resolve conflicts

author: djm <> 2005-04-29 05:39:33 +0000
committer: djm <> 2005-04-29 05:39:33 +0000
commit: 68edd00d9258df93b1366c71ac124e0cadf7bc08 (patch)
tree: 3ce4ae2a9747bbc11aed1f95f9bbea92c41f8683 /src/lib/libcrypto/pem
parent: f396ed0f5ce0af56bfde2e75e15cf1f52924c779 (diff)
download: openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.gz
openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.bz2
openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.zip
3 files changed, 130 insertions, 5 deletions
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index e72b7134ce..07963314c9 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -64,6 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
+#include <openssl/fips.h>
 #ifndef OPENSSL_NO_RSA
 static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
@@ -128,7 +129,49 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 #endif
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_RSA(k, x);
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_RSA(k, x);
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#endif
+#else
 IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+#endif
 IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
@@ -158,7 +201,48 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
        return pkey_get_dsa(pktmp, dsa);
 }
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_DSA(k, x);
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_DSA(k, x);
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#endif
+#else
 IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+#endif
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
@@ -190,7 +274,42 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
 * appropriate.)
 */
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+                if (FIPS_mode())
+                        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                                (char *)kstr, klen, cb, u);
+                else
+                        return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                        bp,(char *)x,enc,kstr,klen,cb,u);
+        }
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+                if (FIPS_mode())
+                        return PEM_write_PKCS8PrivateKey(fp, x, enc,
+                                                (char *)kstr, klen, cb, u);
+                else
+                        return PEM_ASN1_write((int (*)())i2d_PrivateKey,
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                        fp,(char *)x,enc,kstr,klen,cb,u);
+        }
+#endif
+#else
 IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
+#endif
 IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 7785039b99..82815067b3 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -73,7 +73,7 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 #define MIN_LENGTH      4
-static int load_iv(unsigned char **fromp,unsigned char *to, int num);
+static int load_iv(char **fromp,unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
 int PEM_def_callback(char *buf, int num, int w, void *key)
@@ -301,7 +301,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
        if ((dsize=i2d(x,NULL)) < 0)
                {
-                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
                dsize=0;
                goto err;
                }
@@ -432,6 +432,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
        int o;
        const EVP_CIPHER *enc=NULL;
        char *p,c;
+        char **header_pp = &header;
        cipher->cipher=NULL;
        if ((header == NULL) || (*header == '\0') || (*header == '\n'))
@@ -478,15 +479,16 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
                return(0);
                }
-        if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);
+        if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
+                return(0);
        return(1);
        }
-static int load_iv(unsigned char **fromp, unsigned char *to, int num)
+static int load_iv(char **fromp, unsigned char *to, int num)
        {
        int v,i;
-        unsigned char *from;
+        char *from;
        from= *fromp;
        for (i=0; i<num; i++) to[i]=0;
@@ -623,6 +625,9 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
        dataB=BUF_MEM_new();
        if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
                {
+                BUF_MEM_free(nameB);
+                BUF_MEM_free(headerB);
+                BUF_MEM_free(dataB);
                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
                return(0);
                }
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index f77c949e87..9ecdbd5419 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -104,6 +104,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
                if (klen <= 0) {
                        PEMerr(PEM_F_PEM_ASN1_READ_BIO,
                                        PEM_R_BAD_PASSWORD_READ);
+                        X509_SIG_free(p8);
                        goto err;
                }
                p8inf = PKCS8_decrypt(p8, psbuf, klen);
author	djm <>	2005-04-29 05:39:33 +0000
committer	djm <>	2005-04-29 05:39:33 +0000
commit	68edd00d9258df93b1366c71ac124e0cadf7bc08 (patch)
tree	3ce4ae2a9747bbc11aed1f95f9bbea92c41f8683 /src/lib/libcrypto/pem
parent	f396ed0f5ce0af56bfde2e75e15cf1f52924c779 (diff)
download	openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.gz openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.tar.bz2 openbsd-68edd00d9258df93b1366c71ac124e0cadf7bc08.zip

diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c index e72b7134ce..07963314c9 100644 --- a/src/lib/libcrypto/pem/pem_all.c +++ b/src/lib/libcrypto/pem/pem_all.c
@@ -64,6 +64,7 @@
64	#include <openssl/x509.h>	64	#include <openssl/x509.h>
65	#include <openssl/pkcs7.h>	65	#include <openssl/pkcs7.h>
66	#include <openssl/pem.h>	66	#include <openssl/pem.h>
		67	#include <openssl/fips.h>
67		68
68	#ifndef OPENSSL_NO_RSA	69	#ifndef OPENSSL_NO_RSA
69	static RSA pkey_get_rsa(EVP_PKEY key, RSA **rsa);	70	static RSA pkey_get_rsa(EVP_PKEY key, RSA **rsa);
@@ -128,7 +129,49 @@ RSA PEM_read_RSAPrivateKey(FILE fp, RSA *rsa, pem_password_cb cb,
128		129
129	#endif	130	#endif
130		131
		132	#ifdef OPENSSL_FIPS
		133
		134	int PEM_write_bio_RSAPrivateKey(BIO bp, RSA x, const EVP_CIPHER *enc,
		135	unsigned char *kstr, int klen,
		136	pem_password_cb cb, void u)
		137	{
		138	EVP_PKEY *k;
		139	int ret;
		140	k = EVP_PKEY_new();
		141	if (!k)
		142	return 0;
		143	EVP_PKEY_set1_RSA(k, x);
		144
		145	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
		146	EVP_PKEY_free(k);
		147	return ret;
		148	}
		149
		150	#ifndef OPENSSL_NO_FP_API
		151	int PEM_write_RSAPrivateKey(FILE fp, RSA x, const EVP_CIPHER *enc,
		152	unsigned char *kstr, int klen,
		153	pem_password_cb cb, void u)
		154	{
		155	EVP_PKEY *k;
		156	int ret;
		157	k = EVP_PKEY_new();
		158	if (!k)
		159	return 0;
		160
		161	EVP_PKEY_set1_RSA(k, x);
		162
		163	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
		164	EVP_PKEY_free(k);
		165	return ret;
		166	}
		167	#endif
		168
		169	#else
		170
131	IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)	171	IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
		172
		173	#endif
		174
132	IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)	175	IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
133	IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)	176	IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
134		177
@@ -158,7 +201,48 @@ DSA PEM_read_bio_DSAPrivateKey(BIO bp, DSA *dsa, pem_password_cb cb,
158	return pkey_get_dsa(pktmp, dsa);	201	return pkey_get_dsa(pktmp, dsa);
159	}	202	}
160		203
		204
		205	#ifdef OPENSSL_FIPS
		206
		207	int PEM_write_bio_DSAPrivateKey(BIO bp, DSA x, const EVP_CIPHER *enc,
		208	unsigned char *kstr, int klen,
		209	pem_password_cb cb, void u)
		210	{
		211	EVP_PKEY *k;
		212	int ret;
		213	k = EVP_PKEY_new();
		214	if (!k)
		215	return 0;
		216	EVP_PKEY_set1_DSA(k, x);
		217
		218	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
		219	EVP_PKEY_free(k);
		220	return ret;
		221	}
		222
		223	#ifndef OPENSSL_NO_FP_API
		224	int PEM_write_DSAPrivateKey(FILE fp, DSA x, const EVP_CIPHER *enc,
		225	unsigned char *kstr, int klen,
		226	pem_password_cb cb, void u)
		227	{
		228	EVP_PKEY *k;
		229	int ret;
		230	k = EVP_PKEY_new();
		231	if (!k)
		232	return 0;
		233	EVP_PKEY_set1_DSA(k, x);
		234	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
		235	EVP_PKEY_free(k);
		236	return ret;
		237	}
		238	#endif
		239
		240	#else
		241
161	IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)	242	IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
		243
		244	#endif
		245
162	IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)	246	IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
163		247
164	#ifndef OPENSSL_NO_FP_API	248	#ifndef OPENSSL_NO_FP_API
@@ -190,7 +274,42 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
190	* (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything	274	* (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
191	* appropriate.)	275	* appropriate.)
192	*/	276	*/
		277
		278	#ifdef OPENSSL_FIPS
		279
		280	int PEM_write_bio_PrivateKey(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
		281	unsigned char *kstr, int klen,
		282	pem_password_cb cb, void u)
		283	{
		284	if (FIPS_mode())
		285	return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
		286	(char *)kstr, klen, cb, u);
		287	else
		288	return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
		289	(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
		290	bp,(char *)x,enc,kstr,klen,cb,u);
		291	}
		292
		293	#ifndef OPENSSL_NO_FP_API
		294	int PEM_write_PrivateKey(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
		295	unsigned char *kstr, int klen,
		296	pem_password_cb cb, void u)
		297	{
		298	if (FIPS_mode())
		299	return PEM_write_PKCS8PrivateKey(fp, x, enc,
		300	(char *)kstr, klen, cb, u);
		301	else
		302	return PEM_ASN1_write((int (*)())i2d_PrivateKey,
		303	(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
		304	fp,(char *)x,enc,kstr,klen,cb,u);
		305	}
		306	#endif
		307
		308	#else
		309
193	IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)	310	IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
194		311
		312	#endif
		313
195	IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)	314	IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
196		315


diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index 7785039b99..82815067b3 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -73,7 +73,7 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
73		73
74	#define MIN_LENGTH 4	74	#define MIN_LENGTH 4
75		75
76	static int load_iv(unsigned char *fromp,unsigned char to, int num);	76	static int load_iv(char *fromp,unsigned char to, int num);
77	static int check_pem(const char nm, const char name);	77	static int check_pem(const char nm, const char name);
78		78
79	int PEM_def_callback(char buf, int num, int w, void key)	79	int PEM_def_callback(char buf, int num, int w, void key)
@@ -301,7 +301,7 @@ int PEM_ASN1_write_bio(int (i2d)(), const char name, BIO bp, char x,
301		301
302	if ((dsize=i2d(x,NULL)) < 0)	302	if ((dsize=i2d(x,NULL)) < 0)
303	{	303	{
304	PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);	304	PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
305	dsize=0;	305	dsize=0;
306	goto err;	306	goto err;
307	}	307	}
@@ -432,6 +432,7 @@ int PEM_get_EVP_CIPHER_INFO(char header, EVP_CIPHER_INFO cipher)
432	int o;	432	int o;
433	const EVP_CIPHER *enc=NULL;	433	const EVP_CIPHER *enc=NULL;
434	char *p,c;	434	char *p,c;
		435	char **header_pp = &header;
435		436
436	cipher->cipher=NULL;	437	cipher->cipher=NULL;
437	if ((header == NULL) \|\| (header == '\0') \|\| (header == '\n'))	438	if ((header == NULL) \|\| (header == '\0') \|\| (header == '\n'))
@@ -478,15 +479,16 @@ int PEM_get_EVP_CIPHER_INFO(char header, EVP_CIPHER_INFO cipher)
478	PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);	479	PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
479	return(0);	480	return(0);
480	}	481	}
481	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);	482	if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
		483	return(0);
482		484
483	return(1);	485	return(1);
484	}	486	}
485		487
486	static int load_iv(unsigned char *fromp, unsigned char to, int num)	488	static int load_iv(char *fromp, unsigned char to, int num)
487	{	489	{
488	int v,i;	490	int v,i;
489	unsigned char *from;	491	char *from;
490		492
491	from= *fromp;	493	from= *fromp;
492	for (i=0; i<num; i++) to[i]=0;	494	for (i=0; i<num; i++) to[i]=0;
@@ -623,6 +625,9 @@ int PEM_read_bio(BIO bp, char name, char header, unsigned char *data,
623	dataB=BUF_MEM_new();	625	dataB=BUF_MEM_new();
624	if ((nameB == NULL) \|\| (headerB == NULL) \|\| (dataB == NULL))	626	if ((nameB == NULL) \|\| (headerB == NULL) \|\| (dataB == NULL))
625	{	627	{
		628	BUF_MEM_free(nameB);
		629	BUF_MEM_free(headerB);
		630	BUF_MEM_free(dataB);
626	PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);	631	PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
627	return(0);	632	return(0);
628	}	633	}


diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c index f77c949e87..9ecdbd5419 100644 --- a/src/lib/libcrypto/pem/pem_pkey.c +++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -104,6 +104,7 @@ EVP_PKEY PEM_read_bio_PrivateKey(BIO bp, EVP_PKEY *x, pem_password_cb cb, vo
104	if (klen <= 0) {	104	if (klen <= 0) {
105	PEMerr(PEM_F_PEM_ASN1_READ_BIO,	105	PEMerr(PEM_F_PEM_ASN1_READ_BIO,
106	PEM_R_BAD_PASSWORD_READ);	106	PEM_R_BAD_PASSWORD_READ);
		107	X509_SIG_free(p8);
107	goto err;	108	goto err;
108	}	109	}
109	p8inf = PKCS8_decrypt(p8, psbuf, klen);	110	p8inf = PKCS8_decrypt(p8, psbuf, klen);