10Sstevel@tonic-gate /* crypto/pem/pem_seal.c */
20Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
30Sstevel@tonic-gate * All rights reserved.
40Sstevel@tonic-gate *
50Sstevel@tonic-gate * This package is an SSL implementation written
60Sstevel@tonic-gate * by Eric Young (eay@cryptsoft.com).
70Sstevel@tonic-gate * The implementation was written so as to conform with Netscapes SSL.
80Sstevel@tonic-gate *
90Sstevel@tonic-gate * This library is free for commercial and non-commercial use as long as
100Sstevel@tonic-gate * the following conditions are aheared to. The following conditions
110Sstevel@tonic-gate * apply to all code found in this distribution, be it the RC4, RSA,
120Sstevel@tonic-gate * lhash, DES, etc., code; not just the SSL code. The SSL documentation
130Sstevel@tonic-gate * included with this distribution is covered by the same copyright terms
140Sstevel@tonic-gate * except that the holder is Tim Hudson (tjh@cryptsoft.com).
150Sstevel@tonic-gate *
160Sstevel@tonic-gate * Copyright remains Eric Young's, and as such any Copyright notices in
170Sstevel@tonic-gate * the code are not to be removed.
180Sstevel@tonic-gate * If this package is used in a product, Eric Young should be given attribution
190Sstevel@tonic-gate * as the author of the parts of the library used.
200Sstevel@tonic-gate * This can be in the form of a textual message at program startup or
210Sstevel@tonic-gate * in documentation (online or textual) provided with the package.
220Sstevel@tonic-gate *
230Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
240Sstevel@tonic-gate * modification, are permitted provided that the following conditions
250Sstevel@tonic-gate * are met:
260Sstevel@tonic-gate * 1. Redistributions of source code must retain the copyright
270Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
280Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
290Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the
300Sstevel@tonic-gate * documentation and/or other materials provided with the distribution.
310Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software
320Sstevel@tonic-gate * must display the following acknowledgement:
330Sstevel@tonic-gate * "This product includes cryptographic software written by
340Sstevel@tonic-gate * Eric Young (eay@cryptsoft.com)"
350Sstevel@tonic-gate * The word 'cryptographic' can be left out if the rouines from the library
360Sstevel@tonic-gate * being used are not cryptographic related :-).
370Sstevel@tonic-gate * 4. If you include any Windows specific code (or a derivative thereof) from
380Sstevel@tonic-gate * the apps directory (application code) you must include an acknowledgement:
390Sstevel@tonic-gate * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
400Sstevel@tonic-gate *
410Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
420Sstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
430Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
440Sstevel@tonic-gate * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
450Sstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
460Sstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
470Sstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
480Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
490Sstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
500Sstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
510Sstevel@tonic-gate * SUCH DAMAGE.
520Sstevel@tonic-gate *
530Sstevel@tonic-gate * The licence and distribution terms for any publically available version or
540Sstevel@tonic-gate * derivative of this code cannot be changed. i.e. this code cannot simply be
550Sstevel@tonic-gate * copied and put under another distribution licence
560Sstevel@tonic-gate * [including the GNU Public Licence.]
570Sstevel@tonic-gate */
580Sstevel@tonic-gate
59*2139Sjp161948 #include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */
600Sstevel@tonic-gate #ifndef OPENSSL_NO_RSA
610Sstevel@tonic-gate #include <stdio.h>
620Sstevel@tonic-gate #include "cryptlib.h"
630Sstevel@tonic-gate #include <openssl/evp.h>
640Sstevel@tonic-gate #include <openssl/rand.h>
650Sstevel@tonic-gate #include <openssl/objects.h>
660Sstevel@tonic-gate #include <openssl/x509.h>
670Sstevel@tonic-gate #include <openssl/pem.h>
68*2139Sjp161948 #include <openssl/rsa.h>
690Sstevel@tonic-gate
PEM_SealInit(PEM_ENCODE_SEAL_CTX * ctx,EVP_CIPHER * type,EVP_MD * md_type,unsigned char ** ek,int * ekl,unsigned char * iv,EVP_PKEY ** pubk,int npubk)700Sstevel@tonic-gate int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
710Sstevel@tonic-gate unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
720Sstevel@tonic-gate int npubk)
730Sstevel@tonic-gate {
740Sstevel@tonic-gate unsigned char key[EVP_MAX_KEY_LENGTH];
750Sstevel@tonic-gate int ret= -1;
760Sstevel@tonic-gate int i,j,max=0;
770Sstevel@tonic-gate char *s=NULL;
780Sstevel@tonic-gate
790Sstevel@tonic-gate for (i=0; i<npubk; i++)
800Sstevel@tonic-gate {
810Sstevel@tonic-gate if (pubk[i]->type != EVP_PKEY_RSA)
820Sstevel@tonic-gate {
830Sstevel@tonic-gate PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
840Sstevel@tonic-gate goto err;
850Sstevel@tonic-gate }
860Sstevel@tonic-gate j=RSA_size(pubk[i]->pkey.rsa);
870Sstevel@tonic-gate if (j > max) max=j;
880Sstevel@tonic-gate }
890Sstevel@tonic-gate s=(char *)OPENSSL_malloc(max*2);
900Sstevel@tonic-gate if (s == NULL)
910Sstevel@tonic-gate {
920Sstevel@tonic-gate PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
930Sstevel@tonic-gate goto err;
940Sstevel@tonic-gate }
950Sstevel@tonic-gate
960Sstevel@tonic-gate EVP_EncodeInit(&ctx->encode);
970Sstevel@tonic-gate
980Sstevel@tonic-gate EVP_MD_CTX_init(&ctx->md);
990Sstevel@tonic-gate EVP_SignInit(&ctx->md,md_type);
1000Sstevel@tonic-gate
1010Sstevel@tonic-gate EVP_CIPHER_CTX_init(&ctx->cipher);
1020Sstevel@tonic-gate ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
1030Sstevel@tonic-gate if (!ret) goto err;
1040Sstevel@tonic-gate
1050Sstevel@tonic-gate /* base64 encode the keys */
1060Sstevel@tonic-gate for (i=0; i<npubk; i++)
1070Sstevel@tonic-gate {
1080Sstevel@tonic-gate j=EVP_EncodeBlock((unsigned char *)s,ek[i],
1090Sstevel@tonic-gate RSA_size(pubk[i]->pkey.rsa));
1100Sstevel@tonic-gate ekl[i]=j;
1110Sstevel@tonic-gate memcpy(ek[i],s,j+1);
1120Sstevel@tonic-gate }
1130Sstevel@tonic-gate
1140Sstevel@tonic-gate ret=npubk;
1150Sstevel@tonic-gate err:
1160Sstevel@tonic-gate if (s != NULL) OPENSSL_free(s);
1170Sstevel@tonic-gate OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
1180Sstevel@tonic-gate return(ret);
1190Sstevel@tonic-gate }
1200Sstevel@tonic-gate
PEM_SealUpdate(PEM_ENCODE_SEAL_CTX * ctx,unsigned char * out,int * outl,unsigned char * in,int inl)1210Sstevel@tonic-gate void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
1220Sstevel@tonic-gate unsigned char *in, int inl)
1230Sstevel@tonic-gate {
1240Sstevel@tonic-gate unsigned char buffer[1600];
1250Sstevel@tonic-gate int i,j;
1260Sstevel@tonic-gate
1270Sstevel@tonic-gate *outl=0;
1280Sstevel@tonic-gate EVP_SignUpdate(&ctx->md,in,inl);
1290Sstevel@tonic-gate for (;;)
1300Sstevel@tonic-gate {
1310Sstevel@tonic-gate if (inl <= 0) break;
1320Sstevel@tonic-gate if (inl > 1200)
1330Sstevel@tonic-gate i=1200;
1340Sstevel@tonic-gate else
1350Sstevel@tonic-gate i=inl;
1360Sstevel@tonic-gate EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
1370Sstevel@tonic-gate EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
1380Sstevel@tonic-gate *outl+=j;
1390Sstevel@tonic-gate out+=j;
1400Sstevel@tonic-gate in+=i;
1410Sstevel@tonic-gate inl-=i;
1420Sstevel@tonic-gate }
1430Sstevel@tonic-gate }
1440Sstevel@tonic-gate
PEM_SealFinal(PEM_ENCODE_SEAL_CTX * ctx,unsigned char * sig,int * sigl,unsigned char * out,int * outl,EVP_PKEY * priv)1450Sstevel@tonic-gate int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
1460Sstevel@tonic-gate unsigned char *out, int *outl, EVP_PKEY *priv)
1470Sstevel@tonic-gate {
1480Sstevel@tonic-gate unsigned char *s=NULL;
1490Sstevel@tonic-gate int ret=0,j;
1500Sstevel@tonic-gate unsigned int i;
1510Sstevel@tonic-gate
1520Sstevel@tonic-gate if (priv->type != EVP_PKEY_RSA)
1530Sstevel@tonic-gate {
1540Sstevel@tonic-gate PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
1550Sstevel@tonic-gate goto err;
1560Sstevel@tonic-gate }
1570Sstevel@tonic-gate i=RSA_size(priv->pkey.rsa);
1580Sstevel@tonic-gate if (i < 100) i=100;
1590Sstevel@tonic-gate s=(unsigned char *)OPENSSL_malloc(i*2);
1600Sstevel@tonic-gate if (s == NULL)
1610Sstevel@tonic-gate {
1620Sstevel@tonic-gate PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
1630Sstevel@tonic-gate goto err;
1640Sstevel@tonic-gate }
1650Sstevel@tonic-gate
1660Sstevel@tonic-gate EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
1670Sstevel@tonic-gate EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
1680Sstevel@tonic-gate *outl=j;
1690Sstevel@tonic-gate out+=j;
1700Sstevel@tonic-gate EVP_EncodeFinal(&ctx->encode,out,&j);
1710Sstevel@tonic-gate *outl+=j;
1720Sstevel@tonic-gate
1730Sstevel@tonic-gate if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
1740Sstevel@tonic-gate *sigl=EVP_EncodeBlock(sig,s,i);
1750Sstevel@tonic-gate
1760Sstevel@tonic-gate ret=1;
1770Sstevel@tonic-gate err:
1780Sstevel@tonic-gate EVP_MD_CTX_cleanup(&ctx->md);
1790Sstevel@tonic-gate EVP_CIPHER_CTX_cleanup(&ctx->cipher);
1800Sstevel@tonic-gate if (s != NULL) OPENSSL_free(s);
1810Sstevel@tonic-gate return(ret);
1820Sstevel@tonic-gate }
1830Sstevel@tonic-gate #else /* !OPENSSL_NO_RSA */
1840Sstevel@tonic-gate
1850Sstevel@tonic-gate # if PEDANTIC
1860Sstevel@tonic-gate static void *dummy=&dummy;
1870Sstevel@tonic-gate # endif
1880Sstevel@tonic-gate
1890Sstevel@tonic-gate #endif
190