#include "evp.h"
int EVP_OpenInit(ctx, type, ek, ekl, iv, priv) EVP_CIPHER_CTX *ctx; EVP_CIPHER *type; unsigned char *ek, *iv; int ekl; EVP_PKEY *priv;
int EVP_OpenFinal(ctx, out, outl) EVP_CIPHER_CTX *ctx; unsigned char *out; int *outl;
int EVP_SealInit(ctx, type, ek, ekl, iv, pubk, npubk) EVP_CIPHER_CTX *ctx; EVP_CIPHER *type; unsigned char **ek, *iv; int *ekl, npubk; EVP_PKEY **pubk;
void EVP_SealFinal(ctx, out, outl) EVP_CIPHER_CTX *ctx; unsigned char *out; int *outl;
The EVP_Seal routines are (almost) all used by the PEM library when doing PEM_Seal of an object.
EVP_SealInit expects type to point to an EVP_CIPHER structure for the particular symetric cipher you want to use. pubk should point to an array of EVP_PKEYs; see EVP public key handling for the definition of this structure. npubk should be the number of EVP_PKEYs that pubk points to. ek must point to npubk slots in which encrypted copies of the randomly generated key will get put; each should be EVP_PKEY_size(pubk[i]) in size. ekl should point to npubk integers which will hold the lengths of each copy of the encrypted key.
The function initializes the ctx including setting ctx->cipher to the specified type, generates a random key and random iv, and for each pubk[i] does:
ekl[i]=EVP_PKEY_encrypt(ek[i],key,keylength(type),pubk[i]);
i.e. encrypt key with pubk[i] and stuff the result into ek[i], with tjhe length of ek[i] going into ekl[i].
The randomly generated ivec is returned in iv. The function itself returns npubk or 0 on error.
The following macro is provided for the convenience of the user:
#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
so when you call EVP_SealUpdate(ctx,out,outl,in,inl) you are actually calling EVP_EncryptUpdate(ctx,out,outl,in,inl); see EVP handling for symmetric ciphers for the definition of this function.
EVP_SealFinal invokes EVP_EncryptFinal with the same arguments it is passed, and then calls EVP_EncryptInit with NULL for each of the type, key, and iv which means that these values wll be reused from the ctx. Effectivly this just invokes the initialization function for the particular cipher specified by type, with the same values you just used for encryption. See EVP handling for symmetric ciphers for the definition of EVP_EncryptFinal and EVP_EncryptInit.
The EVP_Open routines open a previously Sealed object.
EVP_OpenInit expects the user to pass a private key in
priv, which
must be of type EVP_PKEY_RSA; no other types are presently
supported.
type is the type of symmetric cipher that the user expects was used to
encrypt the message.
priv is used to decrypt the encrypted key ek with length
ekl bytes. The length of the newly decrypted key is checked to be sure
it matches the keylength to be used with cipher type; if not,
-1 is returned.
The key and ivec are then fed to EVP_DecryptInit, along with the
cipher pointer type, setting up for decryption of the object,
and 1 is returned.
See EVP handling for symmetric ciphers
for the definition of EVP_DecryptInit.
The following macro is provided for the convenience of the user:
so when you call EVP_OpenUpdate(ctx,out,outl,in,inl) you are actually
calling EVP_DecryptUpdate(ctx,out,outl,in,inl);
see EVP handling for symmetric ciphers
for the definition of this function.
EVP_OpenFinal invokes EVP_DecryptFinal with the same arguments
it is passed, and then calls EVP_DecryptInit with NULL for each of the
type, key, and iv which means that these values
wll be reused from the ctx. Effectivly this just invokes the
initialization function for the particular cipher specified by type,
with the same values you just used for decryption.
See EVP handling for symmetric ciphers
for the definition of EVP_DecryptFinal and EVP_DecryptInit.
#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)