1*0Sstevel@tonic-gate /* crypto/pem/pem_seal.c */ 2*0Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3*0Sstevel@tonic-gate * All rights reserved. 4*0Sstevel@tonic-gate * 5*0Sstevel@tonic-gate * This package is an SSL implementation written 6*0Sstevel@tonic-gate * by Eric Young (eay@cryptsoft.com). 7*0Sstevel@tonic-gate * The implementation was written so as to conform with Netscapes SSL. 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * This library is free for commercial and non-commercial use as long as 10*0Sstevel@tonic-gate * the following conditions are aheared to. The following conditions 11*0Sstevel@tonic-gate * apply to all code found in this distribution, be it the RC4, RSA, 12*0Sstevel@tonic-gate * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13*0Sstevel@tonic-gate * included with this distribution is covered by the same copyright terms 14*0Sstevel@tonic-gate * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15*0Sstevel@tonic-gate * 16*0Sstevel@tonic-gate * Copyright remains Eric Young's, and as such any Copyright notices in 17*0Sstevel@tonic-gate * the code are not to be removed. 18*0Sstevel@tonic-gate * If this package is used in a product, Eric Young should be given attribution 19*0Sstevel@tonic-gate * as the author of the parts of the library used. 20*0Sstevel@tonic-gate * This can be in the form of a textual message at program startup or 21*0Sstevel@tonic-gate * in documentation (online or textual) provided with the package. 22*0Sstevel@tonic-gate * 23*0Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without 24*0Sstevel@tonic-gate * modification, are permitted provided that the following conditions 25*0Sstevel@tonic-gate * are met: 26*0Sstevel@tonic-gate * 1. Redistributions of source code must retain the copyright 27*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer. 28*0Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright 29*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the 30*0Sstevel@tonic-gate * documentation and/or other materials provided with the distribution. 31*0Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software 32*0Sstevel@tonic-gate * must display the following acknowledgement: 33*0Sstevel@tonic-gate * "This product includes cryptographic software written by 34*0Sstevel@tonic-gate * Eric Young (eay@cryptsoft.com)" 35*0Sstevel@tonic-gate * The word 'cryptographic' can be left out if the rouines from the library 36*0Sstevel@tonic-gate * being used are not cryptographic related :-). 37*0Sstevel@tonic-gate * 4. If you include any Windows specific code (or a derivative thereof) from 38*0Sstevel@tonic-gate * the apps directory (application code) you must include an acknowledgement: 39*0Sstevel@tonic-gate * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40*0Sstevel@tonic-gate * 41*0Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42*0Sstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43*0Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44*0Sstevel@tonic-gate * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45*0Sstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46*0Sstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47*0Sstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48*0Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49*0Sstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50*0Sstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51*0Sstevel@tonic-gate * SUCH DAMAGE. 52*0Sstevel@tonic-gate * 53*0Sstevel@tonic-gate * The licence and distribution terms for any publically available version or 54*0Sstevel@tonic-gate * derivative of this code cannot be changed. i.e. this code cannot simply be 55*0Sstevel@tonic-gate * copied and put under another distribution licence 56*0Sstevel@tonic-gate * [including the GNU Public Licence.] 57*0Sstevel@tonic-gate */ 58*0Sstevel@tonic-gate 59*0Sstevel@tonic-gate #ifndef OPENSSL_NO_RSA 60*0Sstevel@tonic-gate #include <stdio.h> 61*0Sstevel@tonic-gate #include "cryptlib.h" 62*0Sstevel@tonic-gate #include <openssl/evp.h> 63*0Sstevel@tonic-gate #include <openssl/rand.h> 64*0Sstevel@tonic-gate #include <openssl/objects.h> 65*0Sstevel@tonic-gate #include <openssl/x509.h> 66*0Sstevel@tonic-gate #include <openssl/pem.h> 67*0Sstevel@tonic-gate 68*0Sstevel@tonic-gate int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, 69*0Sstevel@tonic-gate unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, 70*0Sstevel@tonic-gate int npubk) 71*0Sstevel@tonic-gate { 72*0Sstevel@tonic-gate unsigned char key[EVP_MAX_KEY_LENGTH]; 73*0Sstevel@tonic-gate int ret= -1; 74*0Sstevel@tonic-gate int i,j,max=0; 75*0Sstevel@tonic-gate char *s=NULL; 76*0Sstevel@tonic-gate 77*0Sstevel@tonic-gate for (i=0; i<npubk; i++) 78*0Sstevel@tonic-gate { 79*0Sstevel@tonic-gate if (pubk[i]->type != EVP_PKEY_RSA) 80*0Sstevel@tonic-gate { 81*0Sstevel@tonic-gate PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA); 82*0Sstevel@tonic-gate goto err; 83*0Sstevel@tonic-gate } 84*0Sstevel@tonic-gate j=RSA_size(pubk[i]->pkey.rsa); 85*0Sstevel@tonic-gate if (j > max) max=j; 86*0Sstevel@tonic-gate } 87*0Sstevel@tonic-gate s=(char *)OPENSSL_malloc(max*2); 88*0Sstevel@tonic-gate if (s == NULL) 89*0Sstevel@tonic-gate { 90*0Sstevel@tonic-gate PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); 91*0Sstevel@tonic-gate goto err; 92*0Sstevel@tonic-gate } 93*0Sstevel@tonic-gate 94*0Sstevel@tonic-gate EVP_EncodeInit(&ctx->encode); 95*0Sstevel@tonic-gate 96*0Sstevel@tonic-gate EVP_MD_CTX_init(&ctx->md); 97*0Sstevel@tonic-gate EVP_SignInit(&ctx->md,md_type); 98*0Sstevel@tonic-gate 99*0Sstevel@tonic-gate EVP_CIPHER_CTX_init(&ctx->cipher); 100*0Sstevel@tonic-gate ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); 101*0Sstevel@tonic-gate if (!ret) goto err; 102*0Sstevel@tonic-gate 103*0Sstevel@tonic-gate /* base64 encode the keys */ 104*0Sstevel@tonic-gate for (i=0; i<npubk; i++) 105*0Sstevel@tonic-gate { 106*0Sstevel@tonic-gate j=EVP_EncodeBlock((unsigned char *)s,ek[i], 107*0Sstevel@tonic-gate RSA_size(pubk[i]->pkey.rsa)); 108*0Sstevel@tonic-gate ekl[i]=j; 109*0Sstevel@tonic-gate memcpy(ek[i],s,j+1); 110*0Sstevel@tonic-gate } 111*0Sstevel@tonic-gate 112*0Sstevel@tonic-gate ret=npubk; 113*0Sstevel@tonic-gate err: 114*0Sstevel@tonic-gate if (s != NULL) OPENSSL_free(s); 115*0Sstevel@tonic-gate OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH); 116*0Sstevel@tonic-gate return(ret); 117*0Sstevel@tonic-gate } 118*0Sstevel@tonic-gate 119*0Sstevel@tonic-gate void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, 120*0Sstevel@tonic-gate unsigned char *in, int inl) 121*0Sstevel@tonic-gate { 122*0Sstevel@tonic-gate unsigned char buffer[1600]; 123*0Sstevel@tonic-gate int i,j; 124*0Sstevel@tonic-gate 125*0Sstevel@tonic-gate *outl=0; 126*0Sstevel@tonic-gate EVP_SignUpdate(&ctx->md,in,inl); 127*0Sstevel@tonic-gate for (;;) 128*0Sstevel@tonic-gate { 129*0Sstevel@tonic-gate if (inl <= 0) break; 130*0Sstevel@tonic-gate if (inl > 1200) 131*0Sstevel@tonic-gate i=1200; 132*0Sstevel@tonic-gate else 133*0Sstevel@tonic-gate i=inl; 134*0Sstevel@tonic-gate EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i); 135*0Sstevel@tonic-gate EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j); 136*0Sstevel@tonic-gate *outl+=j; 137*0Sstevel@tonic-gate out+=j; 138*0Sstevel@tonic-gate in+=i; 139*0Sstevel@tonic-gate inl-=i; 140*0Sstevel@tonic-gate } 141*0Sstevel@tonic-gate } 142*0Sstevel@tonic-gate 143*0Sstevel@tonic-gate int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, 144*0Sstevel@tonic-gate unsigned char *out, int *outl, EVP_PKEY *priv) 145*0Sstevel@tonic-gate { 146*0Sstevel@tonic-gate unsigned char *s=NULL; 147*0Sstevel@tonic-gate int ret=0,j; 148*0Sstevel@tonic-gate unsigned int i; 149*0Sstevel@tonic-gate 150*0Sstevel@tonic-gate if (priv->type != EVP_PKEY_RSA) 151*0Sstevel@tonic-gate { 152*0Sstevel@tonic-gate PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA); 153*0Sstevel@tonic-gate goto err; 154*0Sstevel@tonic-gate } 155*0Sstevel@tonic-gate i=RSA_size(priv->pkey.rsa); 156*0Sstevel@tonic-gate if (i < 100) i=100; 157*0Sstevel@tonic-gate s=(unsigned char *)OPENSSL_malloc(i*2); 158*0Sstevel@tonic-gate if (s == NULL) 159*0Sstevel@tonic-gate { 160*0Sstevel@tonic-gate PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); 161*0Sstevel@tonic-gate goto err; 162*0Sstevel@tonic-gate } 163*0Sstevel@tonic-gate 164*0Sstevel@tonic-gate EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i); 165*0Sstevel@tonic-gate EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); 166*0Sstevel@tonic-gate *outl=j; 167*0Sstevel@tonic-gate out+=j; 168*0Sstevel@tonic-gate EVP_EncodeFinal(&ctx->encode,out,&j); 169*0Sstevel@tonic-gate *outl+=j; 170*0Sstevel@tonic-gate 171*0Sstevel@tonic-gate if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err; 172*0Sstevel@tonic-gate *sigl=EVP_EncodeBlock(sig,s,i); 173*0Sstevel@tonic-gate 174*0Sstevel@tonic-gate ret=1; 175*0Sstevel@tonic-gate err: 176*0Sstevel@tonic-gate EVP_MD_CTX_cleanup(&ctx->md); 177*0Sstevel@tonic-gate EVP_CIPHER_CTX_cleanup(&ctx->cipher); 178*0Sstevel@tonic-gate if (s != NULL) OPENSSL_free(s); 179*0Sstevel@tonic-gate return(ret); 180*0Sstevel@tonic-gate } 181*0Sstevel@tonic-gate #else /* !OPENSSL_NO_RSA */ 182*0Sstevel@tonic-gate 183*0Sstevel@tonic-gate # if PEDANTIC 184*0Sstevel@tonic-gate static void *dummy=&dummy; 185*0Sstevel@tonic-gate # endif 186*0Sstevel@tonic-gate 187*0Sstevel@tonic-gate #endif 188