Support CMS decrypt without a certificate for all key types

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4115)
author: Dr. Stephen Henson <steve@openssl.org> 2017-08-08 16:20:07 +0200
committer: Dr. Stephen Henson <steve@openssl.org> 2017-08-08 19:55:56 +0200
commit: 3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db (patch)
tree: 2ec6344a9594e32e8b9212527708c093e50bdad9 /crypto/cms/cms_smime.c
parent: Add documentation for the scrypt PKEY_METHOD (diff)
download: openssl-3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db.tar.xz
openssl-3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db.zip
1 files changed, 4 insertions, 6 deletions
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index dbf7dd3a38..7e7b6e5d4f 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -583,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
     STACK_OF(CMS_RecipientEncryptedKey) *reks;
     CMS_RecipientEncryptedKey *rek;
     reks = CMS_RecipientInfo_kari_get0_reks(ri);
-    if (!cert)
-        return 0;
     for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
         int rv;
         rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
-        if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+        if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
             continue;
         CMS_RecipientInfo_kari_set0_pkey(ri, pk);
         rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
         CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
         if (rv > 0)
             return 1;
-        return -1;
+        return cert == NULL ? 0 : -1;
     }
     return 0;
 }
@@ -659,8 +657,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                 return 1;
         }
     }
-    /* If no cert and not debugging always return success */
-    if (match_ri && !cert && !debug) {
+    /* If no cert, key transport and not debugging always return success */
+    if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
         ERR_clear_error();
         return 1;
     }
author	Dr. Stephen Henson <steve@openssl.org>	2017-08-08 16:20:07 +0200
committer	Dr. Stephen Henson <steve@openssl.org>	2017-08-08 19:55:56 +0200
commit	3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db (patch)
tree	2ec6344a9594e32e8b9212527708c093e50bdad9 /crypto/cms/cms_smime.c
parent	Add documentation for the scrypt PKEY_METHOD (diff)
download	openssl-3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db.tar.xz openssl-3f1d1704f215dc11e1fefbb6ecdcb2a08c3a65db.zip