| 1 | /*
|
|---|
| 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 3 | *
|
|---|
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 6 | * in the file LICENSE in the source distribution or at
|
|---|
| 7 | * https://www.openssl.org/source/license.html
|
|---|
| 8 | */
|
|---|
| 9 |
|
|---|
| 10 | #include <stdio.h>
|
|---|
| 11 | #include "internal/cryptlib.h"
|
|---|
| 12 | #include "internal/provider.h"
|
|---|
| 13 | #include <openssl/rand.h>
|
|---|
| 14 | #include <openssl/rsa.h>
|
|---|
| 15 | #include <openssl/evp.h>
|
|---|
| 16 | #include <openssl/objects.h>
|
|---|
| 17 | #include <openssl/x509.h>
|
|---|
| 18 | #include <openssl/evp.h>
|
|---|
| 19 |
|
|---|
| 20 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
|---|
| 21 | unsigned char **ek, int *ekl, unsigned char *iv,
|
|---|
| 22 | EVP_PKEY **pubk, int npubk)
|
|---|
| 23 | {
|
|---|
| 24 | unsigned char key[EVP_MAX_KEY_LENGTH];
|
|---|
| 25 | const OSSL_PROVIDER *prov;
|
|---|
| 26 | OSSL_LIB_CTX *libctx = NULL;
|
|---|
| 27 | EVP_PKEY_CTX *pctx = NULL;
|
|---|
| 28 | const EVP_CIPHER *cipher;
|
|---|
| 29 | int i, len;
|
|---|
| 30 | int rv = 0;
|
|---|
| 31 |
|
|---|
| 32 | if (type != NULL) {
|
|---|
| 33 | EVP_CIPHER_CTX_reset(ctx);
|
|---|
| 34 | if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
|
|---|
| 35 | return 0;
|
|---|
| 36 | }
|
|---|
| 37 | if ((cipher = EVP_CIPHER_CTX_get0_cipher(ctx)) != NULL
|
|---|
| 38 | && (prov = EVP_CIPHER_get0_provider(cipher)) != NULL)
|
|---|
| 39 | libctx = ossl_provider_libctx(prov);
|
|---|
| 40 | if ((npubk <= 0) || !pubk)
|
|---|
| 41 | return 1;
|
|---|
| 42 |
|
|---|
| 43 | if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
|
|---|
| 44 | return 0;
|
|---|
| 45 |
|
|---|
| 46 | len = EVP_CIPHER_CTX_get_iv_length(ctx);
|
|---|
| 47 | if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len, 0) <= 0)
|
|---|
| 48 | goto err;
|
|---|
| 49 |
|
|---|
| 50 | len = EVP_CIPHER_CTX_get_key_length(ctx);
|
|---|
| 51 | if (len < 0)
|
|---|
| 52 | goto err;
|
|---|
| 53 |
|
|---|
| 54 | if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
|
|---|
| 55 | goto err;
|
|---|
| 56 |
|
|---|
| 57 | for (i = 0; i < npubk; i++) {
|
|---|
| 58 | size_t keylen = len;
|
|---|
| 59 |
|
|---|
| 60 | pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL);
|
|---|
| 61 | if (pctx == NULL) {
|
|---|
| 62 | ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
|---|
| 63 | goto err;
|
|---|
| 64 | }
|
|---|
| 65 |
|
|---|
| 66 | if (EVP_PKEY_encrypt_init(pctx) <= 0
|
|---|
| 67 | || EVP_PKEY_encrypt(pctx, ek[i], &keylen, key, keylen) <= 0)
|
|---|
| 68 | goto err;
|
|---|
| 69 | ekl[i] = (int)keylen;
|
|---|
| 70 | EVP_PKEY_CTX_free(pctx);
|
|---|
| 71 | }
|
|---|
| 72 | pctx = NULL;
|
|---|
| 73 | rv = npubk;
|
|---|
| 74 | err:
|
|---|
| 75 | EVP_PKEY_CTX_free(pctx);
|
|---|
| 76 | OPENSSL_cleanse(key, sizeof(key));
|
|---|
| 77 | return rv;
|
|---|
| 78 | }
|
|---|
| 79 |
|
|---|
| 80 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
|
|---|
| 81 | {
|
|---|
| 82 | int i;
|
|---|
| 83 | i = EVP_EncryptFinal_ex(ctx, out, outl);
|
|---|
| 84 | if (i)
|
|---|
| 85 | i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
|
|---|
| 86 | return i;
|
|---|
| 87 | }
|
|---|
