CMS_decrypt.pod 3.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. =pod
  2. =head1 NAME
  3. CMS_decrypt, CMS_decrypt_set1_pkey_and_peer, CMS_decrypt_set1_pkey - decrypt
  4. content from a CMS envelopedData structure
  5. =head1 SYNOPSIS
  6. #include <openssl/cms.h>
  7. int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
  8. BIO *dcont, BIO *out, unsigned int flags);
  9. int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms,
  10. EVP_PKEY *pk, X509 *cert, X509 *peer);
  11. int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
  12. =head1 DESCRIPTION
  13. CMS_decrypt() extracts and decrypts the content from a CMS EnvelopedData
  14. or AuthEnvelopedData structure. B<pkey> is the private key of the recipient,
  15. B<cert> is the recipient's certificate, B<out> is a BIO to write the content to
  16. and B<flags> is an optional set of flags.
  17. The B<dcont> parameter is used in the rare case where the encrypted content
  18. is detached. It will normally be set to NULL.
  19. CMS_decrypt_set1_pkey_and_peer() associates the private key B<pkey>, the
  20. corresponding certificate B<cert> and the originator certificate B<peer> with
  21. the CMS_ContentInfo structure B<cms>.
  22. CMS_decrypt_set1_pkey() associates the private key B<pkey>, corresponding
  23. certificate B<cert> with the CMS_ContentInfo structure B<cms>.
  24. =head1 NOTES
  25. Although the recipients certificate is not needed to decrypt the data it is
  26. needed to locate the appropriate (of possible several) recipients in the CMS
  27. structure.
  28. If B<cert> is set to NULL all possible recipients are tried. This case however
  29. is problematic. To thwart the MMA attack (Bleichenbacher's attack on
  30. PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or
  31. not. If no recipient succeeds then a random symmetric key is used to decrypt
  32. the content: this will typically output garbage and may (but is not guaranteed
  33. to) ultimately return a padding error only. If CMS_decrypt() just returned an
  34. error when all recipient encrypted keys failed to decrypt an attacker could
  35. use this in a timing attack. If the special flag B<CMS_DEBUG_DECRYPT> is set
  36. then the above behaviour is modified and an error B<is> returned if no
  37. recipient encrypted key can be decrypted B<without> generating a random
  38. content encryption key. Applications should use this flag with
  39. B<extreme caution> especially in automated gateways as it can leave them
  40. open to attack.
  41. It is possible to determine the correct recipient key by other means (for
  42. example looking them up in a database) and setting them in the CMS structure
  43. in advance using the CMS utility functions such as CMS_set1_pkey(). In this
  44. case both B<cert> and B<pkey> should be set to NULL.
  45. To process KEKRecipientInfo types CMS_set1_key() or CMS_RecipientInfo_set0_key()
  46. and CMS_RecipientInfo_decrypt() should be called before CMS_decrypt() and
  47. B<cert> and B<pkey> set to NULL.
  48. The following flags can be passed in the B<flags> parameter.
  49. If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
  50. from the content. If the content is not of type B<text/plain> then an error is
  51. returned.
  52. =head1 RETURN VALUES
  53. CMS_decrypt() returns either 1 for success or 0 for failure.
  54. The error can be obtained from ERR_get_error(3)
  55. =head1 BUGS
  56. The lack of single pass processing and the need to hold all data in memory as
  57. mentioned in CMS_verify() also applies to CMS_decrypt().
  58. =head1 SEE ALSO
  59. L<ERR_get_error(3)>, L<CMS_encrypt(3)>
  60. =head1 HISTORY
  61. B<CMS_decrypt_set1_pkey_and_peer> was added in OpenSSL 3.0.
  62. =head1 COPYRIGHT
  63. Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
  64. Licensed under the Apache License 2.0 (the "License"). You may not use
  65. this file except in compliance with the License. You can obtain a copy
  66. in the file LICENSE in the source distribution or at
  67. L<https://www.openssl.org/source/license.html>.
  68. =cut