../deps/openssl/openssl/crypto/cms/cms

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name cms_pwri.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_NO_HW -D OPENSSL_API_COMPAT=0x10100001L -D STATIC_LEGACY -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D MODULESDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl/lib/openssl-modules" -D OPENSSLDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl" -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto/include/internal -I ../deps/openssl/config/archs/linux-x86_64/asm/providers/common/include -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/crypto/cms/cms_pwri.c

File:	out/../deps/openssl/openssl/crypto/cms/cms_pwri.c
Warning:	line 67, column 9 Value stored to 'pbe_nid' is never read

Bug Summary

Annotated Source Code

1	/*
2	* Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include "internal/cryptlib.h"
11	#include <openssl/asn1t.h>
12	#include <openssl/pem.h>
13	#include <openssl/x509v3.h>
14	#include <openssl/err.h>
15	#include <openssl/cms.h>
16	#include <openssl/rand.h>
17	#include <openssl/aes.h>
18	#include "internal/sizes.h"
19	#include "crypto/asn1.h"
20	#include "cms_local.h"
21
22	int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
23	unsigned char *pass, ossl_ssize_tssize_t passlen)
24	{
25	CMS_PasswordRecipientInfo *pwri;
26	if (ri->type != CMS_RECIPINFO_PASS3) {
27	ERR_raise(ERR_LIB_CMS, CMS_R_NOT_PWRI)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,27,__func__), ERR_set_error)((46),(177),((void*)0));
28	return 0;
29	}
30
31	pwri = ri->d.pwri;
32	pwri->pass = pass;
33	if (pass && passlen < 0)
34	passlen = strlen((char *)pass);
35	pwri->passlen = passlen;
36	return 1;
37	}
38
39	CMS_RecipientInfo CMS_add0_recipient_password(CMS_ContentInfo cms,
40	int iter, int wrap_nid,
41	int pbe_nid,
42	unsigned char *pass,
43	ossl_ssize_tssize_t passlen,
44	const EVP_CIPHER *kekciph)
45	{
46	STACK_OF(CMS_RecipientInfo)struct stack_st_CMS_RecipientInfo *ris;
47	CMS_RecipientInfo ri = NULL((void)0);
48	CMS_EncryptedContentInfo *ec;
49	CMS_PasswordRecipientInfo *pwri;
50	EVP_CIPHER_CTX ctx = NULL((void)0);
51	X509_ALGOR encalg = NULL((void)0);
52	unsigned char iv[EVP_MAX_IV_LENGTH16];
53	int ivlen;
54	const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
55
56	ec = ossl_cms_get0_env_enc_content(cms);
57	if (ec == NULL((void*)0))
58	return NULL((void*)0);
59	ris = CMS_get0_RecipientInfos(cms);
60	if (ris == NULL((void*)0))
61	return NULL((void*)0);
62
63	if (wrap_nid <= 0)
64	wrap_nid = NID_id_alg_PWRI_KEK893;
65
66	if (pbe_nid <= 0)
67	pbe_nid = NID_id_pbkdf269;
	Value stored to 'pbe_nid' is never read
68
69	/* Get from enveloped data */
70	if (kekciph == NULL((void*)0))
71	kekciph = ec->cipher;
72
73	if (kekciph == NULL((void*)0)) {
74	ERR_raise(ERR_LIB_CMS, CMS_R_NO_CIPHER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,74,__func__), ERR_set_error)((46),(126),((void*)0));
75	return NULL((void*)0);
76	}
77	if (wrap_nid != NID_id_alg_PWRI_KEK893) {
78	ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,78,__func__), ERR_set_error)((46),(179),((void*)0));
79	return NULL((void*)0);
80	}
81
82	/* Setup algorithm identifier for cipher */
83	encalg = X509_ALGOR_new();
84	if (encalg == NULL((void*)0)) {
85	goto merr;
86	}
87	ctx = EVP_CIPHER_CTX_new();
88	if (ctx == NULL((void*)0)) {
89	ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,89,__func__), ERR_set_error)((46),((256\|((0x1 << 18L)\| (0x2 << 18L)))),((void*)0));
90	goto err;
91	}
92
93	if (EVP_EncryptInit_ex(ctx, kekciph, NULL((void)0), NULL((void)0), NULL((void*)0)) <= 0) {
94	ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,94,__func__), ERR_set_error)((46),((6 \| (0x2 << 18L))) ,((void*)0));
95	goto err;
96	}
97
98	ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
99
100	if (ivlen > 0) {
101	if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0)
102	goto err;
103	if (EVP_EncryptInit_ex(ctx, NULL((void)0), NULL((void)0), NULL((void*)0), iv) <= 0) {
104	ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,104,__func__), ERR_set_error)((46),((6 \| (0x2 << 18L)) ),((void*)0));
105	goto err;
106	}
107	encalg->parameter = ASN1_TYPE_new();
108	if (!encalg->parameter) {
109	ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,109,__func__), ERR_set_error)((46),((256\|((0x1 << 18L) \|(0x2 << 18L)))),((void*)0));
110	goto err;
111	}
112	if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
113	ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,113,__func__), ERR_set_error)((46),(102),((void*)0));
114	goto err;
115	}
116	}
117
118	encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)EVP_CIPHER_get_type(EVP_CIPHER_CTX_get0_cipher(ctx)));
119
120	EVP_CIPHER_CTX_free(ctx);
121	ctx = NULL((void*)0);
122
123	/* Initialize recipient info */
124	ri = M_ASN1_new_of(CMS_RecipientInfo)(CMS_RecipientInfo *)ASN1_item_new((CMS_RecipientInfo_it()));
125	if (ri == NULL((void*)0))
126	goto merr;
127
128	ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo)(CMS_PasswordRecipientInfo *)ASN1_item_new((CMS_PasswordRecipientInfo_it ()));
129	if (ri->d.pwri == NULL((void*)0))
130	goto merr;
131	ri->type = CMS_RECIPINFO_PASS3;
132
133	pwri = ri->d.pwri;
134	pwri->cms_ctx = cms_ctx;
135	/* Since this is overwritten, free up empty structure already there */
136	X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
137	pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
138	if (pwri->keyEncryptionAlgorithm == NULL((void*)0))
139	goto merr;
140	pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
141	pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
142	if (pwri->keyEncryptionAlgorithm->parameter == NULL((void*)0))
143	goto merr;
144
145	if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR)(X509_ALGOR_it()),
146	&pwri->keyEncryptionAlgorithm->parameter->
147	value.sequence))
148	goto merr;
149	pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE16;
150
151	X509_ALGOR_free(encalg);
152	encalg = NULL((void*)0);
153
154	/* Setup PBE algorithm */
155
156	pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL((void*)0), 0, -1, -1);
157
158	if (pwri->keyDerivationAlgorithm == NULL((void*)0))
159	goto err;
160
161	CMS_RecipientInfo_set0_password(ri, pass, passlen);
162	pwri->version = 0;
163
164	if (!sk_CMS_RecipientInfo_push(ris, ri)OPENSSL_sk_push(ossl_check_CMS_RecipientInfo_sk_type(ris), ossl_check_CMS_RecipientInfo_type (ri)))
165	goto merr;
166
167	return ri;
168
169	merr:
170	ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,170,__func__), ERR_set_error)((46),((256\|((0x1 << 18L) \|(0x2 << 18L)))),((void*)0));
171	err:
172	EVP_CIPHER_CTX_free(ctx);
173	if (ri)
174	M_ASN1_free_of(ri, CMS_RecipientInfo)ASN1_item_free(((void) (1 ? ri : (CMS_RecipientInfo)0)), (CMS_RecipientInfo_it ()));
175	X509_ALGOR_free(encalg);
176	return NULL((void*)0);
177
178	}
179
180	/*
181	* This is an implementation of the key wrapping mechanism in RFC3211, at
182	* some point this should go into EVP.
183	*/
184
185	static int kek_unwrap_key(unsigned char out, size_t outlen,
186	const unsigned char *in, size_t inlen,
187	EVP_CIPHER_CTX *ctx)
188	{
189	size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx);
190	unsigned char *tmp;
191	int outl, rv = 0;
192	if (inlen < 2 * blocklen) {
193	/* too small */
194	return 0;
195	}
196	if (inlen % blocklen) {
197	/* Invalid size */
198	return 0;
199	}
200	if ((tmp = OPENSSL_malloc(inlen)CRYPTO_malloc(inlen, "../deps/openssl/openssl/crypto/cms/cms_pwri.c" , 200)) == NULL((void*)0)) {
201	ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,201,__func__), ERR_set_error)((46),((256\|((0x1 << 18L) \|(0x2 << 18L)))),((void*)0));
202	return 0;
203	}
204	/* setup IV by decrypting last two blocks */
205	if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
206	in + inlen - 2 * blocklen, blocklen * 2)
207	/*
208	* Do a decrypt of last decrypted block to set IV to correct value
209	* output it to start of buffer so we don't corrupt decrypted block
210	* this works because buffer is at least two block lengths long.
211	*/
212	\|\| !EVP_DecryptUpdate(ctx, tmp, &outl,
213	tmp + inlen - blocklen, blocklen)
214	/* Can now decrypt first n - 1 blocks */
215	\|\| !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
216
217	/* Reset IV to original value */
218	\|\| !EVP_DecryptInit_ex(ctx, NULL((void)0), NULL((void)0), NULL((void)0), NULL((void)0))
219	/* Decrypt again */
220	\|\| !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
221	goto err;
222	/* Check check bytes */
223	if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
224	/* Check byte failure */
225	goto err;
226	}
227	if (inlen < (size_t)(tmp[0] - 4)) {
228	/* Invalid length value */
229	goto err;
230	}
231	*outlen = (size_t)tmp[0];
232	memcpy(out, tmp + 4, *outlen);
233	rv = 1;
234	err:
235	OPENSSL_clear_free(tmp, inlen)CRYPTO_clear_free(tmp, inlen, "../deps/openssl/openssl/crypto/cms/cms_pwri.c" , 235);
236	return rv;
237
238	}
239
240	static int kek_wrap_key(unsigned char out, size_t outlen,
241	const unsigned char *in, size_t inlen,
242	EVP_CIPHER_CTX ctx, const CMS_CTX cms_ctx)
243	{
244	size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx);
245	size_t olen;
246	int dummy;
247	/*
248	* First decide length of output buffer: need header and round up to
249	* multiple of block length.
250	*/
251	olen = (inlen + 4 + blocklen - 1) / blocklen;
252	olen *= blocklen;
253	if (olen < 2 * blocklen) {
254	/* Key too small */
255	return 0;
256	}
257	if (inlen > 0xFF) {
258	/* Key too large */
259	return 0;
260	}
261	if (out) {
262	/* Set header */
263	out[0] = (unsigned char)inlen;
264	out[1] = in[0] ^ 0xFF;
265	out[2] = in[1] ^ 0xFF;
266	out[3] = in[2] ^ 0xFF;
267	memcpy(out + 4, in, inlen);
268	/* Add random padding to end */
269	if (olen > inlen + 4
270	&& RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen,
271	olen - 4 - inlen, 0) <= 0)
272	return 0;
273	/* Encrypt twice */
274	if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
275	\|\| !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
276	return 0;
277	}
278
279	*outlen = olen;
280
281	return 1;
282	}
283
284	/* Encrypt/Decrypt content key in PWRI recipient info */
285
286	int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
287	CMS_RecipientInfo *ri, int en_de)
288	{
289	CMS_EncryptedContentInfo *ec;
290	CMS_PasswordRecipientInfo *pwri;
291	int r = 0;
292	X509_ALGOR algtmp, kekalg = NULL((void*)0);
293	EVP_CIPHER_CTX kekctx = NULL((void)0);
294	char name[OSSL_MAX_NAME_SIZE50];
295	EVP_CIPHER *kekcipher;
296	unsigned char key = NULL((void)0);
297	size_t keylen;
298	const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms);
299
300	ec = ossl_cms_get0_env_enc_content(cms);
301
302	pwri = ri->d.pwri;
303
304	if (pwri->pass == NULL((void*)0)) {
305	ERR_raise(ERR_LIB_CMS, CMS_R_NO_PASSWORD)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,305,__func__), ERR_set_error)((46),(178),((void*)0));
306	return 0;
307	}
308	algtmp = pwri->keyEncryptionAlgorithm;
309
310	if (!algtmp \|\| OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK893) {
311	ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,311,__func__), ERR_set_error)((46),(179),((void*)0));
312	return 0;
313	}
314
315	kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR)(X509_ALGOR_it()),
316	algtmp->parameter);
317
318	if (kekalg == NULL((void*)0)) {
319	ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,319,__func__), ERR_set_error)((46),(176),((void*)0));
320	return 0;
321	}
322
323	OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0);
324	kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), name,
325	ossl_cms_ctx_get0_propq(cms_ctx));
326
327	if (kekcipher == NULL((void*)0)) {
328	ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,328,__func__), ERR_set_error)((46),(148),((void*)0));
329	goto err;
330	}
331
332	kekctx = EVP_CIPHER_CTX_new();
333	if (kekctx == NULL((void*)0)) {
334	ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,334,__func__), ERR_set_error)((46),((256\|((0x1 << 18L) \|(0x2 << 18L)))),((void*)0));
335	goto err;
336	}
337	/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
338	if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL((void)0), NULL((void)0), NULL((void*)0), en_de))
339	goto err;
340	EVP_CIPHER_CTX_set_padding(kekctx, 0);
341	if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
342	ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,342,__func__), ERR_set_error)((46),(102),((void*)0));
343	goto err;
344	}
345
346	algtmp = pwri->keyDerivationAlgorithm;
347
348	/* Finish password based key derivation to setup key in "ctx" */
349
350	if (EVP_PBE_CipherInit(algtmp->algorithm,
351	(char *)pwri->pass, pwri->passlen,
352	algtmp->parameter, kekctx, en_de) < 0) {
353	ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,353,__func__), ERR_set_error)((46),((6 \| (0x2 << 18L)) ),((void*)0));
354	goto err;
355	}
356
357	/* Finally wrap/unwrap the key */
358
359	if (en_de) {
360
361	if (!kek_wrap_key(NULL((void*)0), &keylen, ec->key, ec->keylen, kekctx, cms_ctx))
362	goto err;
363
364	key = OPENSSL_malloc(keylen)CRYPTO_malloc(keylen, "../deps/openssl/openssl/crypto/cms/cms_pwri.c" , 364);
365
366	if (key == NULL((void*)0))
367	goto err;
368
369	if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx, cms_ctx))
370	goto err;
371	pwri->encryptedKey->data = key;
372	pwri->encryptedKey->length = keylen;
373	} else {
374	key = OPENSSL_malloc(pwri->encryptedKey->length)CRYPTO_malloc(pwri->encryptedKey->length, "../deps/openssl/openssl/crypto/cms/cms_pwri.c" , 374);
375
376	if (key == NULL((void*)0)) {
377	ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,377,__func__), ERR_set_error)((46),((256\|((0x1 << 18L) \|(0x2 << 18L)))),((void*)0));
378	goto err;
379	}
380	if (!kek_unwrap_key(key, &keylen,
381	pwri->encryptedKey->data,
382	pwri->encryptedKey->length, kekctx)) {
383	ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/cms/cms_pwri.c" ,383,__func__), ERR_set_error)((46),(180),((void*)0));
384	goto err;
385	}
386
387	OPENSSL_clear_free(ec->key, ec->keylen)CRYPTO_clear_free(ec->key, ec->keylen, "../deps/openssl/openssl/crypto/cms/cms_pwri.c" , 387);
388	ec->key = key;
389	ec->keylen = keylen;
390
391	}
392
393	r = 1;
394
395	err:
396	EVP_CIPHER_free(kekcipher);
397	EVP_CIPHER_CTX_free(kekctx);
398
399	if (!r)
400	OPENSSL_free(key)CRYPTO_free(key, "../deps/openssl/openssl/crypto/cms/cms_pwri.c" , 400);
401	X509_ALGOR_free(kekalg);
402
403	return r;
404
405	}