CMS_decrypt(3) OpenSSL CMS_decrypt(3) NNAAMMEE CMS_decrypt - decrypt content from a CMS envelopedData structure SSYYNNOOPPSSIISS #include int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont, BIO *out, unsigned int flags); DDEESSCCRRIIPPTTIIOONN _C_M_S___d_e_c_r_y_p_t_(_) extracts and decrypts the content from a CMS Enveloped- Data structure. ppkkeeyy is the private key of the recipient, cceerrtt is the recipient's certificate, oouutt is a BIO to write the content to and ffllaaggss is an optional set of flags. The ddccoonntt parameter is used in the rare case where the encrypted con- tent is detached. It will normally be set to NULL. NNOOTTEESS _O_p_e_n_S_S_L___a_d_d___a_l_l___a_l_g_o_r_i_t_h_m_s_(_) (or equivalent) should be called before using this function or errors about unknown algorithms will occur. Although the recipients certificate is not needed to decrypt the data it is needed to locate the appropriate (of possible several) recipients in the CMS structure. If cceerrtt is set to NULL all possible recipients are tried. This case however is problematic. To thwart the MMA attack (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or not. If no recipient succeeds then a random symmetric key is used to decrypt the content: this will typically output garbage and may (but is not guaranteed to) ultimately return a padding error only. If _C_M_S___d_e_c_r_y_p_t_(_) just returned an error when all recipient encrypted keys failed to decrypt an attacker could use this in a timing attack. If the special flag CCMMSS__DDEEBBUUGG__DDEECCRRYYPPTT is set then the above be- haviour is modified and an error iiss returned if no recipient encrypted key can be decrypted wwiitthhoouutt generating a random content encryption key. Applications should use this flag with eexxttrreemmee ccaauuttiioonn especially in automated gateways as it can leave them open to attack. It is possible to determine the correct recipient key by other means (for example looking them up in a database) and setting them in the CMS structure in advance using the CMS utility functions such as _C_M_S___s_e_t_1___p_k_e_y_(_). In this case both cceerrtt and ppkkeeyy should be set to NULL. To process KEKRecipientInfo types _C_M_S___s_e_t_1___k_e_y_(_) or _C_M_S___R_e_c_i_p_i_- _e_n_t_I_n_f_o___s_e_t_0___k_e_y_(_) and _C_M_S___R_e_c_e_i_p_i_e_n_t_I_n_f_o___d_e_c_r_y_p_t_(_) should be called before _C_M_S___d_e_c_r_y_p_t_(_) and cceerrtt and ppkkeeyy set to NULL. The following flags can be passed in the ffllaaggss parameter. If the CCMMSS__TTEEXXTT flag is set MIME headers for type tteexxtt//ppllaaiinn are deleted from the content. If the content is not of type tteexxtt//ppllaaiinn then an error is returned. RREETTUURRNN VVAALLUUEESS _C_M_S___d_e_c_r_y_p_t_(_) returns either 1 for success or 0 for failure. The error can be obtained from _E_R_R___g_e_t___e_r_r_o_r(3) BBUUGGSS The lack of single pass processing and the need to hold all data in memory as mentioned in _C_M_S___v_e_r_i_f_y_(_) also applies to _C_M_S___d_e_c_r_y_p_t_(_). SSEEEE AALLSSOO _E_R_R___g_e_t___e_r_r_o_r(3), _C_M_S___e_n_c_r_y_p_t(3) HHIISSTTOORRYY _C_M_S___d_e_c_r_y_p_t_(_) was added to OpenSSL 0.9.8 1.0.1u 2016-09-22 CMS_decrypt(3)