summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pem
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2014-04-13 15:49:51 +0000
committercvs2svn <admin@example.com>2014-04-13 15:49:51 +0000
commit9ef0d5fb5b0acfd35d73a5557198f46525ab1667 (patch)
tree61e7e25839f716a30db270f15cddf0be6903781f /src/lib/libcrypto/pem
parentff237038a541d51619efa5b36fb251c8dc1e9637 (diff)
downloadopenbsd-butholakala.tar.gz
openbsd-butholakala.tar.bz2
openbsd-butholakala.zip
This commit was manufactured by cvs2git to create tag 'butholakala'.butholakala
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/pem/message16
-rw-r--r--src/lib/libcrypto/pem/pem.h641
-rw-r--r--src/lib/libcrypto/pem/pem2.h70
-rw-r--r--src/lib/libcrypto/pem/pem_all.c457
-rw-r--r--src/lib/libcrypto/pem/pem_err.c161
-rw-r--r--src/lib/libcrypto/pem/pem_info.c406
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c859
-rw-r--r--src/lib/libcrypto/pem/pem_oth.c86
-rw-r--r--src/lib/libcrypto/pem/pem_pk8.c242
-rw-r--r--src/lib/libcrypto/pem/pem_pkey.c242
-rw-r--r--src/lib/libcrypto/pem/pem_seal.c191
-rw-r--r--src/lib/libcrypto/pem/pem_sign.c102
-rw-r--r--src/lib/libcrypto/pem/pem_x509.c68
-rw-r--r--src/lib/libcrypto/pem/pem_xaux.c68
-rw-r--r--src/lib/libcrypto/pem/pkcs7.lis22
-rw-r--r--src/lib/libcrypto/pem/pvkfmt.c950
16 files changed, 0 insertions, 4581 deletions
diff --git a/src/lib/libcrypto/pem/message b/src/lib/libcrypto/pem/message
deleted file mode 100644
index e8bf9d7592..0000000000
--- a/src/lib/libcrypto/pem/message
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN PRIVACY-ENHANCED MESSAGE-----
2Proc-Type: 4,ENCRYPTED
3Proc-Type: 4,MIC-ONLY
4Proc-Type: 4,MIC-CLEAR
5Content-Domain: RFC822
6DEK-Info: DES-CBC,0123456789abcdef
7Originator-Certificate
8 xxxx
9Issuer-Certificate
10 xxxx
11MIC-Info: RSA-MD5,RSA,
12 xxxx
13
14
15-----END PRIVACY-ENHANCED MESSAGE-----
16
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
deleted file mode 100644
index 8a6ababe3a..0000000000
--- a/src/lib/libcrypto/pem/pem.h
+++ /dev/null
@@ -1,641 +0,0 @@
1/* crypto/pem/pem.h */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_PEM_H
60#define HEADER_PEM_H
61
62#include <openssl/e_os2.h>
63#ifndef OPENSSL_NO_BIO
64#include <openssl/bio.h>
65#endif
66#ifndef OPENSSL_NO_STACK
67#include <openssl/stack.h>
68#endif
69#include <openssl/evp.h>
70#include <openssl/x509.h>
71#include <openssl/pem2.h>
72
73#ifdef __cplusplus
74extern "C" {
75#endif
76
77#define PEM_BUFSIZE 1024
78
79#define PEM_OBJ_UNDEF 0
80#define PEM_OBJ_X509 1
81#define PEM_OBJ_X509_REQ 2
82#define PEM_OBJ_CRL 3
83#define PEM_OBJ_SSL_SESSION 4
84#define PEM_OBJ_PRIV_KEY 10
85#define PEM_OBJ_PRIV_RSA 11
86#define PEM_OBJ_PRIV_DSA 12
87#define PEM_OBJ_PRIV_DH 13
88#define PEM_OBJ_PUB_RSA 14
89#define PEM_OBJ_PUB_DSA 15
90#define PEM_OBJ_PUB_DH 16
91#define PEM_OBJ_DHPARAMS 17
92#define PEM_OBJ_DSAPARAMS 18
93#define PEM_OBJ_PRIV_RSA_PUBLIC 19
94#define PEM_OBJ_PRIV_ECDSA 20
95#define PEM_OBJ_PUB_ECDSA 21
96#define PEM_OBJ_ECPARAMETERS 22
97
98#define PEM_ERROR 30
99#define PEM_DEK_DES_CBC 40
100#define PEM_DEK_IDEA_CBC 45
101#define PEM_DEK_DES_EDE 50
102#define PEM_DEK_DES_ECB 60
103#define PEM_DEK_RSA 70
104#define PEM_DEK_RSA_MD2 80
105#define PEM_DEK_RSA_MD5 90
106
107#define PEM_MD_MD2 NID_md2
108#define PEM_MD_MD5 NID_md5
109#define PEM_MD_SHA NID_sha
110#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption
111#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption
112#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption
113
114#define PEM_STRING_X509_OLD "X509 CERTIFICATE"
115#define PEM_STRING_X509 "CERTIFICATE"
116#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
117#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
118#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
119#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
120#define PEM_STRING_X509_CRL "X509 CRL"
121#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
122#define PEM_STRING_PUBLIC "PUBLIC KEY"
123#define PEM_STRING_RSA "RSA PRIVATE KEY"
124#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
125#define PEM_STRING_DSA "DSA PRIVATE KEY"
126#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
127#define PEM_STRING_PKCS7 "PKCS7"
128#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
129#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
130#define PEM_STRING_PKCS8INF "PRIVATE KEY"
131#define PEM_STRING_DHPARAMS "DH PARAMETERS"
132#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
133#define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
134#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
135#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
136#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
137#define PEM_STRING_PARAMETERS "PARAMETERS"
138#define PEM_STRING_CMS "CMS"
139
140 /* Note that this structure is initialised by PEM_SealInit and cleaned up
141 by PEM_SealFinal (at least for now) */
142typedef struct PEM_Encode_Seal_st
143 {
144 EVP_ENCODE_CTX encode;
145 EVP_MD_CTX md;
146 EVP_CIPHER_CTX cipher;
147 } PEM_ENCODE_SEAL_CTX;
148
149/* enc_type is one off */
150#define PEM_TYPE_ENCRYPTED 10
151#define PEM_TYPE_MIC_ONLY 20
152#define PEM_TYPE_MIC_CLEAR 30
153#define PEM_TYPE_CLEAR 40
154
155typedef struct pem_recip_st
156 {
157 char *name;
158 X509_NAME *dn;
159
160 int cipher;
161 int key_enc;
162 /* char iv[8]; unused and wrong size */
163 } PEM_USER;
164
165typedef struct pem_ctx_st
166 {
167 int type; /* what type of object */
168
169 struct {
170 int version;
171 int mode;
172 } proc_type;
173
174 char *domain;
175
176 struct {
177 int cipher;
178 /* unused, and wrong size
179 unsigned char iv[8]; */
180 } DEK_info;
181
182 PEM_USER *originator;
183
184 int num_recipient;
185 PEM_USER **recipient;
186
187 /* XXX(ben): don#t think this is used!
188 STACK *x509_chain; / * certificate chain */
189 EVP_MD *md; /* signature type */
190
191 int md_enc; /* is the md encrypted or not? */
192 int md_len; /* length of md_data */
193 char *md_data; /* message digest, could be pkey encrypted */
194
195 EVP_CIPHER *dec; /* date encryption cipher */
196 int key_len; /* key length */
197 unsigned char *key; /* key */
198 /* unused, and wrong size
199 unsigned char iv[8]; */
200
201
202 int data_enc; /* is the data encrypted */
203 int data_len;
204 unsigned char *data;
205 } PEM_CTX;
206
207/* These macros make the PEM_read/PEM_write functions easier to maintain and
208 * write. Now they are all implemented with either:
209 * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
210 */
211
212#ifdef OPENSSL_NO_FP_API
213
214#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
215#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
216#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
217#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
218#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
219
220#else
221
222#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
223type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
224{ \
225return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
226}
227
228#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
229int PEM_write_##name(FILE *fp, type *x) \
230{ \
231return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
232}
233
234#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
235int PEM_write_##name(FILE *fp, const type *x) \
236{ \
237return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
238}
239
240#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
241int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
242 unsigned char *kstr, int klen, pem_password_cb *cb, \
243 void *u) \
244 { \
245 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
246 }
247
248#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
249int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
250 unsigned char *kstr, int klen, pem_password_cb *cb, \
251 void *u) \
252 { \
253 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
254 }
255
256#endif
257
258#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
259type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
260{ \
261return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
262}
263
264#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
265int PEM_write_bio_##name(BIO *bp, type *x) \
266{ \
267return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
268}
269
270#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
271int PEM_write_bio_##name(BIO *bp, const type *x) \
272{ \
273return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
274}
275
276#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
277int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
278 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
279 { \
280 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
281 }
282
283#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
284int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
285 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
286 { \
287 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
288 }
289
290#define IMPLEMENT_PEM_write(name, type, str, asn1) \
291 IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
292 IMPLEMENT_PEM_write_fp(name, type, str, asn1)
293
294#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
295 IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
296 IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
297
298#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
299 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
300 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
301
302#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
303 IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
304 IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
305
306#define IMPLEMENT_PEM_read(name, type, str, asn1) \
307 IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
308 IMPLEMENT_PEM_read_fp(name, type, str, asn1)
309
310#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
311 IMPLEMENT_PEM_read(name, type, str, asn1) \
312 IMPLEMENT_PEM_write(name, type, str, asn1)
313
314#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
315 IMPLEMENT_PEM_read(name, type, str, asn1) \
316 IMPLEMENT_PEM_write_const(name, type, str, asn1)
317
318#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
319 IMPLEMENT_PEM_read(name, type, str, asn1) \
320 IMPLEMENT_PEM_write_cb(name, type, str, asn1)
321
322/* These are the same except they are for the declarations */
323
324#if defined(OPENSSL_NO_FP_API)
325
326#define DECLARE_PEM_read_fp(name, type) /**/
327#define DECLARE_PEM_write_fp(name, type) /**/
328#define DECLARE_PEM_write_cb_fp(name, type) /**/
329
330#else
331
332#define DECLARE_PEM_read_fp(name, type) \
333 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
334
335#define DECLARE_PEM_write_fp(name, type) \
336 int PEM_write_##name(FILE *fp, type *x);
337
338#define DECLARE_PEM_write_fp_const(name, type) \
339 int PEM_write_##name(FILE *fp, const type *x);
340
341#define DECLARE_PEM_write_cb_fp(name, type) \
342 int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
343 unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
344
345#endif
346
347#ifndef OPENSSL_NO_BIO
348#define DECLARE_PEM_read_bio(name, type) \
349 type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
350
351#define DECLARE_PEM_write_bio(name, type) \
352 int PEM_write_bio_##name(BIO *bp, type *x);
353
354#define DECLARE_PEM_write_bio_const(name, type) \
355 int PEM_write_bio_##name(BIO *bp, const type *x);
356
357#define DECLARE_PEM_write_cb_bio(name, type) \
358 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
359 unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
360
361#else
362
363#define DECLARE_PEM_read_bio(name, type) /**/
364#define DECLARE_PEM_write_bio(name, type) /**/
365#define DECLARE_PEM_write_bio_const(name, type) /**/
366#define DECLARE_PEM_write_cb_bio(name, type) /**/
367
368#endif
369
370#define DECLARE_PEM_write(name, type) \
371 DECLARE_PEM_write_bio(name, type) \
372 DECLARE_PEM_write_fp(name, type)
373
374#define DECLARE_PEM_write_const(name, type) \
375 DECLARE_PEM_write_bio_const(name, type) \
376 DECLARE_PEM_write_fp_const(name, type)
377
378#define DECLARE_PEM_write_cb(name, type) \
379 DECLARE_PEM_write_cb_bio(name, type) \
380 DECLARE_PEM_write_cb_fp(name, type)
381
382#define DECLARE_PEM_read(name, type) \
383 DECLARE_PEM_read_bio(name, type) \
384 DECLARE_PEM_read_fp(name, type)
385
386#define DECLARE_PEM_rw(name, type) \
387 DECLARE_PEM_read(name, type) \
388 DECLARE_PEM_write(name, type)
389
390#define DECLARE_PEM_rw_const(name, type) \
391 DECLARE_PEM_read(name, type) \
392 DECLARE_PEM_write_const(name, type)
393
394#define DECLARE_PEM_rw_cb(name, type) \
395 DECLARE_PEM_read(name, type) \
396 DECLARE_PEM_write_cb(name, type)
397
398#if 1
399/* "userdata": new with OpenSSL 0.9.4 */
400typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
401#else
402/* OpenSSL 0.9.3, 0.9.3a */
403typedef int pem_password_cb(char *buf, int size, int rwflag);
404#endif
405
406int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
407int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
408 pem_password_cb *callback,void *u);
409
410#ifndef OPENSSL_NO_BIO
411int PEM_read_bio(BIO *bp, char **name, char **header,
412 unsigned char **data,long *len);
413int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
414 long len);
415int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
416 pem_password_cb *cb, void *u);
417void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
418 void **x, pem_password_cb *cb, void *u);
419int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x,
420 const EVP_CIPHER *enc,unsigned char *kstr,int klen,
421 pem_password_cb *cb, void *u);
422
423STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
424int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
425 unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
426#endif
427
428int PEM_read(FILE *fp, char **name, char **header,
429 unsigned char **data,long *len);
430int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
431void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
432 pem_password_cb *cb, void *u);
433int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
434 void *x,const EVP_CIPHER *enc,unsigned char *kstr,
435 int klen,pem_password_cb *callback, void *u);
436STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
437 pem_password_cb *cb, void *u);
438
439int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
440 EVP_MD *md_type, unsigned char **ek, int *ekl,
441 unsigned char *iv, EVP_PKEY **pubk, int npubk);
442void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
443 unsigned char *in, int inl);
444int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
445 unsigned char *out, int *outl, EVP_PKEY *priv);
446
447void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
448void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
449int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
450 unsigned int *siglen, EVP_PKEY *pkey);
451
452int PEM_def_callback(char *buf, int num, int w, void *key);
453void PEM_proc_type(char *buf, int type);
454void PEM_dek_info(char *buf, const char *type, int len, char *str);
455
456
457#include <openssl/symhacks.h>
458
459DECLARE_PEM_rw(X509, X509)
460
461DECLARE_PEM_rw(X509_AUX, X509)
462
463DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
464
465DECLARE_PEM_rw(X509_REQ, X509_REQ)
466DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
467
468DECLARE_PEM_rw(X509_CRL, X509_CRL)
469
470DECLARE_PEM_rw(PKCS7, PKCS7)
471
472DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
473
474DECLARE_PEM_rw(PKCS8, X509_SIG)
475
476DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
477
478#ifndef OPENSSL_NO_RSA
479
480DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
481
482DECLARE_PEM_rw_const(RSAPublicKey, RSA)
483DECLARE_PEM_rw(RSA_PUBKEY, RSA)
484
485#endif
486
487#ifndef OPENSSL_NO_DSA
488
489DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
490
491DECLARE_PEM_rw(DSA_PUBKEY, DSA)
492
493DECLARE_PEM_rw_const(DSAparams, DSA)
494
495#endif
496
497#ifndef OPENSSL_NO_EC
498DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
499DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
500DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
501#endif
502
503#ifndef OPENSSL_NO_DH
504
505DECLARE_PEM_rw_const(DHparams, DH)
506
507#endif
508
509DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
510
511DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
512
513int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
514 char *kstr, int klen,
515 pem_password_cb *cb, void *u);
516int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
517 char *, int, pem_password_cb *, void *);
518int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
519 char *kstr, int klen,
520 pem_password_cb *cb, void *u);
521int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
522 char *kstr, int klen,
523 pem_password_cb *cb, void *u);
524EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
525
526int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
527 char *kstr, int klen,
528 pem_password_cb *cb, void *u);
529int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
530 char *kstr, int klen,
531 pem_password_cb *cb, void *u);
532int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
533 char *kstr, int klen,
534 pem_password_cb *cb, void *u);
535
536EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
537
538int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
539 char *kstr,int klen, pem_password_cb *cd, void *u);
540
541EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
542int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
543
544
545EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
546EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
547EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
548EVP_PKEY *b2i_PublicKey_bio(BIO *in);
549int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
550int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
551#ifndef OPENSSL_NO_RC4
552EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
553int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
554 pem_password_cb *cb, void *u);
555#endif
556
557
558/* BEGIN ERROR CODES */
559/* The following lines are auto generated by the script mkerr.pl. Any changes
560 * made after this point may be overwritten when the script is next run.
561 */
562void ERR_load_PEM_strings(void);
563
564/* Error codes for the PEM functions. */
565
566/* Function codes. */
567#define PEM_F_B2I_DSS 127
568#define PEM_F_B2I_PVK_BIO 128
569#define PEM_F_B2I_RSA 129
570#define PEM_F_CHECK_BITLEN_DSA 130
571#define PEM_F_CHECK_BITLEN_RSA 131
572#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120
573#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121
574#define PEM_F_DO_B2I 132
575#define PEM_F_DO_B2I_BIO 133
576#define PEM_F_DO_BLOB_HEADER 134
577#define PEM_F_DO_PK8PKEY 126
578#define PEM_F_DO_PK8PKEY_FP 125
579#define PEM_F_DO_PVK_BODY 135
580#define PEM_F_DO_PVK_HEADER 136
581#define PEM_F_I2B_PVK 137
582#define PEM_F_I2B_PVK_BIO 138
583#define PEM_F_LOAD_IV 101
584#define PEM_F_PEM_ASN1_READ 102
585#define PEM_F_PEM_ASN1_READ_BIO 103
586#define PEM_F_PEM_ASN1_WRITE 104
587#define PEM_F_PEM_ASN1_WRITE_BIO 105
588#define PEM_F_PEM_DEF_CALLBACK 100
589#define PEM_F_PEM_DO_HEADER 106
590#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118
591#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107
592#define PEM_F_PEM_PK8PKEY 119
593#define PEM_F_PEM_READ 108
594#define PEM_F_PEM_READ_BIO 109
595#define PEM_F_PEM_READ_BIO_PARAMETERS 140
596#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123
597#define PEM_F_PEM_READ_PRIVATEKEY 124
598#define PEM_F_PEM_SEALFINAL 110
599#define PEM_F_PEM_SEALINIT 111
600#define PEM_F_PEM_SIGNFINAL 112
601#define PEM_F_PEM_WRITE 113
602#define PEM_F_PEM_WRITE_BIO 114
603#define PEM_F_PEM_WRITE_PRIVATEKEY 139
604#define PEM_F_PEM_X509_INFO_READ 115
605#define PEM_F_PEM_X509_INFO_READ_BIO 116
606#define PEM_F_PEM_X509_INFO_WRITE_BIO 117
607
608/* Reason codes. */
609#define PEM_R_BAD_BASE64_DECODE 100
610#define PEM_R_BAD_DECRYPT 101
611#define PEM_R_BAD_END_LINE 102
612#define PEM_R_BAD_IV_CHARS 103
613#define PEM_R_BAD_MAGIC_NUMBER 116
614#define PEM_R_BAD_PASSWORD_READ 104
615#define PEM_R_BAD_VERSION_NUMBER 117
616#define PEM_R_BIO_WRITE_FAILURE 118
617#define PEM_R_CIPHER_IS_NULL 127
618#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
619#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119
620#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120
621#define PEM_R_INCONSISTENT_HEADER 121
622#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122
623#define PEM_R_KEYBLOB_TOO_SHORT 123
624#define PEM_R_NOT_DEK_INFO 105
625#define PEM_R_NOT_ENCRYPTED 106
626#define PEM_R_NOT_PROC_TYPE 107
627#define PEM_R_NO_START_LINE 108
628#define PEM_R_PROBLEMS_GETTING_PASSWORD 109
629#define PEM_R_PUBLIC_KEY_NO_RSA 110
630#define PEM_R_PVK_DATA_TOO_SHORT 124
631#define PEM_R_PVK_TOO_SHORT 125
632#define PEM_R_READ_KEY 111
633#define PEM_R_SHORT_HEADER 112
634#define PEM_R_UNSUPPORTED_CIPHER 113
635#define PEM_R_UNSUPPORTED_ENCRYPTION 114
636#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126
637
638#ifdef __cplusplus
639}
640#endif
641#endif
diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h
deleted file mode 100644
index f31790d69c..0000000000
--- a/src/lib/libcrypto/pem/pem2.h
+++ /dev/null
@@ -1,70 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55/*
56 * This header only exists to break a circular dependency between pem and err
57 * Ben 30 Jan 1999.
58 */
59
60#ifdef __cplusplus
61extern "C" {
62#endif
63
64#ifndef HEADER_PEM_H
65void ERR_load_PEM_strings(void);
66#endif
67
68#ifdef __cplusplus
69}
70#endif
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
deleted file mode 100644
index eac0460e3e..0000000000
--- a/src/lib/libcrypto/pem/pem_all.c
+++ /dev/null
@@ -1,457 +0,0 @@
1/* crypto/pem/pem_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "cryptlib.h"
114#include <openssl/bio.h>
115#include <openssl/evp.h>
116#include <openssl/x509.h>
117#include <openssl/pkcs7.h>
118#include <openssl/pem.h>
119#ifndef OPENSSL_NO_RSA
120#include <openssl/rsa.h>
121#endif
122#ifndef OPENSSL_NO_DSA
123#include <openssl/dsa.h>
124#endif
125#ifndef OPENSSL_NO_DH
126#include <openssl/dh.h>
127#endif
128
129#ifndef OPENSSL_NO_RSA
130static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
131#endif
132#ifndef OPENSSL_NO_DSA
133static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
134#endif
135
136#ifndef OPENSSL_NO_EC
137static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
138#endif
139
140IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
141
142IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
143
144IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
145
146IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
147
148IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
149 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
150
151
152#ifndef OPENSSL_NO_RSA
153
154/* We treat RSA or DSA private keys as a special case.
155 *
156 * For private keys we read in an EVP_PKEY structure with
157 * PEM_read_bio_PrivateKey() and extract the relevant private
158 * key: this means can handle "traditional" and PKCS#8 formats
159 * transparently.
160 */
161
162static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
163{
164 RSA *rtmp;
165 if(!key) return NULL;
166 rtmp = EVP_PKEY_get1_RSA(key);
167 EVP_PKEY_free(key);
168 if(!rtmp) return NULL;
169 if(rsa) {
170 RSA_free(*rsa);
171 *rsa = rtmp;
172 }
173 return rtmp;
174}
175
176RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
177 void *u)
178{
179 EVP_PKEY *pktmp;
180 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
181 return pkey_get_rsa(pktmp, rsa);
182}
183
184#ifndef OPENSSL_NO_FP_API
185
186RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
187 void *u)
188{
189 EVP_PKEY *pktmp;
190 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
191 return pkey_get_rsa(pktmp, rsa);
192}
193
194#endif
195
196#ifdef OPENSSL_FIPS
197
198int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
199 unsigned char *kstr, int klen,
200 pem_password_cb *cb, void *u)
201{
202 if (FIPS_mode())
203 {
204 EVP_PKEY *k;
205 int ret;
206 k = EVP_PKEY_new();
207 if (!k)
208 return 0;
209 EVP_PKEY_set1_RSA(k, x);
210
211 ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
212 EVP_PKEY_free(k);
213 return ret;
214 }
215 else
216 return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
217 PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
218}
219
220#ifndef OPENSSL_NO_FP_API
221int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
222 unsigned char *kstr, int klen,
223 pem_password_cb *cb, void *u)
224{
225 if (FIPS_mode())
226 {
227 EVP_PKEY *k;
228 int ret;
229 k = EVP_PKEY_new();
230 if (!k)
231 return 0;
232
233 EVP_PKEY_set1_RSA(k, x);
234
235 ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
236 EVP_PKEY_free(k);
237 return ret;
238 }
239 else
240 return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
241 PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
242}
243#endif
244
245#else
246
247IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
248
249#endif
250
251IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
252IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
253
254#endif
255
256#ifndef OPENSSL_NO_DSA
257
258static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
259{
260 DSA *dtmp;
261 if(!key) return NULL;
262 dtmp = EVP_PKEY_get1_DSA(key);
263 EVP_PKEY_free(key);
264 if(!dtmp) return NULL;
265 if(dsa) {
266 DSA_free(*dsa);
267 *dsa = dtmp;
268 }
269 return dtmp;
270}
271
272DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
273 void *u)
274{
275 EVP_PKEY *pktmp;
276 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
277 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
278}
279
280#ifdef OPENSSL_FIPS
281
282int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
283 unsigned char *kstr, int klen,
284 pem_password_cb *cb, void *u)
285{
286 if (FIPS_mode())
287 {
288 EVP_PKEY *k;
289 int ret;
290 k = EVP_PKEY_new();
291 if (!k)
292 return 0;
293 EVP_PKEY_set1_DSA(k, x);
294
295 ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
296 EVP_PKEY_free(k);
297 return ret;
298 }
299 else
300 return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
301 PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
302}
303
304#ifndef OPENSSL_NO_FP_API
305int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
306 unsigned char *kstr, int klen,
307 pem_password_cb *cb, void *u)
308{
309 if (FIPS_mode())
310 {
311 EVP_PKEY *k;
312 int ret;
313 k = EVP_PKEY_new();
314 if (!k)
315 return 0;
316 EVP_PKEY_set1_DSA(k, x);
317 ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
318 EVP_PKEY_free(k);
319 return ret;
320 }
321 else
322 return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
323 PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
324}
325#endif
326
327#else
328
329IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
330
331#endif
332
333IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
334
335#ifndef OPENSSL_NO_FP_API
336
337DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
338 void *u)
339{
340 EVP_PKEY *pktmp;
341 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
342 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
343}
344
345#endif
346
347IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
348
349#endif
350
351
352#ifndef OPENSSL_NO_EC
353static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
354{
355 EC_KEY *dtmp;
356 if(!key) return NULL;
357 dtmp = EVP_PKEY_get1_EC_KEY(key);
358 EVP_PKEY_free(key);
359 if(!dtmp) return NULL;
360 if(eckey)
361 {
362 EC_KEY_free(*eckey);
363 *eckey = dtmp;
364 }
365 return dtmp;
366}
367
368EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
369 void *u)
370{
371 EVP_PKEY *pktmp;
372 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
373 return pkey_get_eckey(pktmp, key); /* will free pktmp */
374}
375
376IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
377
378
379
380#ifdef OPENSSL_FIPS
381
382int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
383 unsigned char *kstr, int klen,
384 pem_password_cb *cb, void *u)
385{
386 if (FIPS_mode())
387 {
388 EVP_PKEY *k;
389 int ret;
390 k = EVP_PKEY_new();
391 if (!k)
392 return 0;
393 EVP_PKEY_set1_EC_KEY(k, x);
394
395 ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
396 EVP_PKEY_free(k);
397 return ret;
398 }
399 else
400 return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
401 PEM_STRING_ECPRIVATEKEY,
402 bp,x,enc,kstr,klen,cb,u);
403}
404
405#ifndef OPENSSL_NO_FP_API
406int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
407 unsigned char *kstr, int klen,
408 pem_password_cb *cb, void *u)
409{
410 if (FIPS_mode())
411 {
412 EVP_PKEY *k;
413 int ret;
414 k = EVP_PKEY_new();
415 if (!k)
416 return 0;
417 EVP_PKEY_set1_EC_KEY(k, x);
418 ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
419 EVP_PKEY_free(k);
420 return ret;
421 }
422 else
423 return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
424 PEM_STRING_ECPRIVATEKEY,
425 fp,x,enc,kstr,klen,cb,u);
426}
427#endif
428
429#else
430
431IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
432
433#endif
434
435IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
436
437#ifndef OPENSSL_NO_FP_API
438
439EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
440 void *u)
441{
442 EVP_PKEY *pktmp;
443 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
444 return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
445}
446
447#endif
448
449#endif
450
451#ifndef OPENSSL_NO_DH
452
453IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
454
455#endif
456
457IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
deleted file mode 100644
index d644aeedd4..0000000000
--- a/src/lib/libcrypto/pem/pem_err.c
+++ /dev/null
@@ -1,161 +0,0 @@
1/* crypto/pem/pem_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/pem.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
70
71static ERR_STRING_DATA PEM_str_functs[]=
72 {
73{ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"},
74{ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
75{ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"},
76{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"},
77{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"},
78{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
79{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
80{ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"},
81{ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"},
82{ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"},
83{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
84{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
85{ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"},
86{ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
87{ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"},
88{ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
89{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
90{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
91{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
92{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
93{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
94{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
95{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
96{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
97{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
98{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
99{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
100{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
101{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
102{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
103{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
104{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
105{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
106{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
107{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
108{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
109{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"},
110{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
111{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
112{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
113{0,NULL}
114 };
115
116static ERR_STRING_DATA PEM_str_reasons[]=
117 {
118{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"},
119{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"},
120{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"},
121{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"},
122{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) ,"bad magic number"},
123{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"},
124{ERR_REASON(PEM_R_BAD_VERSION_NUMBER) ,"bad version number"},
125{ERR_REASON(PEM_R_BIO_WRITE_FAILURE) ,"bio write failure"},
126{ERR_REASON(PEM_R_CIPHER_IS_NULL) ,"cipher is null"},
127{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
128{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"},
129{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"},
130{ERR_REASON(PEM_R_INCONSISTENT_HEADER) ,"inconsistent header"},
131{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"},
132{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) ,"keyblob too short"},
133{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"},
134{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"},
135{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"},
136{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"},
137{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
138{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"},
139{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) ,"pvk data too short"},
140{ERR_REASON(PEM_R_PVK_TOO_SHORT) ,"pvk too short"},
141{ERR_REASON(PEM_R_READ_KEY) ,"read key"},
142{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"},
143{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
144{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
145{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"},
146{0,NULL}
147 };
148
149#endif
150
151void ERR_load_PEM_strings(void)
152 {
153#ifndef OPENSSL_NO_ERR
154
155 if (ERR_func_error_string(PEM_str_functs[0].error) == NULL)
156 {
157 ERR_load_strings(0,PEM_str_functs);
158 ERR_load_strings(0,PEM_str_reasons);
159 }
160#endif
161 }
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
deleted file mode 100644
index cc7f24a9c1..0000000000
--- a/src/lib/libcrypto/pem/pem_info.c
+++ /dev/null
@@ -1,406 +0,0 @@
1/* crypto/pem/pem_info.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/buffer.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65#include <openssl/pem.h>
66#ifndef OPENSSL_NO_RSA
67#include <openssl/rsa.h>
68#endif
69#ifndef OPENSSL_NO_DSA
70#include <openssl/dsa.h>
71#endif
72
73#ifndef OPENSSL_NO_FP_API
74STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
75 {
76 BIO *b;
77 STACK_OF(X509_INFO) *ret;
78
79 if ((b=BIO_new(BIO_s_file())) == NULL)
80 {
81 PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
82 return(0);
83 }
84 BIO_set_fp(b,fp,BIO_NOCLOSE);
85 ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
86 BIO_free(b);
87 return(ret);
88 }
89#endif
90
91STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
92 {
93 X509_INFO *xi=NULL;
94 char *name=NULL,*header=NULL;
95 void *pp;
96 unsigned char *data=NULL;
97 const unsigned char *p;
98 long len,error=0;
99 int ok=0;
100 STACK_OF(X509_INFO) *ret=NULL;
101 unsigned int i,raw,ptype;
102 d2i_of_void *d2i = 0;
103
104 if (sk == NULL)
105 {
106 if ((ret=sk_X509_INFO_new_null()) == NULL)
107 {
108 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
109 goto err;
110 }
111 }
112 else
113 ret=sk;
114
115 if ((xi=X509_INFO_new()) == NULL) goto err;
116 for (;;)
117 {
118 raw=0;
119 ptype = 0;
120 i=PEM_read_bio(bp,&name,&header,&data,&len);
121 if (i == 0)
122 {
123 error=ERR_GET_REASON(ERR_peek_last_error());
124 if (error == PEM_R_NO_START_LINE)
125 {
126 ERR_clear_error();
127 break;
128 }
129 goto err;
130 }
131start:
132 if ( (strcmp(name,PEM_STRING_X509) == 0) ||
133 (strcmp(name,PEM_STRING_X509_OLD) == 0))
134 {
135 d2i=(D2I_OF(void))d2i_X509;
136 if (xi->x509 != NULL)
137 {
138 if (!sk_X509_INFO_push(ret,xi)) goto err;
139 if ((xi=X509_INFO_new()) == NULL) goto err;
140 goto start;
141 }
142 pp=&(xi->x509);
143 }
144 else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
145 {
146 d2i=(D2I_OF(void))d2i_X509_AUX;
147 if (xi->x509 != NULL)
148 {
149 if (!sk_X509_INFO_push(ret,xi)) goto err;
150 if ((xi=X509_INFO_new()) == NULL) goto err;
151 goto start;
152 }
153 pp=&(xi->x509);
154 }
155 else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
156 {
157 d2i=(D2I_OF(void))d2i_X509_CRL;
158 if (xi->crl != NULL)
159 {
160 if (!sk_X509_INFO_push(ret,xi)) goto err;
161 if ((xi=X509_INFO_new()) == NULL) goto err;
162 goto start;
163 }
164 pp=&(xi->crl);
165 }
166 else
167#ifndef OPENSSL_NO_RSA
168 if (strcmp(name,PEM_STRING_RSA) == 0)
169 {
170 d2i=(D2I_OF(void))d2i_RSAPrivateKey;
171 if (xi->x_pkey != NULL)
172 {
173 if (!sk_X509_INFO_push(ret,xi)) goto err;
174 if ((xi=X509_INFO_new()) == NULL) goto err;
175 goto start;
176 }
177
178 xi->enc_data=NULL;
179 xi->enc_len=0;
180
181 xi->x_pkey=X509_PKEY_new();
182 ptype=EVP_PKEY_RSA;
183 pp=&xi->x_pkey->dec_pkey;
184 if ((int)strlen(header) > 10) /* assume encrypted */
185 raw=1;
186 }
187 else
188#endif
189#ifndef OPENSSL_NO_DSA
190 if (strcmp(name,PEM_STRING_DSA) == 0)
191 {
192 d2i=(D2I_OF(void))d2i_DSAPrivateKey;
193 if (xi->x_pkey != NULL)
194 {
195 if (!sk_X509_INFO_push(ret,xi)) goto err;
196 if ((xi=X509_INFO_new()) == NULL) goto err;
197 goto start;
198 }
199
200 xi->enc_data=NULL;
201 xi->enc_len=0;
202
203 xi->x_pkey=X509_PKEY_new();
204 ptype = EVP_PKEY_DSA;
205 pp=&xi->x_pkey->dec_pkey;
206 if ((int)strlen(header) > 10) /* assume encrypted */
207 raw=1;
208 }
209 else
210#endif
211#ifndef OPENSSL_NO_EC
212 if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)
213 {
214 d2i=(D2I_OF(void))d2i_ECPrivateKey;
215 if (xi->x_pkey != NULL)
216 {
217 if (!sk_X509_INFO_push(ret,xi)) goto err;
218 if ((xi=X509_INFO_new()) == NULL) goto err;
219 goto start;
220 }
221
222 xi->enc_data=NULL;
223 xi->enc_len=0;
224
225 xi->x_pkey=X509_PKEY_new();
226 ptype = EVP_PKEY_EC;
227 pp=&xi->x_pkey->dec_pkey;
228 if ((int)strlen(header) > 10) /* assume encrypted */
229 raw=1;
230 }
231 else
232#endif
233 {
234 d2i=NULL;
235 pp=NULL;
236 }
237
238 if (d2i != NULL)
239 {
240 if (!raw)
241 {
242 EVP_CIPHER_INFO cipher;
243
244 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
245 goto err;
246 if (!PEM_do_header(&cipher,data,&len,cb,u))
247 goto err;
248 p=data;
249 if (ptype)
250 {
251 if (!d2i_PrivateKey(ptype, pp, &p, len))
252 {
253 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
254 goto err;
255 }
256 }
257 else if (d2i(pp,&p,len) == NULL)
258 {
259 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
260 goto err;
261 }
262 }
263 else
264 { /* encrypted RSA data */
265 if (!PEM_get_EVP_CIPHER_INFO(header,
266 &xi->enc_cipher)) goto err;
267 xi->enc_data=(char *)data;
268 xi->enc_len=(int)len;
269 data=NULL;
270 }
271 }
272 else {
273 /* unknown */
274 }
275 if (name != NULL) OPENSSL_free(name);
276 if (header != NULL) OPENSSL_free(header);
277 if (data != NULL) OPENSSL_free(data);
278 name=NULL;
279 header=NULL;
280 data=NULL;
281 }
282
283 /* if the last one hasn't been pushed yet and there is anything
284 * in it then add it to the stack ...
285 */
286 if ((xi->x509 != NULL) || (xi->crl != NULL) ||
287 (xi->x_pkey != NULL) || (xi->enc_data != NULL))
288 {
289 if (!sk_X509_INFO_push(ret,xi)) goto err;
290 xi=NULL;
291 }
292 ok=1;
293err:
294 if (xi != NULL) X509_INFO_free(xi);
295 if (!ok)
296 {
297 for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
298 {
299 xi=sk_X509_INFO_value(ret,i);
300 X509_INFO_free(xi);
301 }
302 if (ret != sk) sk_X509_INFO_free(ret);
303 ret=NULL;
304 }
305
306 if (name != NULL) OPENSSL_free(name);
307 if (header != NULL) OPENSSL_free(header);
308 if (data != NULL) OPENSSL_free(data);
309 return(ret);
310 }
311
312
313/* A TJH addition */
314int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
315 unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
316 {
317 EVP_CIPHER_CTX ctx;
318 int i,ret=0;
319 unsigned char *data=NULL;
320 const char *objstr=NULL;
321 char buf[PEM_BUFSIZE];
322 unsigned char *iv=NULL;
323
324 if (enc != NULL)
325 {
326 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
327 if (objstr == NULL)
328 {
329 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
330 goto err;
331 }
332 }
333
334 /* now for the fun part ... if we have a private key then
335 * we have to be able to handle a not-yet-decrypted key
336 * being written out correctly ... if it is decrypted or
337 * it is non-encrypted then we use the base code
338 */
339 if (xi->x_pkey!=NULL)
340 {
341 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
342 {
343 if (enc == NULL)
344 {
345 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL);
346 goto err;
347 }
348
349 /* copy from weirdo names into more normal things */
350 iv=xi->enc_cipher.iv;
351 data=(unsigned char *)xi->enc_data;
352 i=xi->enc_len;
353
354 /* we take the encryption data from the
355 * internal stuff rather than what the
356 * user has passed us ... as we have to
357 * match exactly for some strange reason
358 */
359 objstr=OBJ_nid2sn(
360 EVP_CIPHER_nid(xi->enc_cipher.cipher));
361 if (objstr == NULL)
362 {
363 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
364 goto err;
365 }
366
367 /* create the right magic header stuff */
368 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
369 buf[0]='\0';
370 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
371 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
372
373 /* use the normal code to write things out */
374 i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
375 if (i <= 0) goto err;
376 }
377 else
378 {
379 /* Add DSA/DH */
380#ifndef OPENSSL_NO_RSA
381 /* normal optionally encrypted stuff */
382 if (PEM_write_bio_RSAPrivateKey(bp,
383 xi->x_pkey->dec_pkey->pkey.rsa,
384 enc,kstr,klen,cb,u)<=0)
385 goto err;
386#endif
387 }
388 }
389
390 /* if we have a certificate then write it out now */
391 if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
392 goto err;
393
394 /* we are ignoring anything else that is loaded into the X509_INFO
395 * structure for the moment ... as I don't need it so I'm not
396 * coding it here and Eric can do it when this makes it into the
397 * base library --tjh
398 */
399
400 ret=1;
401
402err:
403 OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
404 OPENSSL_cleanse(buf,PEM_BUFSIZE);
405 return(ret);
406 }
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
deleted file mode 100644
index 5a421fc4b6..0000000000
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ /dev/null
@@ -1,859 +0,0 @@
1/* crypto/pem/pem_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <ctype.h>
61#include "cryptlib.h"
62#include <openssl/buffer.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/rand.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68#include <openssl/pkcs12.h>
69#include "asn1_locl.h"
70#ifndef OPENSSL_NO_DES
71#include <openssl/des.h>
72#endif
73#ifndef OPENSSL_NO_ENGINE
74#include <openssl/engine.h>
75#endif
76
77const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
78
79#define MIN_LENGTH 4
80
81static int load_iv(char **fromp,unsigned char *to, int num);
82static int check_pem(const char *nm, const char *name);
83int pem_check_suffix(const char *pem_str, const char *suffix);
84
85int PEM_def_callback(char *buf, int num, int w, void *key)
86 {
87#ifdef OPENSSL_NO_FP_API
88 /* We should not ever call the default callback routine from
89 * windows. */
90 PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
91 return(-1);
92#else
93 int i,j;
94 const char *prompt;
95 if(key) {
96 i=strlen(key);
97 i=(i > num)?num:i;
98 memcpy(buf,key,i);
99 return(i);
100 }
101
102 prompt=EVP_get_pw_prompt();
103 if (prompt == NULL)
104 prompt="Enter PEM pass phrase:";
105
106 for (;;)
107 {
108 i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
109 if (i != 0)
110 {
111 PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
112 memset(buf,0,(unsigned int)num);
113 return(-1);
114 }
115 j=strlen(buf);
116 if (j < MIN_LENGTH)
117 {
118 fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
119 }
120 else
121 break;
122 }
123 return(j);
124#endif
125 }
126
127void PEM_proc_type(char *buf, int type)
128 {
129 const char *str;
130
131 if (type == PEM_TYPE_ENCRYPTED)
132 str="ENCRYPTED";
133 else if (type == PEM_TYPE_MIC_CLEAR)
134 str="MIC-CLEAR";
135 else if (type == PEM_TYPE_MIC_ONLY)
136 str="MIC-ONLY";
137 else
138 str="BAD-TYPE";
139
140 BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
141 BUF_strlcat(buf,str,PEM_BUFSIZE);
142 BUF_strlcat(buf,"\n",PEM_BUFSIZE);
143 }
144
145void PEM_dek_info(char *buf, const char *type, int len, char *str)
146 {
147 static const unsigned char map[17]="0123456789ABCDEF";
148 long i;
149 int j;
150
151 BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
152 BUF_strlcat(buf,type,PEM_BUFSIZE);
153 BUF_strlcat(buf,",",PEM_BUFSIZE);
154 j=strlen(buf);
155 if (j + (len * 2) + 1 > PEM_BUFSIZE)
156 return;
157 for (i=0; i<len; i++)
158 {
159 buf[j+i*2] =map[(str[i]>>4)&0x0f];
160 buf[j+i*2+1]=map[(str[i] )&0x0f];
161 }
162 buf[j+i*2]='\n';
163 buf[j+i*2+1]='\0';
164 }
165
166#ifndef OPENSSL_NO_FP_API
167void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
168 pem_password_cb *cb, void *u)
169 {
170 BIO *b;
171 void *ret;
172
173 if ((b=BIO_new(BIO_s_file())) == NULL)
174 {
175 PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
176 return(0);
177 }
178 BIO_set_fp(b,fp,BIO_NOCLOSE);
179 ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
180 BIO_free(b);
181 return(ret);
182 }
183#endif
184
185static int check_pem(const char *nm, const char *name)
186{
187 /* Normal matching nm and name */
188 if (!strcmp(nm,name)) return 1;
189
190 /* Make PEM_STRING_EVP_PKEY match any private key */
191
192 if(!strcmp(name,PEM_STRING_EVP_PKEY))
193 {
194 int slen;
195 const EVP_PKEY_ASN1_METHOD *ameth;
196 if(!strcmp(nm,PEM_STRING_PKCS8))
197 return 1;
198 if(!strcmp(nm,PEM_STRING_PKCS8INF))
199 return 1;
200 slen = pem_check_suffix(nm, "PRIVATE KEY");
201 if (slen > 0)
202 {
203 /* NB: ENGINE implementations wont contain
204 * a deprecated old private key decode function
205 * so don't look for them.
206 */
207 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
208 if (ameth && ameth->old_priv_decode)
209 return 1;
210 }
211 return 0;
212 }
213
214 if(!strcmp(name,PEM_STRING_PARAMETERS))
215 {
216 int slen;
217 const EVP_PKEY_ASN1_METHOD *ameth;
218 slen = pem_check_suffix(nm, "PARAMETERS");
219 if (slen > 0)
220 {
221 ENGINE *e;
222 ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
223 if (ameth)
224 {
225 int r;
226 if (ameth->param_decode)
227 r = 1;
228 else
229 r = 0;
230#ifndef OPENSSL_NO_ENGINE
231 if (e)
232 ENGINE_finish(e);
233#endif
234 return r;
235 }
236 }
237 return 0;
238 }
239
240 /* Permit older strings */
241
242 if(!strcmp(nm,PEM_STRING_X509_OLD) &&
243 !strcmp(name,PEM_STRING_X509)) return 1;
244
245 if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
246 !strcmp(name,PEM_STRING_X509_REQ)) return 1;
247
248 /* Allow normal certs to be read as trusted certs */
249 if(!strcmp(nm,PEM_STRING_X509) &&
250 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
251
252 if(!strcmp(nm,PEM_STRING_X509_OLD) &&
253 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
254
255 /* Some CAs use PKCS#7 with CERTIFICATE headers */
256 if(!strcmp(nm, PEM_STRING_X509) &&
257 !strcmp(name, PEM_STRING_PKCS7)) return 1;
258
259 if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
260 !strcmp(name, PEM_STRING_PKCS7)) return 1;
261
262#ifndef OPENSSL_NO_CMS
263 if(!strcmp(nm, PEM_STRING_X509) &&
264 !strcmp(name, PEM_STRING_CMS)) return 1;
265 /* Allow CMS to be read from PKCS#7 headers */
266 if(!strcmp(nm, PEM_STRING_PKCS7) &&
267 !strcmp(name, PEM_STRING_CMS)) return 1;
268#endif
269
270 return 0;
271}
272
273int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
274 pem_password_cb *cb, void *u)
275 {
276 EVP_CIPHER_INFO cipher;
277 char *nm=NULL,*header=NULL;
278 unsigned char *data=NULL;
279 long len;
280 int ret = 0;
281
282 for (;;)
283 {
284 if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
285 if(ERR_GET_REASON(ERR_peek_error()) ==
286 PEM_R_NO_START_LINE)
287 ERR_add_error_data(2, "Expecting: ", name);
288 return 0;
289 }
290 if(check_pem(nm, name)) break;
291 OPENSSL_free(nm);
292 OPENSSL_free(header);
293 OPENSSL_free(data);
294 }
295 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
296 if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
297
298 *pdata = data;
299 *plen = len;
300
301 if (pnm)
302 *pnm = nm;
303
304 ret = 1;
305
306err:
307 if (!ret || !pnm) OPENSSL_free(nm);
308 OPENSSL_free(header);
309 if (!ret) OPENSSL_free(data);
310 return ret;
311 }
312
313#ifndef OPENSSL_NO_FP_API
314int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
315 void *x, const EVP_CIPHER *enc, unsigned char *kstr,
316 int klen, pem_password_cb *callback, void *u)
317 {
318 BIO *b;
319 int ret;
320
321 if ((b=BIO_new(BIO_s_file())) == NULL)
322 {
323 PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
324 return(0);
325 }
326 BIO_set_fp(b,fp,BIO_NOCLOSE);
327 ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
328 BIO_free(b);
329 return(ret);
330 }
331#endif
332
333int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
334 void *x, const EVP_CIPHER *enc, unsigned char *kstr,
335 int klen, pem_password_cb *callback, void *u)
336 {
337 EVP_CIPHER_CTX ctx;
338 int dsize=0,i,j,ret=0;
339 unsigned char *p,*data=NULL;
340 const char *objstr=NULL;
341 char buf[PEM_BUFSIZE];
342 unsigned char key[EVP_MAX_KEY_LENGTH];
343 unsigned char iv[EVP_MAX_IV_LENGTH];
344
345 if (enc != NULL)
346 {
347 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
348 if (objstr == NULL)
349 {
350 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
351 goto err;
352 }
353 }
354
355 if ((dsize=i2d(x,NULL)) < 0)
356 {
357 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
358 dsize=0;
359 goto err;
360 }
361 /* dzise + 8 bytes are needed */
362 /* actually it needs the cipher block size extra... */
363 data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
364 if (data == NULL)
365 {
366 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
367 goto err;
368 }
369 p=data;
370 i=i2d(x,&p);
371
372 if (enc != NULL)
373 {
374 if (kstr == NULL)
375 {
376 if (callback == NULL)
377 klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
378 else
379 klen=(*callback)(buf,PEM_BUFSIZE,1,u);
380 if (klen <= 0)
381 {
382 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
383 goto err;
384 }
385#ifdef CHARSET_EBCDIC
386 /* Convert the pass phrase from EBCDIC */
387 ebcdic2ascii(buf, buf, klen);
388#endif
389 kstr=(unsigned char *)buf;
390 }
391 RAND_add(data,i,0);/* put in the RSA key. */
392 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
393 if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
394 goto err;
395 /* The 'iv' is used as the iv and as a salt. It is
396 * NOT taken from the BytesToKey function */
397 if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
398 goto err;
399
400 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
401
402 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
403
404 buf[0]='\0';
405 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
406 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
407 /* k=strlen(buf); */
408
409 EVP_CIPHER_CTX_init(&ctx);
410 ret = 1;
411 if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
412 || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
413 || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
414 ret = 0;
415 EVP_CIPHER_CTX_cleanup(&ctx);
416 if (ret == 0)
417 goto err;
418 i+=j;
419 }
420 else
421 {
422 ret=1;
423 buf[0]='\0';
424 }
425 i=PEM_write_bio(bp,name,buf,data,i);
426 if (i <= 0) ret=0;
427err:
428 OPENSSL_cleanse(key,sizeof(key));
429 OPENSSL_cleanse(iv,sizeof(iv));
430 OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
431 OPENSSL_cleanse(buf,PEM_BUFSIZE);
432 if (data != NULL)
433 {
434 OPENSSL_cleanse(data,(unsigned int)dsize);
435 OPENSSL_free(data);
436 }
437 return(ret);
438 }
439
440int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
441 pem_password_cb *callback,void *u)
442 {
443 int i,j,o,klen;
444 long len;
445 EVP_CIPHER_CTX ctx;
446 unsigned char key[EVP_MAX_KEY_LENGTH];
447 char buf[PEM_BUFSIZE];
448
449 len= *plen;
450
451 if (cipher->cipher == NULL) return(1);
452 if (callback == NULL)
453 klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
454 else
455 klen=callback(buf,PEM_BUFSIZE,0,u);
456 if (klen <= 0)
457 {
458 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
459 return(0);
460 }
461#ifdef CHARSET_EBCDIC
462 /* Convert the pass phrase from EBCDIC */
463 ebcdic2ascii(buf, buf, klen);
464#endif
465
466 if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
467 (unsigned char *)buf,klen,1,key,NULL))
468 return 0;
469
470 j=(int)len;
471 EVP_CIPHER_CTX_init(&ctx);
472 o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
473 if (o)
474 o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
475 if (o)
476 o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
477 EVP_CIPHER_CTX_cleanup(&ctx);
478 OPENSSL_cleanse((char *)buf,sizeof(buf));
479 OPENSSL_cleanse((char *)key,sizeof(key));
480 j+=i;
481 if (!o)
482 {
483 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
484 return(0);
485 }
486 *plen=j;
487 return(1);
488 }
489
490int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
491 {
492 const EVP_CIPHER *enc=NULL;
493 char *p,c;
494 char **header_pp = &header;
495
496 cipher->cipher=NULL;
497 if ((header == NULL) || (*header == '\0') || (*header == '\n'))
498 return(1);
499 if (strncmp(header,"Proc-Type: ",11) != 0)
500 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
501 header+=11;
502 if (*header != '4') return(0); header++;
503 if (*header != ',') return(0); header++;
504 if (strncmp(header,"ENCRYPTED",9) != 0)
505 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
506 for (; (*header != '\n') && (*header != '\0'); header++)
507 ;
508 if (*header == '\0')
509 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
510 header++;
511 if (strncmp(header,"DEK-Info: ",10) != 0)
512 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
513 header+=10;
514
515 p=header;
516 for (;;)
517 {
518 c= *header;
519#ifndef CHARSET_EBCDIC
520 if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
521 ((c >= '0') && (c <= '9'))))
522 break;
523#else
524 if (!( isupper(c) || (c == '-') ||
525 isdigit(c)))
526 break;
527#endif
528 header++;
529 }
530 *header='\0';
531 cipher->cipher=enc=EVP_get_cipherbyname(p);
532 *header=c;
533 header++;
534
535 if (enc == NULL)
536 {
537 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
538 return(0);
539 }
540 if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
541 return(0);
542
543 return(1);
544 }
545
546static int load_iv(char **fromp, unsigned char *to, int num)
547 {
548 int v,i;
549 char *from;
550
551 from= *fromp;
552 for (i=0; i<num; i++) to[i]=0;
553 num*=2;
554 for (i=0; i<num; i++)
555 {
556 if ((*from >= '0') && (*from <= '9'))
557 v= *from-'0';
558 else if ((*from >= 'A') && (*from <= 'F'))
559 v= *from-'A'+10;
560 else if ((*from >= 'a') && (*from <= 'f'))
561 v= *from-'a'+10;
562 else
563 {
564 PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
565 return(0);
566 }
567 from++;
568 to[i/2]|=v<<(long)((!(i&1))*4);
569 }
570
571 *fromp=from;
572 return(1);
573 }
574
575#ifndef OPENSSL_NO_FP_API
576int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
577 long len)
578 {
579 BIO *b;
580 int ret;
581
582 if ((b=BIO_new(BIO_s_file())) == NULL)
583 {
584 PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
585 return(0);
586 }
587 BIO_set_fp(b,fp,BIO_NOCLOSE);
588 ret=PEM_write_bio(b, name, header, data,len);
589 BIO_free(b);
590 return(ret);
591 }
592#endif
593
594int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
595 long len)
596 {
597 int nlen,n,i,j,outl;
598 unsigned char *buf = NULL;
599 EVP_ENCODE_CTX ctx;
600 int reason=ERR_R_BUF_LIB;
601
602 EVP_EncodeInit(&ctx);
603 nlen=strlen(name);
604
605 if ( (BIO_write(bp,"-----BEGIN ",11) != 11) ||
606 (BIO_write(bp,name,nlen) != nlen) ||
607 (BIO_write(bp,"-----\n",6) != 6))
608 goto err;
609
610 i=strlen(header);
611 if (i > 0)
612 {
613 if ( (BIO_write(bp,header,i) != i) ||
614 (BIO_write(bp,"\n",1) != 1))
615 goto err;
616 }
617
618 buf = OPENSSL_malloc(PEM_BUFSIZE*8);
619 if (buf == NULL)
620 {
621 reason=ERR_R_MALLOC_FAILURE;
622 goto err;
623 }
624
625 i=j=0;
626 while (len > 0)
627 {
628 n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
629 EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
630 if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
631 goto err;
632 i+=outl;
633 len-=n;
634 j+=n;
635 }
636 EVP_EncodeFinal(&ctx,buf,&outl);
637 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
638 OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
639 OPENSSL_free(buf);
640 buf = NULL;
641 if ( (BIO_write(bp,"-----END ",9) != 9) ||
642 (BIO_write(bp,name,nlen) != nlen) ||
643 (BIO_write(bp,"-----\n",6) != 6))
644 goto err;
645 return(i+outl);
646err:
647 if (buf) {
648 OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
649 OPENSSL_free(buf);
650 }
651 PEMerr(PEM_F_PEM_WRITE_BIO,reason);
652 return(0);
653 }
654
655#ifndef OPENSSL_NO_FP_API
656int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
657 long *len)
658 {
659 BIO *b;
660 int ret;
661
662 if ((b=BIO_new(BIO_s_file())) == NULL)
663 {
664 PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
665 return(0);
666 }
667 BIO_set_fp(b,fp,BIO_NOCLOSE);
668 ret=PEM_read_bio(b, name, header, data,len);
669 BIO_free(b);
670 return(ret);
671 }
672#endif
673
674int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
675 long *len)
676 {
677 EVP_ENCODE_CTX ctx;
678 int end=0,i,k,bl=0,hl=0,nohead=0;
679 char buf[256];
680 BUF_MEM *nameB;
681 BUF_MEM *headerB;
682 BUF_MEM *dataB,*tmpB;
683
684 nameB=BUF_MEM_new();
685 headerB=BUF_MEM_new();
686 dataB=BUF_MEM_new();
687 if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
688 {
689 BUF_MEM_free(nameB);
690 BUF_MEM_free(headerB);
691 BUF_MEM_free(dataB);
692 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
693 return(0);
694 }
695
696 buf[254]='\0';
697 for (;;)
698 {
699 i=BIO_gets(bp,buf,254);
700
701 if (i <= 0)
702 {
703 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
704 goto err;
705 }
706
707 while ((i >= 0) && (buf[i] <= ' ')) i--;
708 buf[++i]='\n'; buf[++i]='\0';
709
710 if (strncmp(buf,"-----BEGIN ",11) == 0)
711 {
712 i=strlen(&(buf[11]));
713
714 if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
715 continue;
716 if (!BUF_MEM_grow(nameB,i+9))
717 {
718 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
719 goto err;
720 }
721 memcpy(nameB->data,&(buf[11]),i-6);
722 nameB->data[i-6]='\0';
723 break;
724 }
725 }
726 hl=0;
727 if (!BUF_MEM_grow(headerB,256))
728 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
729 headerB->data[0]='\0';
730 for (;;)
731 {
732 i=BIO_gets(bp,buf,254);
733 if (i <= 0) break;
734
735 while ((i >= 0) && (buf[i] <= ' ')) i--;
736 buf[++i]='\n'; buf[++i]='\0';
737
738 if (buf[0] == '\n') break;
739 if (!BUF_MEM_grow(headerB,hl+i+9))
740 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
741 if (strncmp(buf,"-----END ",9) == 0)
742 {
743 nohead=1;
744 break;
745 }
746 memcpy(&(headerB->data[hl]),buf,i);
747 headerB->data[hl+i]='\0';
748 hl+=i;
749 }
750
751 bl=0;
752 if (!BUF_MEM_grow(dataB,1024))
753 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
754 dataB->data[0]='\0';
755 if (!nohead)
756 {
757 for (;;)
758 {
759 i=BIO_gets(bp,buf,254);
760 if (i <= 0) break;
761
762 while ((i >= 0) && (buf[i] <= ' ')) i--;
763 buf[++i]='\n'; buf[++i]='\0';
764
765 if (i != 65) end=1;
766 if (strncmp(buf,"-----END ",9) == 0)
767 break;
768 if (i > 65) break;
769 if (!BUF_MEM_grow_clean(dataB,i+bl+9))
770 {
771 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
772 goto err;
773 }
774 memcpy(&(dataB->data[bl]),buf,i);
775 dataB->data[bl+i]='\0';
776 bl+=i;
777 if (end)
778 {
779 buf[0]='\0';
780 i=BIO_gets(bp,buf,254);
781 if (i <= 0) break;
782
783 while ((i >= 0) && (buf[i] <= ' ')) i--;
784 buf[++i]='\n'; buf[++i]='\0';
785
786 break;
787 }
788 }
789 }
790 else
791 {
792 tmpB=headerB;
793 headerB=dataB;
794 dataB=tmpB;
795 bl=hl;
796 }
797 i=strlen(nameB->data);
798 if ( (strncmp(buf,"-----END ",9) != 0) ||
799 (strncmp(nameB->data,&(buf[9]),i) != 0) ||
800 (strncmp(&(buf[9+i]),"-----\n",6) != 0))
801 {
802 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
803 goto err;
804 }
805
806 EVP_DecodeInit(&ctx);
807 i=EVP_DecodeUpdate(&ctx,
808 (unsigned char *)dataB->data,&bl,
809 (unsigned char *)dataB->data,bl);
810 if (i < 0)
811 {
812 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
813 goto err;
814 }
815 i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
816 if (i < 0)
817 {
818 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
819 goto err;
820 }
821 bl+=k;
822
823 if (bl == 0) goto err;
824 *name=nameB->data;
825 *header=headerB->data;
826 *data=(unsigned char *)dataB->data;
827 *len=bl;
828 OPENSSL_free(nameB);
829 OPENSSL_free(headerB);
830 OPENSSL_free(dataB);
831 return(1);
832err:
833 BUF_MEM_free(nameB);
834 BUF_MEM_free(headerB);
835 BUF_MEM_free(dataB);
836 return(0);
837 }
838
839/* Check pem string and return prefix length.
840 * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY"
841 * the return value is 3 for the string "RSA".
842 */
843
844int pem_check_suffix(const char *pem_str, const char *suffix)
845 {
846 int pem_len = strlen(pem_str);
847 int suffix_len = strlen(suffix);
848 const char *p;
849 if (suffix_len + 1 >= pem_len)
850 return 0;
851 p = pem_str + pem_len - suffix_len;
852 if (strcmp(p, suffix))
853 return 0;
854 p--;
855 if (*p != ' ')
856 return 0;
857 return p - pem_str;
858 }
859
diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c
deleted file mode 100644
index b33868d25a..0000000000
--- a/src/lib/libcrypto/pem/pem_oth.c
+++ /dev/null
@@ -1,86 +0,0 @@
1/* crypto/pem/pem_oth.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/buffer.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/x509.h>
66#include <openssl/pem.h>
67
68/* Handle 'other' PEMs: not private keys */
69
70void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
71 pem_password_cb *cb, void *u)
72 {
73 const unsigned char *p=NULL;
74 unsigned char *data=NULL;
75 long len;
76 char *ret=NULL;
77
78 if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
79 return NULL;
80 p = data;
81 ret=d2i(x,&p,len);
82 if (ret == NULL)
83 PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
84 OPENSSL_free(data);
85 return(ret);
86 }
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
deleted file mode 100644
index 6deab8c338..0000000000
--- a/src/lib/libcrypto/pem/pem_pk8.c
+++ /dev/null
@@ -1,242 +0,0 @@
1/* crypto/pem/pem_pkey.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/buffer.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/x509.h>
66#include <openssl/pkcs12.h>
67#include <openssl/pem.h>
68
69static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
70 int nid, const EVP_CIPHER *enc,
71 char *kstr, int klen,
72 pem_password_cb *cb, void *u);
73static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
74 int nid, const EVP_CIPHER *enc,
75 char *kstr, int klen,
76 pem_password_cb *cb, void *u);
77
78/* These functions write a private key in PKCS#8 format: it is a "drop in"
79 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
80 * is NULL then it uses the unencrypted private key form. The 'nid' versions
81 * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
82 */
83
84int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
85 char *kstr, int klen,
86 pem_password_cb *cb, void *u)
87{
88 return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
89}
90
91int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
92 char *kstr, int klen,
93 pem_password_cb *cb, void *u)
94{
95 return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
96}
97
98int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
99 char *kstr, int klen,
100 pem_password_cb *cb, void *u)
101{
102 return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
103}
104
105int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
106 char *kstr, int klen,
107 pem_password_cb *cb, void *u)
108{
109 return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
110}
111
112static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
113 char *kstr, int klen,
114 pem_password_cb *cb, void *u)
115{
116 X509_SIG *p8;
117 PKCS8_PRIV_KEY_INFO *p8inf;
118 char buf[PEM_BUFSIZE];
119 int ret;
120 if(!(p8inf = EVP_PKEY2PKCS8(x))) {
121 PEMerr(PEM_F_DO_PK8PKEY,
122 PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
123 return 0;
124 }
125 if(enc || (nid != -1)) {
126 if(!kstr) {
127 if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
128 else klen = cb(buf, PEM_BUFSIZE, 1, u);
129 if(klen <= 0) {
130 PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY);
131 PKCS8_PRIV_KEY_INFO_free(p8inf);
132 return 0;
133 }
134
135 kstr = buf;
136 }
137 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
138 if(kstr == buf) OPENSSL_cleanse(buf, klen);
139 PKCS8_PRIV_KEY_INFO_free(p8inf);
140 if(isder) ret = i2d_PKCS8_bio(bp, p8);
141 else ret = PEM_write_bio_PKCS8(bp, p8);
142 X509_SIG_free(p8);
143 return ret;
144 } else {
145 if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
146 else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
147 PKCS8_PRIV_KEY_INFO_free(p8inf);
148 return ret;
149 }
150}
151
152EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
153{
154 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
155 X509_SIG *p8 = NULL;
156 int klen;
157 EVP_PKEY *ret;
158 char psbuf[PEM_BUFSIZE];
159 p8 = d2i_PKCS8_bio(bp, NULL);
160 if(!p8) return NULL;
161 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
162 else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
163 if (klen <= 0) {
164 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
165 X509_SIG_free(p8);
166 return NULL;
167 }
168 p8inf = PKCS8_decrypt(p8, psbuf, klen);
169 X509_SIG_free(p8);
170 if(!p8inf) return NULL;
171 ret = EVP_PKCS82PKEY(p8inf);
172 PKCS8_PRIV_KEY_INFO_free(p8inf);
173 if(!ret) return NULL;
174 if(x) {
175 if(*x) EVP_PKEY_free(*x);
176 *x = ret;
177 }
178 return ret;
179}
180
181#ifndef OPENSSL_NO_FP_API
182
183int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
184 char *kstr, int klen,
185 pem_password_cb *cb, void *u)
186{
187 return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
188}
189
190int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
191 char *kstr, int klen,
192 pem_password_cb *cb, void *u)
193{
194 return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
195}
196
197int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
198 char *kstr, int klen,
199 pem_password_cb *cb, void *u)
200{
201 return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
202}
203
204int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
205 char *kstr, int klen, pem_password_cb *cb, void *u)
206{
207 return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
208}
209
210static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
211 char *kstr, int klen,
212 pem_password_cb *cb, void *u)
213{
214 BIO *bp;
215 int ret;
216 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
217 PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB);
218 return(0);
219 }
220 ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
221 BIO_free(bp);
222 return ret;
223}
224
225EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
226{
227 BIO *bp;
228 EVP_PKEY *ret;
229 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
230 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
231 return NULL;
232 }
233 ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
234 BIO_free(bp);
235 return ret;
236}
237
238#endif
239
240IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
241IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
242 PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
deleted file mode 100644
index 8ecf24903b..0000000000
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ /dev/null
@@ -1,242 +0,0 @@
1/* crypto/pem/pem_pkey.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/buffer.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/x509.h>
66#include <openssl/pkcs12.h>
67#include <openssl/pem.h>
68#ifndef OPENSSL_NO_ENGINE
69#include <openssl/engine.h>
70#endif
71#include "asn1_locl.h"
72
73int pem_check_suffix(const char *pem_str, const char *suffix);
74
75EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
76 {
77 char *nm=NULL;
78 const unsigned char *p=NULL;
79 unsigned char *data=NULL;
80 long len;
81 int slen;
82 EVP_PKEY *ret=NULL;
83
84 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
85 return NULL;
86 p = data;
87
88 if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
89 PKCS8_PRIV_KEY_INFO *p8inf;
90 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
91 if(!p8inf) goto p8err;
92 ret = EVP_PKCS82PKEY(p8inf);
93 if(x) {
94 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
95 *x = ret;
96 }
97 PKCS8_PRIV_KEY_INFO_free(p8inf);
98 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
99 PKCS8_PRIV_KEY_INFO *p8inf;
100 X509_SIG *p8;
101 int klen;
102 char psbuf[PEM_BUFSIZE];
103 p8 = d2i_X509_SIG(NULL, &p, len);
104 if(!p8) goto p8err;
105 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
106 else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
107 if (klen <= 0) {
108 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
109 PEM_R_BAD_PASSWORD_READ);
110 X509_SIG_free(p8);
111 goto err;
112 }
113 p8inf = PKCS8_decrypt(p8, psbuf, klen);
114 X509_SIG_free(p8);
115 if(!p8inf) goto p8err;
116 ret = EVP_PKCS82PKEY(p8inf);
117 if(x) {
118 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
119 *x = ret;
120 }
121 PKCS8_PRIV_KEY_INFO_free(p8inf);
122 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0)
123 {
124 const EVP_PKEY_ASN1_METHOD *ameth;
125 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
126 if (!ameth || !ameth->old_priv_decode)
127 goto p8err;
128 ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len);
129 }
130p8err:
131 if (ret == NULL)
132 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
133err:
134 OPENSSL_free(nm);
135 OPENSSL_cleanse(data, len);
136 OPENSSL_free(data);
137 return(ret);
138 }
139
140int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
141 unsigned char *kstr, int klen,
142 pem_password_cb *cb, void *u)
143 {
144 char pem_str[80];
145 if (!x->ameth || x->ameth->priv_encode)
146 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
147 (char *)kstr, klen,
148 cb, u);
149
150 BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
151 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
152 pem_str,bp,x,enc,kstr,klen,cb,u);
153 }
154
155EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
156 {
157 char *nm=NULL;
158 const unsigned char *p=NULL;
159 unsigned char *data=NULL;
160 long len;
161 int slen;
162 EVP_PKEY *ret=NULL;
163
164 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
165 bp, 0, NULL))
166 return NULL;
167 p = data;
168
169 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0)
170 {
171 ret = EVP_PKEY_new();
172 if (!ret)
173 goto err;
174 if (!EVP_PKEY_set_type_str(ret, nm, slen)
175 || !ret->ameth->param_decode
176 || !ret->ameth->param_decode(ret, &p, len))
177 {
178 EVP_PKEY_free(ret);
179 ret = NULL;
180 goto err;
181 }
182 if(x)
183 {
184 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
185 *x = ret;
186 }
187 }
188err:
189 if (ret == NULL)
190 PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB);
191 OPENSSL_free(nm);
192 OPENSSL_free(data);
193 return(ret);
194 }
195
196int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
197 {
198 char pem_str[80];
199 if (!x->ameth || !x->ameth->param_encode)
200 return 0;
201
202 BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
203 return PEM_ASN1_write_bio(
204 (i2d_of_void *)x->ameth->param_encode,
205 pem_str,bp,x,NULL,NULL,0,0,NULL);
206 }
207
208#ifndef OPENSSL_NO_FP_API
209EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
210 {
211 BIO *b;
212 EVP_PKEY *ret;
213
214 if ((b=BIO_new(BIO_s_file())) == NULL)
215 {
216 PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
217 return(0);
218 }
219 BIO_set_fp(b,fp,BIO_NOCLOSE);
220 ret=PEM_read_bio_PrivateKey(b,x,cb,u);
221 BIO_free(b);
222 return(ret);
223 }
224
225int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
226 unsigned char *kstr, int klen,
227 pem_password_cb *cb, void *u)
228 {
229 BIO *b;
230 int ret;
231
232 if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
233 {
234 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB);
235 return 0;
236 }
237 ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
238 BIO_free(b);
239 return ret;
240 }
241
242#endif
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
deleted file mode 100644
index b6b4e13498..0000000000
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ /dev/null
@@ -1,191 +0,0 @@
1/* crypto/pem/pem_seal.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */
60#ifndef OPENSSL_NO_RSA
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/objects.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68#include <openssl/rsa.h>
69
70int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
71 unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
72 int npubk)
73 {
74 unsigned char key[EVP_MAX_KEY_LENGTH];
75 int ret= -1;
76 int i,j,max=0;
77 char *s=NULL;
78
79 for (i=0; i<npubk; i++)
80 {
81 if (pubk[i]->type != EVP_PKEY_RSA)
82 {
83 PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
84 goto err;
85 }
86 j=RSA_size(pubk[i]->pkey.rsa);
87 if (j > max) max=j;
88 }
89 s=(char *)OPENSSL_malloc(max*2);
90 if (s == NULL)
91 {
92 PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
93 goto err;
94 }
95
96 EVP_EncodeInit(&ctx->encode);
97
98 EVP_MD_CTX_init(&ctx->md);
99 if (!EVP_SignInit(&ctx->md,md_type))
100 goto err;
101
102 EVP_CIPHER_CTX_init(&ctx->cipher);
103 ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
104 if (ret <= 0) goto err;
105
106 /* base64 encode the keys */
107 for (i=0; i<npubk; i++)
108 {
109 j=EVP_EncodeBlock((unsigned char *)s,ek[i],
110 RSA_size(pubk[i]->pkey.rsa));
111 ekl[i]=j;
112 memcpy(ek[i],s,j+1);
113 }
114
115 ret=npubk;
116err:
117 if (s != NULL) OPENSSL_free(s);
118 OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
119 return(ret);
120 }
121
122void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
123 unsigned char *in, int inl)
124 {
125 unsigned char buffer[1600];
126 int i,j;
127
128 *outl=0;
129 EVP_SignUpdate(&ctx->md,in,inl);
130 for (;;)
131 {
132 if (inl <= 0) break;
133 if (inl > 1200)
134 i=1200;
135 else
136 i=inl;
137 EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
138 EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
139 *outl+=j;
140 out+=j;
141 in+=i;
142 inl-=i;
143 }
144 }
145
146int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
147 unsigned char *out, int *outl, EVP_PKEY *priv)
148 {
149 unsigned char *s=NULL;
150 int ret=0,j;
151 unsigned int i;
152
153 if (priv->type != EVP_PKEY_RSA)
154 {
155 PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
156 goto err;
157 }
158 i=RSA_size(priv->pkey.rsa);
159 if (i < 100) i=100;
160 s=(unsigned char *)OPENSSL_malloc(i*2);
161 if (s == NULL)
162 {
163 PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
164 goto err;
165 }
166
167 if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
168 goto err;
169 EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
170 *outl=j;
171 out+=j;
172 EVP_EncodeFinal(&ctx->encode,out,&j);
173 *outl+=j;
174
175 if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
176 *sigl=EVP_EncodeBlock(sig,s,i);
177
178 ret=1;
179err:
180 EVP_MD_CTX_cleanup(&ctx->md);
181 EVP_CIPHER_CTX_cleanup(&ctx->cipher);
182 if (s != NULL) OPENSSL_free(s);
183 return(ret);
184 }
185#else /* !OPENSSL_NO_RSA */
186
187# if PEDANTIC
188static void *dummy=&dummy;
189# endif
190
191#endif
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c
deleted file mode 100644
index c3b9808cb2..0000000000
--- a/src/lib/libcrypto/pem/pem_sign.c
+++ /dev/null
@@ -1,102 +0,0 @@
1/* crypto/pem/pem_sign.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/rand.h>
62#include <openssl/evp.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65#include <openssl/pem.h>
66
67void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
68 {
69 EVP_DigestInit_ex(ctx, type, NULL);
70 }
71
72void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
73 unsigned int count)
74 {
75 EVP_DigestUpdate(ctx,data,count);
76 }
77
78int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
79 EVP_PKEY *pkey)
80 {
81 unsigned char *m;
82 int i,ret=0;
83 unsigned int m_len;
84
85 m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
86 if (m == NULL)
87 {
88 PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
89 goto err;
90 }
91
92 if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
93
94 i=EVP_EncodeBlock(sigret,m,m_len);
95 *siglen=i;
96 ret=1;
97err:
98 /* ctx has been zeroed by EVP_SignFinal() */
99 if (m != NULL) OPENSSL_free(m);
100 return(ret);
101 }
102
diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c
deleted file mode 100644
index b531057dc9..0000000000
--- a/src/lib/libcrypto/pem/pem_x509.c
+++ /dev/null
@@ -1,68 +0,0 @@
1/* pem_x509.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bio.h>
62#include <openssl/evp.h>
63#include <openssl/x509.h>
64#include <openssl/pkcs7.h>
65#include <openssl/pem.h>
66
67IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
68
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c
deleted file mode 100644
index 328f796200..0000000000
--- a/src/lib/libcrypto/pem/pem_xaux.c
+++ /dev/null
@@ -1,68 +0,0 @@
1/* pem_xaux.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bio.h>
62#include <openssl/evp.h>
63#include <openssl/x509.h>
64#include <openssl/pkcs7.h>
65#include <openssl/pem.h>
66
67IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
68IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)
diff --git a/src/lib/libcrypto/pem/pkcs7.lis b/src/lib/libcrypto/pem/pkcs7.lis
deleted file mode 100644
index be90c5d87f..0000000000
--- a/src/lib/libcrypto/pem/pkcs7.lis
+++ /dev/null
@@ -1,22 +0,0 @@
121 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE
2 00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
3 21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag
4 21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE
5 00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version
6 20 20:d=0 hl=2 l= 0 cons: univ: SET
7 21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE
8 00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
9 00 35:d=0 hl=2 l= 0 prim: univ: EOC
10 21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag
11 20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE
12 20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE
13 00 1116:d=0 hl=2 l= 0 prim: univ: EOC
14 21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag
15 20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE
16 20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE
17 00 2066:d=0 hl=2 l= 0 prim: univ: EOC
18 21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers
19 00 2070:d=0 hl=2 l= 0 prim: univ: EOC
20 00 2072:d=0 hl=2 l= 0 prim: univ: EOC
21 00 2074:d=0 hl=2 l= 0 prim: univ: EOC
2200 2076:d=0 hl=2 l= 0 prim: univ: EOC
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
deleted file mode 100644
index b1bf71a5da..0000000000
--- a/src/lib/libcrypto/pem/pvkfmt.c
+++ /dev/null
@@ -1,950 +0,0 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2005.
3 */
4/* ====================================================================
5 * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB
59 * and PRIVATEKEYBLOB).
60 */
61
62#include "cryptlib.h"
63#include <openssl/pem.h>
64#include <openssl/rand.h>
65#include <openssl/bn.h>
66#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
67#include <openssl/dsa.h>
68#include <openssl/rsa.h>
69
70/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
71 * format
72 */
73
74static unsigned int read_ledword(const unsigned char **in)
75 {
76 const unsigned char *p = *in;
77 unsigned int ret;
78 ret = *p++;
79 ret |= (*p++ << 8);
80 ret |= (*p++ << 16);
81 ret |= (*p++ << 24);
82 *in = p;
83 return ret;
84 }
85
86/* Read a BIGNUM in little endian format. The docs say that this should take up
87 * bitlen/8 bytes.
88 */
89
90static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
91 {
92 const unsigned char *p;
93 unsigned char *tmpbuf, *q;
94 unsigned int i;
95 p = *in + nbyte - 1;
96 tmpbuf = OPENSSL_malloc(nbyte);
97 if (!tmpbuf)
98 return 0;
99 q = tmpbuf;
100 for (i = 0; i < nbyte; i++)
101 *q++ = *p--;
102 *r = BN_bin2bn(tmpbuf, nbyte, NULL);
103 OPENSSL_free(tmpbuf);
104 if (*r)
105 {
106 *in += nbyte;
107 return 1;
108 }
109 else
110 return 0;
111 }
112
113
114/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
115
116#define MS_PUBLICKEYBLOB 0x6
117#define MS_PRIVATEKEYBLOB 0x7
118#define MS_RSA1MAGIC 0x31415352L
119#define MS_RSA2MAGIC 0x32415352L
120#define MS_DSS1MAGIC 0x31535344L
121#define MS_DSS2MAGIC 0x32535344L
122
123#define MS_KEYALG_RSA_KEYX 0xa400
124#define MS_KEYALG_DSS_SIGN 0x2200
125
126#define MS_KEYTYPE_KEYX 0x1
127#define MS_KEYTYPE_SIGN 0x2
128
129/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
130#define MS_PVKMAGIC 0xb0b5f11eL
131/* Salt length for PVK files */
132#define PVK_SALTLEN 0x10
133
134static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
135 unsigned int bitlen, int ispub);
136static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
137 unsigned int bitlen, int ispub);
138
139static int do_blob_header(const unsigned char **in, unsigned int length,
140 unsigned int *pmagic, unsigned int *pbitlen,
141 int *pisdss, int *pispub)
142 {
143 const unsigned char *p = *in;
144 if (length < 16)
145 return 0;
146 /* bType */
147 if (*p == MS_PUBLICKEYBLOB)
148 {
149 if (*pispub == 0)
150 {
151 PEMerr(PEM_F_DO_BLOB_HEADER,
152 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
153 return 0;
154 }
155 *pispub = 1;
156 }
157 else if (*p == MS_PRIVATEKEYBLOB)
158 {
159 if (*pispub == 1)
160 {
161 PEMerr(PEM_F_DO_BLOB_HEADER,
162 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
163 return 0;
164 }
165 *pispub = 0;
166 }
167 else
168 return 0;
169 p++;
170 /* Version */
171 if (*p++ != 0x2)
172 {
173 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
174 return 0;
175 }
176 /* Ignore reserved, aiKeyAlg */
177 p+= 6;
178 *pmagic = read_ledword(&p);
179 *pbitlen = read_ledword(&p);
180 *pisdss = 0;
181 switch (*pmagic)
182 {
183
184 case MS_DSS1MAGIC:
185 *pisdss = 1;
186 case MS_RSA1MAGIC:
187 if (*pispub == 0)
188 {
189 PEMerr(PEM_F_DO_BLOB_HEADER,
190 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
191 return 0;
192 }
193 break;
194
195 case MS_DSS2MAGIC:
196 *pisdss = 1;
197 case MS_RSA2MAGIC:
198 if (*pispub == 1)
199 {
200 PEMerr(PEM_F_DO_BLOB_HEADER,
201 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
202 return 0;
203 }
204 break;
205
206 default:
207 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
208 return -1;
209 }
210 *in = p;
211 return 1;
212 }
213
214static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
215 {
216 unsigned int nbyte, hnbyte;
217 nbyte = (bitlen + 7) >> 3;
218 hnbyte = (bitlen + 15) >> 4;
219 if (isdss)
220 {
221
222 /* Expected length: 20 for q + 3 components bitlen each + 24
223 * for seed structure.
224 */
225 if (ispub)
226 return 44 + 3 * nbyte;
227 /* Expected length: 20 for q, priv, 2 bitlen components + 24
228 * for seed structure.
229 */
230 else
231 return 64 + 2 * nbyte;
232 }
233 else
234 {
235 /* Expected length: 4 for 'e' + 'n' */
236 if (ispub)
237 return 4 + nbyte;
238 else
239 /* Expected length: 4 for 'e' and 7 other components.
240 * 2 components are bitlen size, 5 are bitlen/2
241 */
242 return 4 + 2*nbyte + 5*hnbyte;
243 }
244
245 }
246
247static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
248 int ispub)
249 {
250 const unsigned char *p = *in;
251 unsigned int bitlen, magic;
252 int isdss;
253 if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0)
254 {
255 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
256 return NULL;
257 }
258 length -= 16;
259 if (length < blob_length(bitlen, isdss, ispub))
260 {
261 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
262 return NULL;
263 }
264 if (isdss)
265 return b2i_dss(&p, length, bitlen, ispub);
266 else
267 return b2i_rsa(&p, length, bitlen, ispub);
268 }
269
270static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
271 {
272 const unsigned char *p;
273 unsigned char hdr_buf[16], *buf = NULL;
274 unsigned int bitlen, magic, length;
275 int isdss;
276 EVP_PKEY *ret = NULL;
277 if (BIO_read(in, hdr_buf, 16) != 16)
278 {
279 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
280 return NULL;
281 }
282 p = hdr_buf;
283 if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
284 return NULL;
285
286 length = blob_length(bitlen, isdss, ispub);
287 buf = OPENSSL_malloc(length);
288 if (!buf)
289 {
290 PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
291 goto err;
292 }
293 p = buf;
294 if (BIO_read(in, buf, length) != (int)length)
295 {
296 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
297 goto err;
298 }
299
300 if (isdss)
301 ret = b2i_dss(&p, length, bitlen, ispub);
302 else
303 ret = b2i_rsa(&p, length, bitlen, ispub);
304
305 err:
306 if (buf)
307 OPENSSL_free(buf);
308 return ret;
309 }
310
311static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
312 unsigned int bitlen, int ispub)
313 {
314 const unsigned char *p = *in;
315 EVP_PKEY *ret = NULL;
316 DSA *dsa = NULL;
317 BN_CTX *ctx = NULL;
318 unsigned int nbyte;
319 nbyte = (bitlen + 7) >> 3;
320
321 dsa = DSA_new();
322 ret = EVP_PKEY_new();
323 if (!dsa || !ret)
324 goto memerr;
325 if (!read_lebn(&p, nbyte, &dsa->p))
326 goto memerr;
327 if (!read_lebn(&p, 20, &dsa->q))
328 goto memerr;
329 if (!read_lebn(&p, nbyte, &dsa->g))
330 goto memerr;
331 if (ispub)
332 {
333 if (!read_lebn(&p, nbyte, &dsa->pub_key))
334 goto memerr;
335 }
336 else
337 {
338 if (!read_lebn(&p, 20, &dsa->priv_key))
339 goto memerr;
340 /* Calculate public key */
341 if (!(dsa->pub_key = BN_new()))
342 goto memerr;
343 if (!(ctx = BN_CTX_new()))
344 goto memerr;
345
346 if (!BN_mod_exp(dsa->pub_key, dsa->g,
347 dsa->priv_key, dsa->p, ctx))
348
349 goto memerr;
350 BN_CTX_free(ctx);
351 }
352
353 EVP_PKEY_set1_DSA(ret, dsa);
354 DSA_free(dsa);
355 *in = p;
356 return ret;
357
358 memerr:
359 PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
360 if (dsa)
361 DSA_free(dsa);
362 if (ret)
363 EVP_PKEY_free(ret);
364 if (ctx)
365 BN_CTX_free(ctx);
366 return NULL;
367 }
368
369static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
370 unsigned int bitlen, int ispub)
371
372 {
373 const unsigned char *p = *in;
374 EVP_PKEY *ret = NULL;
375 RSA *rsa = NULL;
376 unsigned int nbyte, hnbyte;
377 nbyte = (bitlen + 7) >> 3;
378 hnbyte = (bitlen + 15) >> 4;
379 rsa = RSA_new();
380 ret = EVP_PKEY_new();
381 if (!rsa || !ret)
382 goto memerr;
383 rsa->e = BN_new();
384 if (!rsa->e)
385 goto memerr;
386 if (!BN_set_word(rsa->e, read_ledword(&p)))
387 goto memerr;
388 if (!read_lebn(&p, nbyte, &rsa->n))
389 goto memerr;
390 if (!ispub)
391 {
392 if (!read_lebn(&p, hnbyte, &rsa->p))
393 goto memerr;
394 if (!read_lebn(&p, hnbyte, &rsa->q))
395 goto memerr;
396 if (!read_lebn(&p, hnbyte, &rsa->dmp1))
397 goto memerr;
398 if (!read_lebn(&p, hnbyte, &rsa->dmq1))
399 goto memerr;
400 if (!read_lebn(&p, hnbyte, &rsa->iqmp))
401 goto memerr;
402 if (!read_lebn(&p, nbyte, &rsa->d))
403 goto memerr;
404 }
405
406 EVP_PKEY_set1_RSA(ret, rsa);
407 RSA_free(rsa);
408 *in = p;
409 return ret;
410 memerr:
411 PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
412 if (rsa)
413 RSA_free(rsa);
414 if (ret)
415 EVP_PKEY_free(ret);
416 return NULL;
417 }
418
419EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
420 {
421 return do_b2i(in, length, 0);
422 }
423
424EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
425 {
426 return do_b2i(in, length, 1);
427 }
428
429
430EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
431 {
432 return do_b2i_bio(in, 0);
433 }
434
435EVP_PKEY *b2i_PublicKey_bio(BIO *in)
436 {
437 return do_b2i_bio(in, 1);
438 }
439
440static void write_ledword(unsigned char **out, unsigned int dw)
441 {
442 unsigned char *p = *out;
443 *p++ = dw & 0xff;
444 *p++ = (dw>>8) & 0xff;
445 *p++ = (dw>>16) & 0xff;
446 *p++ = (dw>>24) & 0xff;
447 *out = p;
448 }
449
450static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
451 {
452 int nb, i;
453 unsigned char *p = *out, *q, c;
454 nb = BN_num_bytes(bn);
455 BN_bn2bin(bn, p);
456 q = p + nb - 1;
457 /* In place byte order reversal */
458 for (i = 0; i < nb/2; i++)
459 {
460 c = *p;
461 *p++ = *q;
462 *q-- = c;
463 }
464 *out += nb;
465 /* Pad with zeroes if we have to */
466 if (len > 0)
467 {
468 len -= nb;
469 if (len > 0)
470 {
471 memset(*out, 0, len);
472 *out += len;
473 }
474 }
475 }
476
477
478static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
479static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
480
481static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
482static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
483
484static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
485 {
486 unsigned char *p;
487 unsigned int bitlen, magic = 0, keyalg;
488 int outlen, noinc = 0;
489 if (pk->type == EVP_PKEY_DSA)
490 {
491 bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
492 keyalg = MS_KEYALG_DSS_SIGN;
493 }
494 else if (pk->type == EVP_PKEY_RSA)
495 {
496 bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
497 keyalg = MS_KEYALG_RSA_KEYX;
498 }
499 else
500 return -1;
501 if (bitlen == 0)
502 return -1;
503 outlen = 16 + blob_length(bitlen,
504 keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
505 if (out == NULL)
506 return outlen;
507 if (*out)
508 p = *out;
509 else
510 {
511 p = OPENSSL_malloc(outlen);
512 if (!p)
513 return -1;
514 *out = p;
515 noinc = 1;
516 }
517 if (ispub)
518 *p++ = MS_PUBLICKEYBLOB;
519 else
520 *p++ = MS_PRIVATEKEYBLOB;
521 *p++ = 0x2;
522 *p++ = 0;
523 *p++ = 0;
524 write_ledword(&p, keyalg);
525 write_ledword(&p, magic);
526 write_ledword(&p, bitlen);
527 if (keyalg == MS_KEYALG_DSS_SIGN)
528 write_dsa(&p, pk->pkey.dsa, ispub);
529 else
530 write_rsa(&p, pk->pkey.rsa, ispub);
531 if (!noinc)
532 *out += outlen;
533 return outlen;
534 }
535
536static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
537 {
538 unsigned char *tmp = NULL;
539 int outlen, wrlen;
540 outlen = do_i2b(&tmp, pk, ispub);
541 if (outlen < 0)
542 return -1;
543 wrlen = BIO_write(out, tmp, outlen);
544 OPENSSL_free(tmp);
545 if (wrlen == outlen)
546 return outlen;
547 return -1;
548 }
549
550static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
551 {
552 int bitlen;
553 bitlen = BN_num_bits(dsa->p);
554 if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
555 || (BN_num_bits(dsa->g) > bitlen))
556 goto badkey;
557 if (ispub)
558 {
559 if (BN_num_bits(dsa->pub_key) > bitlen)
560 goto badkey;
561 *pmagic = MS_DSS1MAGIC;
562 }
563 else
564 {
565 if (BN_num_bits(dsa->priv_key) > 160)
566 goto badkey;
567 *pmagic = MS_DSS2MAGIC;
568 }
569
570 return bitlen;
571 badkey:
572 PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
573 return 0;
574 }
575
576static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
577 {
578 int nbyte, hnbyte, bitlen;
579 if (BN_num_bits(rsa->e) > 32)
580 goto badkey;
581 bitlen = BN_num_bits(rsa->n);
582 nbyte = BN_num_bytes(rsa->n);
583 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
584 if (ispub)
585 {
586 *pmagic = MS_RSA1MAGIC;
587 return bitlen;
588 }
589 else
590 {
591 *pmagic = MS_RSA2MAGIC;
592 /* For private key each component must fit within nbyte or
593 * hnbyte.
594 */
595 if (BN_num_bytes(rsa->d) > nbyte)
596 goto badkey;
597 if ((BN_num_bytes(rsa->iqmp) > hnbyte)
598 || (BN_num_bytes(rsa->p) > hnbyte)
599 || (BN_num_bytes(rsa->q) > hnbyte)
600 || (BN_num_bytes(rsa->dmp1) > hnbyte)
601 || (BN_num_bytes(rsa->dmq1) > hnbyte))
602 goto badkey;
603 }
604 return bitlen;
605 badkey:
606 PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
607 return 0;
608 }
609
610
611static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
612 {
613 int nbyte, hnbyte;
614 nbyte = BN_num_bytes(rsa->n);
615 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
616 write_lebn(out, rsa->e, 4);
617 write_lebn(out, rsa->n, -1);
618 if (ispub)
619 return;
620 write_lebn(out, rsa->p, hnbyte);
621 write_lebn(out, rsa->q, hnbyte);
622 write_lebn(out, rsa->dmp1, hnbyte);
623 write_lebn(out, rsa->dmq1, hnbyte);
624 write_lebn(out, rsa->iqmp, hnbyte);
625 write_lebn(out, rsa->d, nbyte);
626 }
627
628
629static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
630 {
631 int nbyte;
632 nbyte = BN_num_bytes(dsa->p);
633 write_lebn(out, dsa->p, nbyte);
634 write_lebn(out, dsa->q, 20);
635 write_lebn(out, dsa->g, nbyte);
636 if (ispub)
637 write_lebn(out, dsa->pub_key, nbyte);
638 else
639 write_lebn(out, dsa->priv_key, 20);
640 /* Set "invalid" for seed structure values */
641 memset(*out, 0xff, 24);
642 *out += 24;
643 return;
644 }
645
646
647int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
648 {
649 return do_i2b_bio(out, pk, 0);
650 }
651
652int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
653 {
654 return do_i2b_bio(out, pk, 1);
655 }
656
657#ifndef OPENSSL_NO_RC4
658
659static int do_PVK_header(const unsigned char **in, unsigned int length,
660 int skip_magic,
661 unsigned int *psaltlen, unsigned int *pkeylen)
662
663 {
664 const unsigned char *p = *in;
665 unsigned int pvk_magic, is_encrypted;
666 if (skip_magic)
667 {
668 if (length < 20)
669 {
670 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
671 return 0;
672 }
673 length -= 20;
674 }
675 else
676 {
677 if (length < 24)
678 {
679 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
680 return 0;
681 }
682 length -= 24;
683 pvk_magic = read_ledword(&p);
684 if (pvk_magic != MS_PVKMAGIC)
685 {
686 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
687 return 0;
688 }
689 }
690 /* Skip reserved */
691 p += 4;
692 /*keytype = */read_ledword(&p);
693 is_encrypted = read_ledword(&p);
694 *psaltlen = read_ledword(&p);
695 *pkeylen = read_ledword(&p);
696
697 if (is_encrypted && !*psaltlen)
698 {
699 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
700 return 0;
701 }
702
703 *in = p;
704 return 1;
705 }
706
707static int derive_pvk_key(unsigned char *key,
708 const unsigned char *salt, unsigned int saltlen,
709 const unsigned char *pass, int passlen)
710 {
711 EVP_MD_CTX mctx;
712 int rv = 1;
713 EVP_MD_CTX_init(&mctx);
714 if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
715 || !EVP_DigestUpdate(&mctx, salt, saltlen)
716 || !EVP_DigestUpdate(&mctx, pass, passlen)
717 || !EVP_DigestFinal_ex(&mctx, key, NULL))
718 rv = 0;
719
720 EVP_MD_CTX_cleanup(&mctx);
721 return rv;
722 }
723
724
725static EVP_PKEY *do_PVK_body(const unsigned char **in,
726 unsigned int saltlen, unsigned int keylen,
727 pem_password_cb *cb, void *u)
728 {
729 EVP_PKEY *ret = NULL;
730 const unsigned char *p = *in;
731 unsigned int magic;
732 unsigned char *enctmp = NULL, *q;
733 EVP_CIPHER_CTX cctx;
734 EVP_CIPHER_CTX_init(&cctx);
735 if (saltlen)
736 {
737 char psbuf[PEM_BUFSIZE];
738 unsigned char keybuf[20];
739 int enctmplen, inlen;
740 if (cb)
741 inlen=cb(psbuf,PEM_BUFSIZE,0,u);
742 else
743 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
744 if (inlen <= 0)
745 {
746 PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
747 return NULL;
748 }
749 enctmp = OPENSSL_malloc(keylen + 8);
750 if (!enctmp)
751 {
752 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
753 return NULL;
754 }
755 if (!derive_pvk_key(keybuf, p, saltlen,
756 (unsigned char *)psbuf, inlen))
757 return NULL;
758 p += saltlen;
759 /* Copy BLOBHEADER across, decrypt rest */
760 memcpy(enctmp, p, 8);
761 p += 8;
762 inlen = keylen - 8;
763 q = enctmp + 8;
764 if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
765 goto err;
766 if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
767 goto err;
768 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
769 goto err;
770 magic = read_ledword((const unsigned char **)&q);
771 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
772 {
773 q = enctmp + 8;
774 memset(keybuf + 5, 0, 11);
775 if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
776 NULL))
777 goto err;
778 OPENSSL_cleanse(keybuf, 20);
779 if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
780 goto err;
781 if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
782 &enctmplen))
783 goto err;
784 magic = read_ledword((const unsigned char **)&q);
785 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
786 {
787 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
788 goto err;
789 }
790 }
791 else
792 OPENSSL_cleanse(keybuf, 20);
793 p = enctmp;
794 }
795
796 ret = b2i_PrivateKey(&p, keylen);
797 err:
798 EVP_CIPHER_CTX_cleanup(&cctx);
799 if (enctmp && saltlen)
800 OPENSSL_free(enctmp);
801 return ret;
802 }
803
804
805EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
806 {
807 unsigned char pvk_hdr[24], *buf = NULL;
808 const unsigned char *p;
809 int buflen;
810 EVP_PKEY *ret = NULL;
811 unsigned int saltlen, keylen;
812 if (BIO_read(in, pvk_hdr, 24) != 24)
813 {
814 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
815 return NULL;
816 }
817 p = pvk_hdr;
818
819 if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
820 return 0;
821 buflen = (int) keylen + saltlen;
822 buf = OPENSSL_malloc(buflen);
823 if (!buf)
824 {
825 PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
826 return 0;
827 }
828 p = buf;
829 if (BIO_read(in, buf, buflen) != buflen)
830 {
831 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
832 goto err;
833 }
834 ret = do_PVK_body(&p, saltlen, keylen, cb, u);
835
836 err:
837 if (buf)
838 {
839 OPENSSL_cleanse(buf, buflen);
840 OPENSSL_free(buf);
841 }
842 return ret;
843 }
844
845
846
847static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
848 pem_password_cb *cb, void *u)
849 {
850 int outlen = 24, pklen;
851 unsigned char *p, *salt = NULL;
852 EVP_CIPHER_CTX cctx;
853 EVP_CIPHER_CTX_init(&cctx);
854 if (enclevel)
855 outlen += PVK_SALTLEN;
856 pklen = do_i2b(NULL, pk, 0);
857 if (pklen < 0)
858 return -1;
859 outlen += pklen;
860 if (!out)
861 return outlen;
862 if (*out)
863 p = *out;
864 else
865 {
866 p = OPENSSL_malloc(outlen);
867 if (!p)
868 {
869 PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
870 return -1;
871 }
872 *out = p;
873 }
874
875 write_ledword(&p, MS_PVKMAGIC);
876 write_ledword(&p, 0);
877 if (pk->type == EVP_PKEY_DSA)
878 write_ledword(&p, MS_KEYTYPE_SIGN);
879 else
880 write_ledword(&p, MS_KEYTYPE_KEYX);
881 write_ledword(&p, enclevel ? 1 : 0);
882 write_ledword(&p, enclevel ? PVK_SALTLEN: 0);
883 write_ledword(&p, pklen);
884 if (enclevel)
885 {
886 if (RAND_bytes(p, PVK_SALTLEN) <= 0)
887 goto error;
888 salt = p;
889 p += PVK_SALTLEN;
890 }
891 do_i2b(&p, pk, 0);
892 if (enclevel == 0)
893 return outlen;
894 else
895 {
896 char psbuf[PEM_BUFSIZE];
897 unsigned char keybuf[20];
898 int enctmplen, inlen;
899 if (cb)
900 inlen=cb(psbuf,PEM_BUFSIZE,1,u);
901 else
902 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u);
903 if (inlen <= 0)
904 {
905 PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
906 goto error;
907 }
908 if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
909 (unsigned char *)psbuf, inlen))
910 goto error;
911 if (enclevel == 1)
912 memset(keybuf + 5, 0, 11);
913 p = salt + PVK_SALTLEN + 8;
914 if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
915 goto error;
916 OPENSSL_cleanse(keybuf, 20);
917 if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
918 goto error;
919 if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
920 goto error;
921 }
922 EVP_CIPHER_CTX_cleanup(&cctx);
923 return outlen;
924
925 error:
926 EVP_CIPHER_CTX_cleanup(&cctx);
927 return -1;
928 }
929
930int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
931 pem_password_cb *cb, void *u)
932 {
933 unsigned char *tmp = NULL;
934 int outlen, wrlen;
935 outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
936 if (outlen < 0)
937 return -1;
938 wrlen = BIO_write(out, tmp, outlen);
939 OPENSSL_free(tmp);
940 if (wrlen == outlen)
941 {
942 PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
943 return outlen;
944 }
945 return -1;
946 }
947
948#endif
949
950#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-09 11:06:51 +0000