CMS_EncryptedContentInfo *ec;
667         CMS_KEKRecipientInfo *kekri;
668         AES_KEY actx;
669         unsigned char *ukey = NULL;
670         int ukeylen;
671         int r = 0, wrap_nid;
672
673         ec = cms->d.envelopedData->encryptedContentInfo;
674
675         kekri = ri->d.kekri;
676
677         if (!kekri->key)
678                 {
679                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
680                 return 0;
681                 }
682
683         wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
684         if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
685                 {
686                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
687                         CMS_R_INVALID_KEY_LENGTH);
688                 return 0;
689                 }
690
691         /* If encrypted key length is invalid don't bother */
692
693         if (kekri->encryptedKey->length < 16)
694                 { 
695                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
696                                         CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
697                 goto err;
698                 }
699
700         if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
701                 { 
702                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
703                                                 CMS_R_ERROR_SETTING_KEY);
704                 goto err;
705                 }
706
707         ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
708
709         if (!ukey)
710                 { 
711                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
712                                                 ERR_R_MALLOC_FAILURE);
713                 goto err;
714                 }
715
716         ukeylen = AES_unwrap_key(&actx, NULL, ukey,
717                                         kekri->encryptedKey->data,
718                                         kekri->encryptedKey->length);
719
720         if (ukeylen <= 0)
721                 {
722                 CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
723                                                         CMS_R_UNWRAP_ERROR);
724                 goto err;
725                 }
726
727         ec->key = ukey;
728         ec->keylen = ukeylen;
729
730         r = 1;
731
732         err:
733
734         if (!r && ukey)
735                 OPENSSL_free(ukey);
736         OPENSSL_cleanse(&actx, sizeof(actx));
737
738         return r;
739
740         }
741
742 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
743         {
744         switch(ri->type)
745                 {
746                 case CMS_RECIPINFO_TRANS:
747                 return cms_RecipientInfo_ktri_decrypt(cms, ri);
748
749                 case CMS_RECIPINFO_KEK:
750                 return cms_RecipientInfo_kekri_decrypt(cms, ri);
751
752                 default:
753                 CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
754                         CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
755                 return 0;
756                 }
757         }
758
759 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
760         {
761         CMS_EncryptedContentInfo *ec;
762         STACK_OF(CMS_RecipientInfo) *rinfos;
763         CMS_RecipientInfo *ri;
764         int i, r, ok = 0;
765         BIO *ret;
766
767         /* Get BIO first to set up key */
768
769         ec = cms->d.envelopedData->encryptedContentInfo;
770         ret = cms_EncryptedContent_init_bio(ec);
771
772         /* If error or no cipher end of processing */
773
774         if (!ret || !ec->cipher)
775                 return ret;
776
777         /* Now encrypt content key according to each RecipientInfo type */
778
779         rinfos = cms->d.envelopedData->recipientInfos;
780
781         for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
782                 {
783                 ri = sk_CMS_RecipientInfo_value(rinfos, i);
784
785                 switch (ri->type)
786                         {
787                         case CMS_RECIPINFO_TRANS:
788                         r = cms_RecipientInfo_ktri_encrypt(cms, ri);
789                         break;
790
791                         case CMS_RECIPINFO_KEK:
792                         r = cms_RecipientInfo_kekri_encrypt(cms, ri);
793                         break;
794
795                         default:
796                         CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
797                                 CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
798                         goto err;
799                         }
800
801                 if (r <= 0)
802                         {
803                         CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
804                                 CMS_R_ERROR_SETTING_RECIPIENTINFO);
805                         goto err;
806                         }
807                 }
808
809         ok = 1;
810
811         err:
812         ec->cipher = NULL;
813         if (ec->key)
814                 {
815                 OPENSSL_cleanse(ec->key, ec->keylen);
816                 OPENSSL_free(ec->key);
817                 ec->key = NULL;
818                 ec->keylen = 0;
819                 }
820         if (ok)
821                 return ret;
822         BIO_free(ret);
823         return NULL;
824
825         }