summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-04-21 15:39:52 +0000
committerjsing <>2014-04-21 15:39:52 +0000
commitb746bd9fb2cff6fc7b6ddd888ba614ad9bdb077b (patch)
tree5061a725ebf8b95e2ec5deb1a93f1ba043db4ec8
parentdfe511c9e1293ae4ceb37e5ed8d5cf8073dc33f3 (diff)
downloadopenbsd-b746bd9fb2cff6fc7b6ddd888ba614ad9bdb077b.tar.gz
openbsd-b746bd9fb2cff6fc7b6ddd888ba614ad9bdb077b.tar.bz2
openbsd-b746bd9fb2cff6fc7b6ddd888ba614ad9bdb077b.zip
KNF.
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/pem/pem.h156
-rw-r--r--src/lib/libcrypto/pem/pem2.h2
-rw-r--r--src/lib/libcrypto/pem/pem_all.c94
-rw-r--r--src/lib/libcrypto/pem/pem_err.c169
-rw-r--r--src/lib/libcrypto/pem/pem_info.c463
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c1036
-rw-r--r--src/lib/libcrypto/pem/pem_oth.c33
-rw-r--r--src/lib/libcrypto/pem/pem_pk8.c164
-rw-r--r--src/lib/libcrypto/pem/pem_pkey.c207
-rw-r--r--src/lib/libcrypto/pem/pem_seal.c186
-rw-r--r--src/lib/libcrypto/pem/pem_sign.c66
-rw-r--r--src/lib/libcrypto/pem/pem_x509.c3
-rw-r--r--src/lib/libcrypto/pem/pem_xaux.c5
-rw-r--r--src/lib/libcrypto/pem/pvkfmt.c598
-rw-r--r--src/lib/libssl/src/crypto/pem/pem.h156
-rw-r--r--src/lib/libssl/src/crypto/pem/pem2.h2
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_all.c94
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_err.c169
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_info.c463
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_lib.c1036
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_oth.c33
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_pk8.c164
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_pkey.c207
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_seal.c186
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_sign.c66
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_x509.c3
-rw-r--r--src/lib/libssl/src/crypto/pem/pem_xaux.c5
-rw-r--r--src/lib/libssl/src/crypto/pem/pvkfmt.c598
28 files changed, 3224 insertions, 3140 deletions
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index e27440330c..4af2db4b3c 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -139,12 +139,11 @@ extern "C" {
139 139
140 /* Note that this structure is initialised by PEM_SealInit and cleaned up 140 /* Note that this structure is initialised by PEM_SealInit and cleaned up
141 by PEM_SealFinal (at least for now) */ 141 by PEM_SealFinal (at least for now) */
142typedef struct PEM_Encode_Seal_st 142typedef struct PEM_Encode_Seal_st {
143 {
144 EVP_ENCODE_CTX encode; 143 EVP_ENCODE_CTX encode;
145 EVP_MD_CTX md; 144 EVP_MD_CTX md;
146 EVP_CIPHER_CTX cipher; 145 EVP_CIPHER_CTX cipher;
147 } PEM_ENCODE_SEAL_CTX; 146} PEM_ENCODE_SEAL_CTX;
148 147
149/* enc_type is one off */ 148/* enc_type is one off */
150#define PEM_TYPE_ENCRYPTED 10 149#define PEM_TYPE_ENCRYPTED 10
@@ -152,24 +151,22 @@ typedef struct PEM_Encode_Seal_st
152#define PEM_TYPE_MIC_CLEAR 30 151#define PEM_TYPE_MIC_CLEAR 30
153#define PEM_TYPE_CLEAR 40 152#define PEM_TYPE_CLEAR 40
154 153
155typedef struct pem_recip_st 154typedef struct pem_recip_st {
156 {
157 char *name; 155 char *name;
158 X509_NAME *dn; 156 X509_NAME *dn;
159 157
160 int cipher; 158 int cipher;
161 int key_enc; 159 int key_enc;
162 /* char iv[8]; unused and wrong size */ 160 /* char iv[8]; unused and wrong size */
163 } PEM_USER; 161} PEM_USER;
164 162
165typedef struct pem_ctx_st 163typedef struct pem_ctx_st {
166 {
167 int type; /* what type of object */ 164 int type; /* what type of object */
168 165
169 struct { 166 struct {
170 int version; 167 int version;
171 int mode; 168 int mode;
172 } proc_type; 169 } proc_type;
173 170
174 char *domain; 171 char *domain;
175 172
@@ -177,14 +174,14 @@ typedef struct pem_ctx_st
177 int cipher; 174 int cipher;
178 /* unused, and wrong size 175 /* unused, and wrong size
179 unsigned char iv[8]; */ 176 unsigned char iv[8]; */
180 } DEK_info; 177 } DEK_info;
181 178
182 PEM_USER *originator; 179 PEM_USER *originator;
183 180
184 int num_recipient; 181 int num_recipient;
185 PEM_USER **recipient; 182 PEM_USER **recipient;
186 183
187 /* XXX(ben): don#t think this is used! 184 /* XXX(ben): don#t think this is used!
188 STACK *x509_chain; / * certificate chain */ 185 STACK *x509_chain; / * certificate chain */
189 EVP_MD *md; /* signature type */ 186 EVP_MD *md; /* signature type */
190 187
@@ -198,11 +195,10 @@ typedef struct pem_ctx_st
198 /* unused, and wrong size 195 /* unused, and wrong size
199 unsigned char iv[8]; */ 196 unsigned char iv[8]; */
200 197
201
202 int data_enc; /* is the data encrypted */ 198 int data_enc; /* is the data encrypted */
203 int data_len; 199 int data_len;
204 unsigned char *data; 200 unsigned char *data;
205 } PEM_CTX; 201} PEM_CTX;
206 202
207/* These macros make the PEM_read/PEM_write functions easier to maintain and 203/* These macros make the PEM_read/PEM_write functions easier to maintain and
208 * write. Now they are all implemented with either: 204 * write. Now they are all implemented with either:
@@ -223,7 +219,7 @@ typedef struct pem_ctx_st
223type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ 219type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
224{ \ 220{ \
225return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ 221return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
226} 222}
227 223
228#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ 224#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
229int PEM_write_##name(FILE *fp, type *x) \ 225int PEM_write_##name(FILE *fp, type *x) \
@@ -289,23 +285,23 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
289 285
290#define IMPLEMENT_PEM_write(name, type, str, asn1) \ 286#define IMPLEMENT_PEM_write(name, type, str, asn1) \
291 IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ 287 IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
292 IMPLEMENT_PEM_write_fp(name, type, str, asn1) 288 IMPLEMENT_PEM_write_fp(name, type, str, asn1)
293 289
294#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ 290#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
295 IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ 291 IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
296 IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) 292 IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
297 293
298#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ 294#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
299 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ 295 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
300 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 296 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
301 297
302#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ 298#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
303 IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ 299 IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
304 IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) 300 IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
305 301
306#define IMPLEMENT_PEM_read(name, type, str, asn1) \ 302#define IMPLEMENT_PEM_read(name, type, str, asn1) \
307 IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ 303 IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
308 IMPLEMENT_PEM_read_fp(name, type, str, asn1) 304 IMPLEMENT_PEM_read_fp(name, type, str, asn1)
309 305
310#define IMPLEMENT_PEM_rw(name, type, str, asn1) \ 306#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
311 IMPLEMENT_PEM_read(name, type, str, asn1) \ 307 IMPLEMENT_PEM_read(name, type, str, asn1) \
@@ -369,7 +365,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
369 365
370#define DECLARE_PEM_write(name, type) \ 366#define DECLARE_PEM_write(name, type) \
371 DECLARE_PEM_write_bio(name, type) \ 367 DECLARE_PEM_write_bio(name, type) \
372 DECLARE_PEM_write_fp(name, type) 368 DECLARE_PEM_write_fp(name, type)
373 369
374#define DECLARE_PEM_write_const(name, type) \ 370#define DECLARE_PEM_write_const(name, type) \
375 DECLARE_PEM_write_bio_const(name, type) \ 371 DECLARE_PEM_write_bio_const(name, type) \
@@ -377,7 +373,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
377 373
378#define DECLARE_PEM_write_cb(name, type) \ 374#define DECLARE_PEM_write_cb(name, type) \
379 DECLARE_PEM_write_cb_bio(name, type) \ 375 DECLARE_PEM_write_cb_bio(name, type) \
380 DECLARE_PEM_write_cb_fp(name, type) 376 DECLARE_PEM_write_cb_fp(name, type)
381 377
382#define DECLARE_PEM_read(name, type) \ 378#define DECLARE_PEM_read(name, type) \
383 DECLARE_PEM_read_bio(name, type) \ 379 DECLARE_PEM_read_bio(name, type) \
@@ -404,50 +400,52 @@ typedef int pem_password_cb(char *buf, int size, int rwflag);
404#endif 400#endif
405 401
406int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); 402int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
407int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, 403int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
408 pem_password_cb *callback,void *u); 404 pem_password_cb *callback, void *u);
409 405
410#ifndef OPENSSL_NO_BIO 406#ifndef OPENSSL_NO_BIO
411int PEM_read_bio(BIO *bp, char **name, char **header, 407int PEM_read_bio(BIO *bp, char **name, char **header,
412 unsigned char **data,long *len); 408 unsigned char **data, long *len);
413int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, 409int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data,
414 long len); 410 long len);
415int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, 411int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
416 pem_password_cb *cb, void *u); 412 const char *name, BIO *bp, pem_password_cb *cb, void *u);
417void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, 413void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
418 void **x, pem_password_cb *cb, void *u); 414 void **x, pem_password_cb *cb, void *u);
419int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x, 415int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
420 const EVP_CIPHER *enc,unsigned char *kstr,int klen, 416 const EVP_CIPHER *enc, unsigned char *kstr, int klen,
421 pem_password_cb *cb, void *u); 417 pem_password_cb *cb, void *u);
422 418
423STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); 419STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp,
424int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, 420 STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
425 unsigned char *kstr, int klen, pem_password_cb *cd, void *u); 421int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
422 unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
426#endif 423#endif
427 424
428int PEM_read(FILE *fp, char **name, char **header, 425int PEM_read(FILE *fp, char **name, char **header,
429 unsigned char **data,long *len); 426 unsigned char **data, long *len);
430int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); 427int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data,
428 long len);
431void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, 429void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
432 pem_password_cb *cb, void *u); 430 pem_password_cb *cb, void *u);
433int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, 431int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
434 void *x,const EVP_CIPHER *enc,unsigned char *kstr, 432 void *x, const EVP_CIPHER *enc, unsigned char *kstr,
435 int klen,pem_password_cb *callback, void *u); 433 int klen, pem_password_cb *callback, void *u);
436STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, 434STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
437 pem_password_cb *cb, void *u); 435 pem_password_cb *cb, void *u);
438 436
439int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, 437int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
440 EVP_MD *md_type, unsigned char **ek, int *ekl, 438 EVP_MD *md_type, unsigned char **ek, int *ekl,
441 unsigned char *iv, EVP_PKEY **pubk, int npubk); 439 unsigned char *iv, EVP_PKEY **pubk, int npubk);
442void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, 440void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
443 unsigned char *in, int inl); 441 unsigned char *in, int inl);
444int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, 442int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
445 unsigned char *out, int *outl, EVP_PKEY *priv); 443 unsigned char *out, int *outl, EVP_PKEY *priv);
446 444
447void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); 445void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
448void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); 446void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
449int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, 447int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
450 unsigned int *siglen, EVP_PKEY *pkey); 448 unsigned int *siglen, EVP_PKEY *pkey);
451 449
452int PEM_def_callback(char *buf, int num, int w, void *key); 450int PEM_def_callback(char *buf, int num, int w, void *key);
453void PEM_proc_type(char *buf, int type); 451void PEM_proc_type(char *buf, int type);
@@ -509,32 +507,34 @@ DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
509DECLARE_PEM_rw(PUBKEY, EVP_PKEY) 507DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
510 508
511int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, 509int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
512 char *kstr, int klen, 510 char *kstr, int klen,
513 pem_password_cb *cb, void *u); 511 pem_password_cb *cb, void *u);
514int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, 512int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
515 char *, int, pem_password_cb *, void *); 513 char *, int, pem_password_cb *, void *);
516int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 514int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
517 char *kstr, int klen, 515 char *kstr, int klen,
518 pem_password_cb *cb, void *u); 516 pem_password_cb *cb, void *u);
519int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, 517int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
520 char *kstr, int klen, 518 char *kstr, int klen,
521 pem_password_cb *cb, void *u); 519 pem_password_cb *cb, void *u);
522EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); 520EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
521 void *u);
523 522
524int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 523int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
525 char *kstr, int klen, 524 char *kstr, int klen,
526 pem_password_cb *cb, void *u); 525 pem_password_cb *cb, void *u);
527int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, 526int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
528 char *kstr, int klen, 527 char *kstr, int klen,
529 pem_password_cb *cb, void *u); 528 pem_password_cb *cb, void *u);
530int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, 529int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
531 char *kstr, int klen, 530 char *kstr, int klen,
532 pem_password_cb *cb, void *u); 531 pem_password_cb *cb, void *u);
533 532
534EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); 533EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
534 void *u);
535 535
536int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, 536int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
537 char *kstr,int klen, pem_password_cb *cd, void *u); 537 char *kstr, int klen, pem_password_cb *cd, void *u);
538 538
539EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); 539EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
540int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); 540int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
@@ -548,8 +548,8 @@ int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
548int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); 548int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
549#ifndef OPENSSL_NO_RC4 549#ifndef OPENSSL_NO_RC4
550EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); 550EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
551int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, 551int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb,
552 pem_password_cb *cb, void *u); 552 void *u);
553#endif 553#endif
554 554
555 555
diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h
index f31790d69c..84897d5ec3 100644
--- a/src/lib/libcrypto/pem/pem2.h
+++ b/src/lib/libcrypto/pem/pem2.h
@@ -6,7 +6,7 @@
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 10 *
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in 12 * notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index 6ff6be7fbe..8b54d1a698 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -146,7 +146,7 @@ IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
146IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) 146IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
147 147
148IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, 148IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
149 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) 149 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
150 150
151 151
152#ifndef OPENSSL_NO_RSA 152#ifndef OPENSSL_NO_RSA
@@ -159,34 +159,40 @@ IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
159 * transparently. 159 * transparently.
160 */ 160 */
161 161
162static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) 162static RSA *
163pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
163{ 164{
164 RSA *rtmp; 165 RSA *rtmp;
165 if(!key) return NULL; 166
167 if (!key)
168 return NULL;
166 rtmp = EVP_PKEY_get1_RSA(key); 169 rtmp = EVP_PKEY_get1_RSA(key);
167 EVP_PKEY_free(key); 170 EVP_PKEY_free(key);
168 if(!rtmp) return NULL; 171 if (!rtmp)
169 if(rsa) { 172 return NULL;
173 if (rsa) {
170 RSA_free(*rsa); 174 RSA_free(*rsa);
171 *rsa = rtmp; 175 *rsa = rtmp;
172 } 176 }
173 return rtmp; 177 return rtmp;
174} 178}
175 179
176RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, 180RSA *
177 void *u) 181PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u)
178{ 182{
179 EVP_PKEY *pktmp; 183 EVP_PKEY *pktmp;
184
180 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); 185 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
181 return pkey_get_rsa(pktmp, rsa); 186 return pkey_get_rsa(pktmp, rsa);
182} 187}
183 188
184#ifndef OPENSSL_NO_FP_API 189#ifndef OPENSSL_NO_FP_API
185 190
186RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, 191RSA *
187 void *u) 192PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
188{ 193{
189 EVP_PKEY *pktmp; 194 EVP_PKEY *pktmp;
195
190 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); 196 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
191 return pkey_get_rsa(pktmp, rsa); 197 return pkey_get_rsa(pktmp, rsa);
192} 198}
@@ -202,24 +208,29 @@ IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
202 208
203#ifndef OPENSSL_NO_DSA 209#ifndef OPENSSL_NO_DSA
204 210
205static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) 211static DSA *
212pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
206{ 213{
207 DSA *dtmp; 214 DSA *dtmp;
208 if(!key) return NULL; 215
216 if (!key)
217 return NULL;
209 dtmp = EVP_PKEY_get1_DSA(key); 218 dtmp = EVP_PKEY_get1_DSA(key);
210 EVP_PKEY_free(key); 219 EVP_PKEY_free(key);
211 if(!dtmp) return NULL; 220 if (!dtmp)
212 if(dsa) { 221 return NULL;
222 if (dsa) {
213 DSA_free(*dsa); 223 DSA_free(*dsa);
214 *dsa = dtmp; 224 *dsa = dtmp;
215 } 225 }
216 return dtmp; 226 return dtmp;
217} 227}
218 228
219DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, 229DSA *
220 void *u) 230PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, void *u)
221{ 231{
222 EVP_PKEY *pktmp; 232 EVP_PKEY *pktmp;
233
223 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); 234 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
224 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ 235 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
225} 236}
@@ -230,10 +241,11 @@ IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
230 241
231#ifndef OPENSSL_NO_FP_API 242#ifndef OPENSSL_NO_FP_API
232 243
233DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, 244DSA *
234 void *u) 245PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
235{ 246{
236 EVP_PKEY *pktmp; 247 EVP_PKEY *pktmp;
248
237 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); 249 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
238 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ 250 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
239} 251}
@@ -246,43 +258,47 @@ IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
246 258
247 259
248#ifndef OPENSSL_NO_EC 260#ifndef OPENSSL_NO_EC
249static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) 261static EC_KEY *
262pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
250{ 263{
251 EC_KEY *dtmp; 264 EC_KEY *dtmp;
252 if(!key) return NULL; 265
266 if (!key)
267 return NULL;
253 dtmp = EVP_PKEY_get1_EC_KEY(key); 268 dtmp = EVP_PKEY_get1_EC_KEY(key);
254 EVP_PKEY_free(key); 269 EVP_PKEY_free(key);
255 if(!dtmp) return NULL; 270 if (!dtmp)
256 if(eckey) 271 return NULL;
257 { 272 if (eckey) {
258 EC_KEY_free(*eckey); 273 EC_KEY_free(*eckey);
259 *eckey = dtmp; 274 *eckey = dtmp;
260 } 275 }
261 return dtmp; 276 return dtmp;
262} 277}
263 278
264EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, 279EC_KEY *
265 void *u) 280PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, void *u)
266{ 281{
267 EVP_PKEY *pktmp; 282 EVP_PKEY *pktmp;
268 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); 283 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
269 return pkey_get_eckey(pktmp, key); /* will free pktmp */ 284 return pkey_get_eckey(pktmp, key); /* will free pktmp */
270} 285}
271 286
272IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) 287IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
288 ECPKParameters)
273 289
274 290IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
275 291 ECPrivateKey)
276IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
277 292
278IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) 293IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
279 294
280#ifndef OPENSSL_NO_FP_API 295#ifndef OPENSSL_NO_FP_API
281 296
282EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, 297EC_KEY *
283 void *u) 298PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, void *u)
284{ 299{
285 EVP_PKEY *pktmp; 300 EVP_PKEY *pktmp;
301
286 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); 302 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
287 return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ 303 return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
288} 304}
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
index d644aeedd4..8fa292fa38 100644
--- a/src/lib/libcrypto/pem/pem_err.c
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,94 +68,91 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
70 70
71static ERR_STRING_DATA PEM_str_functs[]= 71static ERR_STRING_DATA PEM_str_functs[] = {
72 { 72 {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"},
73{ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"}, 73 {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
74{ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, 74 {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"},
75{ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"}, 75 {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"},
76{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"}, 76 {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"},
77{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"}, 77 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
78{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, 78 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
79{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, 79 {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"},
80{ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"}, 80 {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"},
81{ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"}, 81 {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"},
82{ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"}, 82 {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
83{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, 83 {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
84{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, 84 {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"},
85{ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"}, 85 {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
86{ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"}, 86 {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"},
87{ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"}, 87 {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
88{ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, 88 {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
89{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, 89 {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
90{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, 90 {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
91{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, 91 {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
92{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, 92 {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
93{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, 93 {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
94{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, 94 {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
95{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, 95 {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
96{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, 96 {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
97{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, 97 {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
98{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, 98 {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
99{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, 99 {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
100{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, 100 {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
101{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, 101 {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
102{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, 102 {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
103{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, 103 {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
104{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, 104 {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
105{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, 105 {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
106{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, 106 {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
107{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, 107 {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
108{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, 108 {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"},
109{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"}, 109 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
110{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, 110 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
111{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, 111 {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
112{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, 112 {0, NULL}
113{0,NULL} 113};
114 };
115 114
116static ERR_STRING_DATA PEM_str_reasons[]= 115static ERR_STRING_DATA PEM_str_reasons[] = {
117 { 116 {ERR_REASON(PEM_R_BAD_BASE64_DECODE) , "bad base64 decode"},
118{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"}, 117 {ERR_REASON(PEM_R_BAD_DECRYPT) , "bad decrypt"},
119{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, 118 {ERR_REASON(PEM_R_BAD_END_LINE) , "bad end line"},
120{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, 119 {ERR_REASON(PEM_R_BAD_IV_CHARS) , "bad iv chars"},
121{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, 120 {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) , "bad magic number"},
122{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) ,"bad magic number"}, 121 {ERR_REASON(PEM_R_BAD_PASSWORD_READ) , "bad password read"},
123{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, 122 {ERR_REASON(PEM_R_BAD_VERSION_NUMBER) , "bad version number"},
124{ERR_REASON(PEM_R_BAD_VERSION_NUMBER) ,"bad version number"}, 123 {ERR_REASON(PEM_R_BIO_WRITE_FAILURE) , "bio write failure"},
125{ERR_REASON(PEM_R_BIO_WRITE_FAILURE) ,"bio write failure"}, 124 {ERR_REASON(PEM_R_CIPHER_IS_NULL) , "cipher is null"},
126{ERR_REASON(PEM_R_CIPHER_IS_NULL) ,"cipher is null"}, 125 {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY), "error converting private key"},
127{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, 126 {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB), "expecting private key blob"},
128{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"}, 127 {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), "expecting public key blob"},
129{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"}, 128 {ERR_REASON(PEM_R_INCONSISTENT_HEADER) , "inconsistent header"},
130{ERR_REASON(PEM_R_INCONSISTENT_HEADER) ,"inconsistent header"}, 129 {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), "keyblob header parse error"},
131{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"}, 130 {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) , "keyblob too short"},
132{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) ,"keyblob too short"}, 131 {ERR_REASON(PEM_R_NOT_DEK_INFO) , "not dek info"},
133{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, 132 {ERR_REASON(PEM_R_NOT_ENCRYPTED) , "not encrypted"},
134{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, 133 {ERR_REASON(PEM_R_NOT_PROC_TYPE) , "not proc type"},
135{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, 134 {ERR_REASON(PEM_R_NO_START_LINE) , "no start line"},
136{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, 135 {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), "problems getting password"},
137{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, 136 {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) , "public key no rsa"},
138{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, 137 {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) , "pvk data too short"},
139{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) ,"pvk data too short"}, 138 {ERR_REASON(PEM_R_PVK_TOO_SHORT) , "pvk too short"},
140{ERR_REASON(PEM_R_PVK_TOO_SHORT) ,"pvk too short"}, 139 {ERR_REASON(PEM_R_READ_KEY) , "read key"},
141{ERR_REASON(PEM_R_READ_KEY) ,"read key"}, 140 {ERR_REASON(PEM_R_SHORT_HEADER) , "short header"},
142{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, 141 {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) , "unsupported cipher"},
143{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, 142 {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
144{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, 143 {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS), "unsupported key components"},
145{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"}, 144 {0, NULL}
146{0,NULL} 145};
147 };
148 146
149#endif 147#endif
150 148
151void ERR_load_PEM_strings(void) 149void
152 { 150ERR_load_PEM_strings(void)
151{
153#ifndef OPENSSL_NO_ERR 152#ifndef OPENSSL_NO_ERR
154 153 if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
155 if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) 154 ERR_load_strings(0, PEM_str_functs);
156 { 155 ERR_load_strings(0, PEM_str_reasons);
157 ERR_load_strings(0,PEM_str_functs);
158 ERR_load_strings(0,PEM_str_reasons);
159 }
160#endif
161 } 156 }
157#endif
158}
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 4351260dfb..967d6d2d41 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -71,324 +71,315 @@
71#endif 71#endif
72 72
73#ifndef OPENSSL_NO_FP_API 73#ifndef OPENSSL_NO_FP_API
74STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) 74STACK_OF(X509_INFO) *
75 { 75PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
76 BIO *b; 76 void *u)
77 STACK_OF(X509_INFO) *ret; 77{
78 BIO *b;
79 STACK_OF(X509_INFO) *ret;
78 80
79 if ((b=BIO_new(BIO_s_file())) == NULL) 81 if ((b = BIO_new(BIO_s_file())) == NULL) {
80 { 82 PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
81 PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB); 83 return (0);
82 return(0);
83 }
84 BIO_set_fp(b,fp,BIO_NOCLOSE);
85 ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
86 BIO_free(b);
87 return(ret);
88 } 84 }
85 BIO_set_fp(b, fp, BIO_NOCLOSE);
86 ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
87 BIO_free(b);
88 return (ret);
89}
89#endif 90#endif
90 91
91STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) 92STACK_OF(X509_INFO) *
92 { 93PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
93 X509_INFO *xi=NULL; 94 void *u)
94 char *name=NULL,*header=NULL; 95{
96 X509_INFO *xi = NULL;
97 char *name = NULL, *header = NULL;
95 void *pp; 98 void *pp;
96 unsigned char *data=NULL; 99 unsigned char *data = NULL;
97 const unsigned char *p; 100 const unsigned char *p;
98 long len,error=0; 101 long len, error = 0;
99 int ok=0; 102 int ok = 0;
100 STACK_OF(X509_INFO) *ret=NULL; 103 STACK_OF(X509_INFO) *ret = NULL;
101 unsigned int i,raw,ptype; 104 unsigned int i, raw, ptype;
102 d2i_of_void *d2i = 0; 105 d2i_of_void *d2i = 0;
103 106
104 if (sk == NULL) 107 if (sk == NULL) {
105 { 108 if ((ret = sk_X509_INFO_new_null()) == NULL) {
106 if ((ret=sk_X509_INFO_new_null()) == NULL) 109 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,
107 { 110 ERR_R_MALLOC_FAILURE);
108 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
109 goto err; 111 goto err;
110 }
111 } 112 }
112 else 113 } else
113 ret=sk; 114 ret = sk;
114 115
115 if ((xi=X509_INFO_new()) == NULL) goto err; 116 if ((xi = X509_INFO_new()) == NULL)
116 for (;;) 117 goto err;
117 { 118 for (;;) {
118 raw=0; 119 raw = 0;
119 ptype = 0; 120 ptype = 0;
120 i=PEM_read_bio(bp,&name,&header,&data,&len); 121 i = PEM_read_bio(bp, &name, &header, &data, &len);
121 if (i == 0) 122 if (i == 0) {
122 { 123 error = ERR_GET_REASON(ERR_peek_last_error());
123 error=ERR_GET_REASON(ERR_peek_last_error()); 124 if (error == PEM_R_NO_START_LINE) {
124 if (error == PEM_R_NO_START_LINE)
125 {
126 ERR_clear_error(); 125 ERR_clear_error();
127 break; 126 break;
128 }
129 goto err;
130 } 127 }
128 goto err;
129 }
131start: 130start:
132 if ( (strcmp(name,PEM_STRING_X509) == 0) || 131 if ((strcmp(name, PEM_STRING_X509) == 0) ||
133 (strcmp(name,PEM_STRING_X509_OLD) == 0)) 132 (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
134 { 133 d2i = (D2I_OF(void))d2i_X509;
135 d2i=(D2I_OF(void))d2i_X509; 134 if (xi->x509 != NULL) {
136 if (xi->x509 != NULL) 135 if (!sk_X509_INFO_push(ret, xi))
137 { 136 goto err;
138 if (!sk_X509_INFO_push(ret,xi)) goto err; 137 if ((xi = X509_INFO_new()) == NULL)
139 if ((xi=X509_INFO_new()) == NULL) goto err; 138 goto err;
140 goto start; 139 goto start;
141 }
142 pp=&(xi->x509);
143 } 140 }
144 else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) 141 pp = &(xi->x509);
145 { 142 } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
146 d2i=(D2I_OF(void))d2i_X509_AUX; 143 d2i = (D2I_OF(void))d2i_X509_AUX;
147 if (xi->x509 != NULL) 144 if (xi->x509 != NULL) {
148 { 145 if (!sk_X509_INFO_push(ret, xi))
149 if (!sk_X509_INFO_push(ret,xi)) goto err; 146 goto err;
150 if ((xi=X509_INFO_new()) == NULL) goto err; 147 if ((xi = X509_INFO_new()) == NULL)
148 goto err;
151 goto start; 149 goto start;
152 }
153 pp=&(xi->x509);
154 } 150 }
155 else if (strcmp(name,PEM_STRING_X509_CRL) == 0) 151 pp = &(xi->x509);
156 { 152 } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
157 d2i=(D2I_OF(void))d2i_X509_CRL; 153 d2i = (D2I_OF(void))d2i_X509_CRL;
158 if (xi->crl != NULL) 154 if (xi->crl != NULL) {
159 { 155 if (!sk_X509_INFO_push(ret, xi))
160 if (!sk_X509_INFO_push(ret,xi)) goto err; 156 goto err;
161 if ((xi=X509_INFO_new()) == NULL) goto err; 157 if ((xi = X509_INFO_new()) == NULL)
158 goto err;
162 goto start; 159 goto start;
163 }
164 pp=&(xi->crl);
165 } 160 }
166 else 161 pp = &(xi->crl);
162 } else
167#ifndef OPENSSL_NO_RSA 163#ifndef OPENSSL_NO_RSA
168 if (strcmp(name,PEM_STRING_RSA) == 0) 164 if (strcmp(name, PEM_STRING_RSA) == 0) {
169 { 165 d2i = (D2I_OF(void))d2i_RSAPrivateKey;
170 d2i=(D2I_OF(void))d2i_RSAPrivateKey; 166 if (xi->x_pkey != NULL) {
171 if (xi->x_pkey != NULL) 167 if (!sk_X509_INFO_push(ret, xi))
172 { 168 goto err;
173 if (!sk_X509_INFO_push(ret,xi)) goto err; 169 if ((xi = X509_INFO_new()) == NULL)
174 if ((xi=X509_INFO_new()) == NULL) goto err; 170 goto err;
175 goto start; 171 goto start;
176 } 172 }
177 173
178 xi->enc_data=NULL; 174 xi->enc_data = NULL;
179 xi->enc_len=0; 175 xi->enc_len = 0;
180 176
181 xi->x_pkey=X509_PKEY_new(); 177 xi->x_pkey = X509_PKEY_new();
182 ptype=EVP_PKEY_RSA; 178 ptype = EVP_PKEY_RSA;
183 pp=&xi->x_pkey->dec_pkey; 179 pp = &xi->x_pkey->dec_pkey;
184 if ((int)strlen(header) > 10) /* assume encrypted */ 180 if ((int)strlen(header) > 10) /* assume encrypted */
185 raw=1; 181 raw = 1;
186 } 182 } else
187 else
188#endif 183#endif
189#ifndef OPENSSL_NO_DSA 184#ifndef OPENSSL_NO_DSA
190 if (strcmp(name,PEM_STRING_DSA) == 0) 185 if (strcmp(name, PEM_STRING_DSA) == 0) {
191 { 186 d2i = (D2I_OF(void))d2i_DSAPrivateKey;
192 d2i=(D2I_OF(void))d2i_DSAPrivateKey; 187 if (xi->x_pkey != NULL) {
193 if (xi->x_pkey != NULL) 188 if (!sk_X509_INFO_push(ret, xi))
194 { 189 goto err;
195 if (!sk_X509_INFO_push(ret,xi)) goto err; 190 if ((xi = X509_INFO_new()) == NULL)
196 if ((xi=X509_INFO_new()) == NULL) goto err; 191 goto err;
197 goto start; 192 goto start;
198 } 193 }
199 194
200 xi->enc_data=NULL; 195 xi->enc_data = NULL;
201 xi->enc_len=0; 196 xi->enc_len = 0;
202 197
203 xi->x_pkey=X509_PKEY_new(); 198 xi->x_pkey = X509_PKEY_new();
204 ptype = EVP_PKEY_DSA; 199 ptype = EVP_PKEY_DSA;
205 pp=&xi->x_pkey->dec_pkey; 200 pp = &xi->x_pkey->dec_pkey;
206 if ((int)strlen(header) > 10) /* assume encrypted */ 201 if ((int)strlen(header) > 10) /* assume encrypted */
207 raw=1; 202 raw = 1;
208 } 203 } else
209 else
210#endif 204#endif
211#ifndef OPENSSL_NO_EC 205#ifndef OPENSSL_NO_EC
212 if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0) 206 if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
213 { 207 d2i = (D2I_OF(void))d2i_ECPrivateKey;
214 d2i=(D2I_OF(void))d2i_ECPrivateKey; 208 if (xi->x_pkey != NULL) {
215 if (xi->x_pkey != NULL) 209 if (!sk_X509_INFO_push(ret, xi))
216 { 210 goto err;
217 if (!sk_X509_INFO_push(ret,xi)) goto err; 211 if ((xi = X509_INFO_new()) == NULL)
218 if ((xi=X509_INFO_new()) == NULL) goto err; 212 goto err;
219 goto start; 213 goto start;
220 }
221
222 xi->enc_data=NULL;
223 xi->enc_len=0;
224
225 xi->x_pkey=X509_PKEY_new();
226 ptype = EVP_PKEY_EC;
227 pp=&xi->x_pkey->dec_pkey;
228 if ((int)strlen(header) > 10) /* assume encrypted */
229 raw=1;
230 } 214 }
231 else 215
216 xi->enc_data = NULL;
217 xi->enc_len = 0;
218
219 xi->x_pkey = X509_PKEY_new();
220 ptype = EVP_PKEY_EC;
221 pp = &xi->x_pkey->dec_pkey;
222 if ((int)strlen(header) > 10) /* assume encrypted */
223 raw = 1;
224 } else
232#endif 225#endif
233 { 226 {
234 d2i=NULL; 227 d2i = NULL;
235 pp=NULL; 228 pp = NULL;
236 } 229 }
237 230
238 if (d2i != NULL) 231 if (d2i != NULL) {
239 { 232 if (!raw) {
240 if (!raw)
241 {
242 EVP_CIPHER_INFO cipher; 233 EVP_CIPHER_INFO cipher;
243 234
244 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) 235 if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
245 goto err; 236 goto err;
246 if (!PEM_do_header(&cipher,data,&len,cb,u)) 237 if (!PEM_do_header(&cipher, data, &len, cb, u))
247 goto err; 238 goto err;
248 p=data; 239 p = data;
249 if (ptype) 240 if (ptype) {
250 { 241 if (!d2i_PrivateKey(ptype, pp, &p,
251 if (!d2i_PrivateKey(ptype, pp, &p, len)) 242 len)) {
252 { 243 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
253 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
254 goto err; 244 goto err;
255 }
256 } 245 }
257 else if (d2i(pp,&p,len) == NULL) 246 } else if (d2i(pp, &p, len) == NULL) {
258 { 247 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
259 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
260 goto err; 248 goto err;
261 }
262 } 249 }
263 else 250 } else { /* encrypted RSA data */
264 { /* encrypted RSA data */
265 if (!PEM_get_EVP_CIPHER_INFO(header, 251 if (!PEM_get_EVP_CIPHER_INFO(header,
266 &xi->enc_cipher)) goto err; 252 &xi->enc_cipher))
267 xi->enc_data=(char *)data; 253 goto err;
268 xi->enc_len=(int)len; 254 xi->enc_data = (char *)data;
269 data=NULL; 255 xi->enc_len = (int)len;
270 } 256 data = NULL;
271 } 257 }
272 else { 258 } else {
273 /* unknown */ 259 /* unknown */
274 }
275 if (name != NULL) free(name);
276 if (header != NULL) free(header);
277 if (data != NULL) free(data);
278 name=NULL;
279 header=NULL;
280 data=NULL;
281 } 260 }
261 if (name != NULL)
262 free(name);
263 if (header != NULL)
264 free(header);
265 if (data != NULL)
266 free(data);
267 name = NULL;
268 header = NULL;
269 data = NULL;
270 }
282 271
283 /* if the last one hasn't been pushed yet and there is anything 272 /* if the last one hasn't been pushed yet and there is anything
284 * in it then add it to the stack ... 273 * in it then add it to the stack ...
285 */ 274 */
286 if ((xi->x509 != NULL) || (xi->crl != NULL) || 275 if ((xi->x509 != NULL) || (xi->crl != NULL) ||
287 (xi->x_pkey != NULL) || (xi->enc_data != NULL)) 276 (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
288 { 277 if (!sk_X509_INFO_push(ret, xi))
289 if (!sk_X509_INFO_push(ret,xi)) goto err; 278 goto err;
290 xi=NULL; 279 xi = NULL;
291 } 280 }
292 ok=1; 281 ok = 1;
282
293err: 283err:
294 if (xi != NULL) X509_INFO_free(xi); 284 if (xi != NULL)
295 if (!ok) 285 X509_INFO_free(xi);
296 { 286 if (!ok) {
297 for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++) 287 for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
298 { 288 xi = sk_X509_INFO_value(ret, i);
299 xi=sk_X509_INFO_value(ret,i);
300 X509_INFO_free(xi); 289 X509_INFO_free(xi);
301 }
302 if (ret != sk) sk_X509_INFO_free(ret);
303 ret=NULL;
304 } 290 }
305 291 if (ret != sk)
306 if (name != NULL) free(name); 292 sk_X509_INFO_free(ret);
307 if (header != NULL) free(header); 293 ret = NULL;
308 if (data != NULL) free(data);
309 return(ret);
310 } 294 }
311 295
296 if (name != NULL)
297 free(name);
298 if (header != NULL)
299 free(header);
300 if (data != NULL)
301 free(data);
302 return (ret);
303}
304
312 305
313/* A TJH addition */ 306/* A TJH addition */
314int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, 307int
315 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) 308PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
316 { 309 unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
310{
317 EVP_CIPHER_CTX ctx; 311 EVP_CIPHER_CTX ctx;
318 int i,ret=0; 312 int i, ret = 0;
319 unsigned char *data=NULL; 313 unsigned char *data = NULL;
320 const char *objstr=NULL; 314 const char *objstr = NULL;
321 char buf[PEM_BUFSIZE]; 315 char buf[PEM_BUFSIZE];
322 unsigned char *iv=NULL; 316 unsigned char *iv = NULL;
323 317
324 if (enc != NULL) 318 if (enc != NULL) {
325 { 319 objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
326 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); 320 if (objstr == NULL) {
327 if (objstr == NULL) 321 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
328 { 322 PEM_R_UNSUPPORTED_CIPHER);
329 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
330 goto err; 323 goto err;
331 }
332 } 324 }
325 }
333 326
334 /* now for the fun part ... if we have a private key then 327 /* now for the fun part ... if we have a private key then
335 * we have to be able to handle a not-yet-decrypted key 328 * we have to be able to handle a not-yet-decrypted key
336 * being written out correctly ... if it is decrypted or 329 * being written out correctly ... if it is decrypted or
337 * it is non-encrypted then we use the base code 330 * it is non-encrypted then we use the base code
338 */ 331 */
339 if (xi->x_pkey!=NULL) 332 if (xi->x_pkey != NULL) {
340 { 333 if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) {
341 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) 334 if (enc == NULL) {
342 { 335 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
343 if (enc == NULL) 336 PEM_R_CIPHER_IS_NULL);
344 {
345 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL);
346 goto err; 337 goto err;
347 } 338 }
348 339
349 /* copy from weirdo names into more normal things */ 340 /* copy from weirdo names into more normal things */
350 iv=xi->enc_cipher.iv; 341 iv = xi->enc_cipher.iv;
351 data=(unsigned char *)xi->enc_data; 342 data = (unsigned char *)xi->enc_data;
352 i=xi->enc_len; 343 i = xi->enc_len;
353 344
354 /* we take the encryption data from the 345 /* we take the encryption data from the
355 * internal stuff rather than what the 346 * internal stuff rather than what the
356 * user has passed us ... as we have to 347 * user has passed us ... as we have to
357 * match exactly for some strange reason 348 * match exactly for some strange reason
358 */ 349 */
359 objstr=OBJ_nid2sn( 350 objstr = OBJ_nid2sn(
360 EVP_CIPHER_nid(xi->enc_cipher.cipher)); 351 EVP_CIPHER_nid(xi->enc_cipher.cipher));
361 if (objstr == NULL) 352 if (objstr == NULL) {
362 { 353 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
363 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); 354 PEM_R_UNSUPPORTED_CIPHER);
364 goto err; 355 goto err;
365 } 356 }
366 357
367 /* create the right magic header stuff */ 358 /* create the right magic header stuff */
368 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); 359 OPENSSL_assert(strlen(objstr) + 23 +
369 buf[0]='\0'; 360 2 * enc->iv_len + 13 <= sizeof buf);
370 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); 361 buf[0] = '\0';
371 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); 362 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
363 PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
372 364
373 /* use the normal code to write things out */ 365 /* use the normal code to write things out */
374 i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); 366 i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
375 if (i <= 0) goto err; 367 if (i <= 0)
376 } 368 goto err;
377 else 369 } else {
378 {
379 /* Add DSA/DH */ 370 /* Add DSA/DH */
380#ifndef OPENSSL_NO_RSA 371#ifndef OPENSSL_NO_RSA
381 /* normal optionally encrypted stuff */ 372 /* normal optionally encrypted stuff */
382 if (PEM_write_bio_RSAPrivateKey(bp, 373 if (PEM_write_bio_RSAPrivateKey(bp,
383 xi->x_pkey->dec_pkey->pkey.rsa, 374 xi->x_pkey->dec_pkey->pkey.rsa,
384 enc,kstr,klen,cb,u)<=0) 375 enc, kstr, klen, cb, u) <= 0)
385 goto err; 376 goto err;
386#endif 377#endif
387 }
388 } 378 }
379 }
389 380
390 /* if we have a certificate then write it out now */ 381 /* if we have a certificate then write it out now */
391 if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0)) 382 if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
392 goto err; 383 goto err;
393 384
394 /* we are ignoring anything else that is loaded into the X509_INFO 385 /* we are ignoring anything else that is loaded into the X509_INFO
@@ -397,10 +388,10 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
397 * base library --tjh 388 * base library --tjh
398 */ 389 */
399 390
400 ret=1; 391 ret = 1;
401 392
402err: 393err:
403 OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); 394 OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
404 OPENSSL_cleanse(buf,PEM_BUFSIZE); 395 OPENSSL_cleanse(buf, PEM_BUFSIZE);
405 return(ret); 396 return (ret);
406 } 397}
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 93736455fa..9d5d8e714c 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -74,132 +74,132 @@
74#include <openssl/engine.h> 74#include <openssl/engine.h>
75#endif 75#endif
76 76
77const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; 77const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT;
78 78
79#define MIN_LENGTH 4 79#define MIN_LENGTH 4
80 80
81static int load_iv(char **fromp,unsigned char *to, int num); 81static int load_iv(char **fromp, unsigned char *to, int num);
82static int check_pem(const char *nm, const char *name); 82static int check_pem(const char *nm, const char *name);
83int pem_check_suffix(const char *pem_str, const char *suffix); 83int pem_check_suffix(const char *pem_str, const char *suffix);
84 84
85int PEM_def_callback(char *buf, int num, int w, void *key) 85int
86 { 86PEM_def_callback(char *buf, int num, int w, void *key)
87{
87#ifdef OPENSSL_NO_FP_API 88#ifdef OPENSSL_NO_FP_API
88 /* We should not ever call the default callback routine from 89 /* We should not ever call the default callback routine from
89 * windows. */ 90 * windows. */
90 PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 91 PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
91 return(-1); 92 return (-1);
92#else 93#else
93 int i,j; 94 int i, j;
94 const char *prompt; 95 const char *prompt;
95 if(key) { 96
96 i=strlen(key); 97 if (key) {
97 i=(i > num)?num:i; 98 i = strlen(key);
98 memcpy(buf,key,i); 99 i = (i > num) ? num : i;
99 return(i); 100 memcpy(buf, key, i);
101 return (i);
100 } 102 }
101 103
102 prompt=EVP_get_pw_prompt(); 104 prompt = EVP_get_pw_prompt();
103 if (prompt == NULL) 105 if (prompt == NULL)
104 prompt="Enter PEM pass phrase:"; 106 prompt = "Enter PEM pass phrase:";
105 107
106 for (;;) 108 for (;;) {
107 { 109 i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
108 i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w); 110 if (i != 0) {
109 if (i != 0) 111 PEMerr(PEM_F_PEM_DEF_CALLBACK,
110 { 112 PEM_R_PROBLEMS_GETTING_PASSWORD);
111 PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); 113 memset(buf, 0, (unsigned int)num);
112 memset(buf,0,(unsigned int)num); 114 return (-1);
113 return(-1); 115 }
114 } 116 j = strlen(buf);
115 j=strlen(buf); 117 if (j < MIN_LENGTH) {
116 if (j < MIN_LENGTH) 118 fprintf(stderr, "phrase is too short, needs to be at least %d chars\n", MIN_LENGTH);
117 { 119 } else
118 fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
119 }
120 else
121 break; 120 break;
122 }
123 return(j);
124#endif
125 } 121 }
122 return (j);
123#endif
124}
126 125
127void PEM_proc_type(char *buf, int type) 126void
128 { 127PEM_proc_type(char *buf, int type)
128{
129 const char *str; 129 const char *str;
130 130
131 if (type == PEM_TYPE_ENCRYPTED) 131 if (type == PEM_TYPE_ENCRYPTED)
132 str="ENCRYPTED"; 132 str = "ENCRYPTED";
133 else if (type == PEM_TYPE_MIC_CLEAR) 133 else if (type == PEM_TYPE_MIC_CLEAR)
134 str="MIC-CLEAR"; 134 str = "MIC-CLEAR";
135 else if (type == PEM_TYPE_MIC_ONLY) 135 else if (type == PEM_TYPE_MIC_ONLY)
136 str="MIC-ONLY"; 136 str = "MIC-ONLY";
137 else 137 else
138 str="BAD-TYPE"; 138 str = "BAD-TYPE";
139 139
140 strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); 140 strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
141 strlcat(buf,str,PEM_BUFSIZE); 141 strlcat(buf, str, PEM_BUFSIZE);
142 strlcat(buf,"\n",PEM_BUFSIZE); 142 strlcat(buf, "\n", PEM_BUFSIZE);
143 } 143}
144 144
145void PEM_dek_info(char *buf, const char *type, int len, char *str) 145void
146 { 146PEM_dek_info(char *buf, const char *type, int len, char *str)
147 static const unsigned char map[17]="0123456789ABCDEF"; 147{
148 static const unsigned char map[17] = "0123456789ABCDEF";
148 long i; 149 long i;
149 int j; 150 int j;
150 151
151 strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); 152 strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
152 strlcat(buf,type,PEM_BUFSIZE); 153 strlcat(buf, type, PEM_BUFSIZE);
153 strlcat(buf,",",PEM_BUFSIZE); 154 strlcat(buf, ",", PEM_BUFSIZE);
154 j=strlen(buf); 155 j = strlen(buf);
155 if (j + (len * 2) + 1 > PEM_BUFSIZE) 156 if (j + (len * 2) + 1 > PEM_BUFSIZE)
156 return; 157 return;
157 for (i=0; i<len; i++) 158 for (i = 0; i < len; i++) {
158 { 159 buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
159 buf[j+i*2] =map[(str[i]>>4)&0x0f]; 160 buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
160 buf[j+i*2+1]=map[(str[i] )&0x0f];
161 }
162 buf[j+i*2]='\n';
163 buf[j+i*2+1]='\0';
164 } 161 }
162 buf[j + i * 2] = '\n';
163 buf[j + i * 2 + 1] = '\0';
164}
165 165
166#ifndef OPENSSL_NO_FP_API 166#ifndef OPENSSL_NO_FP_API
167void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, 167void *
168 pem_password_cb *cb, void *u) 168PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
169 { 169 pem_password_cb *cb, void *u)
170 BIO *b; 170{
171 void *ret; 171 BIO *b;
172 172 void *ret;
173 if ((b=BIO_new(BIO_s_file())) == NULL) 173
174 { 174 if ((b = BIO_new(BIO_s_file())) == NULL) {
175 PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); 175 PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
176 return(0); 176 return (0);
177 }
178 BIO_set_fp(b,fp,BIO_NOCLOSE);
179 ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
180 BIO_free(b);
181 return(ret);
182 } 177 }
178 BIO_set_fp(b, fp, BIO_NOCLOSE);
179 ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
180 BIO_free(b);
181 return (ret);
182}
183#endif 183#endif
184 184
185static int check_pem(const char *nm, const char *name) 185static int
186check_pem(const char *nm, const char *name)
186{ 187{
187 /* Normal matching nm and name */ 188 /* Normal matching nm and name */
188 if (!strcmp(nm,name)) return 1; 189 if (!strcmp(nm, name))
190 return 1;
189 191
190 /* Make PEM_STRING_EVP_PKEY match any private key */ 192 /* Make PEM_STRING_EVP_PKEY match any private key */
191 193
192 if(!strcmp(name,PEM_STRING_EVP_PKEY)) 194 if (!strcmp(name, PEM_STRING_EVP_PKEY)) {
193 {
194 int slen; 195 int slen;
195 const EVP_PKEY_ASN1_METHOD *ameth; 196 const EVP_PKEY_ASN1_METHOD *ameth;
196 if(!strcmp(nm,PEM_STRING_PKCS8)) 197 if (!strcmp(nm, PEM_STRING_PKCS8))
197 return 1; 198 return 1;
198 if(!strcmp(nm,PEM_STRING_PKCS8INF)) 199 if (!strcmp(nm, PEM_STRING_PKCS8INF))
199 return 1; 200 return 1;
200 slen = pem_check_suffix(nm, "PRIVATE KEY"); 201 slen = pem_check_suffix(nm, "PRIVATE KEY");
201 if (slen > 0) 202 if (slen > 0) {
202 {
203 /* NB: ENGINE implementations wont contain 203 /* NB: ENGINE implementations wont contain
204 * a deprecated old private key decode function 204 * a deprecated old private key decode function
205 * so don't look for them. 205 * so don't look for them.
@@ -207,21 +207,18 @@ static int check_pem(const char *nm, const char *name)
207 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); 207 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
208 if (ameth && ameth->old_priv_decode) 208 if (ameth && ameth->old_priv_decode)
209 return 1; 209 return 1;
210 }
211 return 0;
212 } 210 }
211 return 0;
212 }
213 213
214 if(!strcmp(name,PEM_STRING_PARAMETERS)) 214 if (!strcmp(name, PEM_STRING_PARAMETERS)) {
215 {
216 int slen; 215 int slen;
217 const EVP_PKEY_ASN1_METHOD *ameth; 216 const EVP_PKEY_ASN1_METHOD *ameth;
218 slen = pem_check_suffix(nm, "PARAMETERS"); 217 slen = pem_check_suffix(nm, "PARAMETERS");
219 if (slen > 0) 218 if (slen > 0) {
220 {
221 ENGINE *e; 219 ENGINE *e;
222 ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); 220 ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
223 if (ameth) 221 if (ameth) {
224 {
225 int r; 222 int r;
226 if (ameth->param_decode) 223 if (ameth->param_decode)
227 r = 1; 224 r = 1;
@@ -232,68 +229,79 @@ static int check_pem(const char *nm, const char *name)
232 ENGINE_finish(e); 229 ENGINE_finish(e);
233#endif 230#endif
234 return r; 231 return r;
235 }
236 } 232 }
237 return 0;
238 } 233 }
234 return 0;
235 }
239 236
240 /* Permit older strings */ 237 /* Permit older strings */
241 238
242 if(!strcmp(nm,PEM_STRING_X509_OLD) && 239 if (!strcmp(nm, PEM_STRING_X509_OLD) &&
243 !strcmp(name,PEM_STRING_X509)) return 1; 240 !strcmp(name, PEM_STRING_X509))
241 return 1;
244 242
245 if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && 243 if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&
246 !strcmp(name,PEM_STRING_X509_REQ)) return 1; 244 !strcmp(name, PEM_STRING_X509_REQ))
245 return 1;
247 246
248 /* Allow normal certs to be read as trusted certs */ 247 /* Allow normal certs to be read as trusted certs */
249 if(!strcmp(nm,PEM_STRING_X509) && 248 if (!strcmp(nm, PEM_STRING_X509) &&
250 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; 249 !strcmp(name, PEM_STRING_X509_TRUSTED))
250 return 1;
251 251
252 if(!strcmp(nm,PEM_STRING_X509_OLD) && 252 if (!strcmp(nm, PEM_STRING_X509_OLD) &&
253 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; 253 !strcmp(name, PEM_STRING_X509_TRUSTED))
254 return 1;
254 255
255 /* Some CAs use PKCS#7 with CERTIFICATE headers */ 256 /* Some CAs use PKCS#7 with CERTIFICATE headers */
256 if(!strcmp(nm, PEM_STRING_X509) && 257 if (!strcmp(nm, PEM_STRING_X509) &&
257 !strcmp(name, PEM_STRING_PKCS7)) return 1; 258 !strcmp(name, PEM_STRING_PKCS7))
259 return 1;
258 260
259 if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && 261 if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
260 !strcmp(name, PEM_STRING_PKCS7)) return 1; 262 !strcmp(name, PEM_STRING_PKCS7))
263 return 1;
261 264
262#ifndef OPENSSL_NO_CMS 265#ifndef OPENSSL_NO_CMS
263 if(!strcmp(nm, PEM_STRING_X509) && 266 if (!strcmp(nm, PEM_STRING_X509) &&
264 !strcmp(name, PEM_STRING_CMS)) return 1; 267 !strcmp(name, PEM_STRING_CMS))
268 return 1;
265 /* Allow CMS to be read from PKCS#7 headers */ 269 /* Allow CMS to be read from PKCS#7 headers */
266 if(!strcmp(nm, PEM_STRING_PKCS7) && 270 if (!strcmp(nm, PEM_STRING_PKCS7) &&
267 !strcmp(name, PEM_STRING_CMS)) return 1; 271 !strcmp(name, PEM_STRING_CMS))
272 return 1;
268#endif 273#endif
269 274
270 return 0; 275 return 0;
271} 276}
272 277
273int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, 278int
274 pem_password_cb *cb, void *u) 279PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
275 { 280 const char *name, BIO *bp, pem_password_cb *cb, void *u)
281{
276 EVP_CIPHER_INFO cipher; 282 EVP_CIPHER_INFO cipher;
277 char *nm=NULL,*header=NULL; 283 char *nm = NULL, *header = NULL;
278 unsigned char *data=NULL; 284 unsigned char *data = NULL;
279 long len; 285 long len;
280 int ret = 0; 286 int ret = 0;
281 287
282 for (;;) 288 for (;;) {
283 { 289 if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
284 if (!PEM_read_bio(bp,&nm,&header,&data,&len)) { 290 if (ERR_GET_REASON(ERR_peek_error()) ==
285 if(ERR_GET_REASON(ERR_peek_error()) == 291 PEM_R_NO_START_LINE)
286 PEM_R_NO_START_LINE)
287 ERR_add_error_data(2, "Expecting: ", name); 292 ERR_add_error_data(2, "Expecting: ", name);
288 return 0; 293 return 0;
289 } 294 }
290 if(check_pem(nm, name)) break; 295 if (check_pem(nm, name))
296 break;
291 free(nm); 297 free(nm);
292 free(header); 298 free(header);
293 free(data); 299 free(data);
294 } 300 }
295 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; 301 if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
296 if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; 302 goto err;
303 if (!PEM_do_header(&cipher, data, &len, cb, u))
304 goto err;
297 305
298 *pdata = data; 306 *pdata = data;
299 *plen = len; 307 *plen = len;
@@ -304,532 +312,553 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char
304 ret = 1; 312 ret = 1;
305 313
306err: 314err:
307 if (!ret || !pnm) free(nm); 315 if (!ret || !pnm)
316 free(nm);
308 free(header); 317 free(header);
309 if (!ret) free(data); 318 if (!ret)
319 free(data);
310 return ret; 320 return ret;
311 } 321}
312 322
313#ifndef OPENSSL_NO_FP_API 323#ifndef OPENSSL_NO_FP_API
314int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, 324int
315 void *x, const EVP_CIPHER *enc, unsigned char *kstr, 325PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x,
316 int klen, pem_password_cb *callback, void *u) 326 const EVP_CIPHER *enc, unsigned char *kstr, int klen,
317 { 327 pem_password_cb *callback, void *u)
318 BIO *b; 328{
319 int ret; 329 BIO *b;
320 330 int ret;
321 if ((b=BIO_new(BIO_s_file())) == NULL) 331
322 { 332 if ((b = BIO_new(BIO_s_file())) == NULL) {
323 PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB); 333 PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
324 return(0); 334 return (0);
325 } 335 }
326 BIO_set_fp(b,fp,BIO_NOCLOSE); 336 BIO_set_fp(b, fp, BIO_NOCLOSE);
327 ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u); 337 ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
328 BIO_free(b); 338 BIO_free(b);
329 return(ret); 339 return (ret);
330 } 340}
331#endif 341#endif
332 342
333int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, 343int
334 void *x, const EVP_CIPHER *enc, unsigned char *kstr, 344PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
335 int klen, pem_password_cb *callback, void *u) 345 const EVP_CIPHER *enc, unsigned char *kstr, int klen,
336 { 346 pem_password_cb *callback, void *u)
347{
337 EVP_CIPHER_CTX ctx; 348 EVP_CIPHER_CTX ctx;
338 int dsize=0,i,j,ret=0; 349 int dsize = 0, i, j, ret = 0;
339 unsigned char *p,*data=NULL; 350 unsigned char *p, *data = NULL;
340 const char *objstr=NULL; 351 const char *objstr = NULL;
341 char buf[PEM_BUFSIZE]; 352 char buf[PEM_BUFSIZE];
342 unsigned char key[EVP_MAX_KEY_LENGTH]; 353 unsigned char key[EVP_MAX_KEY_LENGTH];
343 unsigned char iv[EVP_MAX_IV_LENGTH]; 354 unsigned char iv[EVP_MAX_IV_LENGTH];
344 355
345 if (enc != NULL) 356 if (enc != NULL) {
346 { 357 objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
347 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); 358 if (objstr == NULL) {
348 if (objstr == NULL) 359 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
349 { 360 PEM_R_UNSUPPORTED_CIPHER);
350 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
351 goto err; 361 goto err;
352 }
353 } 362 }
363 }
354 364
355 if ((dsize=i2d(x,NULL)) < 0) 365 if ((dsize = i2d(x, NULL)) < 0) {
356 { 366 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
357 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB); 367 dsize = 0;
358 dsize=0;
359 goto err; 368 goto err;
360 } 369 }
361 /* dzise + 8 bytes are needed */ 370 /* dzise + 8 bytes are needed */
362 /* actually it needs the cipher block size extra... */ 371 /* actually it needs the cipher block size extra... */
363 data=(unsigned char *)malloc((unsigned int)dsize+20); 372 data = (unsigned char *)malloc((unsigned int)dsize + 20);
364 if (data == NULL) 373 if (data == NULL) {
365 { 374 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
366 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
367 goto err; 375 goto err;
368 } 376 }
369 p=data; 377 p = data;
370 i=i2d(x,&p); 378 i = i2d(x, &p);
371 379
372 if (enc != NULL) 380 if (enc != NULL) {
373 { 381 if (kstr == NULL) {
374 if (kstr == NULL)
375 {
376 if (callback == NULL) 382 if (callback == NULL)
377 klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u); 383 klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
378 else 384 else
379 klen=(*callback)(buf,PEM_BUFSIZE,1,u); 385 klen = (*callback)(buf, PEM_BUFSIZE, 1, u);
380 if (klen <= 0) 386 if (klen <= 0) {
381 { 387 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
382 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); 388 PEM_R_READ_KEY);
383 goto err; 389 goto err;
384 }
385 kstr=(unsigned char *)buf;
386 } 390 }
391 kstr = (unsigned char *)buf;
392 }
387 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); 393 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
388 if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ 394 if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
389 goto err; 395 goto err;
390 /* The 'iv' is used as the iv and as a salt. It is 396 /* The 'iv' is used as the iv and as a salt. It is
391 * NOT taken from the BytesToKey function */ 397 * NOT taken from the BytesToKey function */
392 if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL)) 398 if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1,
399 key, NULL))
393 goto err; 400 goto err;
394 401
395 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); 402 if (kstr == (unsigned char *)buf)
403 OPENSSL_cleanse(buf, PEM_BUFSIZE);
396 404
397 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); 405 OPENSSL_assert(strlen(objstr) + 23 +
406 2 * enc->iv_len + 13 <= sizeof buf);
398 407
399 buf[0]='\0'; 408 buf[0] = '\0';
400 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); 409 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
401 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); 410 PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
402 /* k=strlen(buf); */ 411 /* k=strlen(buf); */
403 412
404 EVP_CIPHER_CTX_init(&ctx); 413 EVP_CIPHER_CTX_init(&ctx);
405 ret = 1; 414 ret = 1;
406 if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv) 415 if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) ||
407 || !EVP_EncryptUpdate(&ctx,data,&j,data,i) 416 !EVP_EncryptUpdate(&ctx, data, &j, data, i) ||
408 || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i)) 417 !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
409 ret = 0; 418 ret = 0;
410 EVP_CIPHER_CTX_cleanup(&ctx); 419 EVP_CIPHER_CTX_cleanup(&ctx);
411 if (ret == 0) 420 if (ret == 0)
412 goto err; 421 goto err;
413 i+=j; 422 i += j;
414 } 423 } else {
415 else 424 ret = 1;
416 { 425 buf[0] = '\0';
417 ret=1; 426 }
418 buf[0]='\0'; 427 i = PEM_write_bio(bp, name, buf, data, i);
419 } 428 if (i <= 0)
420 i=PEM_write_bio(bp,name,buf,data,i); 429 ret = 0;
421 if (i <= 0) ret=0;
422err: 430err:
423 OPENSSL_cleanse(key,sizeof(key)); 431 OPENSSL_cleanse(key, sizeof(key));
424 OPENSSL_cleanse(iv,sizeof(iv)); 432 OPENSSL_cleanse(iv, sizeof(iv));
425 OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); 433 OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
426 OPENSSL_cleanse(buf,PEM_BUFSIZE); 434 OPENSSL_cleanse(buf, PEM_BUFSIZE);
427 if (data != NULL) 435 if (data != NULL) {
428 { 436 OPENSSL_cleanse(data, (unsigned int)dsize);
429 OPENSSL_cleanse(data,(unsigned int)dsize);
430 free(data); 437 free(data);
431 }
432 return(ret);
433 } 438 }
439 return (ret);
440}
434 441
435int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, 442int
436 pem_password_cb *callback,void *u) 443PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
437 { 444 pem_password_cb *callback, void *u)
438 int i,j,o,klen; 445{
446 int i, j, o, klen;
439 long len; 447 long len;
440 EVP_CIPHER_CTX ctx; 448 EVP_CIPHER_CTX ctx;
441 unsigned char key[EVP_MAX_KEY_LENGTH]; 449 unsigned char key[EVP_MAX_KEY_LENGTH];
442 char buf[PEM_BUFSIZE]; 450 char buf[PEM_BUFSIZE];
443 451
444 len= *plen; 452 len = *plen;
445 453
446 if (cipher->cipher == NULL) return(1); 454 if (cipher->cipher == NULL)
455 return (1);
447 if (callback == NULL) 456 if (callback == NULL)
448 klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u); 457 klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
449 else 458 else
450 klen=callback(buf,PEM_BUFSIZE,0,u); 459 klen = callback(buf, PEM_BUFSIZE, 0, u);
451 if (klen <= 0) 460 if (klen <= 0) {
452 { 461 PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
453 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); 462 return (0);
454 return(0); 463 }
455 } 464 if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
456 if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), 465 (unsigned char *)buf, klen, 1, key, NULL))
457 (unsigned char *)buf,klen,1,key,NULL))
458 return 0; 466 return 0;
459 467
460 j=(int)len; 468 j = (int)len;
461 EVP_CIPHER_CTX_init(&ctx); 469 EVP_CIPHER_CTX_init(&ctx);
462 o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); 470 o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key,
471 &(cipher->iv[0]));
463 if (o) 472 if (o)
464 o = EVP_DecryptUpdate(&ctx,data,&i,data,j); 473 o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
465 if (o) 474 if (o)
466 o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); 475 o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
467 EVP_CIPHER_CTX_cleanup(&ctx); 476 EVP_CIPHER_CTX_cleanup(&ctx);
468 OPENSSL_cleanse((char *)buf,sizeof(buf)); 477 OPENSSL_cleanse((char *)buf, sizeof(buf));
469 OPENSSL_cleanse((char *)key,sizeof(key)); 478 OPENSSL_cleanse((char *)key, sizeof(key));
470 j+=i; 479 j += i;
471 if (!o) 480 if (!o) {
472 { 481 PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
473 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); 482 return (0);
474 return(0);
475 }
476 *plen=j;
477 return(1);
478 } 483 }
484 *plen = j;
485 return (1);
486}
479 487
480int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) 488int
481 { 489PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
482 const EVP_CIPHER *enc=NULL; 490{
483 char *p,c; 491 const EVP_CIPHER *enc = NULL;
492 char *p, c;
484 char **header_pp = &header; 493 char **header_pp = &header;
485 494
486 cipher->cipher=NULL; 495 cipher->cipher = NULL;
487 if ((header == NULL) || (*header == '\0') || (*header == '\n')) 496 if ((header == NULL) || (*header == '\0') || (*header == '\n'))
488 return(1); 497 return (1);
489 if (strncmp(header,"Proc-Type: ",11) != 0) 498 if (strncmp(header, "Proc-Type: ", 11) != 0) {
490 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } 499 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
491 header+=11; 500 return (0);
492 if (*header != '4') return(0); header++; 501 }
493 if (*header != ',') return(0); header++; 502 header += 11;
494 if (strncmp(header,"ENCRYPTED",9) != 0) 503 if (*header != '4')
495 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } 504 return(0);
505 header++;
506 if (*header != ',')
507 return(0);
508 header++;
509 if (strncmp(header, "ENCRYPTED", 9) != 0) {
510 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
511 return (0);
512 }
496 for (; (*header != '\n') && (*header != '\0'); header++) 513 for (; (*header != '\n') && (*header != '\0'); header++)
497 ; 514 ;
498 if (*header == '\0') 515 if (*header == '\0') {
499 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } 516 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
517 return (0);
518 }
500 header++; 519 header++;
501 if (strncmp(header,"DEK-Info: ",10) != 0) 520 if (strncmp(header, "DEK-Info: ", 10) != 0) {
502 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } 521 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
503 header+=10; 522 return (0);
523 }
524 header += 10;
504 525
505 p=header; 526 p = header;
506 for (;;) 527 for (;;) {
507 {
508 c= *header; 528 c= *header;
509 if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || 529 if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
510 ((c >= '0') && (c <= '9')))) 530 ((c >= '0') && (c <= '9'))))
511 break; 531 break;
512 header++; 532 header++;
513 } 533 }
514 *header='\0'; 534 *header = '\0';
515 cipher->cipher=enc=EVP_get_cipherbyname(p); 535 cipher->cipher = enc = EVP_get_cipherbyname(p);
516 *header=c; 536 *header = c;
517 header++; 537 header++;
518 538
519 if (enc == NULL) 539 if (enc == NULL) {
520 { 540 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,
521 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); 541 PEM_R_UNSUPPORTED_ENCRYPTION);
522 return(0); 542 return (0);
523 }
524 if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
525 return(0);
526
527 return(1);
528 } 543 }
544 if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
545 return (0);
546
547 return (1);
548}
529 549
530static int load_iv(char **fromp, unsigned char *to, int num) 550static int
531 { 551load_iv(char **fromp, unsigned char *to, int num)
532 int v,i; 552{
553 int v, i;
533 char *from; 554 char *from;
534 555
535 from= *fromp; 556 from= *fromp;
536 for (i=0; i<num; i++) to[i]=0; 557 for (i = 0; i < num; i++)
537 num*=2; 558 to[i] = 0;
538 for (i=0; i<num; i++) 559 num *= 2;
539 { 560 for (i = 0; i < num; i++) {
540 if ((*from >= '0') && (*from <= '9')) 561 if ((*from >= '0') && (*from <= '9'))
541 v= *from-'0'; 562 v = *from - '0';
542 else if ((*from >= 'A') && (*from <= 'F')) 563 else if ((*from >= 'A') && (*from <= 'F'))
543 v= *from-'A'+10; 564 v = *from - 'A' + 10;
544 else if ((*from >= 'a') && (*from <= 'f')) 565 else if ((*from >= 'a') && (*from <= 'f'))
545 v= *from-'a'+10; 566 v = *from - 'a' + 10;
546 else 567 else {
547 { 568 PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
548 PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS); 569 return (0);
549 return(0);
550 }
551 from++;
552 to[i/2]|=v<<(long)((!(i&1))*4);
553 } 570 }
554 571 from++;
555 *fromp=from; 572 to[i / 2] |= v << (long)((!(i & 1)) * 4);
556 return(1);
557 } 573 }
558 574
575 *fromp = from;
576 return (1);
577}
578
559#ifndef OPENSSL_NO_FP_API 579#ifndef OPENSSL_NO_FP_API
560int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, 580int
561 long len) 581PEM_write(FILE *fp, char *name, char *header, unsigned char *data, long len)
562 { 582{
563 BIO *b; 583 BIO *b;
564 int ret; 584 int ret;
565 585
566 if ((b=BIO_new(BIO_s_file())) == NULL) 586 if ((b = BIO_new(BIO_s_file())) == NULL) {
567 { 587 PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
568 PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB); 588 return (0);
569 return(0); 589 }
570 } 590 BIO_set_fp(b, fp, BIO_NOCLOSE);
571 BIO_set_fp(b,fp,BIO_NOCLOSE); 591 ret = PEM_write_bio(b, name, header, data, len);
572 ret=PEM_write_bio(b, name, header, data,len); 592 BIO_free(b);
573 BIO_free(b); 593 return (ret);
574 return(ret); 594}
575 }
576#endif 595#endif
577 596
578int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, 597int
579 long len) 598PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
580 { 599 long len)
581 int nlen,n,i,j,outl; 600{
601 int nlen, n, i, j, outl;
582 unsigned char *buf = NULL; 602 unsigned char *buf = NULL;
583 EVP_ENCODE_CTX ctx; 603 EVP_ENCODE_CTX ctx;
584 int reason=ERR_R_BUF_LIB; 604 int reason = ERR_R_BUF_LIB;
585 605
586 EVP_EncodeInit(&ctx); 606 EVP_EncodeInit(&ctx);
587 nlen=strlen(name); 607 nlen = strlen(name);
588 608
589 if ( (BIO_write(bp,"-----BEGIN ",11) != 11) || 609 if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
590 (BIO_write(bp,name,nlen) != nlen) || 610 (BIO_write(bp, name, nlen) != nlen) ||
591 (BIO_write(bp,"-----\n",6) != 6)) 611 (BIO_write(bp, "-----\n", 6) != 6))
592 goto err; 612 goto err;
593 613
594 i=strlen(header); 614 i = strlen(header);
595 if (i > 0) 615 if (i > 0) {
596 { 616 if ((BIO_write(bp, header, i) != i) ||
597 if ( (BIO_write(bp,header,i) != i) || 617 (BIO_write(bp, "\n", 1) != 1))
598 (BIO_write(bp,"\n",1) != 1))
599 goto err; 618 goto err;
600 } 619 }
601 620
602 buf = malloc(PEM_BUFSIZE*8); 621 buf = malloc(PEM_BUFSIZE * 8);
603 if (buf == NULL) 622 if (buf == NULL) {
604 { 623 reason = ERR_R_MALLOC_FAILURE;
605 reason=ERR_R_MALLOC_FAILURE;
606 goto err; 624 goto err;
607 } 625 }
608 626
609 i=j=0; 627 i = j = 0;
610 while (len > 0) 628 while (len > 0) {
611 { 629 n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
612 n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len); 630 EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
613 EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n); 631 if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
614 if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
615 goto err; 632 goto err;
616 i+=outl; 633 i += outl;
617 len-=n; 634 len -= n;
618 j+=n; 635 j += n;
619 } 636 }
620 EVP_EncodeFinal(&ctx,buf,&outl); 637 EVP_EncodeFinal(&ctx, buf, &outl);
621 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; 638 if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
622 OPENSSL_cleanse(buf, PEM_BUFSIZE*8); 639 goto err;
640 OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
623 free(buf); 641 free(buf);
624 buf = NULL; 642 buf = NULL;
625 if ( (BIO_write(bp,"-----END ",9) != 9) || 643 if ((BIO_write(bp, "-----END ", 9) != 9) ||
626 (BIO_write(bp,name,nlen) != nlen) || 644 (BIO_write(bp, name, nlen) != nlen) ||
627 (BIO_write(bp,"-----\n",6) != 6)) 645 (BIO_write(bp, "-----\n", 6) != 6))
628 goto err; 646 goto err;
629 return(i+outl); 647 return (i + outl);
648
630err: 649err:
631 if (buf) { 650 if (buf) {
632 OPENSSL_cleanse(buf, PEM_BUFSIZE*8); 651 OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
633 free(buf); 652 free(buf);
634 } 653 }
635 PEMerr(PEM_F_PEM_WRITE_BIO,reason); 654 PEMerr(PEM_F_PEM_WRITE_BIO, reason);
636 return(0); 655 return (0);
637 } 656}
638 657
639#ifndef OPENSSL_NO_FP_API 658#ifndef OPENSSL_NO_FP_API
640int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, 659int
641 long *len) 660PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len)
642 { 661{
643 BIO *b; 662 BIO *b;
644 int ret; 663 int ret;
645 664
646 if ((b=BIO_new(BIO_s_file())) == NULL) 665 if ((b = BIO_new(BIO_s_file())) == NULL) {
647 { 666 PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
648 PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB); 667 return (0);
649 return(0); 668 }
650 } 669 BIO_set_fp(b, fp, BIO_NOCLOSE);
651 BIO_set_fp(b,fp,BIO_NOCLOSE); 670 ret = PEM_read_bio(b, name, header, data, len);
652 ret=PEM_read_bio(b, name, header, data,len); 671 BIO_free(b);
653 BIO_free(b); 672 return (ret);
654 return(ret); 673}
655 }
656#endif 674#endif
657 675
658int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, 676int
659 long *len) 677PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
660 { 678 long *len)
679{
661 EVP_ENCODE_CTX ctx; 680 EVP_ENCODE_CTX ctx;
662 int end=0,i,k,bl=0,hl=0,nohead=0; 681 int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
663 char buf[256]; 682 char buf[256];
664 BUF_MEM *nameB; 683 BUF_MEM *nameB;
665 BUF_MEM *headerB; 684 BUF_MEM *headerB;
666 BUF_MEM *dataB,*tmpB; 685 BUF_MEM *dataB, *tmpB;
667 686
668 nameB=BUF_MEM_new(); 687 nameB = BUF_MEM_new();
669 headerB=BUF_MEM_new(); 688 headerB = BUF_MEM_new();
670 dataB=BUF_MEM_new(); 689 dataB = BUF_MEM_new();
671 if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) 690 if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
672 {
673 BUF_MEM_free(nameB); 691 BUF_MEM_free(nameB);
674 BUF_MEM_free(headerB); 692 BUF_MEM_free(headerB);
675 BUF_MEM_free(dataB); 693 BUF_MEM_free(dataB);
676 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 694 PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
677 return(0); 695 return (0);
678 } 696 }
679 697
680 buf[254]='\0'; 698 buf[254] = '\0';
681 for (;;) 699 for (;;) {
682 { 700 i = BIO_gets(bp, buf, 254);
683 i=BIO_gets(bp,buf,254);
684 701
685 if (i <= 0) 702 if (i <= 0) {
686 { 703 PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
687 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
688 goto err; 704 goto err;
689 } 705 }
690 706
691 while ((i >= 0) && (buf[i] <= ' ')) i--; 707 while ((i >= 0) && (buf[i] <= ' '))
692 buf[++i]='\n'; buf[++i]='\0'; 708 i--;
709 buf[++i] = '\n';
710 buf[++i] = '\0';
693 711
694 if (strncmp(buf,"-----BEGIN ",11) == 0) 712 if (strncmp(buf, "-----BEGIN ", 11) == 0) {
695 { 713 i = strlen(&(buf[11]));
696 i=strlen(&(buf[11]));
697 714
698 if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0) 715 if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
699 continue; 716 continue;
700 if (!BUF_MEM_grow(nameB,i+9)) 717 if (!BUF_MEM_grow(nameB, i + 9)) {
701 { 718 PEMerr(PEM_F_PEM_READ_BIO,
702 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 719 ERR_R_MALLOC_FAILURE);
703 goto err; 720 goto err;
704 }
705 memcpy(nameB->data,&(buf[11]),i-6);
706 nameB->data[i-6]='\0';
707 break;
708 } 721 }
722 memcpy(nameB->data, &(buf[11]), i - 6);
723 nameB->data[i - 6] = '\0';
724 break;
709 } 725 }
710 hl=0; 726 }
711 if (!BUF_MEM_grow(headerB,256)) 727 hl = 0;
712 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 728 if (!BUF_MEM_grow(headerB, 256)) {
713 headerB->data[0]='\0'; 729 PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
714 for (;;) 730 goto err;
715 { 731 }
716 i=BIO_gets(bp,buf,254); 732 headerB->data[0] = '\0';
717 if (i <= 0) break; 733 for (;;) {
718 734 i = BIO_gets(bp, buf, 254);
719 while ((i >= 0) && (buf[i] <= ' ')) i--; 735 if (i <= 0)
720 buf[++i]='\n'; buf[++i]='\0';
721
722 if (buf[0] == '\n') break;
723 if (!BUF_MEM_grow(headerB,hl+i+9))
724 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
725 if (strncmp(buf,"-----END ",9) == 0)
726 {
727 nohead=1;
728 break; 736 break;
729 } 737
730 memcpy(&(headerB->data[hl]),buf,i); 738 while ((i >= 0) && (buf[i] <= ' '))
731 headerB->data[hl+i]='\0'; 739 i--;
732 hl+=i; 740 buf[++i] = '\n';
741 buf[++i] = '\0';
742
743 if (buf[0] == '\n')
744 break;
745 if (!BUF_MEM_grow(headerB, hl + i + 9)) {
746 PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
747 goto err;
733 } 748 }
749 if (strncmp(buf, "-----END ", 9) == 0) {
750 nohead = 1;
751 break;
752 }
753 memcpy(&(headerB->data[hl]), buf, i);
754 headerB->data[hl + i] = '\0';
755 hl += i;
756 }
757
758 bl = 0;
759 if (!BUF_MEM_grow(dataB, 1024)) {
760 PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
761 goto err;
762 }
763 dataB->data[0] = '\0';
764 if (!nohead) {
765 for (;;) {
766 i = BIO_gets(bp, buf, 254);
767 if (i <= 0)
768 break;
769
770 while ((i >= 0) && (buf[i] <= ' '))
771 i--;
772 buf[++i] = '\n';
773 buf[++i] = '\0';
734 774
735 bl=0; 775 if (i != 65)
736 if (!BUF_MEM_grow(dataB,1024)) 776 end = 1;
737 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 777 if (strncmp(buf, "-----END ", 9) == 0)
738 dataB->data[0]='\0';
739 if (!nohead)
740 {
741 for (;;)
742 {
743 i=BIO_gets(bp,buf,254);
744 if (i <= 0) break;
745
746 while ((i >= 0) && (buf[i] <= ' ')) i--;
747 buf[++i]='\n'; buf[++i]='\0';
748
749 if (i != 65) end=1;
750 if (strncmp(buf,"-----END ",9) == 0)
751 break; 778 break;
752 if (i > 65) break; 779 if (i > 65)
753 if (!BUF_MEM_grow_clean(dataB,i+bl+9)) 780 break;
754 { 781 if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
755 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 782 PEMerr(PEM_F_PEM_READ_BIO,
783 ERR_R_MALLOC_FAILURE);
756 goto err; 784 goto err;
757 } 785 }
758 memcpy(&(dataB->data[bl]),buf,i); 786 memcpy(&(dataB->data[bl]), buf, i);
759 dataB->data[bl+i]='\0'; 787 dataB->data[bl + i] = '\0';
760 bl+=i; 788 bl += i;
761 if (end) 789 if (end) {
762 { 790 buf[0] = '\0';
763 buf[0]='\0'; 791 i = BIO_gets(bp, buf, 254);
764 i=BIO_gets(bp,buf,254); 792 if (i <= 0)
765 if (i <= 0) break; 793 break;
766 794
767 while ((i >= 0) && (buf[i] <= ' ')) i--; 795 while ((i >= 0) && (buf[i] <= ' '))
768 buf[++i]='\n'; buf[++i]='\0'; 796 i--;
797 buf[++i] = '\n';
798 buf[++i] = '\0';
769 799
770 break; 800 break;
771 }
772 } 801 }
773 } 802 }
774 else 803 } else {
775 { 804 tmpB = headerB;
776 tmpB=headerB; 805 headerB = dataB;
777 headerB=dataB; 806 dataB = tmpB;
778 dataB=tmpB; 807 bl = hl;
779 bl=hl; 808 }
780 } 809 i = strlen(nameB->data);
781 i=strlen(nameB->data); 810 if ((strncmp(buf, "-----END ", 9) != 0) ||
782 if ( (strncmp(buf,"-----END ",9) != 0) || 811 (strncmp(nameB->data, &(buf[9]), i) != 0) ||
783 (strncmp(nameB->data,&(buf[9]),i) != 0) || 812 (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
784 (strncmp(&(buf[9+i]),"-----\n",6) != 0)) 813 PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
785 {
786 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
787 goto err; 814 goto err;
788 } 815 }
789 816
790 EVP_DecodeInit(&ctx); 817 EVP_DecodeInit(&ctx);
791 i=EVP_DecodeUpdate(&ctx, 818 i = EVP_DecodeUpdate(&ctx,
792 (unsigned char *)dataB->data,&bl, 819 (unsigned char *)dataB->data, &bl,
793 (unsigned char *)dataB->data,bl); 820 (unsigned char *)dataB->data, bl);
794 if (i < 0) 821 if (i < 0) {
795 { 822 PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
796 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
797 goto err; 823 goto err;
798 } 824 }
799 i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); 825 i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
800 if (i < 0) 826 if (i < 0) {
801 { 827 PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
802 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
803 goto err; 828 goto err;
804 } 829 }
805 bl+=k; 830 bl += k;
806 831
807 if (bl == 0) goto err; 832 if (bl == 0)
808 *name=nameB->data; 833 goto err;
809 *header=headerB->data; 834 *name = nameB->data;
810 *data=(unsigned char *)dataB->data; 835 *header = headerB->data;
811 *len=bl; 836 *data = (unsigned char *)dataB->data;
837 *len = bl;
812 free(nameB); 838 free(nameB);
813 free(headerB); 839 free(headerB);
814 free(dataB); 840 free(dataB);
815 return(1); 841 return (1);
842
816err: 843err:
817 BUF_MEM_free(nameB); 844 BUF_MEM_free(nameB);
818 BUF_MEM_free(headerB); 845 BUF_MEM_free(headerB);
819 BUF_MEM_free(dataB); 846 BUF_MEM_free(dataB);
820 return(0); 847 return (0);
821 } 848}
822 849
823/* Check pem string and return prefix length. 850/* Check pem string and return prefix length.
824 * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" 851 * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY"
825 * the return value is 3 for the string "RSA". 852 * the return value is 3 for the string "RSA".
826 */ 853 */
827 854
828int pem_check_suffix(const char *pem_str, const char *suffix) 855int
829 { 856pem_check_suffix(const char *pem_str, const char *suffix)
857{
830 int pem_len = strlen(pem_str); 858 int pem_len = strlen(pem_str);
831 int suffix_len = strlen(suffix); 859 int suffix_len = strlen(suffix);
832 const char *p; 860 const char *p;
861
833 if (suffix_len + 1 >= pem_len) 862 if (suffix_len + 1 >= pem_len)
834 return 0; 863 return 0;
835 p = pem_str + pem_len - suffix_len; 864 p = pem_str + pem_len - suffix_len;
@@ -839,5 +868,4 @@ int pem_check_suffix(const char *pem_str, const char *suffix)
839 if (*p != ' ') 868 if (*p != ' ')
840 return 0; 869 return 0;
841 return p - pem_str; 870 return p - pem_str;
842 } 871}
843
diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c
index 69d281aa9d..5787dc2f3d 100644
--- a/src/lib/libcrypto/pem/pem_oth.c
+++ b/src/lib/libcrypto/pem/pem_oth.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,20 +67,21 @@
67 67
68/* Handle 'other' PEMs: not private keys */ 68/* Handle 'other' PEMs: not private keys */
69 69
70void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, 70void *
71 pem_password_cb *cb, void *u) 71PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
72 { 72 pem_password_cb *cb, void *u)
73 const unsigned char *p=NULL; 73{
74 unsigned char *data=NULL; 74 const unsigned char *p = NULL;
75 unsigned char *data = NULL;
75 long len; 76 long len;
76 char *ret=NULL; 77 char *ret = NULL;
77 78
78 if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) 79 if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
79 return NULL; 80 return NULL;
80 p = data; 81 p = data;
81 ret=d2i(x,&p,len); 82 ret = d2i(x, &p, len);
82 if (ret == NULL) 83 if (ret == NULL)
83 PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); 84 PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
84 free(data); 85 free(data);
85 return(ret); 86 return (ret);
86 } 87}
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
index 6deab8c338..228ecfceaf 100644
--- a/src/lib/libcrypto/pem/pem_pk8.c
+++ b/src/lib/libcrypto/pem/pem_pk8.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,14 +66,10 @@
66#include <openssl/pkcs12.h> 66#include <openssl/pkcs12.h>
67#include <openssl/pem.h> 67#include <openssl/pem.h>
68 68
69static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, 69static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
70 int nid, const EVP_CIPHER *enc, 70 const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u);
71 char *kstr, int klen, 71static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, int nid,
72 pem_password_cb *cb, void *u); 72 const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u);
73static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
74 int nid, const EVP_CIPHER *enc,
75 char *kstr, int klen,
76 pem_password_cb *cb, void *u);
77 73
78/* These functions write a private key in PKCS#8 format: it is a "drop in" 74/* These functions write a private key in PKCS#8 format: it is a "drop in"
79 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' 75 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
@@ -81,98 +77,114 @@ static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
81 * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0. 77 * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
82 */ 78 */
83 79
84int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, 80int
85 char *kstr, int klen, 81PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr,
86 pem_password_cb *cb, void *u) 82 int klen, pem_password_cb *cb, void *u)
87{ 83{
88 return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u); 84 return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
89} 85}
90 86
91int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 87int
92 char *kstr, int klen, 88PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
93 pem_password_cb *cb, void *u) 89 char *kstr, int klen, pem_password_cb *cb, void *u)
94{ 90{
95 return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u); 91 return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
96} 92}
97 93
98int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 94int
99 char *kstr, int klen, 95i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
100 pem_password_cb *cb, void *u) 96 char *kstr, int klen, pem_password_cb *cb, void *u)
101{ 97{
102 return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u); 98 return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
103} 99}
104 100
105int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, 101int
106 char *kstr, int klen, 102i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
107 pem_password_cb *cb, void *u) 103 char *kstr, int klen, pem_password_cb *cb, void *u)
108{ 104{
109 return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u); 105 return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
110} 106}
111 107
112static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, 108static int
113 char *kstr, int klen, 109do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
114 pem_password_cb *cb, void *u) 110 char *kstr, int klen, pem_password_cb *cb, void *u)
115{ 111{
116 X509_SIG *p8; 112 X509_SIG *p8;
117 PKCS8_PRIV_KEY_INFO *p8inf; 113 PKCS8_PRIV_KEY_INFO *p8inf;
118 char buf[PEM_BUFSIZE]; 114 char buf[PEM_BUFSIZE];
119 int ret; 115 int ret;
120 if(!(p8inf = EVP_PKEY2PKCS8(x))) { 116
117 if (!(p8inf = EVP_PKEY2PKCS8(x))) {
121 PEMerr(PEM_F_DO_PK8PKEY, 118 PEMerr(PEM_F_DO_PK8PKEY,
122 PEM_R_ERROR_CONVERTING_PRIVATE_KEY); 119 PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
123 return 0; 120 return 0;
124 } 121 }
125 if(enc || (nid != -1)) { 122 if (enc || (nid != -1)) {
126 if(!kstr) { 123 if (!kstr) {
127 if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); 124 if (!cb)
128 else klen = cb(buf, PEM_BUFSIZE, 1, u); 125 klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
129 if(klen <= 0) { 126 else
130 PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY); 127 klen = cb(buf, PEM_BUFSIZE, 1, u);
128 if (klen <= 0) {
129 PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
131 PKCS8_PRIV_KEY_INFO_free(p8inf); 130 PKCS8_PRIV_KEY_INFO_free(p8inf);
132 return 0; 131 return 0;
133 } 132 }
134 133
135 kstr = buf; 134 kstr = buf;
136 } 135 }
137 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); 136 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
138 if(kstr == buf) OPENSSL_cleanse(buf, klen); 137 if (kstr == buf)
138 OPENSSL_cleanse(buf, klen);
139 PKCS8_PRIV_KEY_INFO_free(p8inf); 139 PKCS8_PRIV_KEY_INFO_free(p8inf);
140 if(isder) ret = i2d_PKCS8_bio(bp, p8); 140 if (isder)
141 else ret = PEM_write_bio_PKCS8(bp, p8); 141 ret = i2d_PKCS8_bio(bp, p8);
142 else
143 ret = PEM_write_bio_PKCS8(bp, p8);
142 X509_SIG_free(p8); 144 X509_SIG_free(p8);
143 return ret; 145 return ret;
144 } else { 146 } else {
145 if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); 147 if (isder)
146 else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); 148 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
149 else
150 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
147 PKCS8_PRIV_KEY_INFO_free(p8inf); 151 PKCS8_PRIV_KEY_INFO_free(p8inf);
148 return ret; 152 return ret;
149 } 153 }
150} 154}
151 155
152EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) 156EVP_PKEY *
157d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
153{ 158{
154 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 159 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
155 X509_SIG *p8 = NULL; 160 X509_SIG *p8 = NULL;
156 int klen; 161 int klen;
157 EVP_PKEY *ret; 162 EVP_PKEY *ret;
158 char psbuf[PEM_BUFSIZE]; 163 char psbuf[PEM_BUFSIZE];
164
159 p8 = d2i_PKCS8_bio(bp, NULL); 165 p8 = d2i_PKCS8_bio(bp, NULL);
160 if(!p8) return NULL; 166 if (!p8)
161 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); 167 return NULL;
162 else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); 168 if (cb)
169 klen = cb(psbuf, PEM_BUFSIZE, 0, u);
170 else
171 klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
163 if (klen <= 0) { 172 if (klen <= 0) {
164 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); 173 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
165 X509_SIG_free(p8); 174 X509_SIG_free(p8);
166 return NULL; 175 return NULL;
167 } 176 }
168 p8inf = PKCS8_decrypt(p8, psbuf, klen); 177 p8inf = PKCS8_decrypt(p8, psbuf, klen);
169 X509_SIG_free(p8); 178 X509_SIG_free(p8);
170 if(!p8inf) return NULL; 179 if (!p8inf)
180 return NULL;
171 ret = EVP_PKCS82PKEY(p8inf); 181 ret = EVP_PKCS82PKEY(p8inf);
172 PKCS8_PRIV_KEY_INFO_free(p8inf); 182 PKCS8_PRIV_KEY_INFO_free(p8inf);
173 if(!ret) return NULL; 183 if (!ret)
174 if(x) { 184 return NULL;
175 if(*x) EVP_PKEY_free(*x); 185 if (x) {
186 if (*x)
187 EVP_PKEY_free(*x);
176 *x = ret; 188 *x = ret;
177 } 189 }
178 return ret; 190 return ret;
@@ -180,55 +192,59 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
180 192
181#ifndef OPENSSL_NO_FP_API 193#ifndef OPENSSL_NO_FP_API
182 194
183int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 195int
184 char *kstr, int klen, 196i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
185 pem_password_cb *cb, void *u) 197 char *kstr, int klen, pem_password_cb *cb, void *u)
186{ 198{
187 return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u); 199 return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
188} 200}
189 201
190int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, 202int
191 char *kstr, int klen, 203i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, char *kstr,
192 pem_password_cb *cb, void *u) 204 int klen, pem_password_cb *cb, void *u)
193{ 205{
194 return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u); 206 return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
195} 207}
196 208
197int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, 209int
198 char *kstr, int klen, 210PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, char *kstr,
199 pem_password_cb *cb, void *u) 211 int klen, pem_password_cb *cb, void *u)
200{ 212{
201 return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u); 213 return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
202} 214}
203 215
204int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 216int
205 char *kstr, int klen, pem_password_cb *cb, void *u) 217PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
218 char *kstr, int klen, pem_password_cb *cb, void *u)
206{ 219{
207 return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); 220 return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
208} 221}
209 222
210static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, 223static int
211 char *kstr, int klen, 224do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
212 pem_password_cb *cb, void *u) 225 char *kstr, int klen, pem_password_cb *cb, void *u)
213{ 226{
214 BIO *bp; 227 BIO *bp;
215 int ret; 228 int ret;
216 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { 229
217 PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB); 230 if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
218 return(0); 231 PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
232 return (0);
219 } 233 }
220 ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); 234 ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
221 BIO_free(bp); 235 BIO_free(bp);
222 return ret; 236 return ret;
223} 237}
224 238
225EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) 239EVP_PKEY *
240d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
226{ 241{
227 BIO *bp; 242 BIO *bp;
228 EVP_PKEY *ret; 243 EVP_PKEY *ret;
229 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { 244
230 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB); 245 if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
231 return NULL; 246 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
247 return NULL;
232 } 248 }
233 ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); 249 ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
234 BIO_free(bp); 250 BIO_free(bp);
@@ -239,4 +255,4 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo
239 255
240IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG) 256IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
241IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, 257IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
242 PKCS8_PRIV_KEY_INFO) 258 PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index 5274447b24..9aaff6e514 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -72,173 +72,182 @@
72 72
73int pem_check_suffix(const char *pem_str, const char *suffix); 73int pem_check_suffix(const char *pem_str, const char *suffix);
74 74
75EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) 75EVP_PKEY *
76 { 76PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
77 char *nm=NULL; 77{
78 const unsigned char *p=NULL; 78 char *nm = NULL;
79 unsigned char *data=NULL; 79 const unsigned char *p = NULL;
80 unsigned char *data = NULL;
80 long len; 81 long len;
81 int slen; 82 int slen;
82 EVP_PKEY *ret=NULL; 83 EVP_PKEY *ret = NULL;
83 84
84 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) 85 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY,
86 bp, cb, u))
85 return NULL; 87 return NULL;
86 p = data; 88 p = data;
87 89
88 if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { 90 if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
89 PKCS8_PRIV_KEY_INFO *p8inf; 91 PKCS8_PRIV_KEY_INFO *p8inf;
90 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); 92 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
91 if(!p8inf) goto p8err; 93 if (!p8inf)
94 goto p8err;
92 ret = EVP_PKCS82PKEY(p8inf); 95 ret = EVP_PKCS82PKEY(p8inf);
93 if(x) { 96 if (x) {
94 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 97 if (*x)
98 EVP_PKEY_free((EVP_PKEY *)*x);
95 *x = ret; 99 *x = ret;
96 } 100 }
97 PKCS8_PRIV_KEY_INFO_free(p8inf); 101 PKCS8_PRIV_KEY_INFO_free(p8inf);
98 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { 102 } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
99 PKCS8_PRIV_KEY_INFO *p8inf; 103 PKCS8_PRIV_KEY_INFO *p8inf;
100 X509_SIG *p8; 104 X509_SIG *p8;
101 int klen; 105 int klen;
102 char psbuf[PEM_BUFSIZE]; 106 char psbuf[PEM_BUFSIZE];
103 p8 = d2i_X509_SIG(NULL, &p, len); 107 p8 = d2i_X509_SIG(NULL, &p, len);
104 if(!p8) goto p8err; 108 if (!p8)
105 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); 109 goto p8err;
106 else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); 110 if (cb)
111 klen = cb(psbuf, PEM_BUFSIZE, 0, u);
112 else
113 klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
107 if (klen <= 0) { 114 if (klen <= 0) {
108 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, 115 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
109 PEM_R_BAD_PASSWORD_READ); 116 PEM_R_BAD_PASSWORD_READ);
110 X509_SIG_free(p8); 117 X509_SIG_free(p8);
111 goto err; 118 goto err;
112 } 119 }
113 p8inf = PKCS8_decrypt(p8, psbuf, klen); 120 p8inf = PKCS8_decrypt(p8, psbuf, klen);
114 X509_SIG_free(p8); 121 X509_SIG_free(p8);
115 if(!p8inf) goto p8err; 122 if (!p8inf)
123 goto p8err;
116 ret = EVP_PKCS82PKEY(p8inf); 124 ret = EVP_PKCS82PKEY(p8inf);
117 if(x) { 125 if (x) {
118 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 126 if (*x)
127 EVP_PKEY_free((EVP_PKEY *)*x);
119 *x = ret; 128 *x = ret;
120 } 129 }
121 PKCS8_PRIV_KEY_INFO_free(p8inf); 130 PKCS8_PRIV_KEY_INFO_free(p8inf);
122 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) 131 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
123 {
124 const EVP_PKEY_ASN1_METHOD *ameth; 132 const EVP_PKEY_ASN1_METHOD *ameth;
125 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); 133 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
126 if (!ameth || !ameth->old_priv_decode) 134 if (!ameth || !ameth->old_priv_decode)
127 goto p8err; 135 goto p8err;
128 ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len); 136 ret = d2i_PrivateKey(ameth->pkey_id, x,&p, len);
129 } 137 }
138
130p8err: 139p8err:
131 if (ret == NULL) 140 if (ret == NULL)
132 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); 141 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
133err: 142err:
134 free(nm); 143 free(nm);
135 OPENSSL_cleanse(data, len); 144 OPENSSL_cleanse(data, len);
136 free(data); 145 free(data);
137 return(ret); 146 return (ret);
138 } 147}
139 148
140int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 149int
141 unsigned char *kstr, int klen, 150PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
142 pem_password_cb *cb, void *u) 151 unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
143 { 152{
144 char pem_str[80]; 153 char pem_str[80];
154
145 if (!x->ameth || x->ameth->priv_encode) 155 if (!x->ameth || x->ameth->priv_encode)
146 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, 156 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
147 (char *)kstr, klen, 157 (char *)kstr, klen, cb, u);
148 cb, u);
149 158
150 (void) snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY", 159 (void) snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY",
151 x->ameth->pem_str); 160 x->ameth->pem_str);
152 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, 161 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
153 pem_str,bp,x,enc,kstr,klen,cb,u); 162 pem_str, bp, x,enc, kstr, klen, cb, u);
154 } 163}
155 164
156EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) 165EVP_PKEY *
157 { 166PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
158 char *nm=NULL; 167{
159 const unsigned char *p=NULL; 168 char *nm = NULL;
160 unsigned char *data=NULL; 169 const unsigned char *p = NULL;
170 unsigned char *data = NULL;
161 long len; 171 long len;
162 int slen; 172 int slen;
163 EVP_PKEY *ret=NULL; 173 EVP_PKEY *ret = NULL;
164 174
165 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS, 175 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
166 bp, 0, NULL)) 176 bp, 0, NULL))
167 return NULL; 177 return NULL;
168 p = data; 178 p = data;
169 179
170 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) 180 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) {
171 {
172 ret = EVP_PKEY_new(); 181 ret = EVP_PKEY_new();
173 if (!ret) 182 if (!ret)
174 goto err; 183 goto err;
175 if (!EVP_PKEY_set_type_str(ret, nm, slen) 184 if (!EVP_PKEY_set_type_str(ret, nm, slen) ||
176 || !ret->ameth->param_decode 185 !ret->ameth->param_decode ||
177 || !ret->ameth->param_decode(ret, &p, len)) 186 !ret->ameth->param_decode(ret, &p, len)) {
178 {
179 EVP_PKEY_free(ret); 187 EVP_PKEY_free(ret);
180 ret = NULL; 188 ret = NULL;
181 goto err; 189 goto err;
182 } 190 }
183 if(x) 191 if (x) {
184 { 192 if (*x)
185 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 193 EVP_PKEY_free((EVP_PKEY *)*x);
186 *x = ret; 194 *x = ret;
187 }
188 } 195 }
196 }
197
189err: 198err:
190 if (ret == NULL) 199 if (ret == NULL)
191 PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB); 200 PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
192 free(nm); 201 free(nm);
193 free(data); 202 free(data);
194 return(ret); 203 return (ret);
195 } 204}
196 205
197int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) 206int
198 { 207PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
208{
199 char pem_str[80]; 209 char pem_str[80];
210
200 if (!x->ameth || !x->ameth->param_encode) 211 if (!x->ameth || !x->ameth->param_encode)
201 return 0; 212 return 0;
202 213
203 (void) snprintf(pem_str, sizeof(pem_str), "%s PARAMETERS", 214 (void) snprintf(pem_str, sizeof(pem_str), "%s PARAMETERS",
204 x->ameth->pem_str); 215 x->ameth->pem_str);
205 return PEM_ASN1_write_bio( 216 return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
206 (i2d_of_void *)x->ameth->param_encode, 217 pem_str, bp, x,NULL, NULL, 0,0, NULL);
207 pem_str,bp,x,NULL,NULL,0,0,NULL); 218}
208 }
209 219
210#ifndef OPENSSL_NO_FP_API 220#ifndef OPENSSL_NO_FP_API
211EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) 221EVP_PKEY *
212 { 222PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
213 BIO *b; 223{
214 EVP_PKEY *ret; 224 BIO *b;
215 225 EVP_PKEY *ret;
216 if ((b=BIO_new(BIO_s_file())) == NULL) 226
217 { 227 if ((b = BIO_new(BIO_s_file())) == NULL) {
218 PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); 228 PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
219 return(0); 229 return (0);
220 }
221 BIO_set_fp(b,fp,BIO_NOCLOSE);
222 ret=PEM_read_bio_PrivateKey(b,x,cb,u);
223 BIO_free(b);
224 return(ret);
225 } 230 }
226 231 BIO_set_fp(b, fp, BIO_NOCLOSE);
227int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 232 ret = PEM_read_bio_PrivateKey(b, x,cb, u);
228 unsigned char *kstr, int klen, 233 BIO_free(b);
229 pem_password_cb *cb, void *u) 234 return (ret);
230 { 235}
231 BIO *b; 236
232 int ret; 237int
233 238PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
234 if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) 239 unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
235 { 240{
236 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB); 241 BIO *b;
237 return 0; 242 int ret;
238 } 243
239 ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); 244 if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
240 BIO_free(b); 245 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB);
241 return ret; 246 return 0;
242 } 247 }
248 ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
249 BIO_free(b);
250 return ret;
251}
243 252
244#endif 253#endif
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index bac7b16b44..e39de08c9a 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,125 +67,129 @@
67#include <openssl/pem.h> 67#include <openssl/pem.h>
68#include <openssl/rsa.h> 68#include <openssl/rsa.h>
69 69
70int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, 70int
71 unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, 71PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
72 int npubk) 72 unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
73 { 73{
74 unsigned char key[EVP_MAX_KEY_LENGTH]; 74 unsigned char key[EVP_MAX_KEY_LENGTH];
75 int ret= -1; 75 int ret = -1;
76 int i,j,max=0; 76 int i, j, max = 0;
77 char *s=NULL; 77 char *s = NULL;
78 78
79 for (i=0; i<npubk; i++) 79 for (i = 0; i < npubk; i++) {
80 { 80 if (pubk[i]->type != EVP_PKEY_RSA) {
81 if (pubk[i]->type != EVP_PKEY_RSA) 81 PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA);
82 {
83 PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
84 goto err; 82 goto err;
85 }
86 j=RSA_size(pubk[i]->pkey.rsa);
87 if (j > max) max=j;
88 } 83 }
89 s=(char *)malloc(max*2); 84 j = RSA_size(pubk[i]->pkey.rsa);
90 if (s == NULL) 85 if (j > max)
91 { 86 max = j;
92 PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); 87 }
88 s = (char *)malloc(max*2);
89 if (s == NULL) {
90 PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
93 goto err; 91 goto err;
94 } 92 }
95 93
96 EVP_EncodeInit(&ctx->encode); 94 EVP_EncodeInit(&ctx->encode);
97 95
98 EVP_MD_CTX_init(&ctx->md); 96 EVP_MD_CTX_init(&ctx->md);
99 if (!EVP_SignInit(&ctx->md,md_type)) 97 if (!EVP_SignInit(&ctx->md, md_type))
100 goto err; 98 goto err;
101 99
102 EVP_CIPHER_CTX_init(&ctx->cipher); 100 EVP_CIPHER_CTX_init(&ctx->cipher);
103 ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); 101 ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk);
104 if (ret <= 0) goto err; 102 if (ret <= 0)
103 goto err;
105 104
106 /* base64 encode the keys */ 105 /* base64 encode the keys */
107 for (i=0; i<npubk; i++) 106 for (i = 0; i < npubk; i++) {
108 { 107 j = EVP_EncodeBlock((unsigned char *)s, ek[i],
109 j=EVP_EncodeBlock((unsigned char *)s,ek[i], 108 RSA_size(pubk[i]->pkey.rsa));
110 RSA_size(pubk[i]->pkey.rsa)); 109 ekl[i] = j;
111 ekl[i]=j; 110 memcpy(ek[i], s, j + 1);
112 memcpy(ek[i],s,j+1);
113 }
114
115 ret=npubk;
116err:
117 if (s != NULL) free(s);
118 OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
119 return(ret);
120 } 111 }
121 112
122void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, 113 ret = npubk;
123 unsigned char *in, int inl) 114
124 { 115err:
116 if (s != NULL)
117 free(s);
118 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
119 return (ret);
120}
121
122void
123PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
124 unsigned char *in, int inl)
125{
125 unsigned char buffer[1600]; 126 unsigned char buffer[1600];
126 int i,j; 127 int i, j;
127 128
128 *outl=0; 129 *outl = 0;
129 EVP_SignUpdate(&ctx->md,in,inl); 130 EVP_SignUpdate(&ctx->md, in, inl);
130 for (;;) 131 for (;;) {
131 { 132 if (inl <= 0)
132 if (inl <= 0) break; 133 break;
133 if (inl > 1200) 134 if (inl > 1200)
134 i=1200; 135 i = 1200;
135 else 136 else
136 i=inl; 137 i = inl;
137 EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i); 138 EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i);
138 EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j); 139 EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j);
139 *outl+=j; 140 *outl += j;
140 out+=j; 141 out += j;
141 in+=i; 142 in += i;
142 inl-=i; 143 inl -= i;
143 }
144 } 144 }
145 145}
146int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, 146
147 unsigned char *out, int *outl, EVP_PKEY *priv) 147int
148 { 148PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
149 unsigned char *s=NULL; 149 unsigned char *out, int *outl, EVP_PKEY *priv)
150 int ret=0,j; 150{
151 unsigned char *s = NULL;
152 int ret = 0, j;
151 unsigned int i; 153 unsigned int i;
152 154
153 if (priv->type != EVP_PKEY_RSA) 155 if (priv->type != EVP_PKEY_RSA) {
154 { 156 PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA);
155 PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
156 goto err; 157 goto err;
157 } 158 }
158 i=RSA_size(priv->pkey.rsa); 159 i = RSA_size(priv->pkey.rsa);
159 if (i < 100) i=100; 160 if (i < 100)
160 s=(unsigned char *)malloc(i*2); 161 i = 100;
161 if (s == NULL) 162 s = (unsigned char *)malloc(i*2);
162 { 163 if (s == NULL) {
163 PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); 164 PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
164 goto err; 165 goto err;
165 } 166 }
166 167
167 if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i)) 168 if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i))
168 goto err; 169 goto err;
169 EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); 170 EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
170 *outl=j; 171 *outl = j;
171 out+=j; 172 out += j;
172 EVP_EncodeFinal(&ctx->encode,out,&j); 173 EVP_EncodeFinal(&ctx->encode, out, &j);
173 *outl+=j; 174 *outl += j;
174 175
175 if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err; 176 if (!EVP_SignFinal(&ctx->md, s,&i, priv))
176 *sigl=EVP_EncodeBlock(sig,s,i); 177 goto err;
178 *sigl = EVP_EncodeBlock(sig, s, i);
179
180 ret = 1;
177 181
178 ret=1;
179err: 182err:
180 EVP_MD_CTX_cleanup(&ctx->md); 183 EVP_MD_CTX_cleanup(&ctx->md);
181 EVP_CIPHER_CTX_cleanup(&ctx->cipher); 184 EVP_CIPHER_CTX_cleanup(&ctx->cipher);
182 if (s != NULL) free(s); 185 if (s != NULL)
183 return(ret); 186 free(s);
184 } 187 return (ret);
188}
185#else /* !OPENSSL_NO_RSA */ 189#else /* !OPENSSL_NO_RSA */
186 190
187# if PEDANTIC 191# if PEDANTIC
188static void *dummy=&dummy; 192static void *dummy = &dummy;
189# endif 193# endif
190 194
191#endif 195#endif
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c
index cbd3cd0793..ab3e5ebc64 100644
--- a/src/lib/libcrypto/pem/pem_sign.c
+++ b/src/lib/libcrypto/pem/pem_sign.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -64,39 +64,43 @@
64#include <openssl/x509.h> 64#include <openssl/x509.h>
65#include <openssl/pem.h> 65#include <openssl/pem.h>
66 66
67void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) 67void
68 { 68PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
69{
69 EVP_DigestInit_ex(ctx, type, NULL); 70 EVP_DigestInit_ex(ctx, type, NULL);
70 } 71}
71 72
72void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, 73void
73 unsigned int count) 74PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
74 { 75 unsigned int count)
75 EVP_DigestUpdate(ctx,data,count); 76{
76 } 77 EVP_DigestUpdate(ctx, data, count);
78}
77 79
78int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, 80int
79 EVP_PKEY *pkey) 81PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
80 { 82 EVP_PKEY *pkey)
83{
81 unsigned char *m; 84 unsigned char *m;
82 int i,ret=0; 85 int i, ret = 0;
83 unsigned int m_len; 86 unsigned int m_len;
84 87
85 m=(unsigned char *)malloc(EVP_PKEY_size(pkey)+2); 88 m = (unsigned char *)malloc(EVP_PKEY_size(pkey) + 2);
86 if (m == NULL) 89 if (m == NULL) {
87 { 90 PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
88 PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE); 91 goto err;
92 }
93
94 if (EVP_SignFinal(ctx, m,&m_len, pkey) <= 0)
89 goto err; 95 goto err;
90 }
91 96
92 if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err; 97 i = EVP_EncodeBlock(sigret, m, m_len);
98 *siglen = i;
99 ret = 1;
93 100
94 i=EVP_EncodeBlock(sigret,m,m_len);
95 *siglen=i;
96 ret=1;
97err: 101err:
98 /* ctx has been zeroed by EVP_SignFinal() */ 102 /* ctx has been zeroed by EVP_SignFinal() */
99 if (m != NULL) free(m); 103 if (m != NULL)
100 return(ret); 104 free(m);
101 } 105 return (ret);
102 106}
diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c
index b531057dc9..57b7d1d53b 100644
--- a/src/lib/libcrypto/pem/pem_x509.c
+++ b/src/lib/libcrypto/pem/pem_x509.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -65,4 +65,3 @@
65#include <openssl/pem.h> 65#include <openssl/pem.h>
66 66
67IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) 67IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
68
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c
index 328f796200..ae381ce54b 100644
--- a/src/lib/libcrypto/pem/pem_xaux.c
+++ b/src/lib/libcrypto/pem/pem_xaux.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -65,4 +65,5 @@
65#include <openssl/pem.h> 65#include <openssl/pem.h>
66 66
67IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) 67IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
68IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR) 68IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR,
69 X509_CERT_PAIR)
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
index 59af2020ab..a7815a2372 100644
--- a/src/lib/libcrypto/pem/pvkfmt.c
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -9,7 +9,7 @@
9 * are met: 9 * are met:
10 * 10 *
11 * 1. Redistributions of source code must retain the above copyright 11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer. 12 * notice, this list of conditions and the following disclaimer.
13 * 13 *
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in 15 * notice, this list of conditions and the following disclaimer in
@@ -71,27 +71,31 @@
71 * format 71 * format
72 */ 72 */
73 73
74static unsigned int read_ledword(const unsigned char **in) 74static unsigned int
75 { 75read_ledword(const unsigned char **in)
76{
76 const unsigned char *p = *in; 77 const unsigned char *p = *in;
77 unsigned int ret; 78 unsigned int ret;
79
78 ret = *p++; 80 ret = *p++;
79 ret |= (*p++ << 8); 81 ret |= (*p++ << 8);
80 ret |= (*p++ << 16); 82 ret |= (*p++ << 16);
81 ret |= (*p++ << 24); 83 ret |= (*p++ << 24);
82 *in = p; 84 *in = p;
83 return ret; 85 return ret;
84 } 86}
85 87
86/* Read a BIGNUM in little endian format. The docs say that this should take up 88/* Read a BIGNUM in little endian format. The docs say that this should take up
87 * bitlen/8 bytes. 89 * bitlen/8 bytes.
88 */ 90 */
89 91
90static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) 92static int
91 { 93read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
94{
92 const unsigned char *p; 95 const unsigned char *p;
93 unsigned char *tmpbuf, *q; 96 unsigned char *tmpbuf, *q;
94 unsigned int i; 97 unsigned int i;
98
95 p = *in + nbyte - 1; 99 p = *in + nbyte - 1;
96 tmpbuf = malloc(nbyte); 100 tmpbuf = malloc(nbyte);
97 if (!tmpbuf) 101 if (!tmpbuf)
@@ -101,14 +105,12 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
101 *q++ = *p--; 105 *q++ = *p--;
102 *r = BN_bin2bn(tmpbuf, nbyte, NULL); 106 *r = BN_bin2bn(tmpbuf, nbyte, NULL);
103 free(tmpbuf); 107 free(tmpbuf);
104 if (*r) 108 if (*r) {
105 {
106 *in += nbyte; 109 *in += nbyte;
107 return 1; 110 return 1;
108 } 111 } else
109 else
110 return 0; 112 return 0;
111 } 113}
112 114
113 115
114/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ 116/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
@@ -132,106 +134,96 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
132#define PVK_SALTLEN 0x10 134#define PVK_SALTLEN 0x10
133 135
134static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, 136static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
135 unsigned int bitlen, int ispub); 137 unsigned int bitlen, int ispub);
136static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, 138static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
137 unsigned int bitlen, int ispub); 139 unsigned int bitlen, int ispub);
138 140
139static int do_blob_header(const unsigned char **in, unsigned int length, 141static int
140 unsigned int *pmagic, unsigned int *pbitlen, 142do_blob_header(const unsigned char **in, unsigned int length,
141 int *pisdss, int *pispub) 143 unsigned int *pmagic, unsigned int *pbitlen, int *pisdss, int *pispub)
142 { 144{
143 const unsigned char *p = *in; 145 const unsigned char *p = *in;
146
144 if (length < 16) 147 if (length < 16)
145 return 0; 148 return 0;
146 /* bType */ 149 /* bType */
147 if (*p == MS_PUBLICKEYBLOB) 150 if (*p == MS_PUBLICKEYBLOB) {
148 { 151 if (*pispub == 0) {
149 if (*pispub == 0)
150 {
151 PEMerr(PEM_F_DO_BLOB_HEADER, 152 PEMerr(PEM_F_DO_BLOB_HEADER,
152 PEM_R_EXPECTING_PRIVATE_KEY_BLOB); 153 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
153 return 0; 154 return 0;
154 }
155 *pispub = 1;
156 } 155 }
157 else if (*p == MS_PRIVATEKEYBLOB) 156 *pispub = 1;
158 { 157 } else if (*p == MS_PRIVATEKEYBLOB) {
159 if (*pispub == 1) 158 if (*pispub == 1) {
160 {
161 PEMerr(PEM_F_DO_BLOB_HEADER, 159 PEMerr(PEM_F_DO_BLOB_HEADER,
162 PEM_R_EXPECTING_PUBLIC_KEY_BLOB); 160 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
163 return 0; 161 return 0;
164 }
165 *pispub = 0;
166 } 162 }
167 else 163 *pispub = 0;
164 } else
168 return 0; 165 return 0;
169 p++; 166 p++;
170 /* Version */ 167 /* Version */
171 if (*p++ != 0x2) 168 if (*p++ != 0x2) {
172 {
173 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER); 169 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
174 return 0; 170 return 0;
175 } 171 }
176 /* Ignore reserved, aiKeyAlg */ 172 /* Ignore reserved, aiKeyAlg */
177 p+= 6; 173 p += 6;
178 *pmagic = read_ledword(&p); 174 *pmagic = read_ledword(&p);
179 *pbitlen = read_ledword(&p); 175 *pbitlen = read_ledword(&p);
180 *pisdss = 0; 176 *pisdss = 0;
181 switch (*pmagic) 177 switch (*pmagic) {
182 {
183 178
184 case MS_DSS1MAGIC: 179 case MS_DSS1MAGIC:
185 *pisdss = 1; 180 *pisdss = 1;
186 case MS_RSA1MAGIC: 181 case MS_RSA1MAGIC:
187 if (*pispub == 0) 182 if (*pispub == 0) {
188 {
189 PEMerr(PEM_F_DO_BLOB_HEADER, 183 PEMerr(PEM_F_DO_BLOB_HEADER,
190 PEM_R_EXPECTING_PRIVATE_KEY_BLOB); 184 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
191 return 0; 185 return 0;
192 } 186 }
193 break; 187 break;
194 188
195 case MS_DSS2MAGIC: 189 case MS_DSS2MAGIC:
196 *pisdss = 1; 190 *pisdss = 1;
197 case MS_RSA2MAGIC: 191 case MS_RSA2MAGIC:
198 if (*pispub == 1) 192 if (*pispub == 1) {
199 {
200 PEMerr(PEM_F_DO_BLOB_HEADER, 193 PEMerr(PEM_F_DO_BLOB_HEADER,
201 PEM_R_EXPECTING_PUBLIC_KEY_BLOB); 194 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
202 return 0; 195 return 0;
203 } 196 }
204 break; 197 break;
205 198
206 default: 199 default:
207 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER); 200 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
208 return -1; 201 return -1;
209 } 202 }
210 *in = p; 203 *in = p;
211 return 1; 204 return 1;
212 } 205}
213 206
214static unsigned int blob_length(unsigned bitlen, int isdss, int ispub) 207static unsigned int
215 { 208blob_length(unsigned bitlen, int isdss, int ispub)
209{
216 unsigned int nbyte, hnbyte; 210 unsigned int nbyte, hnbyte;
211
217 nbyte = (bitlen + 7) >> 3; 212 nbyte = (bitlen + 7) >> 3;
218 hnbyte = (bitlen + 15) >> 4; 213 hnbyte = (bitlen + 15) >> 4;
219 if (isdss) 214 if (isdss) {
220 {
221 215
222 /* Expected length: 20 for q + 3 components bitlen each + 24 216 /* Expected length: 20 for q + 3 components bitlen each + 24
223 * for seed structure. 217 * for seed structure.
224 */ 218 */
225 if (ispub) 219 if (ispub)
226 return 44 + 3 * nbyte; 220 return 44 + 3 * nbyte;
227 /* Expected length: 20 for q, priv, 2 bitlen components + 24 221 /* Expected length: 20 for q, priv, 2 bitlen components + 24
228 * for seed structure. 222 * for seed structure.
229 */ 223 */
230 else 224 else
231 return 64 + 2 * nbyte; 225 return 64 + 2 * nbyte;
232 } 226 } else {
233 else
234 {
235 /* Expected length: 4 for 'e' + 'n' */ 227 /* Expected length: 4 for 'e' + 'n' */
236 if (ispub) 228 if (ispub)
237 return 4 + nbyte; 229 return 4 + nbyte;
@@ -239,83 +231,83 @@ static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
239 /* Expected length: 4 for 'e' and 7 other components. 231 /* Expected length: 4 for 'e' and 7 other components.
240 * 2 components are bitlen size, 5 are bitlen/2 232 * 2 components are bitlen size, 5 are bitlen/2
241 */ 233 */
242 return 4 + 2*nbyte + 5*hnbyte; 234 return 4 + 2*nbyte + 5*hnbyte;
243 }
244
245 } 235 }
246 236
247static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, 237}
248 int ispub) 238
249 { 239static EVP_PKEY *
240do_b2i(const unsigned char **in, unsigned int length, int ispub)
241{
250 const unsigned char *p = *in; 242 const unsigned char *p = *in;
251 unsigned int bitlen, magic; 243 unsigned int bitlen, magic;
252 int isdss; 244 int isdss;
253 if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) 245
254 { 246 if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
255 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); 247 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
256 return NULL; 248 return NULL;
257 } 249 }
258 length -= 16; 250 length -= 16;
259 if (length < blob_length(bitlen, isdss, ispub)) 251 if (length < blob_length(bitlen, isdss, ispub)) {
260 {
261 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT); 252 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
262 return NULL; 253 return NULL;
263 } 254 }
264 if (isdss) 255 if (isdss)
265 return b2i_dss(&p, length, bitlen, ispub); 256 return b2i_dss(&p, length, bitlen, ispub);
266 else 257 else
267 return b2i_rsa(&p, length, bitlen, ispub); 258 return b2i_rsa(&p, length, bitlen, ispub);
268 } 259}
269 260
270static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) 261static EVP_PKEY *
271 { 262do_b2i_bio(BIO *in, int ispub)
263{
272 const unsigned char *p; 264 const unsigned char *p;
273 unsigned char hdr_buf[16], *buf = NULL; 265 unsigned char hdr_buf[16], *buf = NULL;
274 unsigned int bitlen, magic, length; 266 unsigned int bitlen, magic, length;
275 int isdss; 267 int isdss;
276 EVP_PKEY *ret = NULL; 268 EVP_PKEY *ret = NULL;
277 if (BIO_read(in, hdr_buf, 16) != 16) 269
278 { 270 if (BIO_read(in, hdr_buf, 16) != 16) {
279 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); 271 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
280 return NULL; 272 return NULL;
281 } 273 }
282 p = hdr_buf; 274 p = hdr_buf;
283 if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) 275 if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
284 return NULL; 276 return NULL;
285 277
286 length = blob_length(bitlen, isdss, ispub); 278 length = blob_length(bitlen, isdss, ispub);
287 buf = malloc(length); 279 buf = malloc(length);
288 if (!buf) 280 if (!buf) {
289 {
290 PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); 281 PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
291 goto err; 282 goto err;
292 } 283 }
293 p = buf; 284 p = buf;
294 if (BIO_read(in, buf, length) != (int)length) 285 if (BIO_read(in, buf, length) != (int)length) {
295 {
296 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); 286 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
297 goto err; 287 goto err;
298 } 288 }
299 289
300 if (isdss) 290 if (isdss)
301 ret = b2i_dss(&p, length, bitlen, ispub); 291 ret = b2i_dss(&p, length, bitlen, ispub);
302 else 292 else
303 ret = b2i_rsa(&p, length, bitlen, ispub); 293 ret = b2i_rsa(&p, length, bitlen, ispub);
304 294
305 err: 295err:
306 if (buf) 296 if (buf)
307 free(buf); 297 free(buf);
308 return ret; 298 return ret;
309 } 299}
310 300
311static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, 301static EVP_PKEY *
312 unsigned int bitlen, int ispub) 302b2i_dss(const unsigned char **in, unsigned int length, unsigned int bitlen,
313 { 303 int ispub)
304{
314 const unsigned char *p = *in; 305 const unsigned char *p = *in;
315 EVP_PKEY *ret = NULL; 306 EVP_PKEY *ret = NULL;
316 DSA *dsa = NULL; 307 DSA *dsa = NULL;
317 BN_CTX *ctx = NULL; 308 BN_CTX *ctx = NULL;
318 unsigned int nbyte; 309 unsigned int nbyte;
310
319 nbyte = (bitlen + 7) >> 3; 311 nbyte = (bitlen + 7) >> 3;
320 312
321 dsa = DSA_new(); 313 dsa = DSA_new();
@@ -328,13 +320,10 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
328 goto memerr; 320 goto memerr;
329 if (!read_lebn(&p, nbyte, &dsa->g)) 321 if (!read_lebn(&p, nbyte, &dsa->g))
330 goto memerr; 322 goto memerr;
331 if (ispub) 323 if (ispub) {
332 {
333 if (!read_lebn(&p, nbyte, &dsa->pub_key)) 324 if (!read_lebn(&p, nbyte, &dsa->pub_key))
334 goto memerr; 325 goto memerr;
335 } 326 } else {
336 else
337 {
338 if (!read_lebn(&p, 20, &dsa->priv_key)) 327 if (!read_lebn(&p, 20, &dsa->priv_key))
339 goto memerr; 328 goto memerr;
340 /* Calculate public key */ 329 /* Calculate public key */
@@ -342,20 +331,18 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
342 goto memerr; 331 goto memerr;
343 if (!(ctx = BN_CTX_new())) 332 if (!(ctx = BN_CTX_new()))
344 goto memerr; 333 goto memerr;
345
346 if (!BN_mod_exp(dsa->pub_key, dsa->g, 334 if (!BN_mod_exp(dsa->pub_key, dsa->g,
347 dsa->priv_key, dsa->p, ctx)) 335 dsa->priv_key, dsa->p, ctx))
348
349 goto memerr; 336 goto memerr;
350 BN_CTX_free(ctx); 337 BN_CTX_free(ctx);
351 } 338 }
352 339
353 EVP_PKEY_set1_DSA(ret, dsa); 340 EVP_PKEY_set1_DSA(ret, dsa);
354 DSA_free(dsa); 341 DSA_free(dsa);
355 *in = p; 342 *in = p;
356 return ret; 343 return ret;
357 344
358 memerr: 345memerr:
359 PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); 346 PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
360 if (dsa) 347 if (dsa)
361 DSA_free(dsa); 348 DSA_free(dsa);
@@ -364,16 +351,17 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
364 if (ctx) 351 if (ctx)
365 BN_CTX_free(ctx); 352 BN_CTX_free(ctx);
366 return NULL; 353 return NULL;
367 } 354}
368 355
369static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, 356static EVP_PKEY *
370 unsigned int bitlen, int ispub) 357b2i_rsa(const unsigned char **in, unsigned int length, unsigned int bitlen,
371 358 int ispub)
372 { 359{
373 const unsigned char *p = *in; 360 const unsigned char *p = *in;
374 EVP_PKEY *ret = NULL; 361 EVP_PKEY *ret = NULL;
375 RSA *rsa = NULL; 362 RSA *rsa = NULL;
376 unsigned int nbyte, hnbyte; 363 unsigned int nbyte, hnbyte;
364
377 nbyte = (bitlen + 7) >> 3; 365 nbyte = (bitlen + 7) >> 3;
378 hnbyte = (bitlen + 15) >> 4; 366 hnbyte = (bitlen + 15) >> 4;
379 rsa = RSA_new(); 367 rsa = RSA_new();
@@ -387,8 +375,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
387 goto memerr; 375 goto memerr;
388 if (!read_lebn(&p, nbyte, &rsa->n)) 376 if (!read_lebn(&p, nbyte, &rsa->n))
389 goto memerr; 377 goto memerr;
390 if (!ispub) 378 if (!ispub) {
391 {
392 if (!read_lebn(&p, hnbyte, &rsa->p)) 379 if (!read_lebn(&p, hnbyte, &rsa->p))
393 goto memerr; 380 goto memerr;
394 if (!read_lebn(&p, hnbyte, &rsa->q)) 381 if (!read_lebn(&p, hnbyte, &rsa->q))
@@ -401,78 +388,83 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
401 goto memerr; 388 goto memerr;
402 if (!read_lebn(&p, nbyte, &rsa->d)) 389 if (!read_lebn(&p, nbyte, &rsa->d))
403 goto memerr; 390 goto memerr;
404 } 391 }
405 392
406 EVP_PKEY_set1_RSA(ret, rsa); 393 EVP_PKEY_set1_RSA(ret, rsa);
407 RSA_free(rsa); 394 RSA_free(rsa);
408 *in = p; 395 *in = p;
409 return ret; 396 return ret;
410 memerr: 397
398memerr:
411 PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); 399 PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
412 if (rsa) 400 if (rsa)
413 RSA_free(rsa); 401 RSA_free(rsa);
414 if (ret) 402 if (ret)
415 EVP_PKEY_free(ret); 403 EVP_PKEY_free(ret);
416 return NULL; 404 return NULL;
417 } 405}
418 406
419EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length) 407EVP_PKEY *
420 { 408b2i_PrivateKey(const unsigned char **in, long length)
409{
421 return do_b2i(in, length, 0); 410 return do_b2i(in, length, 0);
422 } 411}
423 412
424EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length) 413EVP_PKEY *
425 { 414b2i_PublicKey(const unsigned char **in, long length)
415{
426 return do_b2i(in, length, 1); 416 return do_b2i(in, length, 1);
427 } 417}
428 418
429 419EVP_PKEY *
430EVP_PKEY *b2i_PrivateKey_bio(BIO *in) 420b2i_PrivateKey_bio(BIO *in)
431 { 421{
432 return do_b2i_bio(in, 0); 422 return do_b2i_bio(in, 0);
433 } 423}
434 424
435EVP_PKEY *b2i_PublicKey_bio(BIO *in) 425EVP_PKEY *
436 { 426b2i_PublicKey_bio(BIO *in)
427{
437 return do_b2i_bio(in, 1); 428 return do_b2i_bio(in, 1);
438 } 429}
439 430
440static void write_ledword(unsigned char **out, unsigned int dw) 431static void
441 { 432write_ledword(unsigned char **out, unsigned int dw)
433{
442 unsigned char *p = *out; 434 unsigned char *p = *out;
435
443 *p++ = dw & 0xff; 436 *p++ = dw & 0xff;
444 *p++ = (dw>>8) & 0xff; 437 *p++ = (dw >> 8) & 0xff;
445 *p++ = (dw>>16) & 0xff; 438 *p++ = (dw >> 16) & 0xff;
446 *p++ = (dw>>24) & 0xff; 439 *p++ = (dw >> 24) & 0xff;
447 *out = p; 440 *out = p;
448 } 441}
449 442
450static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) 443static void
451 { 444write_lebn(unsigned char **out, const BIGNUM *bn, int len)
445{
452 int nb, i; 446 int nb, i;
453 unsigned char *p = *out, *q, c; 447 unsigned char *p = *out, *q, c;
448
454 nb = BN_num_bytes(bn); 449 nb = BN_num_bytes(bn);
455 BN_bn2bin(bn, p); 450 BN_bn2bin(bn, p);
456 q = p + nb - 1; 451 q = p + nb - 1;
457 /* In place byte order reversal */ 452 /* In place byte order reversal */
458 for (i = 0; i < nb/2; i++) 453 for (i = 0; i < nb / 2; i++) {
459 {
460 c = *p; 454 c = *p;
461 *p++ = *q; 455 *p++ = *q;
462 *q-- = c; 456 *q-- = c;
463 } 457 }
464 *out += nb; 458 *out += nb;
465 /* Pad with zeroes if we have to */ 459 /* Pad with zeroes if we have to */
466 if (len > 0) 460 if (len > 0) {
467 {
468 len -= nb; 461 len -= nb;
469 if (len > 0) 462 if (len > 0) {
470 {
471 memset(*out, 0, len); 463 memset(*out, 0, len);
472 *out += len; 464 *out += len;
473 }
474 } 465 }
475 } 466 }
467}
476 468
477 469
478static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); 470static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
@@ -480,40 +472,37 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
480 472
481static void write_rsa(unsigned char **out, RSA *rsa, int ispub); 473static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
482static void write_dsa(unsigned char **out, DSA *dsa, int ispub); 474static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
483 475
484static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) 476static int
485 { 477do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
478{
486 unsigned char *p; 479 unsigned char *p;
487 unsigned int bitlen, magic = 0, keyalg; 480 unsigned int bitlen, magic = 0, keyalg;
488 int outlen, noinc = 0; 481 int outlen, noinc = 0;
489 if (pk->type == EVP_PKEY_DSA) 482
490 { 483 if (pk->type == EVP_PKEY_DSA) {
491 bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); 484 bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
492 keyalg = MS_KEYALG_DSS_SIGN; 485 keyalg = MS_KEYALG_DSS_SIGN;
493 } 486 } else if (pk->type == EVP_PKEY_RSA) {
494 else if (pk->type == EVP_PKEY_RSA)
495 {
496 bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); 487 bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
497 keyalg = MS_KEYALG_RSA_KEYX; 488 keyalg = MS_KEYALG_RSA_KEYX;
498 } 489 } else
499 else
500 return -1; 490 return -1;
501 if (bitlen == 0) 491 if (bitlen == 0)
502 return -1; 492 return -1;
503 outlen = 16 + blob_length(bitlen, 493 outlen = 16 + blob_length(bitlen,
504 keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub); 494 keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
505 if (out == NULL) 495 if (out == NULL)
506 return outlen; 496 return outlen;
507 if (*out) 497 if (*out)
508 p = *out; 498 p = *out;
509 else 499 else {
510 {
511 p = malloc(outlen); 500 p = malloc(outlen);
512 if (!p) 501 if (!p)
513 return -1; 502 return -1;
514 *out = p; 503 *out = p;
515 noinc = 1; 504 noinc = 1;
516 } 505 }
517 if (ispub) 506 if (ispub)
518 *p++ = MS_PUBLICKEYBLOB; 507 *p++ = MS_PUBLICKEYBLOB;
519 else 508 else
@@ -531,12 +520,14 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
531 if (!noinc) 520 if (!noinc)
532 *out += outlen; 521 *out += outlen;
533 return outlen; 522 return outlen;
534 } 523}
535 524
536static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) 525static int
537 { 526do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
527{
538 unsigned char *tmp = NULL; 528 unsigned char *tmp = NULL;
539 int outlen, wrlen; 529 int outlen, wrlen;
530
540 outlen = do_i2b(&tmp, pk, ispub); 531 outlen = do_i2b(&tmp, pk, ispub);
541 if (outlen < 0) 532 if (outlen < 0)
542 return -1; 533 return -1;
@@ -545,72 +536,73 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
545 if (wrlen == outlen) 536 if (wrlen == outlen)
546 return outlen; 537 return outlen;
547 return -1; 538 return -1;
548 } 539}
549 540
550static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) 541static int
551 { 542check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
543{
552 int bitlen; 544 int bitlen;
545
553 bitlen = BN_num_bits(dsa->p); 546 bitlen = BN_num_bits(dsa->p);
554 if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) 547 if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) ||
555 || (BN_num_bits(dsa->g) > bitlen)) 548 (BN_num_bits(dsa->g) > bitlen))
556 goto badkey; 549 goto badkey;
557 if (ispub) 550 if (ispub) {
558 {
559 if (BN_num_bits(dsa->pub_key) > bitlen) 551 if (BN_num_bits(dsa->pub_key) > bitlen)
560 goto badkey; 552 goto badkey;
561 *pmagic = MS_DSS1MAGIC; 553 *pmagic = MS_DSS1MAGIC;
562 } 554 } else {
563 else
564 {
565 if (BN_num_bits(dsa->priv_key) > 160) 555 if (BN_num_bits(dsa->priv_key) > 160)
566 goto badkey; 556 goto badkey;
567 *pmagic = MS_DSS2MAGIC; 557 *pmagic = MS_DSS2MAGIC;
568 } 558 }
569 559
570 return bitlen; 560 return bitlen;
571 badkey: 561
562badkey:
572 PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); 563 PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
573 return 0; 564 return 0;
574 } 565}
575 566
576static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) 567static int
577 { 568check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
569{
578 int nbyte, hnbyte, bitlen; 570 int nbyte, hnbyte, bitlen;
571
579 if (BN_num_bits(rsa->e) > 32) 572 if (BN_num_bits(rsa->e) > 32)
580 goto badkey; 573 goto badkey;
581 bitlen = BN_num_bits(rsa->n); 574 bitlen = BN_num_bits(rsa->n);
582 nbyte = BN_num_bytes(rsa->n); 575 nbyte = BN_num_bytes(rsa->n);
583 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; 576 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
584 if (ispub) 577 if (ispub) {
585 {
586 *pmagic = MS_RSA1MAGIC; 578 *pmagic = MS_RSA1MAGIC;
587 return bitlen; 579 return bitlen;
588 } 580 } else {
589 else
590 {
591 *pmagic = MS_RSA2MAGIC; 581 *pmagic = MS_RSA2MAGIC;
592 /* For private key each component must fit within nbyte or 582 /* For private key each component must fit within nbyte or
593 * hnbyte. 583 * hnbyte.
594 */ 584 */
595 if (BN_num_bytes(rsa->d) > nbyte) 585 if (BN_num_bytes(rsa->d) > nbyte)
596 goto badkey; 586 goto badkey;
597 if ((BN_num_bytes(rsa->iqmp) > hnbyte) 587 if ((BN_num_bytes(rsa->iqmp) > hnbyte) ||
598 || (BN_num_bytes(rsa->p) > hnbyte) 588 (BN_num_bytes(rsa->p) > hnbyte) ||
599 || (BN_num_bytes(rsa->q) > hnbyte) 589 (BN_num_bytes(rsa->q) > hnbyte) ||
600 || (BN_num_bytes(rsa->dmp1) > hnbyte) 590 (BN_num_bytes(rsa->dmp1) > hnbyte) ||
601 || (BN_num_bytes(rsa->dmq1) > hnbyte)) 591 (BN_num_bytes(rsa->dmq1) > hnbyte))
602 goto badkey; 592 goto badkey;
603 } 593 }
604 return bitlen; 594 return bitlen;
605 badkey: 595
596badkey:
606 PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); 597 PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
607 return 0; 598 return 0;
608 } 599}
609
610 600
611static void write_rsa(unsigned char **out, RSA *rsa, int ispub) 601static void
612 { 602write_rsa(unsigned char **out, RSA *rsa, int ispub)
603{
613 int nbyte, hnbyte; 604 int nbyte, hnbyte;
605
614 nbyte = BN_num_bytes(rsa->n); 606 nbyte = BN_num_bytes(rsa->n);
615 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; 607 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
616 write_lebn(out, rsa->e, 4); 608 write_lebn(out, rsa->e, 4);
@@ -623,12 +615,13 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
623 write_lebn(out, rsa->dmq1, hnbyte); 615 write_lebn(out, rsa->dmq1, hnbyte);
624 write_lebn(out, rsa->iqmp, hnbyte); 616 write_lebn(out, rsa->iqmp, hnbyte);
625 write_lebn(out, rsa->d, nbyte); 617 write_lebn(out, rsa->d, nbyte);
626 } 618}
627 619
628 620static void
629static void write_dsa(unsigned char **out, DSA *dsa, int ispub) 621write_dsa(unsigned char **out, DSA *dsa, int ispub)
630 { 622{
631 int nbyte; 623 int nbyte;
624
632 nbyte = BN_num_bytes(dsa->p); 625 nbyte = BN_num_bytes(dsa->p);
633 write_lebn(out, dsa->p, nbyte); 626 write_lebn(out, dsa->p, nbyte);
634 write_lebn(out, dsa->q, 20); 627 write_lebn(out, dsa->q, 20);
@@ -641,52 +634,47 @@ static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
641 memset(*out, 0xff, 24); 634 memset(*out, 0xff, 24);
642 *out += 24; 635 *out += 24;
643 return; 636 return;
644 } 637}
645
646 638
647int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk) 639int
648 { 640i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
641{
649 return do_i2b_bio(out, pk, 0); 642 return do_i2b_bio(out, pk, 0);
650 } 643}
651 644
652int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk) 645int
653 { 646i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
647{
654 return do_i2b_bio(out, pk, 1); 648 return do_i2b_bio(out, pk, 1);
655 } 649}
656 650
657#ifndef OPENSSL_NO_RC4 651#ifndef OPENSSL_NO_RC4
658 652
659static int do_PVK_header(const unsigned char **in, unsigned int length, 653static int
660 int skip_magic, 654do_PVK_header(const unsigned char **in, unsigned int length, int skip_magic,
661 unsigned int *psaltlen, unsigned int *pkeylen) 655 unsigned int *psaltlen, unsigned int *pkeylen)
662 656{
663 {
664 const unsigned char *p = *in; 657 const unsigned char *p = *in;
665 unsigned int pvk_magic, is_encrypted; 658 unsigned int pvk_magic, is_encrypted;
666 if (skip_magic) 659
667 { 660 if (skip_magic) {
668 if (length < 20) 661 if (length < 20) {
669 {
670 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); 662 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
671 return 0; 663 return 0;
672 }
673 length -= 20;
674 } 664 }
675 else 665 length -= 20;
676 { 666 } else {
677 if (length < 24) 667 if (length < 24) {
678 {
679 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); 668 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
680 return 0; 669 return 0;
681 } 670 }
682 length -= 24; 671 length -= 24;
683 pvk_magic = read_ledword(&p); 672 pvk_magic = read_ledword(&p);
684 if (pvk_magic != MS_PVKMAGIC) 673 if (pvk_magic != MS_PVKMAGIC) {
685 {
686 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); 674 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
687 return 0; 675 return 0;
688 }
689 } 676 }
677 }
690 /* Skip reserved */ 678 /* Skip reserved */
691 p += 4; 679 p += 4;
692 /*keytype = */read_ledword(&p); 680 /*keytype = */read_ledword(&p);
@@ -694,64 +682,61 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
694 *psaltlen = read_ledword(&p); 682 *psaltlen = read_ledword(&p);
695 *pkeylen = read_ledword(&p); 683 *pkeylen = read_ledword(&p);
696 684
697 if (is_encrypted && !*psaltlen) 685 if (is_encrypted && !*psaltlen) {
698 {
699 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); 686 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
700 return 0; 687 return 0;
701 } 688 }
702 689
703 *in = p; 690 *in = p;
704 return 1; 691 return 1;
705 } 692}
706 693
707static int derive_pvk_key(unsigned char *key, 694static int
708 const unsigned char *salt, unsigned int saltlen, 695derive_pvk_key(unsigned char *key, const unsigned char *salt,
709 const unsigned char *pass, int passlen) 696 unsigned int saltlen, const unsigned char *pass, int passlen)
710 { 697{
711 EVP_MD_CTX mctx; 698 EVP_MD_CTX mctx;
712 int rv = 1; 699 int rv = 1;
700
713 EVP_MD_CTX_init(&mctx); 701 EVP_MD_CTX_init(&mctx);
714 if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) 702 if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) ||
715 || !EVP_DigestUpdate(&mctx, salt, saltlen) 703 !EVP_DigestUpdate(&mctx, salt, saltlen) ||
716 || !EVP_DigestUpdate(&mctx, pass, passlen) 704 !EVP_DigestUpdate(&mctx, pass, passlen) ||
717 || !EVP_DigestFinal_ex(&mctx, key, NULL)) 705 !EVP_DigestFinal_ex(&mctx, key, NULL))
718 rv = 0; 706 rv = 0;
719 707
720 EVP_MD_CTX_cleanup(&mctx); 708 EVP_MD_CTX_cleanup(&mctx);
721 return rv; 709 return rv;
722 } 710}
723
724 711
725static EVP_PKEY *do_PVK_body(const unsigned char **in, 712static EVP_PKEY *
726 unsigned int saltlen, unsigned int keylen, 713do_PVK_body(const unsigned char **in, unsigned int saltlen,
727 pem_password_cb *cb, void *u) 714 unsigned int keylen, pem_password_cb *cb, void *u)
728 { 715{
729 EVP_PKEY *ret = NULL; 716 EVP_PKEY *ret = NULL;
730 const unsigned char *p = *in; 717 const unsigned char *p = *in;
731 unsigned int magic; 718 unsigned int magic;
732 unsigned char *enctmp = NULL, *q; 719 unsigned char *enctmp = NULL, *q;
720
733 EVP_CIPHER_CTX cctx; 721 EVP_CIPHER_CTX cctx;
734 EVP_CIPHER_CTX_init(&cctx); 722 EVP_CIPHER_CTX_init(&cctx);
735 if (saltlen) 723 if (saltlen) {
736 {
737 char psbuf[PEM_BUFSIZE]; 724 char psbuf[PEM_BUFSIZE];
738 unsigned char keybuf[20]; 725 unsigned char keybuf[20];
739 int enctmplen, inlen; 726 int enctmplen, inlen;
740 if (cb) 727 if (cb)
741 inlen=cb(psbuf,PEM_BUFSIZE,0,u); 728 inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
742 else 729 else
743 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); 730 inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
744 if (inlen <= 0) 731 if (inlen <= 0) {
745 { 732 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
746 PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
747 return NULL; 733 return NULL;
748 } 734 }
749 enctmp = malloc(keylen + 8); 735 enctmp = malloc(keylen + 8);
750 if (!enctmp) 736 if (!enctmp) {
751 {
752 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); 737 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
753 return NULL; 738 return NULL;
754 } 739 }
755 if (!derive_pvk_key(keybuf, p, saltlen, 740 if (!derive_pvk_key(keybuf, p, saltlen,
756 (unsigned char *)psbuf, inlen)) { 741 (unsigned char *)psbuf, inlen)) {
757 free(enctmp); 742 free(enctmp);
@@ -770,88 +755,84 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
770 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) 755 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
771 goto err; 756 goto err;
772 magic = read_ledword((const unsigned char **)&q); 757 magic = read_ledword((const unsigned char **)&q);
773 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) 758 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
774 {
775 q = enctmp + 8; 759 q = enctmp + 8;
776 memset(keybuf + 5, 0, 11); 760 memset(keybuf + 5, 0, 11);
777 if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, 761 if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
778 NULL)) 762 NULL))
779 goto err; 763 goto err;
780 OPENSSL_cleanse(keybuf, 20); 764 OPENSSL_cleanse(keybuf, 20);
781 if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) 765 if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
782 goto err; 766 goto err;
783 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, 767 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
784 &enctmplen)) 768 &enctmplen))
785 goto err; 769 goto err;
786 magic = read_ledword((const unsigned char **)&q); 770 magic = read_ledword((const unsigned char **)&q);
787 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) 771 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
788 {
789 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); 772 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
790 goto err; 773 goto err;
791 }
792 } 774 }
793 else 775 } else
794 OPENSSL_cleanse(keybuf, 20); 776 OPENSSL_cleanse(keybuf, 20);
795 p = enctmp; 777 p = enctmp;
796 } 778 }
797 779
798 ret = b2i_PrivateKey(&p, keylen); 780 ret = b2i_PrivateKey(&p, keylen);
799 err: 781
782err:
800 EVP_CIPHER_CTX_cleanup(&cctx); 783 EVP_CIPHER_CTX_cleanup(&cctx);
801 if (enctmp && saltlen) 784 if (enctmp && saltlen)
802 free(enctmp); 785 free(enctmp);
803 return ret; 786 return ret;
804 } 787}
805 788
806 789
807EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) 790EVP_PKEY *
808 { 791b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
792{
809 unsigned char pvk_hdr[24], *buf = NULL; 793 unsigned char pvk_hdr[24], *buf = NULL;
810 const unsigned char *p; 794 const unsigned char *p;
811 int buflen; 795 int buflen;
812 EVP_PKEY *ret = NULL; 796 EVP_PKEY *ret = NULL;
813 unsigned int saltlen, keylen; 797 unsigned int saltlen, keylen;
814 if (BIO_read(in, pvk_hdr, 24) != 24) 798
815 { 799 if (BIO_read(in, pvk_hdr, 24) != 24) {
816 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); 800 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
817 return NULL; 801 return NULL;
818 } 802 }
819 p = pvk_hdr; 803 p = pvk_hdr;
820 804
821 if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) 805 if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
822 return 0; 806 return 0;
823 buflen = (int) keylen + saltlen; 807 buflen = (int) keylen + saltlen;
824 buf = malloc(buflen); 808 buf = malloc(buflen);
825 if (!buf) 809 if (!buf) {
826 {
827 PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); 810 PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
828 return 0; 811 return 0;
829 } 812 }
830 p = buf; 813 p = buf;
831 if (BIO_read(in, buf, buflen) != buflen) 814 if (BIO_read(in, buf, buflen) != buflen) {
832 {
833 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); 815 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
834 goto err; 816 goto err;
835 } 817 }
836 ret = do_PVK_body(&p, saltlen, keylen, cb, u); 818 ret = do_PVK_body(&p, saltlen, keylen, cb, u);
837 819
838 err: 820err:
839 if (buf) 821 if (buf) {
840 {
841 OPENSSL_cleanse(buf, buflen); 822 OPENSSL_cleanse(buf, buflen);
842 free(buf); 823 free(buf);
843 }
844 return ret;
845 } 824 }
825 return ret;
826}
846 827
847 828static int
848 829i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
849static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, 830 void *u)
850 pem_password_cb *cb, void *u) 831{
851 {
852 int outlen = 24, pklen; 832 int outlen = 24, pklen;
853 unsigned char *p, *salt = NULL; 833 unsigned char *p, *salt = NULL;
854 EVP_CIPHER_CTX cctx; 834 EVP_CIPHER_CTX cctx;
835
855 EVP_CIPHER_CTX_init(&cctx); 836 EVP_CIPHER_CTX_init(&cctx);
856 if (enclevel) 837 if (enclevel)
857 outlen += PVK_SALTLEN; 838 outlen += PVK_SALTLEN;
@@ -863,16 +844,14 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
863 return outlen; 844 return outlen;
864 if (*out) 845 if (*out)
865 p = *out; 846 p = *out;
866 else 847 else {
867 {
868 p = malloc(outlen); 848 p = malloc(outlen);
869 if (!p) 849 if (!p) {
870 { 850 PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
871 PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
872 return -1; 851 return -1;
873 }
874 *out = p;
875 } 852 }
853 *out = p;
854 }
876 855
877 write_ledword(&p, MS_PVKMAGIC); 856 write_ledword(&p, MS_PVKMAGIC);
878 write_ledword(&p, 0); 857 write_ledword(&p, 0);
@@ -881,34 +860,31 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
881 else 860 else
882 write_ledword(&p, MS_KEYTYPE_KEYX); 861 write_ledword(&p, MS_KEYTYPE_KEYX);
883 write_ledword(&p, enclevel ? 1 : 0); 862 write_ledword(&p, enclevel ? 1 : 0);
884 write_ledword(&p, enclevel ? PVK_SALTLEN: 0); 863 write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
885 write_ledword(&p, pklen); 864 write_ledword(&p, pklen);
886 if (enclevel) 865 if (enclevel) {
887 {
888 if (RAND_bytes(p, PVK_SALTLEN) <= 0) 866 if (RAND_bytes(p, PVK_SALTLEN) <= 0)
889 goto error; 867 goto error;
890 salt = p; 868 salt = p;
891 p += PVK_SALTLEN; 869 p += PVK_SALTLEN;
892 } 870 }
893 do_i2b(&p, pk, 0); 871 do_i2b(&p, pk, 0);
894 if (enclevel == 0) 872 if (enclevel == 0)
895 return outlen; 873 return outlen;
896 else 874 else {
897 {
898 char psbuf[PEM_BUFSIZE]; 875 char psbuf[PEM_BUFSIZE];
899 unsigned char keybuf[20]; 876 unsigned char keybuf[20];
900 int enctmplen, inlen; 877 int enctmplen, inlen;
901 if (cb) 878 if (cb)
902 inlen=cb(psbuf,PEM_BUFSIZE,1,u); 879 inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
903 else 880 else
904 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u); 881 inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
905 if (inlen <= 0) 882 if (inlen <= 0) {
906 { 883 PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
907 PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
908 goto error; 884 goto error;
909 } 885 }
910 if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, 886 if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
911 (unsigned char *)psbuf, inlen)) 887 (unsigned char *)psbuf, inlen))
912 goto error; 888 goto error;
913 if (enclevel == 1) 889 if (enclevel == 1)
914 memset(keybuf + 5, 0, 11); 890 memset(keybuf + 5, 0, 11);
@@ -920,32 +896,32 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
920 goto error; 896 goto error;
921 if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) 897 if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
922 goto error; 898 goto error;
923 } 899 }
924 EVP_CIPHER_CTX_cleanup(&cctx); 900 EVP_CIPHER_CTX_cleanup(&cctx);
925 return outlen; 901 return outlen;
926 902
927 error: 903error:
928 EVP_CIPHER_CTX_cleanup(&cctx); 904 EVP_CIPHER_CTX_cleanup(&cctx);
929 return -1; 905 return -1;
930 } 906}
931 907
932int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, 908int
933 pem_password_cb *cb, void *u) 909i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u)
934 { 910{
935 unsigned char *tmp = NULL; 911 unsigned char *tmp = NULL;
936 int outlen, wrlen; 912 int outlen, wrlen;
913
937 outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); 914 outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
938 if (outlen < 0) 915 if (outlen < 0)
939 return -1; 916 return -1;
940 wrlen = BIO_write(out, tmp, outlen); 917 wrlen = BIO_write(out, tmp, outlen);
941 free(tmp); 918 free(tmp);
942 if (wrlen == outlen) 919 if (wrlen == outlen) {
943 {
944 PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); 920 PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
945 return outlen; 921 return outlen;
946 }
947 return -1;
948 } 922 }
923 return -1;
924}
949 925
950#endif 926#endif
951 927
diff --git a/src/lib/libssl/src/crypto/pem/pem.h b/src/lib/libssl/src/crypto/pem/pem.h
index e27440330c..4af2db4b3c 100644
--- a/src/lib/libssl/src/crypto/pem/pem.h
+++ b/src/lib/libssl/src/crypto/pem/pem.h
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -139,12 +139,11 @@ extern "C" {
139 139
140 /* Note that this structure is initialised by PEM_SealInit and cleaned up 140 /* Note that this structure is initialised by PEM_SealInit and cleaned up
141 by PEM_SealFinal (at least for now) */ 141 by PEM_SealFinal (at least for now) */
142typedef struct PEM_Encode_Seal_st 142typedef struct PEM_Encode_Seal_st {
143 {
144 EVP_ENCODE_CTX encode; 143 EVP_ENCODE_CTX encode;
145 EVP_MD_CTX md; 144 EVP_MD_CTX md;
146 EVP_CIPHER_CTX cipher; 145 EVP_CIPHER_CTX cipher;
147 } PEM_ENCODE_SEAL_CTX; 146} PEM_ENCODE_SEAL_CTX;
148 147
149/* enc_type is one off */ 148/* enc_type is one off */
150#define PEM_TYPE_ENCRYPTED 10 149#define PEM_TYPE_ENCRYPTED 10
@@ -152,24 +151,22 @@ typedef struct PEM_Encode_Seal_st
152#define PEM_TYPE_MIC_CLEAR 30 151#define PEM_TYPE_MIC_CLEAR 30
153#define PEM_TYPE_CLEAR 40 152#define PEM_TYPE_CLEAR 40
154 153
155typedef struct pem_recip_st 154typedef struct pem_recip_st {
156 {
157 char *name; 155 char *name;
158 X509_NAME *dn; 156 X509_NAME *dn;
159 157
160 int cipher; 158 int cipher;
161 int key_enc; 159 int key_enc;
162 /* char iv[8]; unused and wrong size */ 160 /* char iv[8]; unused and wrong size */
163 } PEM_USER; 161} PEM_USER;
164 162
165typedef struct pem_ctx_st 163typedef struct pem_ctx_st {
166 {
167 int type; /* what type of object */ 164 int type; /* what type of object */
168 165
169 struct { 166 struct {
170 int version; 167 int version;
171 int mode; 168 int mode;
172 } proc_type; 169 } proc_type;
173 170
174 char *domain; 171 char *domain;
175 172
@@ -177,14 +174,14 @@ typedef struct pem_ctx_st
177 int cipher; 174 int cipher;
178 /* unused, and wrong size 175 /* unused, and wrong size
179 unsigned char iv[8]; */ 176 unsigned char iv[8]; */
180 } DEK_info; 177 } DEK_info;
181 178
182 PEM_USER *originator; 179 PEM_USER *originator;
183 180
184 int num_recipient; 181 int num_recipient;
185 PEM_USER **recipient; 182 PEM_USER **recipient;
186 183
187 /* XXX(ben): don#t think this is used! 184 /* XXX(ben): don#t think this is used!
188 STACK *x509_chain; / * certificate chain */ 185 STACK *x509_chain; / * certificate chain */
189 EVP_MD *md; /* signature type */ 186 EVP_MD *md; /* signature type */
190 187
@@ -198,11 +195,10 @@ typedef struct pem_ctx_st
198 /* unused, and wrong size 195 /* unused, and wrong size
199 unsigned char iv[8]; */ 196 unsigned char iv[8]; */
200 197
201
202 int data_enc; /* is the data encrypted */ 198 int data_enc; /* is the data encrypted */
203 int data_len; 199 int data_len;
204 unsigned char *data; 200 unsigned char *data;
205 } PEM_CTX; 201} PEM_CTX;
206 202
207/* These macros make the PEM_read/PEM_write functions easier to maintain and 203/* These macros make the PEM_read/PEM_write functions easier to maintain and
208 * write. Now they are all implemented with either: 204 * write. Now they are all implemented with either:
@@ -223,7 +219,7 @@ typedef struct pem_ctx_st
223type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ 219type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
224{ \ 220{ \
225return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ 221return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
226} 222}
227 223
228#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ 224#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
229int PEM_write_##name(FILE *fp, type *x) \ 225int PEM_write_##name(FILE *fp, type *x) \
@@ -289,23 +285,23 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
289 285
290#define IMPLEMENT_PEM_write(name, type, str, asn1) \ 286#define IMPLEMENT_PEM_write(name, type, str, asn1) \
291 IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ 287 IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
292 IMPLEMENT_PEM_write_fp(name, type, str, asn1) 288 IMPLEMENT_PEM_write_fp(name, type, str, asn1)
293 289
294#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ 290#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
295 IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ 291 IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
296 IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) 292 IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
297 293
298#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ 294#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
299 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ 295 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
300 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 296 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
301 297
302#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ 298#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
303 IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ 299 IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
304 IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) 300 IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
305 301
306#define IMPLEMENT_PEM_read(name, type, str, asn1) \ 302#define IMPLEMENT_PEM_read(name, type, str, asn1) \
307 IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ 303 IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
308 IMPLEMENT_PEM_read_fp(name, type, str, asn1) 304 IMPLEMENT_PEM_read_fp(name, type, str, asn1)
309 305
310#define IMPLEMENT_PEM_rw(name, type, str, asn1) \ 306#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
311 IMPLEMENT_PEM_read(name, type, str, asn1) \ 307 IMPLEMENT_PEM_read(name, type, str, asn1) \
@@ -369,7 +365,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
369 365
370#define DECLARE_PEM_write(name, type) \ 366#define DECLARE_PEM_write(name, type) \
371 DECLARE_PEM_write_bio(name, type) \ 367 DECLARE_PEM_write_bio(name, type) \
372 DECLARE_PEM_write_fp(name, type) 368 DECLARE_PEM_write_fp(name, type)
373 369
374#define DECLARE_PEM_write_const(name, type) \ 370#define DECLARE_PEM_write_const(name, type) \
375 DECLARE_PEM_write_bio_const(name, type) \ 371 DECLARE_PEM_write_bio_const(name, type) \
@@ -377,7 +373,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
377 373
378#define DECLARE_PEM_write_cb(name, type) \ 374#define DECLARE_PEM_write_cb(name, type) \
379 DECLARE_PEM_write_cb_bio(name, type) \ 375 DECLARE_PEM_write_cb_bio(name, type) \
380 DECLARE_PEM_write_cb_fp(name, type) 376 DECLARE_PEM_write_cb_fp(name, type)
381 377
382#define DECLARE_PEM_read(name, type) \ 378#define DECLARE_PEM_read(name, type) \
383 DECLARE_PEM_read_bio(name, type) \ 379 DECLARE_PEM_read_bio(name, type) \
@@ -404,50 +400,52 @@ typedef int pem_password_cb(char *buf, int size, int rwflag);
404#endif 400#endif
405 401
406int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); 402int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
407int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, 403int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
408 pem_password_cb *callback,void *u); 404 pem_password_cb *callback, void *u);
409 405
410#ifndef OPENSSL_NO_BIO 406#ifndef OPENSSL_NO_BIO
411int PEM_read_bio(BIO *bp, char **name, char **header, 407int PEM_read_bio(BIO *bp, char **name, char **header,
412 unsigned char **data,long *len); 408 unsigned char **data, long *len);
413int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, 409int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data,
414 long len); 410 long len);
415int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, 411int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
416 pem_password_cb *cb, void *u); 412 const char *name, BIO *bp, pem_password_cb *cb, void *u);
417void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, 413void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
418 void **x, pem_password_cb *cb, void *u); 414 void **x, pem_password_cb *cb, void *u);
419int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x, 415int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
420 const EVP_CIPHER *enc,unsigned char *kstr,int klen, 416 const EVP_CIPHER *enc, unsigned char *kstr, int klen,
421 pem_password_cb *cb, void *u); 417 pem_password_cb *cb, void *u);
422 418
423STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); 419STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp,
424int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, 420 STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
425 unsigned char *kstr, int klen, pem_password_cb *cd, void *u); 421int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
422 unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
426#endif 423#endif
427 424
428int PEM_read(FILE *fp, char **name, char **header, 425int PEM_read(FILE *fp, char **name, char **header,
429 unsigned char **data,long *len); 426 unsigned char **data, long *len);
430int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); 427int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data,
428 long len);
431void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, 429void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
432 pem_password_cb *cb, void *u); 430 pem_password_cb *cb, void *u);
433int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, 431int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
434 void *x,const EVP_CIPHER *enc,unsigned char *kstr, 432 void *x, const EVP_CIPHER *enc, unsigned char *kstr,
435 int klen,pem_password_cb *callback, void *u); 433 int klen, pem_password_cb *callback, void *u);
436STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, 434STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
437 pem_password_cb *cb, void *u); 435 pem_password_cb *cb, void *u);
438 436
439int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, 437int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
440 EVP_MD *md_type, unsigned char **ek, int *ekl, 438 EVP_MD *md_type, unsigned char **ek, int *ekl,
441 unsigned char *iv, EVP_PKEY **pubk, int npubk); 439 unsigned char *iv, EVP_PKEY **pubk, int npubk);
442void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, 440void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
443 unsigned char *in, int inl); 441 unsigned char *in, int inl);
444int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, 442int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
445 unsigned char *out, int *outl, EVP_PKEY *priv); 443 unsigned char *out, int *outl, EVP_PKEY *priv);
446 444
447void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); 445void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
448void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); 446void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
449int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, 447int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
450 unsigned int *siglen, EVP_PKEY *pkey); 448 unsigned int *siglen, EVP_PKEY *pkey);
451 449
452int PEM_def_callback(char *buf, int num, int w, void *key); 450int PEM_def_callback(char *buf, int num, int w, void *key);
453void PEM_proc_type(char *buf, int type); 451void PEM_proc_type(char *buf, int type);
@@ -509,32 +507,34 @@ DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
509DECLARE_PEM_rw(PUBKEY, EVP_PKEY) 507DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
510 508
511int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, 509int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
512 char *kstr, int klen, 510 char *kstr, int klen,
513 pem_password_cb *cb, void *u); 511 pem_password_cb *cb, void *u);
514int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, 512int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
515 char *, int, pem_password_cb *, void *); 513 char *, int, pem_password_cb *, void *);
516int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 514int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
517 char *kstr, int klen, 515 char *kstr, int klen,
518 pem_password_cb *cb, void *u); 516 pem_password_cb *cb, void *u);
519int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, 517int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
520 char *kstr, int klen, 518 char *kstr, int klen,
521 pem_password_cb *cb, void *u); 519 pem_password_cb *cb, void *u);
522EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); 520EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
521 void *u);
523 522
524int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 523int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
525 char *kstr, int klen, 524 char *kstr, int klen,
526 pem_password_cb *cb, void *u); 525 pem_password_cb *cb, void *u);
527int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, 526int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
528 char *kstr, int klen, 527 char *kstr, int klen,
529 pem_password_cb *cb, void *u); 528 pem_password_cb *cb, void *u);
530int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, 529int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
531 char *kstr, int klen, 530 char *kstr, int klen,
532 pem_password_cb *cb, void *u); 531 pem_password_cb *cb, void *u);
533 532
534EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); 533EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
534 void *u);
535 535
536int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, 536int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
537 char *kstr,int klen, pem_password_cb *cd, void *u); 537 char *kstr, int klen, pem_password_cb *cd, void *u);
538 538
539EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); 539EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
540int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); 540int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
@@ -548,8 +548,8 @@ int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
548int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); 548int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
549#ifndef OPENSSL_NO_RC4 549#ifndef OPENSSL_NO_RC4
550EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); 550EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
551int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, 551int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb,
552 pem_password_cb *cb, void *u); 552 void *u);
553#endif 553#endif
554 554
555 555
diff --git a/src/lib/libssl/src/crypto/pem/pem2.h b/src/lib/libssl/src/crypto/pem/pem2.h
index f31790d69c..84897d5ec3 100644
--- a/src/lib/libssl/src/crypto/pem/pem2.h
+++ b/src/lib/libssl/src/crypto/pem/pem2.h
@@ -6,7 +6,7 @@
6 * are met: 6 * are met:
7 * 7 *
8 * 1. Redistributions of source code must retain the above copyright 8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * 10 *
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in 12 * notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libssl/src/crypto/pem/pem_all.c b/src/lib/libssl/src/crypto/pem/pem_all.c
index 6ff6be7fbe..8b54d1a698 100644
--- a/src/lib/libssl/src/crypto/pem/pem_all.c
+++ b/src/lib/libssl/src/crypto/pem/pem_all.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -146,7 +146,7 @@ IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
146IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) 146IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
147 147
148IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, 148IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
149 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) 149 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
150 150
151 151
152#ifndef OPENSSL_NO_RSA 152#ifndef OPENSSL_NO_RSA
@@ -159,34 +159,40 @@ IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
159 * transparently. 159 * transparently.
160 */ 160 */
161 161
162static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) 162static RSA *
163pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
163{ 164{
164 RSA *rtmp; 165 RSA *rtmp;
165 if(!key) return NULL; 166
167 if (!key)
168 return NULL;
166 rtmp = EVP_PKEY_get1_RSA(key); 169 rtmp = EVP_PKEY_get1_RSA(key);
167 EVP_PKEY_free(key); 170 EVP_PKEY_free(key);
168 if(!rtmp) return NULL; 171 if (!rtmp)
169 if(rsa) { 172 return NULL;
173 if (rsa) {
170 RSA_free(*rsa); 174 RSA_free(*rsa);
171 *rsa = rtmp; 175 *rsa = rtmp;
172 } 176 }
173 return rtmp; 177 return rtmp;
174} 178}
175 179
176RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, 180RSA *
177 void *u) 181PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u)
178{ 182{
179 EVP_PKEY *pktmp; 183 EVP_PKEY *pktmp;
184
180 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); 185 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
181 return pkey_get_rsa(pktmp, rsa); 186 return pkey_get_rsa(pktmp, rsa);
182} 187}
183 188
184#ifndef OPENSSL_NO_FP_API 189#ifndef OPENSSL_NO_FP_API
185 190
186RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, 191RSA *
187 void *u) 192PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
188{ 193{
189 EVP_PKEY *pktmp; 194 EVP_PKEY *pktmp;
195
190 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); 196 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
191 return pkey_get_rsa(pktmp, rsa); 197 return pkey_get_rsa(pktmp, rsa);
192} 198}
@@ -202,24 +208,29 @@ IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
202 208
203#ifndef OPENSSL_NO_DSA 209#ifndef OPENSSL_NO_DSA
204 210
205static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) 211static DSA *
212pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
206{ 213{
207 DSA *dtmp; 214 DSA *dtmp;
208 if(!key) return NULL; 215
216 if (!key)
217 return NULL;
209 dtmp = EVP_PKEY_get1_DSA(key); 218 dtmp = EVP_PKEY_get1_DSA(key);
210 EVP_PKEY_free(key); 219 EVP_PKEY_free(key);
211 if(!dtmp) return NULL; 220 if (!dtmp)
212 if(dsa) { 221 return NULL;
222 if (dsa) {
213 DSA_free(*dsa); 223 DSA_free(*dsa);
214 *dsa = dtmp; 224 *dsa = dtmp;
215 } 225 }
216 return dtmp; 226 return dtmp;
217} 227}
218 228
219DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, 229DSA *
220 void *u) 230PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, void *u)
221{ 231{
222 EVP_PKEY *pktmp; 232 EVP_PKEY *pktmp;
233
223 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); 234 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
224 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ 235 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
225} 236}
@@ -230,10 +241,11 @@ IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
230 241
231#ifndef OPENSSL_NO_FP_API 242#ifndef OPENSSL_NO_FP_API
232 243
233DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, 244DSA *
234 void *u) 245PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
235{ 246{
236 EVP_PKEY *pktmp; 247 EVP_PKEY *pktmp;
248
237 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); 249 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
238 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ 250 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
239} 251}
@@ -246,43 +258,47 @@ IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
246 258
247 259
248#ifndef OPENSSL_NO_EC 260#ifndef OPENSSL_NO_EC
249static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) 261static EC_KEY *
262pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
250{ 263{
251 EC_KEY *dtmp; 264 EC_KEY *dtmp;
252 if(!key) return NULL; 265
266 if (!key)
267 return NULL;
253 dtmp = EVP_PKEY_get1_EC_KEY(key); 268 dtmp = EVP_PKEY_get1_EC_KEY(key);
254 EVP_PKEY_free(key); 269 EVP_PKEY_free(key);
255 if(!dtmp) return NULL; 270 if (!dtmp)
256 if(eckey) 271 return NULL;
257 { 272 if (eckey) {
258 EC_KEY_free(*eckey); 273 EC_KEY_free(*eckey);
259 *eckey = dtmp; 274 *eckey = dtmp;
260 } 275 }
261 return dtmp; 276 return dtmp;
262} 277}
263 278
264EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, 279EC_KEY *
265 void *u) 280PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, void *u)
266{ 281{
267 EVP_PKEY *pktmp; 282 EVP_PKEY *pktmp;
268 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); 283 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
269 return pkey_get_eckey(pktmp, key); /* will free pktmp */ 284 return pkey_get_eckey(pktmp, key); /* will free pktmp */
270} 285}
271 286
272IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) 287IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
288 ECPKParameters)
273 289
274 290IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
275 291 ECPrivateKey)
276IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
277 292
278IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) 293IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
279 294
280#ifndef OPENSSL_NO_FP_API 295#ifndef OPENSSL_NO_FP_API
281 296
282EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, 297EC_KEY *
283 void *u) 298PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, void *u)
284{ 299{
285 EVP_PKEY *pktmp; 300 EVP_PKEY *pktmp;
301
286 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); 302 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
287 return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ 303 return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
288} 304}
diff --git a/src/lib/libssl/src/crypto/pem/pem_err.c b/src/lib/libssl/src/crypto/pem/pem_err.c
index d644aeedd4..8fa292fa38 100644
--- a/src/lib/libssl/src/crypto/pem/pem_err.c
+++ b/src/lib/libssl/src/crypto/pem/pem_err.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,94 +68,91 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
70 70
71static ERR_STRING_DATA PEM_str_functs[]= 71static ERR_STRING_DATA PEM_str_functs[] = {
72 { 72 {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"},
73{ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"}, 73 {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
74{ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, 74 {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"},
75{ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"}, 75 {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"},
76{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"}, 76 {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"},
77{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"}, 77 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
78{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, 78 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
79{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, 79 {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"},
80{ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"}, 80 {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"},
81{ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"}, 81 {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"},
82{ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"}, 82 {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
83{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, 83 {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
84{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, 84 {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"},
85{ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"}, 85 {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
86{ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"}, 86 {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"},
87{ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"}, 87 {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
88{ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, 88 {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
89{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, 89 {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
90{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, 90 {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
91{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, 91 {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
92{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, 92 {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
93{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, 93 {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
94{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, 94 {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
95{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, 95 {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
96{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, 96 {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
97{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, 97 {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
98{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, 98 {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
99{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, 99 {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
100{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, 100 {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
101{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, 101 {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
102{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, 102 {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
103{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, 103 {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
104{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, 104 {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
105{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, 105 {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
106{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, 106 {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
107{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, 107 {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
108{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, 108 {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"},
109{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"}, 109 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
110{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, 110 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
111{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, 111 {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
112{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, 112 {0, NULL}
113{0,NULL} 113};
114 };
115 114
116static ERR_STRING_DATA PEM_str_reasons[]= 115static ERR_STRING_DATA PEM_str_reasons[] = {
117 { 116 {ERR_REASON(PEM_R_BAD_BASE64_DECODE) , "bad base64 decode"},
118{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"}, 117 {ERR_REASON(PEM_R_BAD_DECRYPT) , "bad decrypt"},
119{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, 118 {ERR_REASON(PEM_R_BAD_END_LINE) , "bad end line"},
120{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, 119 {ERR_REASON(PEM_R_BAD_IV_CHARS) , "bad iv chars"},
121{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, 120 {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) , "bad magic number"},
122{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) ,"bad magic number"}, 121 {ERR_REASON(PEM_R_BAD_PASSWORD_READ) , "bad password read"},
123{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, 122 {ERR_REASON(PEM_R_BAD_VERSION_NUMBER) , "bad version number"},
124{ERR_REASON(PEM_R_BAD_VERSION_NUMBER) ,"bad version number"}, 123 {ERR_REASON(PEM_R_BIO_WRITE_FAILURE) , "bio write failure"},
125{ERR_REASON(PEM_R_BIO_WRITE_FAILURE) ,"bio write failure"}, 124 {ERR_REASON(PEM_R_CIPHER_IS_NULL) , "cipher is null"},
126{ERR_REASON(PEM_R_CIPHER_IS_NULL) ,"cipher is null"}, 125 {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY), "error converting private key"},
127{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, 126 {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB), "expecting private key blob"},
128{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"}, 127 {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), "expecting public key blob"},
129{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"}, 128 {ERR_REASON(PEM_R_INCONSISTENT_HEADER) , "inconsistent header"},
130{ERR_REASON(PEM_R_INCONSISTENT_HEADER) ,"inconsistent header"}, 129 {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), "keyblob header parse error"},
131{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"}, 130 {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) , "keyblob too short"},
132{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) ,"keyblob too short"}, 131 {ERR_REASON(PEM_R_NOT_DEK_INFO) , "not dek info"},
133{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, 132 {ERR_REASON(PEM_R_NOT_ENCRYPTED) , "not encrypted"},
134{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, 133 {ERR_REASON(PEM_R_NOT_PROC_TYPE) , "not proc type"},
135{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, 134 {ERR_REASON(PEM_R_NO_START_LINE) , "no start line"},
136{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, 135 {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), "problems getting password"},
137{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, 136 {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) , "public key no rsa"},
138{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, 137 {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) , "pvk data too short"},
139{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) ,"pvk data too short"}, 138 {ERR_REASON(PEM_R_PVK_TOO_SHORT) , "pvk too short"},
140{ERR_REASON(PEM_R_PVK_TOO_SHORT) ,"pvk too short"}, 139 {ERR_REASON(PEM_R_READ_KEY) , "read key"},
141{ERR_REASON(PEM_R_READ_KEY) ,"read key"}, 140 {ERR_REASON(PEM_R_SHORT_HEADER) , "short header"},
142{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, 141 {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) , "unsupported cipher"},
143{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, 142 {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
144{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, 143 {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS), "unsupported key components"},
145{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"}, 144 {0, NULL}
146{0,NULL} 145};
147 };
148 146
149#endif 147#endif
150 148
151void ERR_load_PEM_strings(void) 149void
152 { 150ERR_load_PEM_strings(void)
151{
153#ifndef OPENSSL_NO_ERR 152#ifndef OPENSSL_NO_ERR
154 153 if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
155 if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) 154 ERR_load_strings(0, PEM_str_functs);
156 { 155 ERR_load_strings(0, PEM_str_reasons);
157 ERR_load_strings(0,PEM_str_functs);
158 ERR_load_strings(0,PEM_str_reasons);
159 }
160#endif
161 } 156 }
157#endif
158}
diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c
index 4351260dfb..967d6d2d41 100644
--- a/src/lib/libssl/src/crypto/pem/pem_info.c
+++ b/src/lib/libssl/src/crypto/pem/pem_info.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -71,324 +71,315 @@
71#endif 71#endif
72 72
73#ifndef OPENSSL_NO_FP_API 73#ifndef OPENSSL_NO_FP_API
74STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) 74STACK_OF(X509_INFO) *
75 { 75PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
76 BIO *b; 76 void *u)
77 STACK_OF(X509_INFO) *ret; 77{
78 BIO *b;
79 STACK_OF(X509_INFO) *ret;
78 80
79 if ((b=BIO_new(BIO_s_file())) == NULL) 81 if ((b = BIO_new(BIO_s_file())) == NULL) {
80 { 82 PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
81 PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB); 83 return (0);
82 return(0);
83 }
84 BIO_set_fp(b,fp,BIO_NOCLOSE);
85 ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
86 BIO_free(b);
87 return(ret);
88 } 84 }
85 BIO_set_fp(b, fp, BIO_NOCLOSE);
86 ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
87 BIO_free(b);
88 return (ret);
89}
89#endif 90#endif
90 91
91STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) 92STACK_OF(X509_INFO) *
92 { 93PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
93 X509_INFO *xi=NULL; 94 void *u)
94 char *name=NULL,*header=NULL; 95{
96 X509_INFO *xi = NULL;
97 char *name = NULL, *header = NULL;
95 void *pp; 98 void *pp;
96 unsigned char *data=NULL; 99 unsigned char *data = NULL;
97 const unsigned char *p; 100 const unsigned char *p;
98 long len,error=0; 101 long len, error = 0;
99 int ok=0; 102 int ok = 0;
100 STACK_OF(X509_INFO) *ret=NULL; 103 STACK_OF(X509_INFO) *ret = NULL;
101 unsigned int i,raw,ptype; 104 unsigned int i, raw, ptype;
102 d2i_of_void *d2i = 0; 105 d2i_of_void *d2i = 0;
103 106
104 if (sk == NULL) 107 if (sk == NULL) {
105 { 108 if ((ret = sk_X509_INFO_new_null()) == NULL) {
106 if ((ret=sk_X509_INFO_new_null()) == NULL) 109 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,
107 { 110 ERR_R_MALLOC_FAILURE);
108 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
109 goto err; 111 goto err;
110 }
111 } 112 }
112 else 113 } else
113 ret=sk; 114 ret = sk;
114 115
115 if ((xi=X509_INFO_new()) == NULL) goto err; 116 if ((xi = X509_INFO_new()) == NULL)
116 for (;;) 117 goto err;
117 { 118 for (;;) {
118 raw=0; 119 raw = 0;
119 ptype = 0; 120 ptype = 0;
120 i=PEM_read_bio(bp,&name,&header,&data,&len); 121 i = PEM_read_bio(bp, &name, &header, &data, &len);
121 if (i == 0) 122 if (i == 0) {
122 { 123 error = ERR_GET_REASON(ERR_peek_last_error());
123 error=ERR_GET_REASON(ERR_peek_last_error()); 124 if (error == PEM_R_NO_START_LINE) {
124 if (error == PEM_R_NO_START_LINE)
125 {
126 ERR_clear_error(); 125 ERR_clear_error();
127 break; 126 break;
128 }
129 goto err;
130 } 127 }
128 goto err;
129 }
131start: 130start:
132 if ( (strcmp(name,PEM_STRING_X509) == 0) || 131 if ((strcmp(name, PEM_STRING_X509) == 0) ||
133 (strcmp(name,PEM_STRING_X509_OLD) == 0)) 132 (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
134 { 133 d2i = (D2I_OF(void))d2i_X509;
135 d2i=(D2I_OF(void))d2i_X509; 134 if (xi->x509 != NULL) {
136 if (xi->x509 != NULL) 135 if (!sk_X509_INFO_push(ret, xi))
137 { 136 goto err;
138 if (!sk_X509_INFO_push(ret,xi)) goto err; 137 if ((xi = X509_INFO_new()) == NULL)
139 if ((xi=X509_INFO_new()) == NULL) goto err; 138 goto err;
140 goto start; 139 goto start;
141 }
142 pp=&(xi->x509);
143 } 140 }
144 else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) 141 pp = &(xi->x509);
145 { 142 } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
146 d2i=(D2I_OF(void))d2i_X509_AUX; 143 d2i = (D2I_OF(void))d2i_X509_AUX;
147 if (xi->x509 != NULL) 144 if (xi->x509 != NULL) {
148 { 145 if (!sk_X509_INFO_push(ret, xi))
149 if (!sk_X509_INFO_push(ret,xi)) goto err; 146 goto err;
150 if ((xi=X509_INFO_new()) == NULL) goto err; 147 if ((xi = X509_INFO_new()) == NULL)
148 goto err;
151 goto start; 149 goto start;
152 }
153 pp=&(xi->x509);
154 } 150 }
155 else if (strcmp(name,PEM_STRING_X509_CRL) == 0) 151 pp = &(xi->x509);
156 { 152 } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
157 d2i=(D2I_OF(void))d2i_X509_CRL; 153 d2i = (D2I_OF(void))d2i_X509_CRL;
158 if (xi->crl != NULL) 154 if (xi->crl != NULL) {
159 { 155 if (!sk_X509_INFO_push(ret, xi))
160 if (!sk_X509_INFO_push(ret,xi)) goto err; 156 goto err;
161 if ((xi=X509_INFO_new()) == NULL) goto err; 157 if ((xi = X509_INFO_new()) == NULL)
158 goto err;
162 goto start; 159 goto start;
163 }
164 pp=&(xi->crl);
165 } 160 }
166 else 161 pp = &(xi->crl);
162 } else
167#ifndef OPENSSL_NO_RSA 163#ifndef OPENSSL_NO_RSA
168 if (strcmp(name,PEM_STRING_RSA) == 0) 164 if (strcmp(name, PEM_STRING_RSA) == 0) {
169 { 165 d2i = (D2I_OF(void))d2i_RSAPrivateKey;
170 d2i=(D2I_OF(void))d2i_RSAPrivateKey; 166 if (xi->x_pkey != NULL) {
171 if (xi->x_pkey != NULL) 167 if (!sk_X509_INFO_push(ret, xi))
172 { 168 goto err;
173 if (!sk_X509_INFO_push(ret,xi)) goto err; 169 if ((xi = X509_INFO_new()) == NULL)
174 if ((xi=X509_INFO_new()) == NULL) goto err; 170 goto err;
175 goto start; 171 goto start;
176 } 172 }
177 173
178 xi->enc_data=NULL; 174 xi->enc_data = NULL;
179 xi->enc_len=0; 175 xi->enc_len = 0;
180 176
181 xi->x_pkey=X509_PKEY_new(); 177 xi->x_pkey = X509_PKEY_new();
182 ptype=EVP_PKEY_RSA; 178 ptype = EVP_PKEY_RSA;
183 pp=&xi->x_pkey->dec_pkey; 179 pp = &xi->x_pkey->dec_pkey;
184 if ((int)strlen(header) > 10) /* assume encrypted */ 180 if ((int)strlen(header) > 10) /* assume encrypted */
185 raw=1; 181 raw = 1;
186 } 182 } else
187 else
188#endif 183#endif
189#ifndef OPENSSL_NO_DSA 184#ifndef OPENSSL_NO_DSA
190 if (strcmp(name,PEM_STRING_DSA) == 0) 185 if (strcmp(name, PEM_STRING_DSA) == 0) {
191 { 186 d2i = (D2I_OF(void))d2i_DSAPrivateKey;
192 d2i=(D2I_OF(void))d2i_DSAPrivateKey; 187 if (xi->x_pkey != NULL) {
193 if (xi->x_pkey != NULL) 188 if (!sk_X509_INFO_push(ret, xi))
194 { 189 goto err;
195 if (!sk_X509_INFO_push(ret,xi)) goto err; 190 if ((xi = X509_INFO_new()) == NULL)
196 if ((xi=X509_INFO_new()) == NULL) goto err; 191 goto err;
197 goto start; 192 goto start;
198 } 193 }
199 194
200 xi->enc_data=NULL; 195 xi->enc_data = NULL;
201 xi->enc_len=0; 196 xi->enc_len = 0;
202 197
203 xi->x_pkey=X509_PKEY_new(); 198 xi->x_pkey = X509_PKEY_new();
204 ptype = EVP_PKEY_DSA; 199 ptype = EVP_PKEY_DSA;
205 pp=&xi->x_pkey->dec_pkey; 200 pp = &xi->x_pkey->dec_pkey;
206 if ((int)strlen(header) > 10) /* assume encrypted */ 201 if ((int)strlen(header) > 10) /* assume encrypted */
207 raw=1; 202 raw = 1;
208 } 203 } else
209 else
210#endif 204#endif
211#ifndef OPENSSL_NO_EC 205#ifndef OPENSSL_NO_EC
212 if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0) 206 if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
213 { 207 d2i = (D2I_OF(void))d2i_ECPrivateKey;
214 d2i=(D2I_OF(void))d2i_ECPrivateKey; 208 if (xi->x_pkey != NULL) {
215 if (xi->x_pkey != NULL) 209 if (!sk_X509_INFO_push(ret, xi))
216 { 210 goto err;
217 if (!sk_X509_INFO_push(ret,xi)) goto err; 211 if ((xi = X509_INFO_new()) == NULL)
218 if ((xi=X509_INFO_new()) == NULL) goto err; 212 goto err;
219 goto start; 213 goto start;
220 }
221
222 xi->enc_data=NULL;
223 xi->enc_len=0;
224
225 xi->x_pkey=X509_PKEY_new();
226 ptype = EVP_PKEY_EC;
227 pp=&xi->x_pkey->dec_pkey;
228 if ((int)strlen(header) > 10) /* assume encrypted */
229 raw=1;
230 } 214 }
231 else 215
216 xi->enc_data = NULL;
217 xi->enc_len = 0;
218
219 xi->x_pkey = X509_PKEY_new();
220 ptype = EVP_PKEY_EC;
221 pp = &xi->x_pkey->dec_pkey;
222 if ((int)strlen(header) > 10) /* assume encrypted */
223 raw = 1;
224 } else
232#endif 225#endif
233 { 226 {
234 d2i=NULL; 227 d2i = NULL;
235 pp=NULL; 228 pp = NULL;
236 } 229 }
237 230
238 if (d2i != NULL) 231 if (d2i != NULL) {
239 { 232 if (!raw) {
240 if (!raw)
241 {
242 EVP_CIPHER_INFO cipher; 233 EVP_CIPHER_INFO cipher;
243 234
244 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) 235 if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
245 goto err; 236 goto err;
246 if (!PEM_do_header(&cipher,data,&len,cb,u)) 237 if (!PEM_do_header(&cipher, data, &len, cb, u))
247 goto err; 238 goto err;
248 p=data; 239 p = data;
249 if (ptype) 240 if (ptype) {
250 { 241 if (!d2i_PrivateKey(ptype, pp, &p,
251 if (!d2i_PrivateKey(ptype, pp, &p, len)) 242 len)) {
252 { 243 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
253 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
254 goto err; 244 goto err;
255 }
256 } 245 }
257 else if (d2i(pp,&p,len) == NULL) 246 } else if (d2i(pp, &p, len) == NULL) {
258 { 247 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
259 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
260 goto err; 248 goto err;
261 }
262 } 249 }
263 else 250 } else { /* encrypted RSA data */
264 { /* encrypted RSA data */
265 if (!PEM_get_EVP_CIPHER_INFO(header, 251 if (!PEM_get_EVP_CIPHER_INFO(header,
266 &xi->enc_cipher)) goto err; 252 &xi->enc_cipher))
267 xi->enc_data=(char *)data; 253 goto err;
268 xi->enc_len=(int)len; 254 xi->enc_data = (char *)data;
269 data=NULL; 255 xi->enc_len = (int)len;
270 } 256 data = NULL;
271 } 257 }
272 else { 258 } else {
273 /* unknown */ 259 /* unknown */
274 }
275 if (name != NULL) free(name);
276 if (header != NULL) free(header);
277 if (data != NULL) free(data);
278 name=NULL;
279 header=NULL;
280 data=NULL;
281 } 260 }
261 if (name != NULL)
262 free(name);
263 if (header != NULL)
264 free(header);
265 if (data != NULL)
266 free(data);
267 name = NULL;
268 header = NULL;
269 data = NULL;
270 }
282 271
283 /* if the last one hasn't been pushed yet and there is anything 272 /* if the last one hasn't been pushed yet and there is anything
284 * in it then add it to the stack ... 273 * in it then add it to the stack ...
285 */ 274 */
286 if ((xi->x509 != NULL) || (xi->crl != NULL) || 275 if ((xi->x509 != NULL) || (xi->crl != NULL) ||
287 (xi->x_pkey != NULL) || (xi->enc_data != NULL)) 276 (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
288 { 277 if (!sk_X509_INFO_push(ret, xi))
289 if (!sk_X509_INFO_push(ret,xi)) goto err; 278 goto err;
290 xi=NULL; 279 xi = NULL;
291 } 280 }
292 ok=1; 281 ok = 1;
282
293err: 283err:
294 if (xi != NULL) X509_INFO_free(xi); 284 if (xi != NULL)
295 if (!ok) 285 X509_INFO_free(xi);
296 { 286 if (!ok) {
297 for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++) 287 for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
298 { 288 xi = sk_X509_INFO_value(ret, i);
299 xi=sk_X509_INFO_value(ret,i);
300 X509_INFO_free(xi); 289 X509_INFO_free(xi);
301 }
302 if (ret != sk) sk_X509_INFO_free(ret);
303 ret=NULL;
304 } 290 }
305 291 if (ret != sk)
306 if (name != NULL) free(name); 292 sk_X509_INFO_free(ret);
307 if (header != NULL) free(header); 293 ret = NULL;
308 if (data != NULL) free(data);
309 return(ret);
310 } 294 }
311 295
296 if (name != NULL)
297 free(name);
298 if (header != NULL)
299 free(header);
300 if (data != NULL)
301 free(data);
302 return (ret);
303}
304
312 305
313/* A TJH addition */ 306/* A TJH addition */
314int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, 307int
315 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) 308PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
316 { 309 unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
310{
317 EVP_CIPHER_CTX ctx; 311 EVP_CIPHER_CTX ctx;
318 int i,ret=0; 312 int i, ret = 0;
319 unsigned char *data=NULL; 313 unsigned char *data = NULL;
320 const char *objstr=NULL; 314 const char *objstr = NULL;
321 char buf[PEM_BUFSIZE]; 315 char buf[PEM_BUFSIZE];
322 unsigned char *iv=NULL; 316 unsigned char *iv = NULL;
323 317
324 if (enc != NULL) 318 if (enc != NULL) {
325 { 319 objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
326 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); 320 if (objstr == NULL) {
327 if (objstr == NULL) 321 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
328 { 322 PEM_R_UNSUPPORTED_CIPHER);
329 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
330 goto err; 323 goto err;
331 }
332 } 324 }
325 }
333 326
334 /* now for the fun part ... if we have a private key then 327 /* now for the fun part ... if we have a private key then
335 * we have to be able to handle a not-yet-decrypted key 328 * we have to be able to handle a not-yet-decrypted key
336 * being written out correctly ... if it is decrypted or 329 * being written out correctly ... if it is decrypted or
337 * it is non-encrypted then we use the base code 330 * it is non-encrypted then we use the base code
338 */ 331 */
339 if (xi->x_pkey!=NULL) 332 if (xi->x_pkey != NULL) {
340 { 333 if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) {
341 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) 334 if (enc == NULL) {
342 { 335 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
343 if (enc == NULL) 336 PEM_R_CIPHER_IS_NULL);
344 {
345 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL);
346 goto err; 337 goto err;
347 } 338 }
348 339
349 /* copy from weirdo names into more normal things */ 340 /* copy from weirdo names into more normal things */
350 iv=xi->enc_cipher.iv; 341 iv = xi->enc_cipher.iv;
351 data=(unsigned char *)xi->enc_data; 342 data = (unsigned char *)xi->enc_data;
352 i=xi->enc_len; 343 i = xi->enc_len;
353 344
354 /* we take the encryption data from the 345 /* we take the encryption data from the
355 * internal stuff rather than what the 346 * internal stuff rather than what the
356 * user has passed us ... as we have to 347 * user has passed us ... as we have to
357 * match exactly for some strange reason 348 * match exactly for some strange reason
358 */ 349 */
359 objstr=OBJ_nid2sn( 350 objstr = OBJ_nid2sn(
360 EVP_CIPHER_nid(xi->enc_cipher.cipher)); 351 EVP_CIPHER_nid(xi->enc_cipher.cipher));
361 if (objstr == NULL) 352 if (objstr == NULL) {
362 { 353 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
363 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); 354 PEM_R_UNSUPPORTED_CIPHER);
364 goto err; 355 goto err;
365 } 356 }
366 357
367 /* create the right magic header stuff */ 358 /* create the right magic header stuff */
368 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); 359 OPENSSL_assert(strlen(objstr) + 23 +
369 buf[0]='\0'; 360 2 * enc->iv_len + 13 <= sizeof buf);
370 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); 361 buf[0] = '\0';
371 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); 362 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
363 PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
372 364
373 /* use the normal code to write things out */ 365 /* use the normal code to write things out */
374 i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); 366 i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
375 if (i <= 0) goto err; 367 if (i <= 0)
376 } 368 goto err;
377 else 369 } else {
378 {
379 /* Add DSA/DH */ 370 /* Add DSA/DH */
380#ifndef OPENSSL_NO_RSA 371#ifndef OPENSSL_NO_RSA
381 /* normal optionally encrypted stuff */ 372 /* normal optionally encrypted stuff */
382 if (PEM_write_bio_RSAPrivateKey(bp, 373 if (PEM_write_bio_RSAPrivateKey(bp,
383 xi->x_pkey->dec_pkey->pkey.rsa, 374 xi->x_pkey->dec_pkey->pkey.rsa,
384 enc,kstr,klen,cb,u)<=0) 375 enc, kstr, klen, cb, u) <= 0)
385 goto err; 376 goto err;
386#endif 377#endif
387 }
388 } 378 }
379 }
389 380
390 /* if we have a certificate then write it out now */ 381 /* if we have a certificate then write it out now */
391 if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0)) 382 if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
392 goto err; 383 goto err;
393 384
394 /* we are ignoring anything else that is loaded into the X509_INFO 385 /* we are ignoring anything else that is loaded into the X509_INFO
@@ -397,10 +388,10 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
397 * base library --tjh 388 * base library --tjh
398 */ 389 */
399 390
400 ret=1; 391 ret = 1;
401 392
402err: 393err:
403 OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); 394 OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
404 OPENSSL_cleanse(buf,PEM_BUFSIZE); 395 OPENSSL_cleanse(buf, PEM_BUFSIZE);
405 return(ret); 396 return (ret);
406 } 397}
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index 93736455fa..9d5d8e714c 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -74,132 +74,132 @@
74#include <openssl/engine.h> 74#include <openssl/engine.h>
75#endif 75#endif
76 76
77const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; 77const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT;
78 78
79#define MIN_LENGTH 4 79#define MIN_LENGTH 4
80 80
81static int load_iv(char **fromp,unsigned char *to, int num); 81static int load_iv(char **fromp, unsigned char *to, int num);
82static int check_pem(const char *nm, const char *name); 82static int check_pem(const char *nm, const char *name);
83int pem_check_suffix(const char *pem_str, const char *suffix); 83int pem_check_suffix(const char *pem_str, const char *suffix);
84 84
85int PEM_def_callback(char *buf, int num, int w, void *key) 85int
86 { 86PEM_def_callback(char *buf, int num, int w, void *key)
87{
87#ifdef OPENSSL_NO_FP_API 88#ifdef OPENSSL_NO_FP_API
88 /* We should not ever call the default callback routine from 89 /* We should not ever call the default callback routine from
89 * windows. */ 90 * windows. */
90 PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 91 PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
91 return(-1); 92 return (-1);
92#else 93#else
93 int i,j; 94 int i, j;
94 const char *prompt; 95 const char *prompt;
95 if(key) { 96
96 i=strlen(key); 97 if (key) {
97 i=(i > num)?num:i; 98 i = strlen(key);
98 memcpy(buf,key,i); 99 i = (i > num) ? num : i;
99 return(i); 100 memcpy(buf, key, i);
101 return (i);
100 } 102 }
101 103
102 prompt=EVP_get_pw_prompt(); 104 prompt = EVP_get_pw_prompt();
103 if (prompt == NULL) 105 if (prompt == NULL)
104 prompt="Enter PEM pass phrase:"; 106 prompt = "Enter PEM pass phrase:";
105 107
106 for (;;) 108 for (;;) {
107 { 109 i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
108 i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w); 110 if (i != 0) {
109 if (i != 0) 111 PEMerr(PEM_F_PEM_DEF_CALLBACK,
110 { 112 PEM_R_PROBLEMS_GETTING_PASSWORD);
111 PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); 113 memset(buf, 0, (unsigned int)num);
112 memset(buf,0,(unsigned int)num); 114 return (-1);
113 return(-1); 115 }
114 } 116 j = strlen(buf);
115 j=strlen(buf); 117 if (j < MIN_LENGTH) {
116 if (j < MIN_LENGTH) 118 fprintf(stderr, "phrase is too short, needs to be at least %d chars\n", MIN_LENGTH);
117 { 119 } else
118 fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
119 }
120 else
121 break; 120 break;
122 }
123 return(j);
124#endif
125 } 121 }
122 return (j);
123#endif
124}
126 125
127void PEM_proc_type(char *buf, int type) 126void
128 { 127PEM_proc_type(char *buf, int type)
128{
129 const char *str; 129 const char *str;
130 130
131 if (type == PEM_TYPE_ENCRYPTED) 131 if (type == PEM_TYPE_ENCRYPTED)
132 str="ENCRYPTED"; 132 str = "ENCRYPTED";
133 else if (type == PEM_TYPE_MIC_CLEAR) 133 else if (type == PEM_TYPE_MIC_CLEAR)
134 str="MIC-CLEAR"; 134 str = "MIC-CLEAR";
135 else if (type == PEM_TYPE_MIC_ONLY) 135 else if (type == PEM_TYPE_MIC_ONLY)
136 str="MIC-ONLY"; 136 str = "MIC-ONLY";
137 else 137 else
138 str="BAD-TYPE"; 138 str = "BAD-TYPE";
139 139
140 strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); 140 strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
141 strlcat(buf,str,PEM_BUFSIZE); 141 strlcat(buf, str, PEM_BUFSIZE);
142 strlcat(buf,"\n",PEM_BUFSIZE); 142 strlcat(buf, "\n", PEM_BUFSIZE);
143 } 143}
144 144
145void PEM_dek_info(char *buf, const char *type, int len, char *str) 145void
146 { 146PEM_dek_info(char *buf, const char *type, int len, char *str)
147 static const unsigned char map[17]="0123456789ABCDEF"; 147{
148 static const unsigned char map[17] = "0123456789ABCDEF";
148 long i; 149 long i;
149 int j; 150 int j;
150 151
151 strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); 152 strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
152 strlcat(buf,type,PEM_BUFSIZE); 153 strlcat(buf, type, PEM_BUFSIZE);
153 strlcat(buf,",",PEM_BUFSIZE); 154 strlcat(buf, ",", PEM_BUFSIZE);
154 j=strlen(buf); 155 j = strlen(buf);
155 if (j + (len * 2) + 1 > PEM_BUFSIZE) 156 if (j + (len * 2) + 1 > PEM_BUFSIZE)
156 return; 157 return;
157 for (i=0; i<len; i++) 158 for (i = 0; i < len; i++) {
158 { 159 buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
159 buf[j+i*2] =map[(str[i]>>4)&0x0f]; 160 buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
160 buf[j+i*2+1]=map[(str[i] )&0x0f];
161 }
162 buf[j+i*2]='\n';
163 buf[j+i*2+1]='\0';
164 } 161 }
162 buf[j + i * 2] = '\n';
163 buf[j + i * 2 + 1] = '\0';
164}
165 165
166#ifndef OPENSSL_NO_FP_API 166#ifndef OPENSSL_NO_FP_API
167void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, 167void *
168 pem_password_cb *cb, void *u) 168PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
169 { 169 pem_password_cb *cb, void *u)
170 BIO *b; 170{
171 void *ret; 171 BIO *b;
172 172 void *ret;
173 if ((b=BIO_new(BIO_s_file())) == NULL) 173
174 { 174 if ((b = BIO_new(BIO_s_file())) == NULL) {
175 PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); 175 PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
176 return(0); 176 return (0);
177 }
178 BIO_set_fp(b,fp,BIO_NOCLOSE);
179 ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
180 BIO_free(b);
181 return(ret);
182 } 177 }
178 BIO_set_fp(b, fp, BIO_NOCLOSE);
179 ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
180 BIO_free(b);
181 return (ret);
182}
183#endif 183#endif
184 184
185static int check_pem(const char *nm, const char *name) 185static int
186check_pem(const char *nm, const char *name)
186{ 187{
187 /* Normal matching nm and name */ 188 /* Normal matching nm and name */
188 if (!strcmp(nm,name)) return 1; 189 if (!strcmp(nm, name))
190 return 1;
189 191
190 /* Make PEM_STRING_EVP_PKEY match any private key */ 192 /* Make PEM_STRING_EVP_PKEY match any private key */
191 193
192 if(!strcmp(name,PEM_STRING_EVP_PKEY)) 194 if (!strcmp(name, PEM_STRING_EVP_PKEY)) {
193 {
194 int slen; 195 int slen;
195 const EVP_PKEY_ASN1_METHOD *ameth; 196 const EVP_PKEY_ASN1_METHOD *ameth;
196 if(!strcmp(nm,PEM_STRING_PKCS8)) 197 if (!strcmp(nm, PEM_STRING_PKCS8))
197 return 1; 198 return 1;
198 if(!strcmp(nm,PEM_STRING_PKCS8INF)) 199 if (!strcmp(nm, PEM_STRING_PKCS8INF))
199 return 1; 200 return 1;
200 slen = pem_check_suffix(nm, "PRIVATE KEY"); 201 slen = pem_check_suffix(nm, "PRIVATE KEY");
201 if (slen > 0) 202 if (slen > 0) {
202 {
203 /* NB: ENGINE implementations wont contain 203 /* NB: ENGINE implementations wont contain
204 * a deprecated old private key decode function 204 * a deprecated old private key decode function
205 * so don't look for them. 205 * so don't look for them.
@@ -207,21 +207,18 @@ static int check_pem(const char *nm, const char *name)
207 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); 207 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
208 if (ameth && ameth->old_priv_decode) 208 if (ameth && ameth->old_priv_decode)
209 return 1; 209 return 1;
210 }
211 return 0;
212 } 210 }
211 return 0;
212 }
213 213
214 if(!strcmp(name,PEM_STRING_PARAMETERS)) 214 if (!strcmp(name, PEM_STRING_PARAMETERS)) {
215 {
216 int slen; 215 int slen;
217 const EVP_PKEY_ASN1_METHOD *ameth; 216 const EVP_PKEY_ASN1_METHOD *ameth;
218 slen = pem_check_suffix(nm, "PARAMETERS"); 217 slen = pem_check_suffix(nm, "PARAMETERS");
219 if (slen > 0) 218 if (slen > 0) {
220 {
221 ENGINE *e; 219 ENGINE *e;
222 ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); 220 ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
223 if (ameth) 221 if (ameth) {
224 {
225 int r; 222 int r;
226 if (ameth->param_decode) 223 if (ameth->param_decode)
227 r = 1; 224 r = 1;
@@ -232,68 +229,79 @@ static int check_pem(const char *nm, const char *name)
232 ENGINE_finish(e); 229 ENGINE_finish(e);
233#endif 230#endif
234 return r; 231 return r;
235 }
236 } 232 }
237 return 0;
238 } 233 }
234 return 0;
235 }
239 236
240 /* Permit older strings */ 237 /* Permit older strings */
241 238
242 if(!strcmp(nm,PEM_STRING_X509_OLD) && 239 if (!strcmp(nm, PEM_STRING_X509_OLD) &&
243 !strcmp(name,PEM_STRING_X509)) return 1; 240 !strcmp(name, PEM_STRING_X509))
241 return 1;
244 242
245 if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && 243 if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&
246 !strcmp(name,PEM_STRING_X509_REQ)) return 1; 244 !strcmp(name, PEM_STRING_X509_REQ))
245 return 1;
247 246
248 /* Allow normal certs to be read as trusted certs */ 247 /* Allow normal certs to be read as trusted certs */
249 if(!strcmp(nm,PEM_STRING_X509) && 248 if (!strcmp(nm, PEM_STRING_X509) &&
250 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; 249 !strcmp(name, PEM_STRING_X509_TRUSTED))
250 return 1;
251 251
252 if(!strcmp(nm,PEM_STRING_X509_OLD) && 252 if (!strcmp(nm, PEM_STRING_X509_OLD) &&
253 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; 253 !strcmp(name, PEM_STRING_X509_TRUSTED))
254 return 1;
254 255
255 /* Some CAs use PKCS#7 with CERTIFICATE headers */ 256 /* Some CAs use PKCS#7 with CERTIFICATE headers */
256 if(!strcmp(nm, PEM_STRING_X509) && 257 if (!strcmp(nm, PEM_STRING_X509) &&
257 !strcmp(name, PEM_STRING_PKCS7)) return 1; 258 !strcmp(name, PEM_STRING_PKCS7))
259 return 1;
258 260
259 if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && 261 if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
260 !strcmp(name, PEM_STRING_PKCS7)) return 1; 262 !strcmp(name, PEM_STRING_PKCS7))
263 return 1;
261 264
262#ifndef OPENSSL_NO_CMS 265#ifndef OPENSSL_NO_CMS
263 if(!strcmp(nm, PEM_STRING_X509) && 266 if (!strcmp(nm, PEM_STRING_X509) &&
264 !strcmp(name, PEM_STRING_CMS)) return 1; 267 !strcmp(name, PEM_STRING_CMS))
268 return 1;
265 /* Allow CMS to be read from PKCS#7 headers */ 269 /* Allow CMS to be read from PKCS#7 headers */
266 if(!strcmp(nm, PEM_STRING_PKCS7) && 270 if (!strcmp(nm, PEM_STRING_PKCS7) &&
267 !strcmp(name, PEM_STRING_CMS)) return 1; 271 !strcmp(name, PEM_STRING_CMS))
272 return 1;
268#endif 273#endif
269 274
270 return 0; 275 return 0;
271} 276}
272 277
273int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, 278int
274 pem_password_cb *cb, void *u) 279PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
275 { 280 const char *name, BIO *bp, pem_password_cb *cb, void *u)
281{
276 EVP_CIPHER_INFO cipher; 282 EVP_CIPHER_INFO cipher;
277 char *nm=NULL,*header=NULL; 283 char *nm = NULL, *header = NULL;
278 unsigned char *data=NULL; 284 unsigned char *data = NULL;
279 long len; 285 long len;
280 int ret = 0; 286 int ret = 0;
281 287
282 for (;;) 288 for (;;) {
283 { 289 if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
284 if (!PEM_read_bio(bp,&nm,&header,&data,&len)) { 290 if (ERR_GET_REASON(ERR_peek_error()) ==
285 if(ERR_GET_REASON(ERR_peek_error()) == 291 PEM_R_NO_START_LINE)
286 PEM_R_NO_START_LINE)
287 ERR_add_error_data(2, "Expecting: ", name); 292 ERR_add_error_data(2, "Expecting: ", name);
288 return 0; 293 return 0;
289 } 294 }
290 if(check_pem(nm, name)) break; 295 if (check_pem(nm, name))
296 break;
291 free(nm); 297 free(nm);
292 free(header); 298 free(header);
293 free(data); 299 free(data);
294 } 300 }
295 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; 301 if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
296 if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; 302 goto err;
303 if (!PEM_do_header(&cipher, data, &len, cb, u))
304 goto err;
297 305
298 *pdata = data; 306 *pdata = data;
299 *plen = len; 307 *plen = len;
@@ -304,532 +312,553 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char
304 ret = 1; 312 ret = 1;
305 313
306err: 314err:
307 if (!ret || !pnm) free(nm); 315 if (!ret || !pnm)
316 free(nm);
308 free(header); 317 free(header);
309 if (!ret) free(data); 318 if (!ret)
319 free(data);
310 return ret; 320 return ret;
311 } 321}
312 322
313#ifndef OPENSSL_NO_FP_API 323#ifndef OPENSSL_NO_FP_API
314int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, 324int
315 void *x, const EVP_CIPHER *enc, unsigned char *kstr, 325PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x,
316 int klen, pem_password_cb *callback, void *u) 326 const EVP_CIPHER *enc, unsigned char *kstr, int klen,
317 { 327 pem_password_cb *callback, void *u)
318 BIO *b; 328{
319 int ret; 329 BIO *b;
320 330 int ret;
321 if ((b=BIO_new(BIO_s_file())) == NULL) 331
322 { 332 if ((b = BIO_new(BIO_s_file())) == NULL) {
323 PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB); 333 PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
324 return(0); 334 return (0);
325 } 335 }
326 BIO_set_fp(b,fp,BIO_NOCLOSE); 336 BIO_set_fp(b, fp, BIO_NOCLOSE);
327 ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u); 337 ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
328 BIO_free(b); 338 BIO_free(b);
329 return(ret); 339 return (ret);
330 } 340}
331#endif 341#endif
332 342
333int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, 343int
334 void *x, const EVP_CIPHER *enc, unsigned char *kstr, 344PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
335 int klen, pem_password_cb *callback, void *u) 345 const EVP_CIPHER *enc, unsigned char *kstr, int klen,
336 { 346 pem_password_cb *callback, void *u)
347{
337 EVP_CIPHER_CTX ctx; 348 EVP_CIPHER_CTX ctx;
338 int dsize=0,i,j,ret=0; 349 int dsize = 0, i, j, ret = 0;
339 unsigned char *p,*data=NULL; 350 unsigned char *p, *data = NULL;
340 const char *objstr=NULL; 351 const char *objstr = NULL;
341 char buf[PEM_BUFSIZE]; 352 char buf[PEM_BUFSIZE];
342 unsigned char key[EVP_MAX_KEY_LENGTH]; 353 unsigned char key[EVP_MAX_KEY_LENGTH];
343 unsigned char iv[EVP_MAX_IV_LENGTH]; 354 unsigned char iv[EVP_MAX_IV_LENGTH];
344 355
345 if (enc != NULL) 356 if (enc != NULL) {
346 { 357 objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
347 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); 358 if (objstr == NULL) {
348 if (objstr == NULL) 359 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
349 { 360 PEM_R_UNSUPPORTED_CIPHER);
350 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
351 goto err; 361 goto err;
352 }
353 } 362 }
363 }
354 364
355 if ((dsize=i2d(x,NULL)) < 0) 365 if ((dsize = i2d(x, NULL)) < 0) {
356 { 366 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
357 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB); 367 dsize = 0;
358 dsize=0;
359 goto err; 368 goto err;
360 } 369 }
361 /* dzise + 8 bytes are needed */ 370 /* dzise + 8 bytes are needed */
362 /* actually it needs the cipher block size extra... */ 371 /* actually it needs the cipher block size extra... */
363 data=(unsigned char *)malloc((unsigned int)dsize+20); 372 data = (unsigned char *)malloc((unsigned int)dsize + 20);
364 if (data == NULL) 373 if (data == NULL) {
365 { 374 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
366 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
367 goto err; 375 goto err;
368 } 376 }
369 p=data; 377 p = data;
370 i=i2d(x,&p); 378 i = i2d(x, &p);
371 379
372 if (enc != NULL) 380 if (enc != NULL) {
373 { 381 if (kstr == NULL) {
374 if (kstr == NULL)
375 {
376 if (callback == NULL) 382 if (callback == NULL)
377 klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u); 383 klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
378 else 384 else
379 klen=(*callback)(buf,PEM_BUFSIZE,1,u); 385 klen = (*callback)(buf, PEM_BUFSIZE, 1, u);
380 if (klen <= 0) 386 if (klen <= 0) {
381 { 387 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,
382 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); 388 PEM_R_READ_KEY);
383 goto err; 389 goto err;
384 }
385 kstr=(unsigned char *)buf;
386 } 390 }
391 kstr = (unsigned char *)buf;
392 }
387 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); 393 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
388 if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ 394 if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
389 goto err; 395 goto err;
390 /* The 'iv' is used as the iv and as a salt. It is 396 /* The 'iv' is used as the iv and as a salt. It is
391 * NOT taken from the BytesToKey function */ 397 * NOT taken from the BytesToKey function */
392 if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL)) 398 if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1,
399 key, NULL))
393 goto err; 400 goto err;
394 401
395 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); 402 if (kstr == (unsigned char *)buf)
403 OPENSSL_cleanse(buf, PEM_BUFSIZE);
396 404
397 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); 405 OPENSSL_assert(strlen(objstr) + 23 +
406 2 * enc->iv_len + 13 <= sizeof buf);
398 407
399 buf[0]='\0'; 408 buf[0] = '\0';
400 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); 409 PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
401 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); 410 PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
402 /* k=strlen(buf); */ 411 /* k=strlen(buf); */
403 412
404 EVP_CIPHER_CTX_init(&ctx); 413 EVP_CIPHER_CTX_init(&ctx);
405 ret = 1; 414 ret = 1;
406 if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv) 415 if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) ||
407 || !EVP_EncryptUpdate(&ctx,data,&j,data,i) 416 !EVP_EncryptUpdate(&ctx, data, &j, data, i) ||
408 || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i)) 417 !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))
409 ret = 0; 418 ret = 0;
410 EVP_CIPHER_CTX_cleanup(&ctx); 419 EVP_CIPHER_CTX_cleanup(&ctx);
411 if (ret == 0) 420 if (ret == 0)
412 goto err; 421 goto err;
413 i+=j; 422 i += j;
414 } 423 } else {
415 else 424 ret = 1;
416 { 425 buf[0] = '\0';
417 ret=1; 426 }
418 buf[0]='\0'; 427 i = PEM_write_bio(bp, name, buf, data, i);
419 } 428 if (i <= 0)
420 i=PEM_write_bio(bp,name,buf,data,i); 429 ret = 0;
421 if (i <= 0) ret=0;
422err: 430err:
423 OPENSSL_cleanse(key,sizeof(key)); 431 OPENSSL_cleanse(key, sizeof(key));
424 OPENSSL_cleanse(iv,sizeof(iv)); 432 OPENSSL_cleanse(iv, sizeof(iv));
425 OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); 433 OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
426 OPENSSL_cleanse(buf,PEM_BUFSIZE); 434 OPENSSL_cleanse(buf, PEM_BUFSIZE);
427 if (data != NULL) 435 if (data != NULL) {
428 { 436 OPENSSL_cleanse(data, (unsigned int)dsize);
429 OPENSSL_cleanse(data,(unsigned int)dsize);
430 free(data); 437 free(data);
431 }
432 return(ret);
433 } 438 }
439 return (ret);
440}
434 441
435int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, 442int
436 pem_password_cb *callback,void *u) 443PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
437 { 444 pem_password_cb *callback, void *u)
438 int i,j,o,klen; 445{
446 int i, j, o, klen;
439 long len; 447 long len;
440 EVP_CIPHER_CTX ctx; 448 EVP_CIPHER_CTX ctx;
441 unsigned char key[EVP_MAX_KEY_LENGTH]; 449 unsigned char key[EVP_MAX_KEY_LENGTH];
442 char buf[PEM_BUFSIZE]; 450 char buf[PEM_BUFSIZE];
443 451
444 len= *plen; 452 len = *plen;
445 453
446 if (cipher->cipher == NULL) return(1); 454 if (cipher->cipher == NULL)
455 return (1);
447 if (callback == NULL) 456 if (callback == NULL)
448 klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u); 457 klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
449 else 458 else
450 klen=callback(buf,PEM_BUFSIZE,0,u); 459 klen = callback(buf, PEM_BUFSIZE, 0, u);
451 if (klen <= 0) 460 if (klen <= 0) {
452 { 461 PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
453 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); 462 return (0);
454 return(0); 463 }
455 } 464 if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
456 if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), 465 (unsigned char *)buf, klen, 1, key, NULL))
457 (unsigned char *)buf,klen,1,key,NULL))
458 return 0; 466 return 0;
459 467
460 j=(int)len; 468 j = (int)len;
461 EVP_CIPHER_CTX_init(&ctx); 469 EVP_CIPHER_CTX_init(&ctx);
462 o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); 470 o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key,
471 &(cipher->iv[0]));
463 if (o) 472 if (o)
464 o = EVP_DecryptUpdate(&ctx,data,&i,data,j); 473 o = EVP_DecryptUpdate(&ctx, data, &i, data, j);
465 if (o) 474 if (o)
466 o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); 475 o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
467 EVP_CIPHER_CTX_cleanup(&ctx); 476 EVP_CIPHER_CTX_cleanup(&ctx);
468 OPENSSL_cleanse((char *)buf,sizeof(buf)); 477 OPENSSL_cleanse((char *)buf, sizeof(buf));
469 OPENSSL_cleanse((char *)key,sizeof(key)); 478 OPENSSL_cleanse((char *)key, sizeof(key));
470 j+=i; 479 j += i;
471 if (!o) 480 if (!o) {
472 { 481 PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
473 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); 482 return (0);
474 return(0);
475 }
476 *plen=j;
477 return(1);
478 } 483 }
484 *plen = j;
485 return (1);
486}
479 487
480int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) 488int
481 { 489PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
482 const EVP_CIPHER *enc=NULL; 490{
483 char *p,c; 491 const EVP_CIPHER *enc = NULL;
492 char *p, c;
484 char **header_pp = &header; 493 char **header_pp = &header;
485 494
486 cipher->cipher=NULL; 495 cipher->cipher = NULL;
487 if ((header == NULL) || (*header == '\0') || (*header == '\n')) 496 if ((header == NULL) || (*header == '\0') || (*header == '\n'))
488 return(1); 497 return (1);
489 if (strncmp(header,"Proc-Type: ",11) != 0) 498 if (strncmp(header, "Proc-Type: ", 11) != 0) {
490 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } 499 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
491 header+=11; 500 return (0);
492 if (*header != '4') return(0); header++; 501 }
493 if (*header != ',') return(0); header++; 502 header += 11;
494 if (strncmp(header,"ENCRYPTED",9) != 0) 503 if (*header != '4')
495 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } 504 return(0);
505 header++;
506 if (*header != ',')
507 return(0);
508 header++;
509 if (strncmp(header, "ENCRYPTED", 9) != 0) {
510 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
511 return (0);
512 }
496 for (; (*header != '\n') && (*header != '\0'); header++) 513 for (; (*header != '\n') && (*header != '\0'); header++)
497 ; 514 ;
498 if (*header == '\0') 515 if (*header == '\0') {
499 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } 516 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
517 return (0);
518 }
500 header++; 519 header++;
501 if (strncmp(header,"DEK-Info: ",10) != 0) 520 if (strncmp(header, "DEK-Info: ", 10) != 0) {
502 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } 521 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
503 header+=10; 522 return (0);
523 }
524 header += 10;
504 525
505 p=header; 526 p = header;
506 for (;;) 527 for (;;) {
507 {
508 c= *header; 528 c= *header;
509 if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || 529 if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
510 ((c >= '0') && (c <= '9')))) 530 ((c >= '0') && (c <= '9'))))
511 break; 531 break;
512 header++; 532 header++;
513 } 533 }
514 *header='\0'; 534 *header = '\0';
515 cipher->cipher=enc=EVP_get_cipherbyname(p); 535 cipher->cipher = enc = EVP_get_cipherbyname(p);
516 *header=c; 536 *header = c;
517 header++; 537 header++;
518 538
519 if (enc == NULL) 539 if (enc == NULL) {
520 { 540 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,
521 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); 541 PEM_R_UNSUPPORTED_ENCRYPTION);
522 return(0); 542 return (0);
523 }
524 if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
525 return(0);
526
527 return(1);
528 } 543 }
544 if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
545 return (0);
546
547 return (1);
548}
529 549
530static int load_iv(char **fromp, unsigned char *to, int num) 550static int
531 { 551load_iv(char **fromp, unsigned char *to, int num)
532 int v,i; 552{
553 int v, i;
533 char *from; 554 char *from;
534 555
535 from= *fromp; 556 from= *fromp;
536 for (i=0; i<num; i++) to[i]=0; 557 for (i = 0; i < num; i++)
537 num*=2; 558 to[i] = 0;
538 for (i=0; i<num; i++) 559 num *= 2;
539 { 560 for (i = 0; i < num; i++) {
540 if ((*from >= '0') && (*from <= '9')) 561 if ((*from >= '0') && (*from <= '9'))
541 v= *from-'0'; 562 v = *from - '0';
542 else if ((*from >= 'A') && (*from <= 'F')) 563 else if ((*from >= 'A') && (*from <= 'F'))
543 v= *from-'A'+10; 564 v = *from - 'A' + 10;
544 else if ((*from >= 'a') && (*from <= 'f')) 565 else if ((*from >= 'a') && (*from <= 'f'))
545 v= *from-'a'+10; 566 v = *from - 'a' + 10;
546 else 567 else {
547 { 568 PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
548 PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS); 569 return (0);
549 return(0);
550 }
551 from++;
552 to[i/2]|=v<<(long)((!(i&1))*4);
553 } 570 }
554 571 from++;
555 *fromp=from; 572 to[i / 2] |= v << (long)((!(i & 1)) * 4);
556 return(1);
557 } 573 }
558 574
575 *fromp = from;
576 return (1);
577}
578
559#ifndef OPENSSL_NO_FP_API 579#ifndef OPENSSL_NO_FP_API
560int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, 580int
561 long len) 581PEM_write(FILE *fp, char *name, char *header, unsigned char *data, long len)
562 { 582{
563 BIO *b; 583 BIO *b;
564 int ret; 584 int ret;
565 585
566 if ((b=BIO_new(BIO_s_file())) == NULL) 586 if ((b = BIO_new(BIO_s_file())) == NULL) {
567 { 587 PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
568 PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB); 588 return (0);
569 return(0); 589 }
570 } 590 BIO_set_fp(b, fp, BIO_NOCLOSE);
571 BIO_set_fp(b,fp,BIO_NOCLOSE); 591 ret = PEM_write_bio(b, name, header, data, len);
572 ret=PEM_write_bio(b, name, header, data,len); 592 BIO_free(b);
573 BIO_free(b); 593 return (ret);
574 return(ret); 594}
575 }
576#endif 595#endif
577 596
578int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, 597int
579 long len) 598PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
580 { 599 long len)
581 int nlen,n,i,j,outl; 600{
601 int nlen, n, i, j, outl;
582 unsigned char *buf = NULL; 602 unsigned char *buf = NULL;
583 EVP_ENCODE_CTX ctx; 603 EVP_ENCODE_CTX ctx;
584 int reason=ERR_R_BUF_LIB; 604 int reason = ERR_R_BUF_LIB;
585 605
586 EVP_EncodeInit(&ctx); 606 EVP_EncodeInit(&ctx);
587 nlen=strlen(name); 607 nlen = strlen(name);
588 608
589 if ( (BIO_write(bp,"-----BEGIN ",11) != 11) || 609 if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
590 (BIO_write(bp,name,nlen) != nlen) || 610 (BIO_write(bp, name, nlen) != nlen) ||
591 (BIO_write(bp,"-----\n",6) != 6)) 611 (BIO_write(bp, "-----\n", 6) != 6))
592 goto err; 612 goto err;
593 613
594 i=strlen(header); 614 i = strlen(header);
595 if (i > 0) 615 if (i > 0) {
596 { 616 if ((BIO_write(bp, header, i) != i) ||
597 if ( (BIO_write(bp,header,i) != i) || 617 (BIO_write(bp, "\n", 1) != 1))
598 (BIO_write(bp,"\n",1) != 1))
599 goto err; 618 goto err;
600 } 619 }
601 620
602 buf = malloc(PEM_BUFSIZE*8); 621 buf = malloc(PEM_BUFSIZE * 8);
603 if (buf == NULL) 622 if (buf == NULL) {
604 { 623 reason = ERR_R_MALLOC_FAILURE;
605 reason=ERR_R_MALLOC_FAILURE;
606 goto err; 624 goto err;
607 } 625 }
608 626
609 i=j=0; 627 i = j = 0;
610 while (len > 0) 628 while (len > 0) {
611 { 629 n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
612 n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len); 630 EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
613 EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n); 631 if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
614 if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
615 goto err; 632 goto err;
616 i+=outl; 633 i += outl;
617 len-=n; 634 len -= n;
618 j+=n; 635 j += n;
619 } 636 }
620 EVP_EncodeFinal(&ctx,buf,&outl); 637 EVP_EncodeFinal(&ctx, buf, &outl);
621 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; 638 if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
622 OPENSSL_cleanse(buf, PEM_BUFSIZE*8); 639 goto err;
640 OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
623 free(buf); 641 free(buf);
624 buf = NULL; 642 buf = NULL;
625 if ( (BIO_write(bp,"-----END ",9) != 9) || 643 if ((BIO_write(bp, "-----END ", 9) != 9) ||
626 (BIO_write(bp,name,nlen) != nlen) || 644 (BIO_write(bp, name, nlen) != nlen) ||
627 (BIO_write(bp,"-----\n",6) != 6)) 645 (BIO_write(bp, "-----\n", 6) != 6))
628 goto err; 646 goto err;
629 return(i+outl); 647 return (i + outl);
648
630err: 649err:
631 if (buf) { 650 if (buf) {
632 OPENSSL_cleanse(buf, PEM_BUFSIZE*8); 651 OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
633 free(buf); 652 free(buf);
634 } 653 }
635 PEMerr(PEM_F_PEM_WRITE_BIO,reason); 654 PEMerr(PEM_F_PEM_WRITE_BIO, reason);
636 return(0); 655 return (0);
637 } 656}
638 657
639#ifndef OPENSSL_NO_FP_API 658#ifndef OPENSSL_NO_FP_API
640int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, 659int
641 long *len) 660PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len)
642 { 661{
643 BIO *b; 662 BIO *b;
644 int ret; 663 int ret;
645 664
646 if ((b=BIO_new(BIO_s_file())) == NULL) 665 if ((b = BIO_new(BIO_s_file())) == NULL) {
647 { 666 PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
648 PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB); 667 return (0);
649 return(0); 668 }
650 } 669 BIO_set_fp(b, fp, BIO_NOCLOSE);
651 BIO_set_fp(b,fp,BIO_NOCLOSE); 670 ret = PEM_read_bio(b, name, header, data, len);
652 ret=PEM_read_bio(b, name, header, data,len); 671 BIO_free(b);
653 BIO_free(b); 672 return (ret);
654 return(ret); 673}
655 }
656#endif 674#endif
657 675
658int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, 676int
659 long *len) 677PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
660 { 678 long *len)
679{
661 EVP_ENCODE_CTX ctx; 680 EVP_ENCODE_CTX ctx;
662 int end=0,i,k,bl=0,hl=0,nohead=0; 681 int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
663 char buf[256]; 682 char buf[256];
664 BUF_MEM *nameB; 683 BUF_MEM *nameB;
665 BUF_MEM *headerB; 684 BUF_MEM *headerB;
666 BUF_MEM *dataB,*tmpB; 685 BUF_MEM *dataB, *tmpB;
667 686
668 nameB=BUF_MEM_new(); 687 nameB = BUF_MEM_new();
669 headerB=BUF_MEM_new(); 688 headerB = BUF_MEM_new();
670 dataB=BUF_MEM_new(); 689 dataB = BUF_MEM_new();
671 if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) 690 if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
672 {
673 BUF_MEM_free(nameB); 691 BUF_MEM_free(nameB);
674 BUF_MEM_free(headerB); 692 BUF_MEM_free(headerB);
675 BUF_MEM_free(dataB); 693 BUF_MEM_free(dataB);
676 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 694 PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
677 return(0); 695 return (0);
678 } 696 }
679 697
680 buf[254]='\0'; 698 buf[254] = '\0';
681 for (;;) 699 for (;;) {
682 { 700 i = BIO_gets(bp, buf, 254);
683 i=BIO_gets(bp,buf,254);
684 701
685 if (i <= 0) 702 if (i <= 0) {
686 { 703 PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
687 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
688 goto err; 704 goto err;
689 } 705 }
690 706
691 while ((i >= 0) && (buf[i] <= ' ')) i--; 707 while ((i >= 0) && (buf[i] <= ' '))
692 buf[++i]='\n'; buf[++i]='\0'; 708 i--;
709 buf[++i] = '\n';
710 buf[++i] = '\0';
693 711
694 if (strncmp(buf,"-----BEGIN ",11) == 0) 712 if (strncmp(buf, "-----BEGIN ", 11) == 0) {
695 { 713 i = strlen(&(buf[11]));
696 i=strlen(&(buf[11]));
697 714
698 if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0) 715 if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
699 continue; 716 continue;
700 if (!BUF_MEM_grow(nameB,i+9)) 717 if (!BUF_MEM_grow(nameB, i + 9)) {
701 { 718 PEMerr(PEM_F_PEM_READ_BIO,
702 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 719 ERR_R_MALLOC_FAILURE);
703 goto err; 720 goto err;
704 }
705 memcpy(nameB->data,&(buf[11]),i-6);
706 nameB->data[i-6]='\0';
707 break;
708 } 721 }
722 memcpy(nameB->data, &(buf[11]), i - 6);
723 nameB->data[i - 6] = '\0';
724 break;
709 } 725 }
710 hl=0; 726 }
711 if (!BUF_MEM_grow(headerB,256)) 727 hl = 0;
712 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 728 if (!BUF_MEM_grow(headerB, 256)) {
713 headerB->data[0]='\0'; 729 PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
714 for (;;) 730 goto err;
715 { 731 }
716 i=BIO_gets(bp,buf,254); 732 headerB->data[0] = '\0';
717 if (i <= 0) break; 733 for (;;) {
718 734 i = BIO_gets(bp, buf, 254);
719 while ((i >= 0) && (buf[i] <= ' ')) i--; 735 if (i <= 0)
720 buf[++i]='\n'; buf[++i]='\0';
721
722 if (buf[0] == '\n') break;
723 if (!BUF_MEM_grow(headerB,hl+i+9))
724 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
725 if (strncmp(buf,"-----END ",9) == 0)
726 {
727 nohead=1;
728 break; 736 break;
729 } 737
730 memcpy(&(headerB->data[hl]),buf,i); 738 while ((i >= 0) && (buf[i] <= ' '))
731 headerB->data[hl+i]='\0'; 739 i--;
732 hl+=i; 740 buf[++i] = '\n';
741 buf[++i] = '\0';
742
743 if (buf[0] == '\n')
744 break;
745 if (!BUF_MEM_grow(headerB, hl + i + 9)) {
746 PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
747 goto err;
733 } 748 }
749 if (strncmp(buf, "-----END ", 9) == 0) {
750 nohead = 1;
751 break;
752 }
753 memcpy(&(headerB->data[hl]), buf, i);
754 headerB->data[hl + i] = '\0';
755 hl += i;
756 }
757
758 bl = 0;
759 if (!BUF_MEM_grow(dataB, 1024)) {
760 PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
761 goto err;
762 }
763 dataB->data[0] = '\0';
764 if (!nohead) {
765 for (;;) {
766 i = BIO_gets(bp, buf, 254);
767 if (i <= 0)
768 break;
769
770 while ((i >= 0) && (buf[i] <= ' '))
771 i--;
772 buf[++i] = '\n';
773 buf[++i] = '\0';
734 774
735 bl=0; 775 if (i != 65)
736 if (!BUF_MEM_grow(dataB,1024)) 776 end = 1;
737 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 777 if (strncmp(buf, "-----END ", 9) == 0)
738 dataB->data[0]='\0';
739 if (!nohead)
740 {
741 for (;;)
742 {
743 i=BIO_gets(bp,buf,254);
744 if (i <= 0) break;
745
746 while ((i >= 0) && (buf[i] <= ' ')) i--;
747 buf[++i]='\n'; buf[++i]='\0';
748
749 if (i != 65) end=1;
750 if (strncmp(buf,"-----END ",9) == 0)
751 break; 778 break;
752 if (i > 65) break; 779 if (i > 65)
753 if (!BUF_MEM_grow_clean(dataB,i+bl+9)) 780 break;
754 { 781 if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
755 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 782 PEMerr(PEM_F_PEM_READ_BIO,
783 ERR_R_MALLOC_FAILURE);
756 goto err; 784 goto err;
757 } 785 }
758 memcpy(&(dataB->data[bl]),buf,i); 786 memcpy(&(dataB->data[bl]), buf, i);
759 dataB->data[bl+i]='\0'; 787 dataB->data[bl + i] = '\0';
760 bl+=i; 788 bl += i;
761 if (end) 789 if (end) {
762 { 790 buf[0] = '\0';
763 buf[0]='\0'; 791 i = BIO_gets(bp, buf, 254);
764 i=BIO_gets(bp,buf,254); 792 if (i <= 0)
765 if (i <= 0) break; 793 break;
766 794
767 while ((i >= 0) && (buf[i] <= ' ')) i--; 795 while ((i >= 0) && (buf[i] <= ' '))
768 buf[++i]='\n'; buf[++i]='\0'; 796 i--;
797 buf[++i] = '\n';
798 buf[++i] = '\0';
769 799
770 break; 800 break;
771 }
772 } 801 }
773 } 802 }
774 else 803 } else {
775 { 804 tmpB = headerB;
776 tmpB=headerB; 805 headerB = dataB;
777 headerB=dataB; 806 dataB = tmpB;
778 dataB=tmpB; 807 bl = hl;
779 bl=hl; 808 }
780 } 809 i = strlen(nameB->data);
781 i=strlen(nameB->data); 810 if ((strncmp(buf, "-----END ", 9) != 0) ||
782 if ( (strncmp(buf,"-----END ",9) != 0) || 811 (strncmp(nameB->data, &(buf[9]), i) != 0) ||
783 (strncmp(nameB->data,&(buf[9]),i) != 0) || 812 (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
784 (strncmp(&(buf[9+i]),"-----\n",6) != 0)) 813 PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
785 {
786 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
787 goto err; 814 goto err;
788 } 815 }
789 816
790 EVP_DecodeInit(&ctx); 817 EVP_DecodeInit(&ctx);
791 i=EVP_DecodeUpdate(&ctx, 818 i = EVP_DecodeUpdate(&ctx,
792 (unsigned char *)dataB->data,&bl, 819 (unsigned char *)dataB->data, &bl,
793 (unsigned char *)dataB->data,bl); 820 (unsigned char *)dataB->data, bl);
794 if (i < 0) 821 if (i < 0) {
795 { 822 PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
796 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
797 goto err; 823 goto err;
798 } 824 }
799 i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); 825 i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
800 if (i < 0) 826 if (i < 0) {
801 { 827 PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
802 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
803 goto err; 828 goto err;
804 } 829 }
805 bl+=k; 830 bl += k;
806 831
807 if (bl == 0) goto err; 832 if (bl == 0)
808 *name=nameB->data; 833 goto err;
809 *header=headerB->data; 834 *name = nameB->data;
810 *data=(unsigned char *)dataB->data; 835 *header = headerB->data;
811 *len=bl; 836 *data = (unsigned char *)dataB->data;
837 *len = bl;
812 free(nameB); 838 free(nameB);
813 free(headerB); 839 free(headerB);
814 free(dataB); 840 free(dataB);
815 return(1); 841 return (1);
842
816err: 843err:
817 BUF_MEM_free(nameB); 844 BUF_MEM_free(nameB);
818 BUF_MEM_free(headerB); 845 BUF_MEM_free(headerB);
819 BUF_MEM_free(dataB); 846 BUF_MEM_free(dataB);
820 return(0); 847 return (0);
821 } 848}
822 849
823/* Check pem string and return prefix length. 850/* Check pem string and return prefix length.
824 * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" 851 * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY"
825 * the return value is 3 for the string "RSA". 852 * the return value is 3 for the string "RSA".
826 */ 853 */
827 854
828int pem_check_suffix(const char *pem_str, const char *suffix) 855int
829 { 856pem_check_suffix(const char *pem_str, const char *suffix)
857{
830 int pem_len = strlen(pem_str); 858 int pem_len = strlen(pem_str);
831 int suffix_len = strlen(suffix); 859 int suffix_len = strlen(suffix);
832 const char *p; 860 const char *p;
861
833 if (suffix_len + 1 >= pem_len) 862 if (suffix_len + 1 >= pem_len)
834 return 0; 863 return 0;
835 p = pem_str + pem_len - suffix_len; 864 p = pem_str + pem_len - suffix_len;
@@ -839,5 +868,4 @@ int pem_check_suffix(const char *pem_str, const char *suffix)
839 if (*p != ' ') 868 if (*p != ' ')
840 return 0; 869 return 0;
841 return p - pem_str; 870 return p - pem_str;
842 } 871}
843
diff --git a/src/lib/libssl/src/crypto/pem/pem_oth.c b/src/lib/libssl/src/crypto/pem/pem_oth.c
index 69d281aa9d..5787dc2f3d 100644
--- a/src/lib/libssl/src/crypto/pem/pem_oth.c
+++ b/src/lib/libssl/src/crypto/pem/pem_oth.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,20 +67,21 @@
67 67
68/* Handle 'other' PEMs: not private keys */ 68/* Handle 'other' PEMs: not private keys */
69 69
70void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, 70void *
71 pem_password_cb *cb, void *u) 71PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
72 { 72 pem_password_cb *cb, void *u)
73 const unsigned char *p=NULL; 73{
74 unsigned char *data=NULL; 74 const unsigned char *p = NULL;
75 unsigned char *data = NULL;
75 long len; 76 long len;
76 char *ret=NULL; 77 char *ret = NULL;
77 78
78 if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) 79 if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
79 return NULL; 80 return NULL;
80 p = data; 81 p = data;
81 ret=d2i(x,&p,len); 82 ret = d2i(x, &p, len);
82 if (ret == NULL) 83 if (ret == NULL)
83 PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); 84 PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
84 free(data); 85 free(data);
85 return(ret); 86 return (ret);
86 } 87}
diff --git a/src/lib/libssl/src/crypto/pem/pem_pk8.c b/src/lib/libssl/src/crypto/pem/pem_pk8.c
index 6deab8c338..228ecfceaf 100644
--- a/src/lib/libssl/src/crypto/pem/pem_pk8.c
+++ b/src/lib/libssl/src/crypto/pem/pem_pk8.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -66,14 +66,10 @@
66#include <openssl/pkcs12.h> 66#include <openssl/pkcs12.h>
67#include <openssl/pem.h> 67#include <openssl/pem.h>
68 68
69static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, 69static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
70 int nid, const EVP_CIPHER *enc, 70 const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u);
71 char *kstr, int klen, 71static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, int nid,
72 pem_password_cb *cb, void *u); 72 const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u);
73static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
74 int nid, const EVP_CIPHER *enc,
75 char *kstr, int klen,
76 pem_password_cb *cb, void *u);
77 73
78/* These functions write a private key in PKCS#8 format: it is a "drop in" 74/* These functions write a private key in PKCS#8 format: it is a "drop in"
79 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' 75 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
@@ -81,98 +77,114 @@ static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
81 * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0. 77 * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
82 */ 78 */
83 79
84int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, 80int
85 char *kstr, int klen, 81PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr,
86 pem_password_cb *cb, void *u) 82 int klen, pem_password_cb *cb, void *u)
87{ 83{
88 return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u); 84 return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
89} 85}
90 86
91int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 87int
92 char *kstr, int klen, 88PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
93 pem_password_cb *cb, void *u) 89 char *kstr, int klen, pem_password_cb *cb, void *u)
94{ 90{
95 return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u); 91 return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
96} 92}
97 93
98int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 94int
99 char *kstr, int klen, 95i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
100 pem_password_cb *cb, void *u) 96 char *kstr, int klen, pem_password_cb *cb, void *u)
101{ 97{
102 return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u); 98 return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
103} 99}
104 100
105int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, 101int
106 char *kstr, int klen, 102i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
107 pem_password_cb *cb, void *u) 103 char *kstr, int klen, pem_password_cb *cb, void *u)
108{ 104{
109 return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u); 105 return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
110} 106}
111 107
112static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, 108static int
113 char *kstr, int klen, 109do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
114 pem_password_cb *cb, void *u) 110 char *kstr, int klen, pem_password_cb *cb, void *u)
115{ 111{
116 X509_SIG *p8; 112 X509_SIG *p8;
117 PKCS8_PRIV_KEY_INFO *p8inf; 113 PKCS8_PRIV_KEY_INFO *p8inf;
118 char buf[PEM_BUFSIZE]; 114 char buf[PEM_BUFSIZE];
119 int ret; 115 int ret;
120 if(!(p8inf = EVP_PKEY2PKCS8(x))) { 116
117 if (!(p8inf = EVP_PKEY2PKCS8(x))) {
121 PEMerr(PEM_F_DO_PK8PKEY, 118 PEMerr(PEM_F_DO_PK8PKEY,
122 PEM_R_ERROR_CONVERTING_PRIVATE_KEY); 119 PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
123 return 0; 120 return 0;
124 } 121 }
125 if(enc || (nid != -1)) { 122 if (enc || (nid != -1)) {
126 if(!kstr) { 123 if (!kstr) {
127 if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); 124 if (!cb)
128 else klen = cb(buf, PEM_BUFSIZE, 1, u); 125 klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
129 if(klen <= 0) { 126 else
130 PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY); 127 klen = cb(buf, PEM_BUFSIZE, 1, u);
128 if (klen <= 0) {
129 PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
131 PKCS8_PRIV_KEY_INFO_free(p8inf); 130 PKCS8_PRIV_KEY_INFO_free(p8inf);
132 return 0; 131 return 0;
133 } 132 }
134 133
135 kstr = buf; 134 kstr = buf;
136 } 135 }
137 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); 136 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
138 if(kstr == buf) OPENSSL_cleanse(buf, klen); 137 if (kstr == buf)
138 OPENSSL_cleanse(buf, klen);
139 PKCS8_PRIV_KEY_INFO_free(p8inf); 139 PKCS8_PRIV_KEY_INFO_free(p8inf);
140 if(isder) ret = i2d_PKCS8_bio(bp, p8); 140 if (isder)
141 else ret = PEM_write_bio_PKCS8(bp, p8); 141 ret = i2d_PKCS8_bio(bp, p8);
142 else
143 ret = PEM_write_bio_PKCS8(bp, p8);
142 X509_SIG_free(p8); 144 X509_SIG_free(p8);
143 return ret; 145 return ret;
144 } else { 146 } else {
145 if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); 147 if (isder)
146 else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); 148 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
149 else
150 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
147 PKCS8_PRIV_KEY_INFO_free(p8inf); 151 PKCS8_PRIV_KEY_INFO_free(p8inf);
148 return ret; 152 return ret;
149 } 153 }
150} 154}
151 155
152EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) 156EVP_PKEY *
157d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
153{ 158{
154 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 159 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
155 X509_SIG *p8 = NULL; 160 X509_SIG *p8 = NULL;
156 int klen; 161 int klen;
157 EVP_PKEY *ret; 162 EVP_PKEY *ret;
158 char psbuf[PEM_BUFSIZE]; 163 char psbuf[PEM_BUFSIZE];
164
159 p8 = d2i_PKCS8_bio(bp, NULL); 165 p8 = d2i_PKCS8_bio(bp, NULL);
160 if(!p8) return NULL; 166 if (!p8)
161 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); 167 return NULL;
162 else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); 168 if (cb)
169 klen = cb(psbuf, PEM_BUFSIZE, 0, u);
170 else
171 klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
163 if (klen <= 0) { 172 if (klen <= 0) {
164 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); 173 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
165 X509_SIG_free(p8); 174 X509_SIG_free(p8);
166 return NULL; 175 return NULL;
167 } 176 }
168 p8inf = PKCS8_decrypt(p8, psbuf, klen); 177 p8inf = PKCS8_decrypt(p8, psbuf, klen);
169 X509_SIG_free(p8); 178 X509_SIG_free(p8);
170 if(!p8inf) return NULL; 179 if (!p8inf)
180 return NULL;
171 ret = EVP_PKCS82PKEY(p8inf); 181 ret = EVP_PKCS82PKEY(p8inf);
172 PKCS8_PRIV_KEY_INFO_free(p8inf); 182 PKCS8_PRIV_KEY_INFO_free(p8inf);
173 if(!ret) return NULL; 183 if (!ret)
174 if(x) { 184 return NULL;
175 if(*x) EVP_PKEY_free(*x); 185 if (x) {
186 if (*x)
187 EVP_PKEY_free(*x);
176 *x = ret; 188 *x = ret;
177 } 189 }
178 return ret; 190 return ret;
@@ -180,55 +192,59 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
180 192
181#ifndef OPENSSL_NO_FP_API 193#ifndef OPENSSL_NO_FP_API
182 194
183int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 195int
184 char *kstr, int klen, 196i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
185 pem_password_cb *cb, void *u) 197 char *kstr, int klen, pem_password_cb *cb, void *u)
186{ 198{
187 return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u); 199 return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
188} 200}
189 201
190int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, 202int
191 char *kstr, int klen, 203i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, char *kstr,
192 pem_password_cb *cb, void *u) 204 int klen, pem_password_cb *cb, void *u)
193{ 205{
194 return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u); 206 return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
195} 207}
196 208
197int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, 209int
198 char *kstr, int klen, 210PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, char *kstr,
199 pem_password_cb *cb, void *u) 211 int klen, pem_password_cb *cb, void *u)
200{ 212{
201 return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u); 213 return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
202} 214}
203 215
204int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 216int
205 char *kstr, int klen, pem_password_cb *cb, void *u) 217PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
218 char *kstr, int klen, pem_password_cb *cb, void *u)
206{ 219{
207 return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); 220 return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
208} 221}
209 222
210static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, 223static int
211 char *kstr, int klen, 224do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
212 pem_password_cb *cb, void *u) 225 char *kstr, int klen, pem_password_cb *cb, void *u)
213{ 226{
214 BIO *bp; 227 BIO *bp;
215 int ret; 228 int ret;
216 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { 229
217 PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB); 230 if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
218 return(0); 231 PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
232 return (0);
219 } 233 }
220 ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); 234 ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
221 BIO_free(bp); 235 BIO_free(bp);
222 return ret; 236 return ret;
223} 237}
224 238
225EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) 239EVP_PKEY *
240d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
226{ 241{
227 BIO *bp; 242 BIO *bp;
228 EVP_PKEY *ret; 243 EVP_PKEY *ret;
229 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { 244
230 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB); 245 if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
231 return NULL; 246 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
247 return NULL;
232 } 248 }
233 ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); 249 ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
234 BIO_free(bp); 250 BIO_free(bp);
@@ -239,4 +255,4 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo
239 255
240IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG) 256IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
241IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, 257IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
242 PKCS8_PRIV_KEY_INFO) 258 PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libssl/src/crypto/pem/pem_pkey.c b/src/lib/libssl/src/crypto/pem/pem_pkey.c
index 5274447b24..9aaff6e514 100644
--- a/src/lib/libssl/src/crypto/pem/pem_pkey.c
+++ b/src/lib/libssl/src/crypto/pem/pem_pkey.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -72,173 +72,182 @@
72 72
73int pem_check_suffix(const char *pem_str, const char *suffix); 73int pem_check_suffix(const char *pem_str, const char *suffix);
74 74
75EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) 75EVP_PKEY *
76 { 76PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
77 char *nm=NULL; 77{
78 const unsigned char *p=NULL; 78 char *nm = NULL;
79 unsigned char *data=NULL; 79 const unsigned char *p = NULL;
80 unsigned char *data = NULL;
80 long len; 81 long len;
81 int slen; 82 int slen;
82 EVP_PKEY *ret=NULL; 83 EVP_PKEY *ret = NULL;
83 84
84 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) 85 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY,
86 bp, cb, u))
85 return NULL; 87 return NULL;
86 p = data; 88 p = data;
87 89
88 if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { 90 if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
89 PKCS8_PRIV_KEY_INFO *p8inf; 91 PKCS8_PRIV_KEY_INFO *p8inf;
90 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); 92 p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
91 if(!p8inf) goto p8err; 93 if (!p8inf)
94 goto p8err;
92 ret = EVP_PKCS82PKEY(p8inf); 95 ret = EVP_PKCS82PKEY(p8inf);
93 if(x) { 96 if (x) {
94 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 97 if (*x)
98 EVP_PKEY_free((EVP_PKEY *)*x);
95 *x = ret; 99 *x = ret;
96 } 100 }
97 PKCS8_PRIV_KEY_INFO_free(p8inf); 101 PKCS8_PRIV_KEY_INFO_free(p8inf);
98 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { 102 } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
99 PKCS8_PRIV_KEY_INFO *p8inf; 103 PKCS8_PRIV_KEY_INFO *p8inf;
100 X509_SIG *p8; 104 X509_SIG *p8;
101 int klen; 105 int klen;
102 char psbuf[PEM_BUFSIZE]; 106 char psbuf[PEM_BUFSIZE];
103 p8 = d2i_X509_SIG(NULL, &p, len); 107 p8 = d2i_X509_SIG(NULL, &p, len);
104 if(!p8) goto p8err; 108 if (!p8)
105 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); 109 goto p8err;
106 else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); 110 if (cb)
111 klen = cb(psbuf, PEM_BUFSIZE, 0, u);
112 else
113 klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
107 if (klen <= 0) { 114 if (klen <= 0) {
108 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, 115 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
109 PEM_R_BAD_PASSWORD_READ); 116 PEM_R_BAD_PASSWORD_READ);
110 X509_SIG_free(p8); 117 X509_SIG_free(p8);
111 goto err; 118 goto err;
112 } 119 }
113 p8inf = PKCS8_decrypt(p8, psbuf, klen); 120 p8inf = PKCS8_decrypt(p8, psbuf, klen);
114 X509_SIG_free(p8); 121 X509_SIG_free(p8);
115 if(!p8inf) goto p8err; 122 if (!p8inf)
123 goto p8err;
116 ret = EVP_PKCS82PKEY(p8inf); 124 ret = EVP_PKCS82PKEY(p8inf);
117 if(x) { 125 if (x) {
118 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 126 if (*x)
127 EVP_PKEY_free((EVP_PKEY *)*x);
119 *x = ret; 128 *x = ret;
120 } 129 }
121 PKCS8_PRIV_KEY_INFO_free(p8inf); 130 PKCS8_PRIV_KEY_INFO_free(p8inf);
122 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) 131 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
123 {
124 const EVP_PKEY_ASN1_METHOD *ameth; 132 const EVP_PKEY_ASN1_METHOD *ameth;
125 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); 133 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
126 if (!ameth || !ameth->old_priv_decode) 134 if (!ameth || !ameth->old_priv_decode)
127 goto p8err; 135 goto p8err;
128 ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len); 136 ret = d2i_PrivateKey(ameth->pkey_id, x,&p, len);
129 } 137 }
138
130p8err: 139p8err:
131 if (ret == NULL) 140 if (ret == NULL)
132 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); 141 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
133err: 142err:
134 free(nm); 143 free(nm);
135 OPENSSL_cleanse(data, len); 144 OPENSSL_cleanse(data, len);
136 free(data); 145 free(data);
137 return(ret); 146 return (ret);
138 } 147}
139 148
140int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 149int
141 unsigned char *kstr, int klen, 150PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
142 pem_password_cb *cb, void *u) 151 unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
143 { 152{
144 char pem_str[80]; 153 char pem_str[80];
154
145 if (!x->ameth || x->ameth->priv_encode) 155 if (!x->ameth || x->ameth->priv_encode)
146 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, 156 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
147 (char *)kstr, klen, 157 (char *)kstr, klen, cb, u);
148 cb, u);
149 158
150 (void) snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY", 159 (void) snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY",
151 x->ameth->pem_str); 160 x->ameth->pem_str);
152 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, 161 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
153 pem_str,bp,x,enc,kstr,klen,cb,u); 162 pem_str, bp, x,enc, kstr, klen, cb, u);
154 } 163}
155 164
156EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) 165EVP_PKEY *
157 { 166PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
158 char *nm=NULL; 167{
159 const unsigned char *p=NULL; 168 char *nm = NULL;
160 unsigned char *data=NULL; 169 const unsigned char *p = NULL;
170 unsigned char *data = NULL;
161 long len; 171 long len;
162 int slen; 172 int slen;
163 EVP_PKEY *ret=NULL; 173 EVP_PKEY *ret = NULL;
164 174
165 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS, 175 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
166 bp, 0, NULL)) 176 bp, 0, NULL))
167 return NULL; 177 return NULL;
168 p = data; 178 p = data;
169 179
170 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) 180 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) {
171 {
172 ret = EVP_PKEY_new(); 181 ret = EVP_PKEY_new();
173 if (!ret) 182 if (!ret)
174 goto err; 183 goto err;
175 if (!EVP_PKEY_set_type_str(ret, nm, slen) 184 if (!EVP_PKEY_set_type_str(ret, nm, slen) ||
176 || !ret->ameth->param_decode 185 !ret->ameth->param_decode ||
177 || !ret->ameth->param_decode(ret, &p, len)) 186 !ret->ameth->param_decode(ret, &p, len)) {
178 {
179 EVP_PKEY_free(ret); 187 EVP_PKEY_free(ret);
180 ret = NULL; 188 ret = NULL;
181 goto err; 189 goto err;
182 } 190 }
183 if(x) 191 if (x) {
184 { 192 if (*x)
185 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 193 EVP_PKEY_free((EVP_PKEY *)*x);
186 *x = ret; 194 *x = ret;
187 }
188 } 195 }
196 }
197
189err: 198err:
190 if (ret == NULL) 199 if (ret == NULL)
191 PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB); 200 PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
192 free(nm); 201 free(nm);
193 free(data); 202 free(data);
194 return(ret); 203 return (ret);
195 } 204}
196 205
197int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) 206int
198 { 207PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
208{
199 char pem_str[80]; 209 char pem_str[80];
210
200 if (!x->ameth || !x->ameth->param_encode) 211 if (!x->ameth || !x->ameth->param_encode)
201 return 0; 212 return 0;
202 213
203 (void) snprintf(pem_str, sizeof(pem_str), "%s PARAMETERS", 214 (void) snprintf(pem_str, sizeof(pem_str), "%s PARAMETERS",
204 x->ameth->pem_str); 215 x->ameth->pem_str);
205 return PEM_ASN1_write_bio( 216 return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
206 (i2d_of_void *)x->ameth->param_encode, 217 pem_str, bp, x,NULL, NULL, 0,0, NULL);
207 pem_str,bp,x,NULL,NULL,0,0,NULL); 218}
208 }
209 219
210#ifndef OPENSSL_NO_FP_API 220#ifndef OPENSSL_NO_FP_API
211EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) 221EVP_PKEY *
212 { 222PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
213 BIO *b; 223{
214 EVP_PKEY *ret; 224 BIO *b;
215 225 EVP_PKEY *ret;
216 if ((b=BIO_new(BIO_s_file())) == NULL) 226
217 { 227 if ((b = BIO_new(BIO_s_file())) == NULL) {
218 PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); 228 PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
219 return(0); 229 return (0);
220 }
221 BIO_set_fp(b,fp,BIO_NOCLOSE);
222 ret=PEM_read_bio_PrivateKey(b,x,cb,u);
223 BIO_free(b);
224 return(ret);
225 } 230 }
226 231 BIO_set_fp(b, fp, BIO_NOCLOSE);
227int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 232 ret = PEM_read_bio_PrivateKey(b, x,cb, u);
228 unsigned char *kstr, int klen, 233 BIO_free(b);
229 pem_password_cb *cb, void *u) 234 return (ret);
230 { 235}
231 BIO *b; 236
232 int ret; 237int
233 238PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
234 if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) 239 unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
235 { 240{
236 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB); 241 BIO *b;
237 return 0; 242 int ret;
238 } 243
239 ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); 244 if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
240 BIO_free(b); 245 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB);
241 return ret; 246 return 0;
242 } 247 }
248 ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
249 BIO_free(b);
250 return ret;
251}
243 252
244#endif 253#endif
diff --git a/src/lib/libssl/src/crypto/pem/pem_seal.c b/src/lib/libssl/src/crypto/pem/pem_seal.c
index bac7b16b44..e39de08c9a 100644
--- a/src/lib/libssl/src/crypto/pem/pem_seal.c
+++ b/src/lib/libssl/src/crypto/pem/pem_seal.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -67,125 +67,129 @@
67#include <openssl/pem.h> 67#include <openssl/pem.h>
68#include <openssl/rsa.h> 68#include <openssl/rsa.h>
69 69
70int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, 70int
71 unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, 71PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
72 int npubk) 72 unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
73 { 73{
74 unsigned char key[EVP_MAX_KEY_LENGTH]; 74 unsigned char key[EVP_MAX_KEY_LENGTH];
75 int ret= -1; 75 int ret = -1;
76 int i,j,max=0; 76 int i, j, max = 0;
77 char *s=NULL; 77 char *s = NULL;
78 78
79 for (i=0; i<npubk; i++) 79 for (i = 0; i < npubk; i++) {
80 { 80 if (pubk[i]->type != EVP_PKEY_RSA) {
81 if (pubk[i]->type != EVP_PKEY_RSA) 81 PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA);
82 {
83 PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
84 goto err; 82 goto err;
85 }
86 j=RSA_size(pubk[i]->pkey.rsa);
87 if (j > max) max=j;
88 } 83 }
89 s=(char *)malloc(max*2); 84 j = RSA_size(pubk[i]->pkey.rsa);
90 if (s == NULL) 85 if (j > max)
91 { 86 max = j;
92 PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); 87 }
88 s = (char *)malloc(max*2);
89 if (s == NULL) {
90 PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
93 goto err; 91 goto err;
94 } 92 }
95 93
96 EVP_EncodeInit(&ctx->encode); 94 EVP_EncodeInit(&ctx->encode);
97 95
98 EVP_MD_CTX_init(&ctx->md); 96 EVP_MD_CTX_init(&ctx->md);
99 if (!EVP_SignInit(&ctx->md,md_type)) 97 if (!EVP_SignInit(&ctx->md, md_type))
100 goto err; 98 goto err;
101 99
102 EVP_CIPHER_CTX_init(&ctx->cipher); 100 EVP_CIPHER_CTX_init(&ctx->cipher);
103 ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); 101 ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk);
104 if (ret <= 0) goto err; 102 if (ret <= 0)
103 goto err;
105 104
106 /* base64 encode the keys */ 105 /* base64 encode the keys */
107 for (i=0; i<npubk; i++) 106 for (i = 0; i < npubk; i++) {
108 { 107 j = EVP_EncodeBlock((unsigned char *)s, ek[i],
109 j=EVP_EncodeBlock((unsigned char *)s,ek[i], 108 RSA_size(pubk[i]->pkey.rsa));
110 RSA_size(pubk[i]->pkey.rsa)); 109 ekl[i] = j;
111 ekl[i]=j; 110 memcpy(ek[i], s, j + 1);
112 memcpy(ek[i],s,j+1);
113 }
114
115 ret=npubk;
116err:
117 if (s != NULL) free(s);
118 OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
119 return(ret);
120 } 111 }
121 112
122void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, 113 ret = npubk;
123 unsigned char *in, int inl) 114
124 { 115err:
116 if (s != NULL)
117 free(s);
118 OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
119 return (ret);
120}
121
122void
123PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
124 unsigned char *in, int inl)
125{
125 unsigned char buffer[1600]; 126 unsigned char buffer[1600];
126 int i,j; 127 int i, j;
127 128
128 *outl=0; 129 *outl = 0;
129 EVP_SignUpdate(&ctx->md,in,inl); 130 EVP_SignUpdate(&ctx->md, in, inl);
130 for (;;) 131 for (;;) {
131 { 132 if (inl <= 0)
132 if (inl <= 0) break; 133 break;
133 if (inl > 1200) 134 if (inl > 1200)
134 i=1200; 135 i = 1200;
135 else 136 else
136 i=inl; 137 i = inl;
137 EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i); 138 EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i);
138 EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j); 139 EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j);
139 *outl+=j; 140 *outl += j;
140 out+=j; 141 out += j;
141 in+=i; 142 in += i;
142 inl-=i; 143 inl -= i;
143 }
144 } 144 }
145 145}
146int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, 146
147 unsigned char *out, int *outl, EVP_PKEY *priv) 147int
148 { 148PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
149 unsigned char *s=NULL; 149 unsigned char *out, int *outl, EVP_PKEY *priv)
150 int ret=0,j; 150{
151 unsigned char *s = NULL;
152 int ret = 0, j;
151 unsigned int i; 153 unsigned int i;
152 154
153 if (priv->type != EVP_PKEY_RSA) 155 if (priv->type != EVP_PKEY_RSA) {
154 { 156 PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA);
155 PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
156 goto err; 157 goto err;
157 } 158 }
158 i=RSA_size(priv->pkey.rsa); 159 i = RSA_size(priv->pkey.rsa);
159 if (i < 100) i=100; 160 if (i < 100)
160 s=(unsigned char *)malloc(i*2); 161 i = 100;
161 if (s == NULL) 162 s = (unsigned char *)malloc(i*2);
162 { 163 if (s == NULL) {
163 PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); 164 PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
164 goto err; 165 goto err;
165 } 166 }
166 167
167 if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i)) 168 if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i))
168 goto err; 169 goto err;
169 EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); 170 EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
170 *outl=j; 171 *outl = j;
171 out+=j; 172 out += j;
172 EVP_EncodeFinal(&ctx->encode,out,&j); 173 EVP_EncodeFinal(&ctx->encode, out, &j);
173 *outl+=j; 174 *outl += j;
174 175
175 if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err; 176 if (!EVP_SignFinal(&ctx->md, s,&i, priv))
176 *sigl=EVP_EncodeBlock(sig,s,i); 177 goto err;
178 *sigl = EVP_EncodeBlock(sig, s, i);
179
180 ret = 1;
177 181
178 ret=1;
179err: 182err:
180 EVP_MD_CTX_cleanup(&ctx->md); 183 EVP_MD_CTX_cleanup(&ctx->md);
181 EVP_CIPHER_CTX_cleanup(&ctx->cipher); 184 EVP_CIPHER_CTX_cleanup(&ctx->cipher);
182 if (s != NULL) free(s); 185 if (s != NULL)
183 return(ret); 186 free(s);
184 } 187 return (ret);
188}
185#else /* !OPENSSL_NO_RSA */ 189#else /* !OPENSSL_NO_RSA */
186 190
187# if PEDANTIC 191# if PEDANTIC
188static void *dummy=&dummy; 192static void *dummy = &dummy;
189# endif 193# endif
190 194
191#endif 195#endif
diff --git a/src/lib/libssl/src/crypto/pem/pem_sign.c b/src/lib/libssl/src/crypto/pem/pem_sign.c
index cbd3cd0793..ab3e5ebc64 100644
--- a/src/lib/libssl/src/crypto/pem/pem_sign.c
+++ b/src/lib/libssl/src/crypto/pem/pem_sign.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -64,39 +64,43 @@
64#include <openssl/x509.h> 64#include <openssl/x509.h>
65#include <openssl/pem.h> 65#include <openssl/pem.h>
66 66
67void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) 67void
68 { 68PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
69{
69 EVP_DigestInit_ex(ctx, type, NULL); 70 EVP_DigestInit_ex(ctx, type, NULL);
70 } 71}
71 72
72void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, 73void
73 unsigned int count) 74PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
74 { 75 unsigned int count)
75 EVP_DigestUpdate(ctx,data,count); 76{
76 } 77 EVP_DigestUpdate(ctx, data, count);
78}
77 79
78int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, 80int
79 EVP_PKEY *pkey) 81PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
80 { 82 EVP_PKEY *pkey)
83{
81 unsigned char *m; 84 unsigned char *m;
82 int i,ret=0; 85 int i, ret = 0;
83 unsigned int m_len; 86 unsigned int m_len;
84 87
85 m=(unsigned char *)malloc(EVP_PKEY_size(pkey)+2); 88 m = (unsigned char *)malloc(EVP_PKEY_size(pkey) + 2);
86 if (m == NULL) 89 if (m == NULL) {
87 { 90 PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
88 PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE); 91 goto err;
92 }
93
94 if (EVP_SignFinal(ctx, m,&m_len, pkey) <= 0)
89 goto err; 95 goto err;
90 }
91 96
92 if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err; 97 i = EVP_EncodeBlock(sigret, m, m_len);
98 *siglen = i;
99 ret = 1;
93 100
94 i=EVP_EncodeBlock(sigret,m,m_len);
95 *siglen=i;
96 ret=1;
97err: 101err:
98 /* ctx has been zeroed by EVP_SignFinal() */ 102 /* ctx has been zeroed by EVP_SignFinal() */
99 if (m != NULL) free(m); 103 if (m != NULL)
100 return(ret); 104 free(m);
101 } 105 return (ret);
102 106}
diff --git a/src/lib/libssl/src/crypto/pem/pem_x509.c b/src/lib/libssl/src/crypto/pem/pem_x509.c
index b531057dc9..57b7d1d53b 100644
--- a/src/lib/libssl/src/crypto/pem/pem_x509.c
+++ b/src/lib/libssl/src/crypto/pem/pem_x509.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -65,4 +65,3 @@
65#include <openssl/pem.h> 65#include <openssl/pem.h>
66 66
67IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) 67IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
68
diff --git a/src/lib/libssl/src/crypto/pem/pem_xaux.c b/src/lib/libssl/src/crypto/pem/pem_xaux.c
index 328f796200..ae381ce54b 100644
--- a/src/lib/libssl/src/crypto/pem/pem_xaux.c
+++ b/src/lib/libssl/src/crypto/pem/pem_xaux.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -65,4 +65,5 @@
65#include <openssl/pem.h> 65#include <openssl/pem.h>
66 66
67IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) 67IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
68IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR) 68IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR,
69 X509_CERT_PAIR)
diff --git a/src/lib/libssl/src/crypto/pem/pvkfmt.c b/src/lib/libssl/src/crypto/pem/pvkfmt.c
index 59af2020ab..a7815a2372 100644
--- a/src/lib/libssl/src/crypto/pem/pvkfmt.c
+++ b/src/lib/libssl/src/crypto/pem/pvkfmt.c
@@ -9,7 +9,7 @@
9 * are met: 9 * are met:
10 * 10 *
11 * 1. Redistributions of source code must retain the above copyright 11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer. 12 * notice, this list of conditions and the following disclaimer.
13 * 13 *
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in 15 * notice, this list of conditions and the following disclaimer in
@@ -71,27 +71,31 @@
71 * format 71 * format
72 */ 72 */
73 73
74static unsigned int read_ledword(const unsigned char **in) 74static unsigned int
75 { 75read_ledword(const unsigned char **in)
76{
76 const unsigned char *p = *in; 77 const unsigned char *p = *in;
77 unsigned int ret; 78 unsigned int ret;
79
78 ret = *p++; 80 ret = *p++;
79 ret |= (*p++ << 8); 81 ret |= (*p++ << 8);
80 ret |= (*p++ << 16); 82 ret |= (*p++ << 16);
81 ret |= (*p++ << 24); 83 ret |= (*p++ << 24);
82 *in = p; 84 *in = p;
83 return ret; 85 return ret;
84 } 86}
85 87
86/* Read a BIGNUM in little endian format. The docs say that this should take up 88/* Read a BIGNUM in little endian format. The docs say that this should take up
87 * bitlen/8 bytes. 89 * bitlen/8 bytes.
88 */ 90 */
89 91
90static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) 92static int
91 { 93read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
94{
92 const unsigned char *p; 95 const unsigned char *p;
93 unsigned char *tmpbuf, *q; 96 unsigned char *tmpbuf, *q;
94 unsigned int i; 97 unsigned int i;
98
95 p = *in + nbyte - 1; 99 p = *in + nbyte - 1;
96 tmpbuf = malloc(nbyte); 100 tmpbuf = malloc(nbyte);
97 if (!tmpbuf) 101 if (!tmpbuf)
@@ -101,14 +105,12 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
101 *q++ = *p--; 105 *q++ = *p--;
102 *r = BN_bin2bn(tmpbuf, nbyte, NULL); 106 *r = BN_bin2bn(tmpbuf, nbyte, NULL);
103 free(tmpbuf); 107 free(tmpbuf);
104 if (*r) 108 if (*r) {
105 {
106 *in += nbyte; 109 *in += nbyte;
107 return 1; 110 return 1;
108 } 111 } else
109 else
110 return 0; 112 return 0;
111 } 113}
112 114
113 115
114/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ 116/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
@@ -132,106 +134,96 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
132#define PVK_SALTLEN 0x10 134#define PVK_SALTLEN 0x10
133 135
134static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, 136static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
135 unsigned int bitlen, int ispub); 137 unsigned int bitlen, int ispub);
136static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, 138static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
137 unsigned int bitlen, int ispub); 139 unsigned int bitlen, int ispub);
138 140
139static int do_blob_header(const unsigned char **in, unsigned int length, 141static int
140 unsigned int *pmagic, unsigned int *pbitlen, 142do_blob_header(const unsigned char **in, unsigned int length,
141 int *pisdss, int *pispub) 143 unsigned int *pmagic, unsigned int *pbitlen, int *pisdss, int *pispub)
142 { 144{
143 const unsigned char *p = *in; 145 const unsigned char *p = *in;
146
144 if (length < 16) 147 if (length < 16)
145 return 0; 148 return 0;
146 /* bType */ 149 /* bType */
147 if (*p == MS_PUBLICKEYBLOB) 150 if (*p == MS_PUBLICKEYBLOB) {
148 { 151 if (*pispub == 0) {
149 if (*pispub == 0)
150 {
151 PEMerr(PEM_F_DO_BLOB_HEADER, 152 PEMerr(PEM_F_DO_BLOB_HEADER,
152 PEM_R_EXPECTING_PRIVATE_KEY_BLOB); 153 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
153 return 0; 154 return 0;
154 }
155 *pispub = 1;
156 } 155 }
157 else if (*p == MS_PRIVATEKEYBLOB) 156 *pispub = 1;
158 { 157 } else if (*p == MS_PRIVATEKEYBLOB) {
159 if (*pispub == 1) 158 if (*pispub == 1) {
160 {
161 PEMerr(PEM_F_DO_BLOB_HEADER, 159 PEMerr(PEM_F_DO_BLOB_HEADER,
162 PEM_R_EXPECTING_PUBLIC_KEY_BLOB); 160 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
163 return 0; 161 return 0;
164 }
165 *pispub = 0;
166 } 162 }
167 else 163 *pispub = 0;
164 } else
168 return 0; 165 return 0;
169 p++; 166 p++;
170 /* Version */ 167 /* Version */
171 if (*p++ != 0x2) 168 if (*p++ != 0x2) {
172 {
173 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER); 169 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
174 return 0; 170 return 0;
175 } 171 }
176 /* Ignore reserved, aiKeyAlg */ 172 /* Ignore reserved, aiKeyAlg */
177 p+= 6; 173 p += 6;
178 *pmagic = read_ledword(&p); 174 *pmagic = read_ledword(&p);
179 *pbitlen = read_ledword(&p); 175 *pbitlen = read_ledword(&p);
180 *pisdss = 0; 176 *pisdss = 0;
181 switch (*pmagic) 177 switch (*pmagic) {
182 {
183 178
184 case MS_DSS1MAGIC: 179 case MS_DSS1MAGIC:
185 *pisdss = 1; 180 *pisdss = 1;
186 case MS_RSA1MAGIC: 181 case MS_RSA1MAGIC:
187 if (*pispub == 0) 182 if (*pispub == 0) {
188 {
189 PEMerr(PEM_F_DO_BLOB_HEADER, 183 PEMerr(PEM_F_DO_BLOB_HEADER,
190 PEM_R_EXPECTING_PRIVATE_KEY_BLOB); 184 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
191 return 0; 185 return 0;
192 } 186 }
193 break; 187 break;
194 188
195 case MS_DSS2MAGIC: 189 case MS_DSS2MAGIC:
196 *pisdss = 1; 190 *pisdss = 1;
197 case MS_RSA2MAGIC: 191 case MS_RSA2MAGIC:
198 if (*pispub == 1) 192 if (*pispub == 1) {
199 {
200 PEMerr(PEM_F_DO_BLOB_HEADER, 193 PEMerr(PEM_F_DO_BLOB_HEADER,
201 PEM_R_EXPECTING_PUBLIC_KEY_BLOB); 194 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
202 return 0; 195 return 0;
203 } 196 }
204 break; 197 break;
205 198
206 default: 199 default:
207 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER); 200 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
208 return -1; 201 return -1;
209 } 202 }
210 *in = p; 203 *in = p;
211 return 1; 204 return 1;
212 } 205}
213 206
214static unsigned int blob_length(unsigned bitlen, int isdss, int ispub) 207static unsigned int
215 { 208blob_length(unsigned bitlen, int isdss, int ispub)
209{
216 unsigned int nbyte, hnbyte; 210 unsigned int nbyte, hnbyte;
211
217 nbyte = (bitlen + 7) >> 3; 212 nbyte = (bitlen + 7) >> 3;
218 hnbyte = (bitlen + 15) >> 4; 213 hnbyte = (bitlen + 15) >> 4;
219 if (isdss) 214 if (isdss) {
220 {
221 215
222 /* Expected length: 20 for q + 3 components bitlen each + 24 216 /* Expected length: 20 for q + 3 components bitlen each + 24
223 * for seed structure. 217 * for seed structure.
224 */ 218 */
225 if (ispub) 219 if (ispub)
226 return 44 + 3 * nbyte; 220 return 44 + 3 * nbyte;
227 /* Expected length: 20 for q, priv, 2 bitlen components + 24 221 /* Expected length: 20 for q, priv, 2 bitlen components + 24
228 * for seed structure. 222 * for seed structure.
229 */ 223 */
230 else 224 else
231 return 64 + 2 * nbyte; 225 return 64 + 2 * nbyte;
232 } 226 } else {
233 else
234 {
235 /* Expected length: 4 for 'e' + 'n' */ 227 /* Expected length: 4 for 'e' + 'n' */
236 if (ispub) 228 if (ispub)
237 return 4 + nbyte; 229 return 4 + nbyte;
@@ -239,83 +231,83 @@ static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
239 /* Expected length: 4 for 'e' and 7 other components. 231 /* Expected length: 4 for 'e' and 7 other components.
240 * 2 components are bitlen size, 5 are bitlen/2 232 * 2 components are bitlen size, 5 are bitlen/2
241 */ 233 */
242 return 4 + 2*nbyte + 5*hnbyte; 234 return 4 + 2*nbyte + 5*hnbyte;
243 }
244
245 } 235 }
246 236
247static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, 237}
248 int ispub) 238
249 { 239static EVP_PKEY *
240do_b2i(const unsigned char **in, unsigned int length, int ispub)
241{
250 const unsigned char *p = *in; 242 const unsigned char *p = *in;
251 unsigned int bitlen, magic; 243 unsigned int bitlen, magic;
252 int isdss; 244 int isdss;
253 if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) 245
254 { 246 if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
255 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); 247 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
256 return NULL; 248 return NULL;
257 } 249 }
258 length -= 16; 250 length -= 16;
259 if (length < blob_length(bitlen, isdss, ispub)) 251 if (length < blob_length(bitlen, isdss, ispub)) {
260 {
261 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT); 252 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
262 return NULL; 253 return NULL;
263 } 254 }
264 if (isdss) 255 if (isdss)
265 return b2i_dss(&p, length, bitlen, ispub); 256 return b2i_dss(&p, length, bitlen, ispub);
266 else 257 else
267 return b2i_rsa(&p, length, bitlen, ispub); 258 return b2i_rsa(&p, length, bitlen, ispub);
268 } 259}
269 260
270static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) 261static EVP_PKEY *
271 { 262do_b2i_bio(BIO *in, int ispub)
263{
272 const unsigned char *p; 264 const unsigned char *p;
273 unsigned char hdr_buf[16], *buf = NULL; 265 unsigned char hdr_buf[16], *buf = NULL;
274 unsigned int bitlen, magic, length; 266 unsigned int bitlen, magic, length;
275 int isdss; 267 int isdss;
276 EVP_PKEY *ret = NULL; 268 EVP_PKEY *ret = NULL;
277 if (BIO_read(in, hdr_buf, 16) != 16) 269
278 { 270 if (BIO_read(in, hdr_buf, 16) != 16) {
279 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); 271 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
280 return NULL; 272 return NULL;
281 } 273 }
282 p = hdr_buf; 274 p = hdr_buf;
283 if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) 275 if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
284 return NULL; 276 return NULL;
285 277
286 length = blob_length(bitlen, isdss, ispub); 278 length = blob_length(bitlen, isdss, ispub);
287 buf = malloc(length); 279 buf = malloc(length);
288 if (!buf) 280 if (!buf) {
289 {
290 PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); 281 PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
291 goto err; 282 goto err;
292 } 283 }
293 p = buf; 284 p = buf;
294 if (BIO_read(in, buf, length) != (int)length) 285 if (BIO_read(in, buf, length) != (int)length) {
295 {
296 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); 286 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
297 goto err; 287 goto err;
298 } 288 }
299 289
300 if (isdss) 290 if (isdss)
301 ret = b2i_dss(&p, length, bitlen, ispub); 291 ret = b2i_dss(&p, length, bitlen, ispub);
302 else 292 else
303 ret = b2i_rsa(&p, length, bitlen, ispub); 293 ret = b2i_rsa(&p, length, bitlen, ispub);
304 294
305 err: 295err:
306 if (buf) 296 if (buf)
307 free(buf); 297 free(buf);
308 return ret; 298 return ret;
309 } 299}
310 300
311static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, 301static EVP_PKEY *
312 unsigned int bitlen, int ispub) 302b2i_dss(const unsigned char **in, unsigned int length, unsigned int bitlen,
313 { 303 int ispub)
304{
314 const unsigned char *p = *in; 305 const unsigned char *p = *in;
315 EVP_PKEY *ret = NULL; 306 EVP_PKEY *ret = NULL;
316 DSA *dsa = NULL; 307 DSA *dsa = NULL;
317 BN_CTX *ctx = NULL; 308 BN_CTX *ctx = NULL;
318 unsigned int nbyte; 309 unsigned int nbyte;
310
319 nbyte = (bitlen + 7) >> 3; 311 nbyte = (bitlen + 7) >> 3;
320 312
321 dsa = DSA_new(); 313 dsa = DSA_new();
@@ -328,13 +320,10 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
328 goto memerr; 320 goto memerr;
329 if (!read_lebn(&p, nbyte, &dsa->g)) 321 if (!read_lebn(&p, nbyte, &dsa->g))
330 goto memerr; 322 goto memerr;
331 if (ispub) 323 if (ispub) {
332 {
333 if (!read_lebn(&p, nbyte, &dsa->pub_key)) 324 if (!read_lebn(&p, nbyte, &dsa->pub_key))
334 goto memerr; 325 goto memerr;
335 } 326 } else {
336 else
337 {
338 if (!read_lebn(&p, 20, &dsa->priv_key)) 327 if (!read_lebn(&p, 20, &dsa->priv_key))
339 goto memerr; 328 goto memerr;
340 /* Calculate public key */ 329 /* Calculate public key */
@@ -342,20 +331,18 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
342 goto memerr; 331 goto memerr;
343 if (!(ctx = BN_CTX_new())) 332 if (!(ctx = BN_CTX_new()))
344 goto memerr; 333 goto memerr;
345
346 if (!BN_mod_exp(dsa->pub_key, dsa->g, 334 if (!BN_mod_exp(dsa->pub_key, dsa->g,
347 dsa->priv_key, dsa->p, ctx)) 335 dsa->priv_key, dsa->p, ctx))
348
349 goto memerr; 336 goto memerr;
350 BN_CTX_free(ctx); 337 BN_CTX_free(ctx);
351 } 338 }
352 339
353 EVP_PKEY_set1_DSA(ret, dsa); 340 EVP_PKEY_set1_DSA(ret, dsa);
354 DSA_free(dsa); 341 DSA_free(dsa);
355 *in = p; 342 *in = p;
356 return ret; 343 return ret;
357 344
358 memerr: 345memerr:
359 PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); 346 PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
360 if (dsa) 347 if (dsa)
361 DSA_free(dsa); 348 DSA_free(dsa);
@@ -364,16 +351,17 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
364 if (ctx) 351 if (ctx)
365 BN_CTX_free(ctx); 352 BN_CTX_free(ctx);
366 return NULL; 353 return NULL;
367 } 354}
368 355
369static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, 356static EVP_PKEY *
370 unsigned int bitlen, int ispub) 357b2i_rsa(const unsigned char **in, unsigned int length, unsigned int bitlen,
371 358 int ispub)
372 { 359{
373 const unsigned char *p = *in; 360 const unsigned char *p = *in;
374 EVP_PKEY *ret = NULL; 361 EVP_PKEY *ret = NULL;
375 RSA *rsa = NULL; 362 RSA *rsa = NULL;
376 unsigned int nbyte, hnbyte; 363 unsigned int nbyte, hnbyte;
364
377 nbyte = (bitlen + 7) >> 3; 365 nbyte = (bitlen + 7) >> 3;
378 hnbyte = (bitlen + 15) >> 4; 366 hnbyte = (bitlen + 15) >> 4;
379 rsa = RSA_new(); 367 rsa = RSA_new();
@@ -387,8 +375,7 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
387 goto memerr; 375 goto memerr;
388 if (!read_lebn(&p, nbyte, &rsa->n)) 376 if (!read_lebn(&p, nbyte, &rsa->n))
389 goto memerr; 377 goto memerr;
390 if (!ispub) 378 if (!ispub) {
391 {
392 if (!read_lebn(&p, hnbyte, &rsa->p)) 379 if (!read_lebn(&p, hnbyte, &rsa->p))
393 goto memerr; 380 goto memerr;
394 if (!read_lebn(&p, hnbyte, &rsa->q)) 381 if (!read_lebn(&p, hnbyte, &rsa->q))
@@ -401,78 +388,83 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
401 goto memerr; 388 goto memerr;
402 if (!read_lebn(&p, nbyte, &rsa->d)) 389 if (!read_lebn(&p, nbyte, &rsa->d))
403 goto memerr; 390 goto memerr;
404 } 391 }
405 392
406 EVP_PKEY_set1_RSA(ret, rsa); 393 EVP_PKEY_set1_RSA(ret, rsa);
407 RSA_free(rsa); 394 RSA_free(rsa);
408 *in = p; 395 *in = p;
409 return ret; 396 return ret;
410 memerr: 397
398memerr:
411 PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); 399 PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
412 if (rsa) 400 if (rsa)
413 RSA_free(rsa); 401 RSA_free(rsa);
414 if (ret) 402 if (ret)
415 EVP_PKEY_free(ret); 403 EVP_PKEY_free(ret);
416 return NULL; 404 return NULL;
417 } 405}
418 406
419EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length) 407EVP_PKEY *
420 { 408b2i_PrivateKey(const unsigned char **in, long length)
409{
421 return do_b2i(in, length, 0); 410 return do_b2i(in, length, 0);
422 } 411}
423 412
424EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length) 413EVP_PKEY *
425 { 414b2i_PublicKey(const unsigned char **in, long length)
415{
426 return do_b2i(in, length, 1); 416 return do_b2i(in, length, 1);
427 } 417}
428 418
429 419EVP_PKEY *
430EVP_PKEY *b2i_PrivateKey_bio(BIO *in) 420b2i_PrivateKey_bio(BIO *in)
431 { 421{
432 return do_b2i_bio(in, 0); 422 return do_b2i_bio(in, 0);
433 } 423}
434 424
435EVP_PKEY *b2i_PublicKey_bio(BIO *in) 425EVP_PKEY *
436 { 426b2i_PublicKey_bio(BIO *in)
427{
437 return do_b2i_bio(in, 1); 428 return do_b2i_bio(in, 1);
438 } 429}
439 430
440static void write_ledword(unsigned char **out, unsigned int dw) 431static void
441 { 432write_ledword(unsigned char **out, unsigned int dw)
433{
442 unsigned char *p = *out; 434 unsigned char *p = *out;
435
443 *p++ = dw & 0xff; 436 *p++ = dw & 0xff;
444 *p++ = (dw>>8) & 0xff; 437 *p++ = (dw >> 8) & 0xff;
445 *p++ = (dw>>16) & 0xff; 438 *p++ = (dw >> 16) & 0xff;
446 *p++ = (dw>>24) & 0xff; 439 *p++ = (dw >> 24) & 0xff;
447 *out = p; 440 *out = p;
448 } 441}
449 442
450static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) 443static void
451 { 444write_lebn(unsigned char **out, const BIGNUM *bn, int len)
445{
452 int nb, i; 446 int nb, i;
453 unsigned char *p = *out, *q, c; 447 unsigned char *p = *out, *q, c;
448
454 nb = BN_num_bytes(bn); 449 nb = BN_num_bytes(bn);
455 BN_bn2bin(bn, p); 450 BN_bn2bin(bn, p);
456 q = p + nb - 1; 451 q = p + nb - 1;
457 /* In place byte order reversal */ 452 /* In place byte order reversal */
458 for (i = 0; i < nb/2; i++) 453 for (i = 0; i < nb / 2; i++) {
459 {
460 c = *p; 454 c = *p;
461 *p++ = *q; 455 *p++ = *q;
462 *q-- = c; 456 *q-- = c;
463 } 457 }
464 *out += nb; 458 *out += nb;
465 /* Pad with zeroes if we have to */ 459 /* Pad with zeroes if we have to */
466 if (len > 0) 460 if (len > 0) {
467 {
468 len -= nb; 461 len -= nb;
469 if (len > 0) 462 if (len > 0) {
470 {
471 memset(*out, 0, len); 463 memset(*out, 0, len);
472 *out += len; 464 *out += len;
473 }
474 } 465 }
475 } 466 }
467}
476 468
477 469
478static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); 470static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
@@ -480,40 +472,37 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
480 472
481static void write_rsa(unsigned char **out, RSA *rsa, int ispub); 473static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
482static void write_dsa(unsigned char **out, DSA *dsa, int ispub); 474static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
483 475
484static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) 476static int
485 { 477do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
478{
486 unsigned char *p; 479 unsigned char *p;
487 unsigned int bitlen, magic = 0, keyalg; 480 unsigned int bitlen, magic = 0, keyalg;
488 int outlen, noinc = 0; 481 int outlen, noinc = 0;
489 if (pk->type == EVP_PKEY_DSA) 482
490 { 483 if (pk->type == EVP_PKEY_DSA) {
491 bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); 484 bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
492 keyalg = MS_KEYALG_DSS_SIGN; 485 keyalg = MS_KEYALG_DSS_SIGN;
493 } 486 } else if (pk->type == EVP_PKEY_RSA) {
494 else if (pk->type == EVP_PKEY_RSA)
495 {
496 bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); 487 bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
497 keyalg = MS_KEYALG_RSA_KEYX; 488 keyalg = MS_KEYALG_RSA_KEYX;
498 } 489 } else
499 else
500 return -1; 490 return -1;
501 if (bitlen == 0) 491 if (bitlen == 0)
502 return -1; 492 return -1;
503 outlen = 16 + blob_length(bitlen, 493 outlen = 16 + blob_length(bitlen,
504 keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub); 494 keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
505 if (out == NULL) 495 if (out == NULL)
506 return outlen; 496 return outlen;
507 if (*out) 497 if (*out)
508 p = *out; 498 p = *out;
509 else 499 else {
510 {
511 p = malloc(outlen); 500 p = malloc(outlen);
512 if (!p) 501 if (!p)
513 return -1; 502 return -1;
514 *out = p; 503 *out = p;
515 noinc = 1; 504 noinc = 1;
516 } 505 }
517 if (ispub) 506 if (ispub)
518 *p++ = MS_PUBLICKEYBLOB; 507 *p++ = MS_PUBLICKEYBLOB;
519 else 508 else
@@ -531,12 +520,14 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
531 if (!noinc) 520 if (!noinc)
532 *out += outlen; 521 *out += outlen;
533 return outlen; 522 return outlen;
534 } 523}
535 524
536static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) 525static int
537 { 526do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
527{
538 unsigned char *tmp = NULL; 528 unsigned char *tmp = NULL;
539 int outlen, wrlen; 529 int outlen, wrlen;
530
540 outlen = do_i2b(&tmp, pk, ispub); 531 outlen = do_i2b(&tmp, pk, ispub);
541 if (outlen < 0) 532 if (outlen < 0)
542 return -1; 533 return -1;
@@ -545,72 +536,73 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
545 if (wrlen == outlen) 536 if (wrlen == outlen)
546 return outlen; 537 return outlen;
547 return -1; 538 return -1;
548 } 539}
549 540
550static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) 541static int
551 { 542check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
543{
552 int bitlen; 544 int bitlen;
545
553 bitlen = BN_num_bits(dsa->p); 546 bitlen = BN_num_bits(dsa->p);
554 if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) 547 if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) ||
555 || (BN_num_bits(dsa->g) > bitlen)) 548 (BN_num_bits(dsa->g) > bitlen))
556 goto badkey; 549 goto badkey;
557 if (ispub) 550 if (ispub) {
558 {
559 if (BN_num_bits(dsa->pub_key) > bitlen) 551 if (BN_num_bits(dsa->pub_key) > bitlen)
560 goto badkey; 552 goto badkey;
561 *pmagic = MS_DSS1MAGIC; 553 *pmagic = MS_DSS1MAGIC;
562 } 554 } else {
563 else
564 {
565 if (BN_num_bits(dsa->priv_key) > 160) 555 if (BN_num_bits(dsa->priv_key) > 160)
566 goto badkey; 556 goto badkey;
567 *pmagic = MS_DSS2MAGIC; 557 *pmagic = MS_DSS2MAGIC;
568 } 558 }
569 559
570 return bitlen; 560 return bitlen;
571 badkey: 561
562badkey:
572 PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); 563 PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
573 return 0; 564 return 0;
574 } 565}
575 566
576static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) 567static int
577 { 568check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
569{
578 int nbyte, hnbyte, bitlen; 570 int nbyte, hnbyte, bitlen;
571
579 if (BN_num_bits(rsa->e) > 32) 572 if (BN_num_bits(rsa->e) > 32)
580 goto badkey; 573 goto badkey;
581 bitlen = BN_num_bits(rsa->n); 574 bitlen = BN_num_bits(rsa->n);
582 nbyte = BN_num_bytes(rsa->n); 575 nbyte = BN_num_bytes(rsa->n);
583 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; 576 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
584 if (ispub) 577 if (ispub) {
585 {
586 *pmagic = MS_RSA1MAGIC; 578 *pmagic = MS_RSA1MAGIC;
587 return bitlen; 579 return bitlen;
588 } 580 } else {
589 else
590 {
591 *pmagic = MS_RSA2MAGIC; 581 *pmagic = MS_RSA2MAGIC;
592 /* For private key each component must fit within nbyte or 582 /* For private key each component must fit within nbyte or
593 * hnbyte. 583 * hnbyte.
594 */ 584 */
595 if (BN_num_bytes(rsa->d) > nbyte) 585 if (BN_num_bytes(rsa->d) > nbyte)
596 goto badkey; 586 goto badkey;
597 if ((BN_num_bytes(rsa->iqmp) > hnbyte) 587 if ((BN_num_bytes(rsa->iqmp) > hnbyte) ||
598 || (BN_num_bytes(rsa->p) > hnbyte) 588 (BN_num_bytes(rsa->p) > hnbyte) ||
599 || (BN_num_bytes(rsa->q) > hnbyte) 589 (BN_num_bytes(rsa->q) > hnbyte) ||
600 || (BN_num_bytes(rsa->dmp1) > hnbyte) 590 (BN_num_bytes(rsa->dmp1) > hnbyte) ||
601 || (BN_num_bytes(rsa->dmq1) > hnbyte)) 591 (BN_num_bytes(rsa->dmq1) > hnbyte))
602 goto badkey; 592 goto badkey;
603 } 593 }
604 return bitlen; 594 return bitlen;
605 badkey: 595
596badkey:
606 PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); 597 PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
607 return 0; 598 return 0;
608 } 599}
609
610 600
611static void write_rsa(unsigned char **out, RSA *rsa, int ispub) 601static void
612 { 602write_rsa(unsigned char **out, RSA *rsa, int ispub)
603{
613 int nbyte, hnbyte; 604 int nbyte, hnbyte;
605
614 nbyte = BN_num_bytes(rsa->n); 606 nbyte = BN_num_bytes(rsa->n);
615 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; 607 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
616 write_lebn(out, rsa->e, 4); 608 write_lebn(out, rsa->e, 4);
@@ -623,12 +615,13 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
623 write_lebn(out, rsa->dmq1, hnbyte); 615 write_lebn(out, rsa->dmq1, hnbyte);
624 write_lebn(out, rsa->iqmp, hnbyte); 616 write_lebn(out, rsa->iqmp, hnbyte);
625 write_lebn(out, rsa->d, nbyte); 617 write_lebn(out, rsa->d, nbyte);
626 } 618}
627 619
628 620static void
629static void write_dsa(unsigned char **out, DSA *dsa, int ispub) 621write_dsa(unsigned char **out, DSA *dsa, int ispub)
630 { 622{
631 int nbyte; 623 int nbyte;
624
632 nbyte = BN_num_bytes(dsa->p); 625 nbyte = BN_num_bytes(dsa->p);
633 write_lebn(out, dsa->p, nbyte); 626 write_lebn(out, dsa->p, nbyte);
634 write_lebn(out, dsa->q, 20); 627 write_lebn(out, dsa->q, 20);
@@ -641,52 +634,47 @@ static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
641 memset(*out, 0xff, 24); 634 memset(*out, 0xff, 24);
642 *out += 24; 635 *out += 24;
643 return; 636 return;
644 } 637}
645
646 638
647int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk) 639int
648 { 640i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
641{
649 return do_i2b_bio(out, pk, 0); 642 return do_i2b_bio(out, pk, 0);
650 } 643}
651 644
652int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk) 645int
653 { 646i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
647{
654 return do_i2b_bio(out, pk, 1); 648 return do_i2b_bio(out, pk, 1);
655 } 649}
656 650
657#ifndef OPENSSL_NO_RC4 651#ifndef OPENSSL_NO_RC4
658 652
659static int do_PVK_header(const unsigned char **in, unsigned int length, 653static int
660 int skip_magic, 654do_PVK_header(const unsigned char **in, unsigned int length, int skip_magic,
661 unsigned int *psaltlen, unsigned int *pkeylen) 655 unsigned int *psaltlen, unsigned int *pkeylen)
662 656{
663 {
664 const unsigned char *p = *in; 657 const unsigned char *p = *in;
665 unsigned int pvk_magic, is_encrypted; 658 unsigned int pvk_magic, is_encrypted;
666 if (skip_magic) 659
667 { 660 if (skip_magic) {
668 if (length < 20) 661 if (length < 20) {
669 {
670 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); 662 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
671 return 0; 663 return 0;
672 }
673 length -= 20;
674 } 664 }
675 else 665 length -= 20;
676 { 666 } else {
677 if (length < 24) 667 if (length < 24) {
678 {
679 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); 668 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
680 return 0; 669 return 0;
681 } 670 }
682 length -= 24; 671 length -= 24;
683 pvk_magic = read_ledword(&p); 672 pvk_magic = read_ledword(&p);
684 if (pvk_magic != MS_PVKMAGIC) 673 if (pvk_magic != MS_PVKMAGIC) {
685 {
686 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); 674 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
687 return 0; 675 return 0;
688 }
689 } 676 }
677 }
690 /* Skip reserved */ 678 /* Skip reserved */
691 p += 4; 679 p += 4;
692 /*keytype = */read_ledword(&p); 680 /*keytype = */read_ledword(&p);
@@ -694,64 +682,61 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
694 *psaltlen = read_ledword(&p); 682 *psaltlen = read_ledword(&p);
695 *pkeylen = read_ledword(&p); 683 *pkeylen = read_ledword(&p);
696 684
697 if (is_encrypted && !*psaltlen) 685 if (is_encrypted && !*psaltlen) {
698 {
699 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); 686 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
700 return 0; 687 return 0;
701 } 688 }
702 689
703 *in = p; 690 *in = p;
704 return 1; 691 return 1;
705 } 692}
706 693
707static int derive_pvk_key(unsigned char *key, 694static int
708 const unsigned char *salt, unsigned int saltlen, 695derive_pvk_key(unsigned char *key, const unsigned char *salt,
709 const unsigned char *pass, int passlen) 696 unsigned int saltlen, const unsigned char *pass, int passlen)
710 { 697{
711 EVP_MD_CTX mctx; 698 EVP_MD_CTX mctx;
712 int rv = 1; 699 int rv = 1;
700
713 EVP_MD_CTX_init(&mctx); 701 EVP_MD_CTX_init(&mctx);
714 if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) 702 if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) ||
715 || !EVP_DigestUpdate(&mctx, salt, saltlen) 703 !EVP_DigestUpdate(&mctx, salt, saltlen) ||
716 || !EVP_DigestUpdate(&mctx, pass, passlen) 704 !EVP_DigestUpdate(&mctx, pass, passlen) ||
717 || !EVP_DigestFinal_ex(&mctx, key, NULL)) 705 !EVP_DigestFinal_ex(&mctx, key, NULL))
718 rv = 0; 706 rv = 0;
719 707
720 EVP_MD_CTX_cleanup(&mctx); 708 EVP_MD_CTX_cleanup(&mctx);
721 return rv; 709 return rv;
722 } 710}
723
724 711
725static EVP_PKEY *do_PVK_body(const unsigned char **in, 712static EVP_PKEY *
726 unsigned int saltlen, unsigned int keylen, 713do_PVK_body(const unsigned char **in, unsigned int saltlen,
727 pem_password_cb *cb, void *u) 714 unsigned int keylen, pem_password_cb *cb, void *u)
728 { 715{
729 EVP_PKEY *ret = NULL; 716 EVP_PKEY *ret = NULL;
730 const unsigned char *p = *in; 717 const unsigned char *p = *in;
731 unsigned int magic; 718 unsigned int magic;
732 unsigned char *enctmp = NULL, *q; 719 unsigned char *enctmp = NULL, *q;
720
733 EVP_CIPHER_CTX cctx; 721 EVP_CIPHER_CTX cctx;
734 EVP_CIPHER_CTX_init(&cctx); 722 EVP_CIPHER_CTX_init(&cctx);
735 if (saltlen) 723 if (saltlen) {
736 {
737 char psbuf[PEM_BUFSIZE]; 724 char psbuf[PEM_BUFSIZE];
738 unsigned char keybuf[20]; 725 unsigned char keybuf[20];
739 int enctmplen, inlen; 726 int enctmplen, inlen;
740 if (cb) 727 if (cb)
741 inlen=cb(psbuf,PEM_BUFSIZE,0,u); 728 inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
742 else 729 else
743 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); 730 inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
744 if (inlen <= 0) 731 if (inlen <= 0) {
745 { 732 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
746 PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
747 return NULL; 733 return NULL;
748 } 734 }
749 enctmp = malloc(keylen + 8); 735 enctmp = malloc(keylen + 8);
750 if (!enctmp) 736 if (!enctmp) {
751 {
752 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); 737 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
753 return NULL; 738 return NULL;
754 } 739 }
755 if (!derive_pvk_key(keybuf, p, saltlen, 740 if (!derive_pvk_key(keybuf, p, saltlen,
756 (unsigned char *)psbuf, inlen)) { 741 (unsigned char *)psbuf, inlen)) {
757 free(enctmp); 742 free(enctmp);
@@ -770,88 +755,84 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
770 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) 755 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
771 goto err; 756 goto err;
772 magic = read_ledword((const unsigned char **)&q); 757 magic = read_ledword((const unsigned char **)&q);
773 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) 758 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
774 {
775 q = enctmp + 8; 759 q = enctmp + 8;
776 memset(keybuf + 5, 0, 11); 760 memset(keybuf + 5, 0, 11);
777 if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, 761 if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
778 NULL)) 762 NULL))
779 goto err; 763 goto err;
780 OPENSSL_cleanse(keybuf, 20); 764 OPENSSL_cleanse(keybuf, 20);
781 if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) 765 if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
782 goto err; 766 goto err;
783 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, 767 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
784 &enctmplen)) 768 &enctmplen))
785 goto err; 769 goto err;
786 magic = read_ledword((const unsigned char **)&q); 770 magic = read_ledword((const unsigned char **)&q);
787 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) 771 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
788 {
789 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); 772 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
790 goto err; 773 goto err;
791 }
792 } 774 }
793 else 775 } else
794 OPENSSL_cleanse(keybuf, 20); 776 OPENSSL_cleanse(keybuf, 20);
795 p = enctmp; 777 p = enctmp;
796 } 778 }
797 779
798 ret = b2i_PrivateKey(&p, keylen); 780 ret = b2i_PrivateKey(&p, keylen);
799 err: 781
782err:
800 EVP_CIPHER_CTX_cleanup(&cctx); 783 EVP_CIPHER_CTX_cleanup(&cctx);
801 if (enctmp && saltlen) 784 if (enctmp && saltlen)
802 free(enctmp); 785 free(enctmp);
803 return ret; 786 return ret;
804 } 787}
805 788
806 789
807EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) 790EVP_PKEY *
808 { 791b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
792{
809 unsigned char pvk_hdr[24], *buf = NULL; 793 unsigned char pvk_hdr[24], *buf = NULL;
810 const unsigned char *p; 794 const unsigned char *p;
811 int buflen; 795 int buflen;
812 EVP_PKEY *ret = NULL; 796 EVP_PKEY *ret = NULL;
813 unsigned int saltlen, keylen; 797 unsigned int saltlen, keylen;
814 if (BIO_read(in, pvk_hdr, 24) != 24) 798
815 { 799 if (BIO_read(in, pvk_hdr, 24) != 24) {
816 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); 800 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
817 return NULL; 801 return NULL;
818 } 802 }
819 p = pvk_hdr; 803 p = pvk_hdr;
820 804
821 if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) 805 if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
822 return 0; 806 return 0;
823 buflen = (int) keylen + saltlen; 807 buflen = (int) keylen + saltlen;
824 buf = malloc(buflen); 808 buf = malloc(buflen);
825 if (!buf) 809 if (!buf) {
826 {
827 PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); 810 PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
828 return 0; 811 return 0;
829 } 812 }
830 p = buf; 813 p = buf;
831 if (BIO_read(in, buf, buflen) != buflen) 814 if (BIO_read(in, buf, buflen) != buflen) {
832 {
833 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); 815 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
834 goto err; 816 goto err;
835 } 817 }
836 ret = do_PVK_body(&p, saltlen, keylen, cb, u); 818 ret = do_PVK_body(&p, saltlen, keylen, cb, u);
837 819
838 err: 820err:
839 if (buf) 821 if (buf) {
840 {
841 OPENSSL_cleanse(buf, buflen); 822 OPENSSL_cleanse(buf, buflen);
842 free(buf); 823 free(buf);
843 }
844 return ret;
845 } 824 }
825 return ret;
826}
846 827
847 828static int
848 829i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb,
849static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, 830 void *u)
850 pem_password_cb *cb, void *u) 831{
851 {
852 int outlen = 24, pklen; 832 int outlen = 24, pklen;
853 unsigned char *p, *salt = NULL; 833 unsigned char *p, *salt = NULL;
854 EVP_CIPHER_CTX cctx; 834 EVP_CIPHER_CTX cctx;
835
855 EVP_CIPHER_CTX_init(&cctx); 836 EVP_CIPHER_CTX_init(&cctx);
856 if (enclevel) 837 if (enclevel)
857 outlen += PVK_SALTLEN; 838 outlen += PVK_SALTLEN;
@@ -863,16 +844,14 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
863 return outlen; 844 return outlen;
864 if (*out) 845 if (*out)
865 p = *out; 846 p = *out;
866 else 847 else {
867 {
868 p = malloc(outlen); 848 p = malloc(outlen);
869 if (!p) 849 if (!p) {
870 { 850 PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
871 PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
872 return -1; 851 return -1;
873 }
874 *out = p;
875 } 852 }
853 *out = p;
854 }
876 855
877 write_ledword(&p, MS_PVKMAGIC); 856 write_ledword(&p, MS_PVKMAGIC);
878 write_ledword(&p, 0); 857 write_ledword(&p, 0);
@@ -881,34 +860,31 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
881 else 860 else
882 write_ledword(&p, MS_KEYTYPE_KEYX); 861 write_ledword(&p, MS_KEYTYPE_KEYX);
883 write_ledword(&p, enclevel ? 1 : 0); 862 write_ledword(&p, enclevel ? 1 : 0);
884 write_ledword(&p, enclevel ? PVK_SALTLEN: 0); 863 write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
885 write_ledword(&p, pklen); 864 write_ledword(&p, pklen);
886 if (enclevel) 865 if (enclevel) {
887 {
888 if (RAND_bytes(p, PVK_SALTLEN) <= 0) 866 if (RAND_bytes(p, PVK_SALTLEN) <= 0)
889 goto error; 867 goto error;
890 salt = p; 868 salt = p;
891 p += PVK_SALTLEN; 869 p += PVK_SALTLEN;
892 } 870 }
893 do_i2b(&p, pk, 0); 871 do_i2b(&p, pk, 0);
894 if (enclevel == 0) 872 if (enclevel == 0)
895 return outlen; 873 return outlen;
896 else 874 else {
897 {
898 char psbuf[PEM_BUFSIZE]; 875 char psbuf[PEM_BUFSIZE];
899 unsigned char keybuf[20]; 876 unsigned char keybuf[20];
900 int enctmplen, inlen; 877 int enctmplen, inlen;
901 if (cb) 878 if (cb)
902 inlen=cb(psbuf,PEM_BUFSIZE,1,u); 879 inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
903 else 880 else
904 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u); 881 inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
905 if (inlen <= 0) 882 if (inlen <= 0) {
906 { 883 PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
907 PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
908 goto error; 884 goto error;
909 } 885 }
910 if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, 886 if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
911 (unsigned char *)psbuf, inlen)) 887 (unsigned char *)psbuf, inlen))
912 goto error; 888 goto error;
913 if (enclevel == 1) 889 if (enclevel == 1)
914 memset(keybuf + 5, 0, 11); 890 memset(keybuf + 5, 0, 11);
@@ -920,32 +896,32 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
920 goto error; 896 goto error;
921 if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) 897 if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
922 goto error; 898 goto error;
923 } 899 }
924 EVP_CIPHER_CTX_cleanup(&cctx); 900 EVP_CIPHER_CTX_cleanup(&cctx);
925 return outlen; 901 return outlen;
926 902
927 error: 903error:
928 EVP_CIPHER_CTX_cleanup(&cctx); 904 EVP_CIPHER_CTX_cleanup(&cctx);
929 return -1; 905 return -1;
930 } 906}
931 907
932int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, 908int
933 pem_password_cb *cb, void *u) 909i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u)
934 { 910{
935 unsigned char *tmp = NULL; 911 unsigned char *tmp = NULL;
936 int outlen, wrlen; 912 int outlen, wrlen;
913
937 outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); 914 outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
938 if (outlen < 0) 915 if (outlen < 0)
939 return -1; 916 return -1;
940 wrlen = BIO_write(out, tmp, outlen); 917 wrlen = BIO_write(out, tmp, outlen);
941 free(tmp); 918 free(tmp);
942 if (wrlen == outlen) 919 if (wrlen == outlen) {
943 {
944 PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); 920 PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
945 return outlen; 921 return outlen;
946 }
947 return -1;
948 } 922 }
923 return -1;
924}
949 925
950#endif 926#endif
951 927
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-17 12:13:48 +0000