summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pem
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2012-07-13 17:49:55 +0000
committercvs2svn <admin@example.com>2012-07-13 17:49:55 +0000
commit6fdb436ab2cd5b35066babb3a03be7ad0daf1ae2 (patch)
treea760cf389e7ea59961bb306a1f50bf5443205176 /src/lib/libcrypto/pem
parent9204e59073bcf27e1487ec4ac46e981902ddd904 (diff)
downloadopenbsd-OPENBSD_5_2_BASE.tar.gz
openbsd-OPENBSD_5_2_BASE.tar.bz2
openbsd-OPENBSD_5_2_BASE.zip
This commit was manufactured by cvs2git to create tag 'OPENBSD_5_2_BASE'.OPENBSD_5_2_BASE
Diffstat (limited to 'src/lib/libcrypto/pem')
-rw-r--r--src/lib/libcrypto/pem/message16
-rw-r--r--src/lib/libcrypto/pem/pem.h641
-rw-r--r--src/lib/libcrypto/pem/pem2.h70
-rw-r--r--src/lib/libcrypto/pem/pem_all.c296
-rw-r--r--src/lib/libcrypto/pem/pem_err.c161
-rw-r--r--src/lib/libcrypto/pem/pem_info.c405
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c852
-rw-r--r--src/lib/libcrypto/pem/pem_oth.c86
-rw-r--r--src/lib/libcrypto/pem/pem_pk8.c242
-rw-r--r--src/lib/libcrypto/pem/pem_pkey.c242
-rw-r--r--src/lib/libcrypto/pem/pem_seal.c189
-rw-r--r--src/lib/libcrypto/pem/pem_sign.c102
-rw-r--r--src/lib/libcrypto/pem/pem_x509.c68
-rw-r--r--src/lib/libcrypto/pem/pem_xaux.c68
-rw-r--r--src/lib/libcrypto/pem/pkcs7.lis22
-rw-r--r--src/lib/libcrypto/pem/pvkfmt.c938
16 files changed, 0 insertions, 4398 deletions
diff --git a/src/lib/libcrypto/pem/message b/src/lib/libcrypto/pem/message
deleted file mode 100644
index e8bf9d7592..0000000000
--- a/src/lib/libcrypto/pem/message
+++ /dev/null
@@ -1,16 +0,0 @@
1-----BEGIN PRIVACY-ENHANCED MESSAGE-----
2Proc-Type: 4,ENCRYPTED
3Proc-Type: 4,MIC-ONLY
4Proc-Type: 4,MIC-CLEAR
5Content-Domain: RFC822
6DEK-Info: DES-CBC,0123456789abcdef
7Originator-Certificate
8 xxxx
9Issuer-Certificate
10 xxxx
11MIC-Info: RSA-MD5,RSA,
12 xxxx
13
14
15-----END PRIVACY-ENHANCED MESSAGE-----
16
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
deleted file mode 100644
index 8a6ababe3a..0000000000
--- a/src/lib/libcrypto/pem/pem.h
+++ /dev/null
@@ -1,641 +0,0 @@
1/* crypto/pem/pem.h */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_PEM_H
60#define HEADER_PEM_H
61
62#include <openssl/e_os2.h>
63#ifndef OPENSSL_NO_BIO
64#include <openssl/bio.h>
65#endif
66#ifndef OPENSSL_NO_STACK
67#include <openssl/stack.h>
68#endif
69#include <openssl/evp.h>
70#include <openssl/x509.h>
71#include <openssl/pem2.h>
72
73#ifdef __cplusplus
74extern "C" {
75#endif
76
77#define PEM_BUFSIZE 1024
78
79#define PEM_OBJ_UNDEF 0
80#define PEM_OBJ_X509 1
81#define PEM_OBJ_X509_REQ 2
82#define PEM_OBJ_CRL 3
83#define PEM_OBJ_SSL_SESSION 4
84#define PEM_OBJ_PRIV_KEY 10
85#define PEM_OBJ_PRIV_RSA 11
86#define PEM_OBJ_PRIV_DSA 12
87#define PEM_OBJ_PRIV_DH 13
88#define PEM_OBJ_PUB_RSA 14
89#define PEM_OBJ_PUB_DSA 15
90#define PEM_OBJ_PUB_DH 16
91#define PEM_OBJ_DHPARAMS 17
92#define PEM_OBJ_DSAPARAMS 18
93#define PEM_OBJ_PRIV_RSA_PUBLIC 19
94#define PEM_OBJ_PRIV_ECDSA 20
95#define PEM_OBJ_PUB_ECDSA 21
96#define PEM_OBJ_ECPARAMETERS 22
97
98#define PEM_ERROR 30
99#define PEM_DEK_DES_CBC 40
100#define PEM_DEK_IDEA_CBC 45
101#define PEM_DEK_DES_EDE 50
102#define PEM_DEK_DES_ECB 60
103#define PEM_DEK_RSA 70
104#define PEM_DEK_RSA_MD2 80
105#define PEM_DEK_RSA_MD5 90
106
107#define PEM_MD_MD2 NID_md2
108#define PEM_MD_MD5 NID_md5
109#define PEM_MD_SHA NID_sha
110#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption
111#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption
112#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption
113
114#define PEM_STRING_X509_OLD "X509 CERTIFICATE"
115#define PEM_STRING_X509 "CERTIFICATE"
116#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
117#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
118#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
119#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
120#define PEM_STRING_X509_CRL "X509 CRL"
121#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
122#define PEM_STRING_PUBLIC "PUBLIC KEY"
123#define PEM_STRING_RSA "RSA PRIVATE KEY"
124#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
125#define PEM_STRING_DSA "DSA PRIVATE KEY"
126#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
127#define PEM_STRING_PKCS7 "PKCS7"
128#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
129#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
130#define PEM_STRING_PKCS8INF "PRIVATE KEY"
131#define PEM_STRING_DHPARAMS "DH PARAMETERS"
132#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
133#define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
134#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
135#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
136#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
137#define PEM_STRING_PARAMETERS "PARAMETERS"
138#define PEM_STRING_CMS "CMS"
139
140 /* Note that this structure is initialised by PEM_SealInit and cleaned up
141 by PEM_SealFinal (at least for now) */
142typedef struct PEM_Encode_Seal_st
143 {
144 EVP_ENCODE_CTX encode;
145 EVP_MD_CTX md;
146 EVP_CIPHER_CTX cipher;
147 } PEM_ENCODE_SEAL_CTX;
148
149/* enc_type is one off */
150#define PEM_TYPE_ENCRYPTED 10
151#define PEM_TYPE_MIC_ONLY 20
152#define PEM_TYPE_MIC_CLEAR 30
153#define PEM_TYPE_CLEAR 40
154
155typedef struct pem_recip_st
156 {
157 char *name;
158 X509_NAME *dn;
159
160 int cipher;
161 int key_enc;
162 /* char iv[8]; unused and wrong size */
163 } PEM_USER;
164
165typedef struct pem_ctx_st
166 {
167 int type; /* what type of object */
168
169 struct {
170 int version;
171 int mode;
172 } proc_type;
173
174 char *domain;
175
176 struct {
177 int cipher;
178 /* unused, and wrong size
179 unsigned char iv[8]; */
180 } DEK_info;
181
182 PEM_USER *originator;
183
184 int num_recipient;
185 PEM_USER **recipient;
186
187 /* XXX(ben): don#t think this is used!
188 STACK *x509_chain; / * certificate chain */
189 EVP_MD *md; /* signature type */
190
191 int md_enc; /* is the md encrypted or not? */
192 int md_len; /* length of md_data */
193 char *md_data; /* message digest, could be pkey encrypted */
194
195 EVP_CIPHER *dec; /* date encryption cipher */
196 int key_len; /* key length */
197 unsigned char *key; /* key */
198 /* unused, and wrong size
199 unsigned char iv[8]; */
200
201
202 int data_enc; /* is the data encrypted */
203 int data_len;
204 unsigned char *data;
205 } PEM_CTX;
206
207/* These macros make the PEM_read/PEM_write functions easier to maintain and
208 * write. Now they are all implemented with either:
209 * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
210 */
211
212#ifdef OPENSSL_NO_FP_API
213
214#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
215#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
216#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
217#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
218#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
219
220#else
221
222#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
223type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
224{ \
225return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
226}
227
228#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
229int PEM_write_##name(FILE *fp, type *x) \
230{ \
231return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
232}
233
234#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
235int PEM_write_##name(FILE *fp, const type *x) \
236{ \
237return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
238}
239
240#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
241int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
242 unsigned char *kstr, int klen, pem_password_cb *cb, \
243 void *u) \
244 { \
245 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
246 }
247
248#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
249int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
250 unsigned char *kstr, int klen, pem_password_cb *cb, \
251 void *u) \
252 { \
253 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
254 }
255
256#endif
257
258#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
259type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
260{ \
261return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
262}
263
264#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
265int PEM_write_bio_##name(BIO *bp, type *x) \
266{ \
267return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
268}
269
270#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
271int PEM_write_bio_##name(BIO *bp, const type *x) \
272{ \
273return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
274}
275
276#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
277int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
278 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
279 { \
280 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
281 }
282
283#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
284int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
285 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
286 { \
287 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
288 }
289
290#define IMPLEMENT_PEM_write(name, type, str, asn1) \
291 IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
292 IMPLEMENT_PEM_write_fp(name, type, str, asn1)
293
294#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
295 IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
296 IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
297
298#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
299 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
300 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
301
302#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
303 IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
304 IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
305
306#define IMPLEMENT_PEM_read(name, type, str, asn1) \
307 IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
308 IMPLEMENT_PEM_read_fp(name, type, str, asn1)
309
310#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
311 IMPLEMENT_PEM_read(name, type, str, asn1) \
312 IMPLEMENT_PEM_write(name, type, str, asn1)
313
314#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
315 IMPLEMENT_PEM_read(name, type, str, asn1) \
316 IMPLEMENT_PEM_write_const(name, type, str, asn1)
317
318#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
319 IMPLEMENT_PEM_read(name, type, str, asn1) \
320 IMPLEMENT_PEM_write_cb(name, type, str, asn1)
321
322/* These are the same except they are for the declarations */
323
324#if defined(OPENSSL_NO_FP_API)
325
326#define DECLARE_PEM_read_fp(name, type) /**/
327#define DECLARE_PEM_write_fp(name, type) /**/
328#define DECLARE_PEM_write_cb_fp(name, type) /**/
329
330#else
331
332#define DECLARE_PEM_read_fp(name, type) \
333 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
334
335#define DECLARE_PEM_write_fp(name, type) \
336 int PEM_write_##name(FILE *fp, type *x);
337
338#define DECLARE_PEM_write_fp_const(name, type) \
339 int PEM_write_##name(FILE *fp, const type *x);
340
341#define DECLARE_PEM_write_cb_fp(name, type) \
342 int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
343 unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
344
345#endif
346
347#ifndef OPENSSL_NO_BIO
348#define DECLARE_PEM_read_bio(name, type) \
349 type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
350
351#define DECLARE_PEM_write_bio(name, type) \
352 int PEM_write_bio_##name(BIO *bp, type *x);
353
354#define DECLARE_PEM_write_bio_const(name, type) \
355 int PEM_write_bio_##name(BIO *bp, const type *x);
356
357#define DECLARE_PEM_write_cb_bio(name, type) \
358 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
359 unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
360
361#else
362
363#define DECLARE_PEM_read_bio(name, type) /**/
364#define DECLARE_PEM_write_bio(name, type) /**/
365#define DECLARE_PEM_write_bio_const(name, type) /**/
366#define DECLARE_PEM_write_cb_bio(name, type) /**/
367
368#endif
369
370#define DECLARE_PEM_write(name, type) \
371 DECLARE_PEM_write_bio(name, type) \
372 DECLARE_PEM_write_fp(name, type)
373
374#define DECLARE_PEM_write_const(name, type) \
375 DECLARE_PEM_write_bio_const(name, type) \
376 DECLARE_PEM_write_fp_const(name, type)
377
378#define DECLARE_PEM_write_cb(name, type) \
379 DECLARE_PEM_write_cb_bio(name, type) \
380 DECLARE_PEM_write_cb_fp(name, type)
381
382#define DECLARE_PEM_read(name, type) \
383 DECLARE_PEM_read_bio(name, type) \
384 DECLARE_PEM_read_fp(name, type)
385
386#define DECLARE_PEM_rw(name, type) \
387 DECLARE_PEM_read(name, type) \
388 DECLARE_PEM_write(name, type)
389
390#define DECLARE_PEM_rw_const(name, type) \
391 DECLARE_PEM_read(name, type) \
392 DECLARE_PEM_write_const(name, type)
393
394#define DECLARE_PEM_rw_cb(name, type) \
395 DECLARE_PEM_read(name, type) \
396 DECLARE_PEM_write_cb(name, type)
397
398#if 1
399/* "userdata": new with OpenSSL 0.9.4 */
400typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
401#else
402/* OpenSSL 0.9.3, 0.9.3a */
403typedef int pem_password_cb(char *buf, int size, int rwflag);
404#endif
405
406int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
407int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
408 pem_password_cb *callback,void *u);
409
410#ifndef OPENSSL_NO_BIO
411int PEM_read_bio(BIO *bp, char **name, char **header,
412 unsigned char **data,long *len);
413int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
414 long len);
415int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
416 pem_password_cb *cb, void *u);
417void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
418 void **x, pem_password_cb *cb, void *u);
419int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x,
420 const EVP_CIPHER *enc,unsigned char *kstr,int klen,
421 pem_password_cb *cb, void *u);
422
423STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
424int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
425 unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
426#endif
427
428int PEM_read(FILE *fp, char **name, char **header,
429 unsigned char **data,long *len);
430int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
431void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
432 pem_password_cb *cb, void *u);
433int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
434 void *x,const EVP_CIPHER *enc,unsigned char *kstr,
435 int klen,pem_password_cb *callback, void *u);
436STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
437 pem_password_cb *cb, void *u);
438
439int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
440 EVP_MD *md_type, unsigned char **ek, int *ekl,
441 unsigned char *iv, EVP_PKEY **pubk, int npubk);
442void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
443 unsigned char *in, int inl);
444int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
445 unsigned char *out, int *outl, EVP_PKEY *priv);
446
447void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
448void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
449int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
450 unsigned int *siglen, EVP_PKEY *pkey);
451
452int PEM_def_callback(char *buf, int num, int w, void *key);
453void PEM_proc_type(char *buf, int type);
454void PEM_dek_info(char *buf, const char *type, int len, char *str);
455
456
457#include <openssl/symhacks.h>
458
459DECLARE_PEM_rw(X509, X509)
460
461DECLARE_PEM_rw(X509_AUX, X509)
462
463DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
464
465DECLARE_PEM_rw(X509_REQ, X509_REQ)
466DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
467
468DECLARE_PEM_rw(X509_CRL, X509_CRL)
469
470DECLARE_PEM_rw(PKCS7, PKCS7)
471
472DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
473
474DECLARE_PEM_rw(PKCS8, X509_SIG)
475
476DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
477
478#ifndef OPENSSL_NO_RSA
479
480DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
481
482DECLARE_PEM_rw_const(RSAPublicKey, RSA)
483DECLARE_PEM_rw(RSA_PUBKEY, RSA)
484
485#endif
486
487#ifndef OPENSSL_NO_DSA
488
489DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
490
491DECLARE_PEM_rw(DSA_PUBKEY, DSA)
492
493DECLARE_PEM_rw_const(DSAparams, DSA)
494
495#endif
496
497#ifndef OPENSSL_NO_EC
498DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
499DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
500DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
501#endif
502
503#ifndef OPENSSL_NO_DH
504
505DECLARE_PEM_rw_const(DHparams, DH)
506
507#endif
508
509DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
510
511DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
512
513int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
514 char *kstr, int klen,
515 pem_password_cb *cb, void *u);
516int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
517 char *, int, pem_password_cb *, void *);
518int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
519 char *kstr, int klen,
520 pem_password_cb *cb, void *u);
521int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
522 char *kstr, int klen,
523 pem_password_cb *cb, void *u);
524EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
525
526int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
527 char *kstr, int klen,
528 pem_password_cb *cb, void *u);
529int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
530 char *kstr, int klen,
531 pem_password_cb *cb, void *u);
532int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
533 char *kstr, int klen,
534 pem_password_cb *cb, void *u);
535
536EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
537
538int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
539 char *kstr,int klen, pem_password_cb *cd, void *u);
540
541EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
542int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
543
544
545EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
546EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
547EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
548EVP_PKEY *b2i_PublicKey_bio(BIO *in);
549int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
550int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
551#ifndef OPENSSL_NO_RC4
552EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
553int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
554 pem_password_cb *cb, void *u);
555#endif
556
557
558/* BEGIN ERROR CODES */
559/* The following lines are auto generated by the script mkerr.pl. Any changes
560 * made after this point may be overwritten when the script is next run.
561 */
562void ERR_load_PEM_strings(void);
563
564/* Error codes for the PEM functions. */
565
566/* Function codes. */
567#define PEM_F_B2I_DSS 127
568#define PEM_F_B2I_PVK_BIO 128
569#define PEM_F_B2I_RSA 129
570#define PEM_F_CHECK_BITLEN_DSA 130
571#define PEM_F_CHECK_BITLEN_RSA 131
572#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120
573#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121
574#define PEM_F_DO_B2I 132
575#define PEM_F_DO_B2I_BIO 133
576#define PEM_F_DO_BLOB_HEADER 134
577#define PEM_F_DO_PK8PKEY 126
578#define PEM_F_DO_PK8PKEY_FP 125
579#define PEM_F_DO_PVK_BODY 135
580#define PEM_F_DO_PVK_HEADER 136
581#define PEM_F_I2B_PVK 137
582#define PEM_F_I2B_PVK_BIO 138
583#define PEM_F_LOAD_IV 101
584#define PEM_F_PEM_ASN1_READ 102
585#define PEM_F_PEM_ASN1_READ_BIO 103
586#define PEM_F_PEM_ASN1_WRITE 104
587#define PEM_F_PEM_ASN1_WRITE_BIO 105
588#define PEM_F_PEM_DEF_CALLBACK 100
589#define PEM_F_PEM_DO_HEADER 106
590#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118
591#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107
592#define PEM_F_PEM_PK8PKEY 119
593#define PEM_F_PEM_READ 108
594#define PEM_F_PEM_READ_BIO 109
595#define PEM_F_PEM_READ_BIO_PARAMETERS 140
596#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123
597#define PEM_F_PEM_READ_PRIVATEKEY 124
598#define PEM_F_PEM_SEALFINAL 110
599#define PEM_F_PEM_SEALINIT 111
600#define PEM_F_PEM_SIGNFINAL 112
601#define PEM_F_PEM_WRITE 113
602#define PEM_F_PEM_WRITE_BIO 114
603#define PEM_F_PEM_WRITE_PRIVATEKEY 139
604#define PEM_F_PEM_X509_INFO_READ 115
605#define PEM_F_PEM_X509_INFO_READ_BIO 116
606#define PEM_F_PEM_X509_INFO_WRITE_BIO 117
607
608/* Reason codes. */
609#define PEM_R_BAD_BASE64_DECODE 100
610#define PEM_R_BAD_DECRYPT 101
611#define PEM_R_BAD_END_LINE 102
612#define PEM_R_BAD_IV_CHARS 103
613#define PEM_R_BAD_MAGIC_NUMBER 116
614#define PEM_R_BAD_PASSWORD_READ 104
615#define PEM_R_BAD_VERSION_NUMBER 117
616#define PEM_R_BIO_WRITE_FAILURE 118
617#define PEM_R_CIPHER_IS_NULL 127
618#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
619#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119
620#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120
621#define PEM_R_INCONSISTENT_HEADER 121
622#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122
623#define PEM_R_KEYBLOB_TOO_SHORT 123
624#define PEM_R_NOT_DEK_INFO 105
625#define PEM_R_NOT_ENCRYPTED 106
626#define PEM_R_NOT_PROC_TYPE 107
627#define PEM_R_NO_START_LINE 108
628#define PEM_R_PROBLEMS_GETTING_PASSWORD 109
629#define PEM_R_PUBLIC_KEY_NO_RSA 110
630#define PEM_R_PVK_DATA_TOO_SHORT 124
631#define PEM_R_PVK_TOO_SHORT 125
632#define PEM_R_READ_KEY 111
633#define PEM_R_SHORT_HEADER 112
634#define PEM_R_UNSUPPORTED_CIPHER 113
635#define PEM_R_UNSUPPORTED_ENCRYPTION 114
636#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126
637
638#ifdef __cplusplus
639}
640#endif
641#endif
diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h
deleted file mode 100644
index f31790d69c..0000000000
--- a/src/lib/libcrypto/pem/pem2.h
+++ /dev/null
@@ -1,70 +0,0 @@
1/* ====================================================================
2 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * licensing@OpenSSL.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55/*
56 * This header only exists to break a circular dependency between pem and err
57 * Ben 30 Jan 1999.
58 */
59
60#ifdef __cplusplus
61extern "C" {
62#endif
63
64#ifndef HEADER_PEM_H
65void ERR_load_PEM_strings(void);
66#endif
67
68#ifdef __cplusplus
69}
70#endif
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
deleted file mode 100644
index 3e7a6093ad..0000000000
--- a/src/lib/libcrypto/pem/pem_all.c
+++ /dev/null
@@ -1,296 +0,0 @@
1/* crypto/pem/pem_all.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <stdio.h>
113#include "cryptlib.h"
114#include <openssl/bio.h>
115#include <openssl/evp.h>
116#include <openssl/x509.h>
117#include <openssl/pkcs7.h>
118#include <openssl/pem.h>
119#ifndef OPENSSL_NO_RSA
120#include <openssl/rsa.h>
121#endif
122#ifndef OPENSSL_NO_DSA
123#include <openssl/dsa.h>
124#endif
125#ifndef OPENSSL_NO_DH
126#include <openssl/dh.h>
127#endif
128
129#ifndef OPENSSL_NO_RSA
130static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
131#endif
132#ifndef OPENSSL_NO_DSA
133static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
134#endif
135
136#ifndef OPENSSL_NO_EC
137static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
138#endif
139
140IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
141
142IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
143
144IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
145
146IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
147
148IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
149 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
150
151
152#ifndef OPENSSL_NO_RSA
153
154/* We treat RSA or DSA private keys as a special case.
155 *
156 * For private keys we read in an EVP_PKEY structure with
157 * PEM_read_bio_PrivateKey() and extract the relevant private
158 * key: this means can handle "traditional" and PKCS#8 formats
159 * transparently.
160 */
161
162static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
163{
164 RSA *rtmp;
165 if(!key) return NULL;
166 rtmp = EVP_PKEY_get1_RSA(key);
167 EVP_PKEY_free(key);
168 if(!rtmp) return NULL;
169 if(rsa) {
170 RSA_free(*rsa);
171 *rsa = rtmp;
172 }
173 return rtmp;
174}
175
176RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
177 void *u)
178{
179 EVP_PKEY *pktmp;
180 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
181 return pkey_get_rsa(pktmp, rsa);
182}
183
184#ifndef OPENSSL_NO_FP_API
185
186RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
187 void *u)
188{
189 EVP_PKEY *pktmp;
190 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
191 return pkey_get_rsa(pktmp, rsa);
192}
193
194#endif
195
196IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
197IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
198IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
199
200#endif
201
202#ifndef OPENSSL_NO_DSA
203
204static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
205{
206 DSA *dtmp;
207 if(!key) return NULL;
208 dtmp = EVP_PKEY_get1_DSA(key);
209 EVP_PKEY_free(key);
210 if(!dtmp) return NULL;
211 if(dsa) {
212 DSA_free(*dsa);
213 *dsa = dtmp;
214 }
215 return dtmp;
216}
217
218DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
219 void *u)
220{
221 EVP_PKEY *pktmp;
222 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
223 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
224}
225
226IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
227IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
228
229#ifndef OPENSSL_NO_FP_API
230
231DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
232 void *u)
233{
234 EVP_PKEY *pktmp;
235 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
236 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
237}
238
239#endif
240
241IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
242
243#endif
244
245
246#ifndef OPENSSL_NO_EC
247static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
248{
249 EC_KEY *dtmp;
250 if(!key) return NULL;
251 dtmp = EVP_PKEY_get1_EC_KEY(key);
252 EVP_PKEY_free(key);
253 if(!dtmp) return NULL;
254 if(eckey)
255 {
256 EC_KEY_free(*eckey);
257 *eckey = dtmp;
258 }
259 return dtmp;
260}
261
262EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
263 void *u)
264{
265 EVP_PKEY *pktmp;
266 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
267 return pkey_get_eckey(pktmp, key); /* will free pktmp */
268}
269
270IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
271
272IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
273
274IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
275
276#ifndef OPENSSL_NO_FP_API
277
278EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
279 void *u)
280{
281 EVP_PKEY *pktmp;
282 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
283 return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
284}
285
286#endif
287
288#endif
289
290#ifndef OPENSSL_NO_DH
291
292IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
293
294#endif
295
296IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
deleted file mode 100644
index d644aeedd4..0000000000
--- a/src/lib/libcrypto/pem/pem_err.c
+++ /dev/null
@@ -1,161 +0,0 @@
1/* crypto/pem/pem_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include <openssl/pem.h>
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
70
71static ERR_STRING_DATA PEM_str_functs[]=
72 {
73{ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"},
74{ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
75{ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"},
76{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"},
77{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"},
78{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
79{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
80{ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"},
81{ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"},
82{ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"},
83{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
84{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
85{ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"},
86{ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
87{ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"},
88{ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
89{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
90{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
91{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
92{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
93{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
94{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
95{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
96{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
97{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
98{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
99{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
100{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
101{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
102{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
103{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
104{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
105{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
106{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
107{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
108{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
109{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"},
110{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
111{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
112{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
113{0,NULL}
114 };
115
116static ERR_STRING_DATA PEM_str_reasons[]=
117 {
118{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"},
119{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"},
120{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"},
121{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"},
122{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) ,"bad magic number"},
123{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"},
124{ERR_REASON(PEM_R_BAD_VERSION_NUMBER) ,"bad version number"},
125{ERR_REASON(PEM_R_BIO_WRITE_FAILURE) ,"bio write failure"},
126{ERR_REASON(PEM_R_CIPHER_IS_NULL) ,"cipher is null"},
127{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
128{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"},
129{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"},
130{ERR_REASON(PEM_R_INCONSISTENT_HEADER) ,"inconsistent header"},
131{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"},
132{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) ,"keyblob too short"},
133{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"},
134{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"},
135{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"},
136{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"},
137{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
138{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"},
139{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) ,"pvk data too short"},
140{ERR_REASON(PEM_R_PVK_TOO_SHORT) ,"pvk too short"},
141{ERR_REASON(PEM_R_READ_KEY) ,"read key"},
142{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"},
143{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
144{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
145{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"},
146{0,NULL}
147 };
148
149#endif
150
151void ERR_load_PEM_strings(void)
152 {
153#ifndef OPENSSL_NO_ERR
154
155 if (ERR_func_error_string(PEM_str_functs[0].error) == NULL)
156 {
157 ERR_load_strings(0,PEM_str_functs);
158 ERR_load_strings(0,PEM_str_reasons);
159 }
160#endif
161 }
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
deleted file mode 100644
index 1b2be527ed..0000000000
--- a/src/lib/libcrypto/pem/pem_info.c
+++ /dev/null
@@ -1,405 +0,0 @@
1/* crypto/pem/pem_info.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/buffer.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/x509.h>
65#include <openssl/pem.h>
66#ifndef OPENSSL_NO_RSA
67#include <openssl/rsa.h>
68#endif
69#ifndef OPENSSL_NO_DSA
70#include <openssl/dsa.h>
71#endif
72
73#ifndef OPENSSL_NO_FP_API
74STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
75 {
76 BIO *b;
77 STACK_OF(X509_INFO) *ret;
78
79 if ((b=BIO_new(BIO_s_file())) == NULL)
80 {
81 PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
82 return(0);
83 }
84 BIO_set_fp(b,fp,BIO_NOCLOSE);
85 ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
86 BIO_free(b);
87 return(ret);
88 }
89#endif
90
91STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
92 {
93 X509_INFO *xi=NULL;
94 char *name=NULL,*header=NULL;
95 void *pp;
96 unsigned char *data=NULL;
97 const unsigned char *p;
98 long len,error=0;
99 int ok=0;
100 STACK_OF(X509_INFO) *ret=NULL;
101 unsigned int i,raw,ptype;
102 d2i_of_void *d2i = 0;
103
104 if (sk == NULL)
105 {
106 if ((ret=sk_X509_INFO_new_null()) == NULL)
107 {
108 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
109 goto err;
110 }
111 }
112 else
113 ret=sk;
114
115 if ((xi=X509_INFO_new()) == NULL) goto err;
116 for (;;)
117 {
118 raw=0;
119 ptype = 0;
120 i=PEM_read_bio(bp,&name,&header,&data,&len);
121 if (i == 0)
122 {
123 error=ERR_GET_REASON(ERR_peek_last_error());
124 if (error == PEM_R_NO_START_LINE)
125 {
126 ERR_clear_error();
127 break;
128 }
129 goto err;
130 }
131start:
132 if ( (strcmp(name,PEM_STRING_X509) == 0) ||
133 (strcmp(name,PEM_STRING_X509_OLD) == 0))
134 {
135 d2i=(D2I_OF(void))d2i_X509;
136 if (xi->x509 != NULL)
137 {
138 if (!sk_X509_INFO_push(ret,xi)) goto err;
139 if ((xi=X509_INFO_new()) == NULL) goto err;
140 goto start;
141 }
142 pp=&(xi->x509);
143 }
144 else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
145 {
146 d2i=(D2I_OF(void))d2i_X509_AUX;
147 if (xi->x509 != NULL)
148 {
149 if (!sk_X509_INFO_push(ret,xi)) goto err;
150 if ((xi=X509_INFO_new()) == NULL) goto err;
151 goto start;
152 }
153 pp=&(xi->x509);
154 }
155 else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
156 {
157 d2i=(D2I_OF(void))d2i_X509_CRL;
158 if (xi->crl != NULL)
159 {
160 if (!sk_X509_INFO_push(ret,xi)) goto err;
161 if ((xi=X509_INFO_new()) == NULL) goto err;
162 goto start;
163 }
164 pp=&(xi->crl);
165 }
166 else
167#ifndef OPENSSL_NO_RSA
168 if (strcmp(name,PEM_STRING_RSA) == 0)
169 {
170 if (xi->x_pkey != NULL)
171 {
172 if (!sk_X509_INFO_push(ret,xi)) goto err;
173 if ((xi=X509_INFO_new()) == NULL) goto err;
174 goto start;
175 }
176
177 xi->enc_data=NULL;
178 xi->enc_len=0;
179
180 xi->x_pkey=X509_PKEY_new();
181 ptype=EVP_PKEY_RSA;
182 pp=&xi->x_pkey->dec_pkey;
183 if ((int)strlen(header) > 10) /* assume encrypted */
184 raw=1;
185 }
186 else
187#endif
188#ifndef OPENSSL_NO_DSA
189 if (strcmp(name,PEM_STRING_DSA) == 0)
190 {
191 d2i=(D2I_OF(void))d2i_DSAPrivateKey;
192 if (xi->x_pkey != NULL)
193 {
194 if (!sk_X509_INFO_push(ret,xi)) goto err;
195 if ((xi=X509_INFO_new()) == NULL) goto err;
196 goto start;
197 }
198
199 xi->enc_data=NULL;
200 xi->enc_len=0;
201
202 xi->x_pkey=X509_PKEY_new();
203 ptype = EVP_PKEY_DSA;
204 pp=&xi->x_pkey->dec_pkey;
205 if ((int)strlen(header) > 10) /* assume encrypted */
206 raw=1;
207 }
208 else
209#endif
210#ifndef OPENSSL_NO_EC
211 if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)
212 {
213 d2i=(D2I_OF(void))d2i_ECPrivateKey;
214 if (xi->x_pkey != NULL)
215 {
216 if (!sk_X509_INFO_push(ret,xi)) goto err;
217 if ((xi=X509_INFO_new()) == NULL) goto err;
218 goto start;
219 }
220
221 xi->enc_data=NULL;
222 xi->enc_len=0;
223
224 xi->x_pkey=X509_PKEY_new();
225 ptype = EVP_PKEY_EC;
226 pp=&xi->x_pkey->dec_pkey;
227 if ((int)strlen(header) > 10) /* assume encrypted */
228 raw=1;
229 }
230 else
231#endif
232 {
233 d2i=NULL;
234 pp=NULL;
235 }
236
237 if (d2i != NULL)
238 {
239 if (!raw)
240 {
241 EVP_CIPHER_INFO cipher;
242
243 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
244 goto err;
245 if (!PEM_do_header(&cipher,data,&len,cb,u))
246 goto err;
247 p=data;
248 if (ptype)
249 {
250 if (!d2i_PrivateKey(ptype, pp, &p, len))
251 {
252 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
253 goto err;
254 }
255 }
256 else if (d2i(pp,&p,len) == NULL)
257 {
258 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
259 goto err;
260 }
261 }
262 else
263 { /* encrypted RSA data */
264 if (!PEM_get_EVP_CIPHER_INFO(header,
265 &xi->enc_cipher)) goto err;
266 xi->enc_data=(char *)data;
267 xi->enc_len=(int)len;
268 data=NULL;
269 }
270 }
271 else {
272 /* unknown */
273 }
274 if (name != NULL) OPENSSL_free(name);
275 if (header != NULL) OPENSSL_free(header);
276 if (data != NULL) OPENSSL_free(data);
277 name=NULL;
278 header=NULL;
279 data=NULL;
280 }
281
282 /* if the last one hasn't been pushed yet and there is anything
283 * in it then add it to the stack ...
284 */
285 if ((xi->x509 != NULL) || (xi->crl != NULL) ||
286 (xi->x_pkey != NULL) || (xi->enc_data != NULL))
287 {
288 if (!sk_X509_INFO_push(ret,xi)) goto err;
289 xi=NULL;
290 }
291 ok=1;
292err:
293 if (xi != NULL) X509_INFO_free(xi);
294 if (!ok)
295 {
296 for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
297 {
298 xi=sk_X509_INFO_value(ret,i);
299 X509_INFO_free(xi);
300 }
301 if (ret != sk) sk_X509_INFO_free(ret);
302 ret=NULL;
303 }
304
305 if (name != NULL) OPENSSL_free(name);
306 if (header != NULL) OPENSSL_free(header);
307 if (data != NULL) OPENSSL_free(data);
308 return(ret);
309 }
310
311
312/* A TJH addition */
313int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
314 unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
315 {
316 EVP_CIPHER_CTX ctx;
317 int i,ret=0;
318 unsigned char *data=NULL;
319 const char *objstr=NULL;
320 char buf[PEM_BUFSIZE];
321 unsigned char *iv=NULL;
322
323 if (enc != NULL)
324 {
325 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
326 if (objstr == NULL)
327 {
328 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
329 goto err;
330 }
331 }
332
333 /* now for the fun part ... if we have a private key then
334 * we have to be able to handle a not-yet-decrypted key
335 * being written out correctly ... if it is decrypted or
336 * it is non-encrypted then we use the base code
337 */
338 if (xi->x_pkey!=NULL)
339 {
340 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
341 {
342 if (enc == NULL)
343 {
344 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL);
345 goto err;
346 }
347
348 /* copy from weirdo names into more normal things */
349 iv=xi->enc_cipher.iv;
350 data=(unsigned char *)xi->enc_data;
351 i=xi->enc_len;
352
353 /* we take the encryption data from the
354 * internal stuff rather than what the
355 * user has passed us ... as we have to
356 * match exactly for some strange reason
357 */
358 objstr=OBJ_nid2sn(
359 EVP_CIPHER_nid(xi->enc_cipher.cipher));
360 if (objstr == NULL)
361 {
362 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
363 goto err;
364 }
365
366 /* create the right magic header stuff */
367 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
368 buf[0]='\0';
369 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
370 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
371
372 /* use the normal code to write things out */
373 i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
374 if (i <= 0) goto err;
375 }
376 else
377 {
378 /* Add DSA/DH */
379#ifndef OPENSSL_NO_RSA
380 /* normal optionally encrypted stuff */
381 if (PEM_write_bio_RSAPrivateKey(bp,
382 xi->x_pkey->dec_pkey->pkey.rsa,
383 enc,kstr,klen,cb,u)<=0)
384 goto err;
385#endif
386 }
387 }
388
389 /* if we have a certificate then write it out now */
390 if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
391 goto err;
392
393 /* we are ignoring anything else that is loaded into the X509_INFO
394 * structure for the moment ... as I don't need it so I'm not
395 * coding it here and Eric can do it when this makes it into the
396 * base library --tjh
397 */
398
399 ret=1;
400
401err:
402 OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
403 OPENSSL_cleanse(buf,PEM_BUFSIZE);
404 return(ret);
405 }
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
deleted file mode 100644
index cfc89a9921..0000000000
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ /dev/null
@@ -1,852 +0,0 @@
1/* crypto/pem/pem_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <ctype.h>
61#include "cryptlib.h"
62#include <openssl/buffer.h>
63#include <openssl/objects.h>
64#include <openssl/evp.h>
65#include <openssl/rand.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68#include <openssl/pkcs12.h>
69#include "asn1_locl.h"
70#ifndef OPENSSL_NO_DES
71#include <openssl/des.h>
72#endif
73#ifndef OPENSSL_NO_ENGINE
74#include <openssl/engine.h>
75#endif
76
77const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
78
79#define MIN_LENGTH 4
80
81static int load_iv(char **fromp,unsigned char *to, int num);
82static int check_pem(const char *nm, const char *name);
83int pem_check_suffix(const char *pem_str, const char *suffix);
84
85int PEM_def_callback(char *buf, int num, int w, void *key)
86 {
87#ifdef OPENSSL_NO_FP_API
88 /* We should not ever call the default callback routine from
89 * windows. */
90 PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
91 return(-1);
92#else
93 int i,j;
94 const char *prompt;
95 if(key) {
96 i=strlen(key);
97 i=(i > num)?num:i;
98 memcpy(buf,key,i);
99 return(i);
100 }
101
102 prompt=EVP_get_pw_prompt();
103 if (prompt == NULL)
104 prompt="Enter PEM pass phrase:";
105
106 for (;;)
107 {
108 i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
109 if (i != 0)
110 {
111 PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
112 memset(buf,0,(unsigned int)num);
113 return(-1);
114 }
115 j=strlen(buf);
116 if (j < MIN_LENGTH)
117 {
118 fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
119 }
120 else
121 break;
122 }
123 return(j);
124#endif
125 }
126
127void PEM_proc_type(char *buf, int type)
128 {
129 const char *str;
130
131 if (type == PEM_TYPE_ENCRYPTED)
132 str="ENCRYPTED";
133 else if (type == PEM_TYPE_MIC_CLEAR)
134 str="MIC-CLEAR";
135 else if (type == PEM_TYPE_MIC_ONLY)
136 str="MIC-ONLY";
137 else
138 str="BAD-TYPE";
139
140 BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
141 BUF_strlcat(buf,str,PEM_BUFSIZE);
142 BUF_strlcat(buf,"\n",PEM_BUFSIZE);
143 }
144
145void PEM_dek_info(char *buf, const char *type, int len, char *str)
146 {
147 static const unsigned char map[17]="0123456789ABCDEF";
148 long i;
149 int j;
150
151 BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
152 BUF_strlcat(buf,type,PEM_BUFSIZE);
153 BUF_strlcat(buf,",",PEM_BUFSIZE);
154 j=strlen(buf);
155 if (j + (len * 2) + 1 > PEM_BUFSIZE)
156 return;
157 for (i=0; i<len; i++)
158 {
159 buf[j+i*2] =map[(str[i]>>4)&0x0f];
160 buf[j+i*2+1]=map[(str[i] )&0x0f];
161 }
162 buf[j+i*2]='\n';
163 buf[j+i*2+1]='\0';
164 }
165
166#ifndef OPENSSL_NO_FP_API
167void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
168 pem_password_cb *cb, void *u)
169 {
170 BIO *b;
171 void *ret;
172
173 if ((b=BIO_new(BIO_s_file())) == NULL)
174 {
175 PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
176 return(0);
177 }
178 BIO_set_fp(b,fp,BIO_NOCLOSE);
179 ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
180 BIO_free(b);
181 return(ret);
182 }
183#endif
184
185static int check_pem(const char *nm, const char *name)
186{
187 /* Normal matching nm and name */
188 if (!strcmp(nm,name)) return 1;
189
190 /* Make PEM_STRING_EVP_PKEY match any private key */
191
192 if(!strcmp(name,PEM_STRING_EVP_PKEY))
193 {
194 int slen;
195 const EVP_PKEY_ASN1_METHOD *ameth;
196 if(!strcmp(nm,PEM_STRING_PKCS8))
197 return 1;
198 if(!strcmp(nm,PEM_STRING_PKCS8INF))
199 return 1;
200 slen = pem_check_suffix(nm, "PRIVATE KEY");
201 if (slen > 0)
202 {
203 /* NB: ENGINE implementations wont contain
204 * a deprecated old private key decode function
205 * so don't look for them.
206 */
207 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
208 if (ameth && ameth->old_priv_decode)
209 return 1;
210 }
211 return 0;
212 }
213
214 if(!strcmp(name,PEM_STRING_PARAMETERS))
215 {
216 int slen;
217 const EVP_PKEY_ASN1_METHOD *ameth;
218 slen = pem_check_suffix(nm, "PARAMETERS");
219 if (slen > 0)
220 {
221 ENGINE *e;
222 ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
223 if (ameth)
224 {
225 int r;
226 if (ameth->param_decode)
227 r = 1;
228 else
229 r = 0;
230#ifndef OPENSSL_NO_ENGINE
231 if (e)
232 ENGINE_finish(e);
233#endif
234 return r;
235 }
236 }
237 return 0;
238 }
239
240 /* Permit older strings */
241
242 if(!strcmp(nm,PEM_STRING_X509_OLD) &&
243 !strcmp(name,PEM_STRING_X509)) return 1;
244
245 if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
246 !strcmp(name,PEM_STRING_X509_REQ)) return 1;
247
248 /* Allow normal certs to be read as trusted certs */
249 if(!strcmp(nm,PEM_STRING_X509) &&
250 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
251
252 if(!strcmp(nm,PEM_STRING_X509_OLD) &&
253 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
254
255 /* Some CAs use PKCS#7 with CERTIFICATE headers */
256 if(!strcmp(nm, PEM_STRING_X509) &&
257 !strcmp(name, PEM_STRING_PKCS7)) return 1;
258
259 if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
260 !strcmp(name, PEM_STRING_PKCS7)) return 1;
261
262#ifndef OPENSSL_NO_CMS
263 if(!strcmp(nm, PEM_STRING_X509) &&
264 !strcmp(name, PEM_STRING_CMS)) return 1;
265 /* Allow CMS to be read from PKCS#7 headers */
266 if(!strcmp(nm, PEM_STRING_PKCS7) &&
267 !strcmp(name, PEM_STRING_CMS)) return 1;
268#endif
269
270 return 0;
271}
272
273int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
274 pem_password_cb *cb, void *u)
275 {
276 EVP_CIPHER_INFO cipher;
277 char *nm=NULL,*header=NULL;
278 unsigned char *data=NULL;
279 long len;
280 int ret = 0;
281
282 for (;;)
283 {
284 if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
285 if(ERR_GET_REASON(ERR_peek_error()) ==
286 PEM_R_NO_START_LINE)
287 ERR_add_error_data(2, "Expecting: ", name);
288 return 0;
289 }
290 if(check_pem(nm, name)) break;
291 OPENSSL_free(nm);
292 OPENSSL_free(header);
293 OPENSSL_free(data);
294 }
295 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
296 if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
297
298 *pdata = data;
299 *plen = len;
300
301 if (pnm)
302 *pnm = nm;
303
304 ret = 1;
305
306err:
307 if (!ret || !pnm) OPENSSL_free(nm);
308 OPENSSL_free(header);
309 if (!ret) OPENSSL_free(data);
310 return ret;
311 }
312
313#ifndef OPENSSL_NO_FP_API
314int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
315 void *x, const EVP_CIPHER *enc, unsigned char *kstr,
316 int klen, pem_password_cb *callback, void *u)
317 {
318 BIO *b;
319 int ret;
320
321 if ((b=BIO_new(BIO_s_file())) == NULL)
322 {
323 PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
324 return(0);
325 }
326 BIO_set_fp(b,fp,BIO_NOCLOSE);
327 ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
328 BIO_free(b);
329 return(ret);
330 }
331#endif
332
333int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
334 void *x, const EVP_CIPHER *enc, unsigned char *kstr,
335 int klen, pem_password_cb *callback, void *u)
336 {
337 EVP_CIPHER_CTX ctx;
338 int dsize=0,i,j,ret=0;
339 unsigned char *p,*data=NULL;
340 const char *objstr=NULL;
341 char buf[PEM_BUFSIZE];
342 unsigned char key[EVP_MAX_KEY_LENGTH];
343 unsigned char iv[EVP_MAX_IV_LENGTH];
344
345 if (enc != NULL)
346 {
347 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
348 if (objstr == NULL)
349 {
350 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
351 goto err;
352 }
353 }
354
355 if ((dsize=i2d(x,NULL)) < 0)
356 {
357 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
358 dsize=0;
359 goto err;
360 }
361 /* dzise + 8 bytes are needed */
362 /* actually it needs the cipher block size extra... */
363 data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
364 if (data == NULL)
365 {
366 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
367 goto err;
368 }
369 p=data;
370 i=i2d(x,&p);
371
372 if (enc != NULL)
373 {
374 if (kstr == NULL)
375 {
376 if (callback == NULL)
377 klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
378 else
379 klen=(*callback)(buf,PEM_BUFSIZE,1,u);
380 if (klen <= 0)
381 {
382 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
383 goto err;
384 }
385#ifdef CHARSET_EBCDIC
386 /* Convert the pass phrase from EBCDIC */
387 ebcdic2ascii(buf, buf, klen);
388#endif
389 kstr=(unsigned char *)buf;
390 }
391 RAND_add(data,i,0);/* put in the RSA key. */
392 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
393 if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
394 goto err;
395 /* The 'iv' is used as the iv and as a salt. It is
396 * NOT taken from the BytesToKey function */
397 EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
398
399 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
400
401 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
402
403 buf[0]='\0';
404 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
405 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
406 /* k=strlen(buf); */
407
408 EVP_CIPHER_CTX_init(&ctx);
409 EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
410 EVP_EncryptUpdate(&ctx,data,&j,data,i);
411 EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
412 EVP_CIPHER_CTX_cleanup(&ctx);
413 i+=j;
414 ret=1;
415 }
416 else
417 {
418 ret=1;
419 buf[0]='\0';
420 }
421 i=PEM_write_bio(bp,name,buf,data,i);
422 if (i <= 0) ret=0;
423err:
424 OPENSSL_cleanse(key,sizeof(key));
425 OPENSSL_cleanse(iv,sizeof(iv));
426 OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
427 OPENSSL_cleanse(buf,PEM_BUFSIZE);
428 if (data != NULL)
429 {
430 OPENSSL_cleanse(data,(unsigned int)dsize);
431 OPENSSL_free(data);
432 }
433 return(ret);
434 }
435
436int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
437 pem_password_cb *callback,void *u)
438 {
439 int i,j,o,klen;
440 long len;
441 EVP_CIPHER_CTX ctx;
442 unsigned char key[EVP_MAX_KEY_LENGTH];
443 char buf[PEM_BUFSIZE];
444
445 len= *plen;
446
447 if (cipher->cipher == NULL) return(1);
448 if (callback == NULL)
449 klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
450 else
451 klen=callback(buf,PEM_BUFSIZE,0,u);
452 if (klen <= 0)
453 {
454 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
455 return(0);
456 }
457#ifdef CHARSET_EBCDIC
458 /* Convert the pass phrase from EBCDIC */
459 ebcdic2ascii(buf, buf, klen);
460#endif
461
462 EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
463 (unsigned char *)buf,klen,1,key,NULL);
464
465 j=(int)len;
466 EVP_CIPHER_CTX_init(&ctx);
467 EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
468 EVP_DecryptUpdate(&ctx,data,&i,data,j);
469 o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
470 EVP_CIPHER_CTX_cleanup(&ctx);
471 OPENSSL_cleanse((char *)buf,sizeof(buf));
472 OPENSSL_cleanse((char *)key,sizeof(key));
473 j+=i;
474 if (!o)
475 {
476 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
477 return(0);
478 }
479 *plen=j;
480 return(1);
481 }
482
483int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
484 {
485 const EVP_CIPHER *enc=NULL;
486 char *p,c;
487 char **header_pp = &header;
488
489 cipher->cipher=NULL;
490 if ((header == NULL) || (*header == '\0') || (*header == '\n'))
491 return(1);
492 if (strncmp(header,"Proc-Type: ",11) != 0)
493 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
494 header+=11;
495 if (*header != '4') return(0); header++;
496 if (*header != ',') return(0); header++;
497 if (strncmp(header,"ENCRYPTED",9) != 0)
498 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
499 for (; (*header != '\n') && (*header != '\0'); header++)
500 ;
501 if (*header == '\0')
502 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
503 header++;
504 if (strncmp(header,"DEK-Info: ",10) != 0)
505 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
506 header+=10;
507
508 p=header;
509 for (;;)
510 {
511 c= *header;
512#ifndef CHARSET_EBCDIC
513 if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
514 ((c >= '0') && (c <= '9'))))
515 break;
516#else
517 if (!( isupper(c) || (c == '-') ||
518 isdigit(c)))
519 break;
520#endif
521 header++;
522 }
523 *header='\0';
524 cipher->cipher=enc=EVP_get_cipherbyname(p);
525 *header=c;
526 header++;
527
528 if (enc == NULL)
529 {
530 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
531 return(0);
532 }
533 if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
534 return(0);
535
536 return(1);
537 }
538
539static int load_iv(char **fromp, unsigned char *to, int num)
540 {
541 int v,i;
542 char *from;
543
544 from= *fromp;
545 for (i=0; i<num; i++) to[i]=0;
546 num*=2;
547 for (i=0; i<num; i++)
548 {
549 if ((*from >= '0') && (*from <= '9'))
550 v= *from-'0';
551 else if ((*from >= 'A') && (*from <= 'F'))
552 v= *from-'A'+10;
553 else if ((*from >= 'a') && (*from <= 'f'))
554 v= *from-'a'+10;
555 else
556 {
557 PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
558 return(0);
559 }
560 from++;
561 to[i/2]|=v<<(long)((!(i&1))*4);
562 }
563
564 *fromp=from;
565 return(1);
566 }
567
568#ifndef OPENSSL_NO_FP_API
569int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
570 long len)
571 {
572 BIO *b;
573 int ret;
574
575 if ((b=BIO_new(BIO_s_file())) == NULL)
576 {
577 PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
578 return(0);
579 }
580 BIO_set_fp(b,fp,BIO_NOCLOSE);
581 ret=PEM_write_bio(b, name, header, data,len);
582 BIO_free(b);
583 return(ret);
584 }
585#endif
586
587int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
588 long len)
589 {
590 int nlen,n,i,j,outl;
591 unsigned char *buf = NULL;
592 EVP_ENCODE_CTX ctx;
593 int reason=ERR_R_BUF_LIB;
594
595 EVP_EncodeInit(&ctx);
596 nlen=strlen(name);
597
598 if ( (BIO_write(bp,"-----BEGIN ",11) != 11) ||
599 (BIO_write(bp,name,nlen) != nlen) ||
600 (BIO_write(bp,"-----\n",6) != 6))
601 goto err;
602
603 i=strlen(header);
604 if (i > 0)
605 {
606 if ( (BIO_write(bp,header,i) != i) ||
607 (BIO_write(bp,"\n",1) != 1))
608 goto err;
609 }
610
611 buf = OPENSSL_malloc(PEM_BUFSIZE*8);
612 if (buf == NULL)
613 {
614 reason=ERR_R_MALLOC_FAILURE;
615 goto err;
616 }
617
618 i=j=0;
619 while (len > 0)
620 {
621 n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
622 EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
623 if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
624 goto err;
625 i+=outl;
626 len-=n;
627 j+=n;
628 }
629 EVP_EncodeFinal(&ctx,buf,&outl);
630 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
631 OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
632 OPENSSL_free(buf);
633 buf = NULL;
634 if ( (BIO_write(bp,"-----END ",9) != 9) ||
635 (BIO_write(bp,name,nlen) != nlen) ||
636 (BIO_write(bp,"-----\n",6) != 6))
637 goto err;
638 return(i+outl);
639err:
640 if (buf) {
641 OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
642 OPENSSL_free(buf);
643 }
644 PEMerr(PEM_F_PEM_WRITE_BIO,reason);
645 return(0);
646 }
647
648#ifndef OPENSSL_NO_FP_API
649int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
650 long *len)
651 {
652 BIO *b;
653 int ret;
654
655 if ((b=BIO_new(BIO_s_file())) == NULL)
656 {
657 PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
658 return(0);
659 }
660 BIO_set_fp(b,fp,BIO_NOCLOSE);
661 ret=PEM_read_bio(b, name, header, data,len);
662 BIO_free(b);
663 return(ret);
664 }
665#endif
666
667int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
668 long *len)
669 {
670 EVP_ENCODE_CTX ctx;
671 int end=0,i,k,bl=0,hl=0,nohead=0;
672 char buf[256];
673 BUF_MEM *nameB;
674 BUF_MEM *headerB;
675 BUF_MEM *dataB,*tmpB;
676
677 nameB=BUF_MEM_new();
678 headerB=BUF_MEM_new();
679 dataB=BUF_MEM_new();
680 if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
681 {
682 BUF_MEM_free(nameB);
683 BUF_MEM_free(headerB);
684 BUF_MEM_free(dataB);
685 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
686 return(0);
687 }
688
689 buf[254]='\0';
690 for (;;)
691 {
692 i=BIO_gets(bp,buf,254);
693
694 if (i <= 0)
695 {
696 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
697 goto err;
698 }
699
700 while ((i >= 0) && (buf[i] <= ' ')) i--;
701 buf[++i]='\n'; buf[++i]='\0';
702
703 if (strncmp(buf,"-----BEGIN ",11) == 0)
704 {
705 i=strlen(&(buf[11]));
706
707 if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
708 continue;
709 if (!BUF_MEM_grow(nameB,i+9))
710 {
711 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
712 goto err;
713 }
714 memcpy(nameB->data,&(buf[11]),i-6);
715 nameB->data[i-6]='\0';
716 break;
717 }
718 }
719 hl=0;
720 if (!BUF_MEM_grow(headerB,256))
721 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
722 headerB->data[0]='\0';
723 for (;;)
724 {
725 i=BIO_gets(bp,buf,254);
726 if (i <= 0) break;
727
728 while ((i >= 0) && (buf[i] <= ' ')) i--;
729 buf[++i]='\n'; buf[++i]='\0';
730
731 if (buf[0] == '\n') break;
732 if (!BUF_MEM_grow(headerB,hl+i+9))
733 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
734 if (strncmp(buf,"-----END ",9) == 0)
735 {
736 nohead=1;
737 break;
738 }
739 memcpy(&(headerB->data[hl]),buf,i);
740 headerB->data[hl+i]='\0';
741 hl+=i;
742 }
743
744 bl=0;
745 if (!BUF_MEM_grow(dataB,1024))
746 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
747 dataB->data[0]='\0';
748 if (!nohead)
749 {
750 for (;;)
751 {
752 i=BIO_gets(bp,buf,254);
753 if (i <= 0) break;
754
755 while ((i >= 0) && (buf[i] <= ' ')) i--;
756 buf[++i]='\n'; buf[++i]='\0';
757
758 if (i != 65) end=1;
759 if (strncmp(buf,"-----END ",9) == 0)
760 break;
761 if (i > 65) break;
762 if (!BUF_MEM_grow_clean(dataB,i+bl+9))
763 {
764 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
765 goto err;
766 }
767 memcpy(&(dataB->data[bl]),buf,i);
768 dataB->data[bl+i]='\0';
769 bl+=i;
770 if (end)
771 {
772 buf[0]='\0';
773 i=BIO_gets(bp,buf,254);
774 if (i <= 0) break;
775
776 while ((i >= 0) && (buf[i] <= ' ')) i--;
777 buf[++i]='\n'; buf[++i]='\0';
778
779 break;
780 }
781 }
782 }
783 else
784 {
785 tmpB=headerB;
786 headerB=dataB;
787 dataB=tmpB;
788 bl=hl;
789 }
790 i=strlen(nameB->data);
791 if ( (strncmp(buf,"-----END ",9) != 0) ||
792 (strncmp(nameB->data,&(buf[9]),i) != 0) ||
793 (strncmp(&(buf[9+i]),"-----\n",6) != 0))
794 {
795 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
796 goto err;
797 }
798
799 EVP_DecodeInit(&ctx);
800 i=EVP_DecodeUpdate(&ctx,
801 (unsigned char *)dataB->data,&bl,
802 (unsigned char *)dataB->data,bl);
803 if (i < 0)
804 {
805 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
806 goto err;
807 }
808 i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
809 if (i < 0)
810 {
811 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
812 goto err;
813 }
814 bl+=k;
815
816 if (bl == 0) goto err;
817 *name=nameB->data;
818 *header=headerB->data;
819 *data=(unsigned char *)dataB->data;
820 *len=bl;
821 OPENSSL_free(nameB);
822 OPENSSL_free(headerB);
823 OPENSSL_free(dataB);
824 return(1);
825err:
826 BUF_MEM_free(nameB);
827 BUF_MEM_free(headerB);
828 BUF_MEM_free(dataB);
829 return(0);
830 }
831
832/* Check pem string and return prefix length.
833 * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY"
834 * the return value is 3 for the string "RSA".
835 */
836
837int pem_check_suffix(const char *pem_str, const char *suffix)
838 {
839 int pem_len = strlen(pem_str);
840 int suffix_len = strlen(suffix);
841 const char *p;
842 if (suffix_len + 1 >= pem_len)
843 return 0;
844 p = pem_str + pem_len - suffix_len;
845 if (strcmp(p, suffix))
846 return 0;
847 p--;
848 if (*p != ' ')
849 return 0;
850 return p - pem_str;
851 }
852
diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c
deleted file mode 100644
index b33868d25a..0000000000
--- a/src/lib/libcrypto/pem/pem_oth.c
+++ /dev/null
@@ -1,86 +0,0 @@
1/* crypto/pem/pem_oth.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/buffer.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/x509.h>
66#include <openssl/pem.h>
67
68/* Handle 'other' PEMs: not private keys */
69
70void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
71 pem_password_cb *cb, void *u)
72 {
73 const unsigned char *p=NULL;
74 unsigned char *data=NULL;
75 long len;
76 char *ret=NULL;
77
78 if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
79 return NULL;
80 p = data;
81 ret=d2i(x,&p,len);
82 if (ret == NULL)
83 PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
84 OPENSSL_free(data);
85 return(ret);
86 }
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
deleted file mode 100644
index 6deab8c338..0000000000
--- a/src/lib/libcrypto/pem/pem_pk8.c
+++ /dev/null
@@ -1,242 +0,0 @@
1/* crypto/pem/pem_pkey.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/buffer.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/x509.h>
66#include <openssl/pkcs12.h>
67#include <openssl/pem.h>
68
69static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
70 int nid, const EVP_CIPHER *enc,
71 char *kstr, int klen,
72 pem_password_cb *cb, void *u);
73static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
74 int nid, const EVP_CIPHER *enc,
75 char *kstr, int klen,
76 pem_password_cb *cb, void *u);
77
78/* These functions write a private key in PKCS#8 format: it is a "drop in"
79 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
80 * is NULL then it uses the unencrypted private key form. The 'nid' versions
81 * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
82 */
83
84int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
85 char *kstr, int klen,
86 pem_password_cb *cb, void *u)
87{
88 return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
89}
90
91int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
92 char *kstr, int klen,
93 pem_password_cb *cb, void *u)
94{
95 return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
96}
97
98int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
99 char *kstr, int klen,
100 pem_password_cb *cb, void *u)
101{
102 return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
103}
104
105int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
106 char *kstr, int klen,
107 pem_password_cb *cb, void *u)
108{
109 return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
110}
111
112static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
113 char *kstr, int klen,
114 pem_password_cb *cb, void *u)
115{
116 X509_SIG *p8;
117 PKCS8_PRIV_KEY_INFO *p8inf;
118 char buf[PEM_BUFSIZE];
119 int ret;
120 if(!(p8inf = EVP_PKEY2PKCS8(x))) {
121 PEMerr(PEM_F_DO_PK8PKEY,
122 PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
123 return 0;
124 }
125 if(enc || (nid != -1)) {
126 if(!kstr) {
127 if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
128 else klen = cb(buf, PEM_BUFSIZE, 1, u);
129 if(klen <= 0) {
130 PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY);
131 PKCS8_PRIV_KEY_INFO_free(p8inf);
132 return 0;
133 }
134
135 kstr = buf;
136 }
137 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
138 if(kstr == buf) OPENSSL_cleanse(buf, klen);
139 PKCS8_PRIV_KEY_INFO_free(p8inf);
140 if(isder) ret = i2d_PKCS8_bio(bp, p8);
141 else ret = PEM_write_bio_PKCS8(bp, p8);
142 X509_SIG_free(p8);
143 return ret;
144 } else {
145 if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
146 else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
147 PKCS8_PRIV_KEY_INFO_free(p8inf);
148 return ret;
149 }
150}
151
152EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
153{
154 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
155 X509_SIG *p8 = NULL;
156 int klen;
157 EVP_PKEY *ret;
158 char psbuf[PEM_BUFSIZE];
159 p8 = d2i_PKCS8_bio(bp, NULL);
160 if(!p8) return NULL;
161 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
162 else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
163 if (klen <= 0) {
164 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
165 X509_SIG_free(p8);
166 return NULL;
167 }
168 p8inf = PKCS8_decrypt(p8, psbuf, klen);
169 X509_SIG_free(p8);
170 if(!p8inf) return NULL;
171 ret = EVP_PKCS82PKEY(p8inf);
172 PKCS8_PRIV_KEY_INFO_free(p8inf);
173 if(!ret) return NULL;
174 if(x) {
175 if(*x) EVP_PKEY_free(*x);
176 *x = ret;
177 }
178 return ret;
179}
180
181#ifndef OPENSSL_NO_FP_API
182
183int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
184 char *kstr, int klen,
185 pem_password_cb *cb, void *u)
186{
187 return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
188}
189
190int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
191 char *kstr, int klen,
192 pem_password_cb *cb, void *u)
193{
194 return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
195}
196
197int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
198 char *kstr, int klen,
199 pem_password_cb *cb, void *u)
200{
201 return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
202}
203
204int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
205 char *kstr, int klen, pem_password_cb *cb, void *u)
206{
207 return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
208}
209
210static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
211 char *kstr, int klen,
212 pem_password_cb *cb, void *u)
213{
214 BIO *bp;
215 int ret;
216 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
217 PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB);
218 return(0);
219 }
220 ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
221 BIO_free(bp);
222 return ret;
223}
224
225EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
226{
227 BIO *bp;
228 EVP_PKEY *ret;
229 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
230 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
231 return NULL;
232 }
233 ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
234 BIO_free(bp);
235 return ret;
236}
237
238#endif
239
240IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
241IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
242 PKCS8_PRIV_KEY_INFO)
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
deleted file mode 100644
index 8ecf24903b..0000000000
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ /dev/null
@@ -1,242 +0,0 @@
1/* crypto/pem/pem_pkey.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/buffer.h>
62#include <openssl/objects.h>
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/x509.h>
66#include <openssl/pkcs12.h>
67#include <openssl/pem.h>
68#ifndef OPENSSL_NO_ENGINE
69#include <openssl/engine.h>
70#endif
71#include "asn1_locl.h"
72
73int pem_check_suffix(const char *pem_str, const char *suffix);
74
75EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
76 {
77 char *nm=NULL;
78 const unsigned char *p=NULL;
79 unsigned char *data=NULL;
80 long len;
81 int slen;
82 EVP_PKEY *ret=NULL;
83
84 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
85 return NULL;
86 p = data;
87
88 if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
89 PKCS8_PRIV_KEY_INFO *p8inf;
90 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
91 if(!p8inf) goto p8err;
92 ret = EVP_PKCS82PKEY(p8inf);
93 if(x) {
94 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
95 *x = ret;
96 }
97 PKCS8_PRIV_KEY_INFO_free(p8inf);
98 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
99 PKCS8_PRIV_KEY_INFO *p8inf;
100 X509_SIG *p8;
101 int klen;
102 char psbuf[PEM_BUFSIZE];
103 p8 = d2i_X509_SIG(NULL, &p, len);
104 if(!p8) goto p8err;
105 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
106 else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
107 if (klen <= 0) {
108 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
109 PEM_R_BAD_PASSWORD_READ);
110 X509_SIG_free(p8);
111 goto err;
112 }
113 p8inf = PKCS8_decrypt(p8, psbuf, klen);
114 X509_SIG_free(p8);
115 if(!p8inf) goto p8err;
116 ret = EVP_PKCS82PKEY(p8inf);
117 if(x) {
118 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
119 *x = ret;
120 }
121 PKCS8_PRIV_KEY_INFO_free(p8inf);
122 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0)
123 {
124 const EVP_PKEY_ASN1_METHOD *ameth;
125 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
126 if (!ameth || !ameth->old_priv_decode)
127 goto p8err;
128 ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len);
129 }
130p8err:
131 if (ret == NULL)
132 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
133err:
134 OPENSSL_free(nm);
135 OPENSSL_cleanse(data, len);
136 OPENSSL_free(data);
137 return(ret);
138 }
139
140int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
141 unsigned char *kstr, int klen,
142 pem_password_cb *cb, void *u)
143 {
144 char pem_str[80];
145 if (!x->ameth || x->ameth->priv_encode)
146 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
147 (char *)kstr, klen,
148 cb, u);
149
150 BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
151 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
152 pem_str,bp,x,enc,kstr,klen,cb,u);
153 }
154
155EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
156 {
157 char *nm=NULL;
158 const unsigned char *p=NULL;
159 unsigned char *data=NULL;
160 long len;
161 int slen;
162 EVP_PKEY *ret=NULL;
163
164 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
165 bp, 0, NULL))
166 return NULL;
167 p = data;
168
169 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0)
170 {
171 ret = EVP_PKEY_new();
172 if (!ret)
173 goto err;
174 if (!EVP_PKEY_set_type_str(ret, nm, slen)
175 || !ret->ameth->param_decode
176 || !ret->ameth->param_decode(ret, &p, len))
177 {
178 EVP_PKEY_free(ret);
179 ret = NULL;
180 goto err;
181 }
182 if(x)
183 {
184 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
185 *x = ret;
186 }
187 }
188err:
189 if (ret == NULL)
190 PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB);
191 OPENSSL_free(nm);
192 OPENSSL_free(data);
193 return(ret);
194 }
195
196int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
197 {
198 char pem_str[80];
199 if (!x->ameth || !x->ameth->param_encode)
200 return 0;
201
202 BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
203 return PEM_ASN1_write_bio(
204 (i2d_of_void *)x->ameth->param_encode,
205 pem_str,bp,x,NULL,NULL,0,0,NULL);
206 }
207
208#ifndef OPENSSL_NO_FP_API
209EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
210 {
211 BIO *b;
212 EVP_PKEY *ret;
213
214 if ((b=BIO_new(BIO_s_file())) == NULL)
215 {
216 PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
217 return(0);
218 }
219 BIO_set_fp(b,fp,BIO_NOCLOSE);
220 ret=PEM_read_bio_PrivateKey(b,x,cb,u);
221 BIO_free(b);
222 return(ret);
223 }
224
225int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
226 unsigned char *kstr, int klen,
227 pem_password_cb *cb, void *u)
228 {
229 BIO *b;
230 int ret;
231
232 if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
233 {
234 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB);
235 return 0;
236 }
237 ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
238 BIO_free(b);
239 return ret;
240 }
241
242#endif
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
deleted file mode 100644
index 59690b56ae..0000000000
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ /dev/null
@@ -1,189 +0,0 @@
1/* crypto/pem/pem_seal.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */
60#ifndef OPENSSL_NO_RSA
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/evp.h>
64#include <openssl/rand.h>
65#include <openssl/objects.h>
66#include <openssl/x509.h>
67#include <openssl/pem.h>
68#include <openssl/rsa.h>
69
70int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
71 unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
72 int npubk)
73 {
74 unsigned char key[EVP_MAX_KEY_LENGTH];
75 int ret= -1;
76 int i,j,max=0;
77 char *s=NULL;
78
79 for (i=0; i<npubk; i++)
80 {
81 if (pubk[i]->type != EVP_PKEY_RSA)
82 {
83 PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
84 goto err;
85 }
86 j=RSA_size(pubk[i]->pkey.rsa);
87 if (j > max) max=j;
88 }
89 s=(char *)OPENSSL_malloc(max*2);
90 if (s == NULL)
91 {
92 PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
93 goto err;
94 }
95
96 EVP_EncodeInit(&ctx->encode);
97
98 EVP_MD_CTX_init(&ctx->md);
99 EVP_SignInit(&ctx->md,md_type);
100
101 EVP_CIPHER_CTX_init(&ctx->cipher);
102 ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
103 if (ret <= 0) goto err;
104
105 /* base64 encode the keys */
106 for (i=0; i<npubk; i++)
107 {
108 j=EVP_EncodeBlock((unsigned char *)s,ek[i],
109 RSA_size(pubk[i]->pkey.rsa));
110 ekl[i]=j;
111 memcpy(ek[i],s,j+1);
112 }
113
114 ret=npubk;
115err:
116 if (s != NULL) OPENSSL_free(s);
117 OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
118 return(ret);
119 }
120
121void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
122 unsigned char *in, int inl)
123 {
124 unsigned char buffer[1600];
125 int i,j;
126
127 *outl=0;
128 EVP_SignUpdate(&ctx->md,in,inl);
129 for (;;)
130 {
131 if (inl <= 0) break;
132 if (inl > 1200)
133 i=1200;
134 else
135 i=inl;
136 EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
137 EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
138 *outl+=j;
139 out+=j;
140 in+=i;
141 inl-=i;
142 }
143 }
144
145int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
146 unsigned char *out, int *outl, EVP_PKEY *priv)
147 {
148 unsigned char *s=NULL;
149 int ret=0,j;
150 unsigned int i;
151
152 if (priv->type != EVP_PKEY_RSA)
153 {
154 PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
155 goto err;
156 }
157 i=RSA_size(priv->pkey.rsa);
158 if (i < 100) i=100;
159 s=(unsigned char *)OPENSSL_malloc(i*2);
160 if (s == NULL)
161 {
162 PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
163 goto err;
164 }
165
166 EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
167 EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
168 *outl=j;
169 out+=j;
170 EVP_EncodeFinal(&ctx->encode,out,&j);
171 *outl+=j;
172
173 if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
174 *sigl=EVP_EncodeBlock(sig,s,i);
175
176 ret=1;
177err:
178 EVP_MD_CTX_cleanup(&ctx->md);
179 EVP_CIPHER_CTX_cleanup(&ctx->cipher);
180 if (s != NULL) OPENSSL_free(s);
181 return(ret);
182 }
183#else /* !OPENSSL_NO_RSA */
184
185# if PEDANTIC
186static void *dummy=&dummy;
187# endif
188
189#endif
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c
deleted file mode 100644
index c3b9808cb2..0000000000
--- a/src/lib/libcrypto/pem/pem_sign.c
+++ /dev/null
@@ -1,102 +0,0 @@
1/* crypto/pem/pem_sign.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/rand.h>
62#include <openssl/evp.h>
63#include <openssl/objects.h>
64#include <openssl/x509.h>
65#include <openssl/pem.h>
66
67void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
68 {
69 EVP_DigestInit_ex(ctx, type, NULL);
70 }
71
72void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
73 unsigned int count)
74 {
75 EVP_DigestUpdate(ctx,data,count);
76 }
77
78int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
79 EVP_PKEY *pkey)
80 {
81 unsigned char *m;
82 int i,ret=0;
83 unsigned int m_len;
84
85 m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
86 if (m == NULL)
87 {
88 PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
89 goto err;
90 }
91
92 if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
93
94 i=EVP_EncodeBlock(sigret,m,m_len);
95 *siglen=i;
96 ret=1;
97err:
98 /* ctx has been zeroed by EVP_SignFinal() */
99 if (m != NULL) OPENSSL_free(m);
100 return(ret);
101 }
102
diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c
deleted file mode 100644
index b531057dc9..0000000000
--- a/src/lib/libcrypto/pem/pem_x509.c
+++ /dev/null
@@ -1,68 +0,0 @@
1/* pem_x509.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bio.h>
62#include <openssl/evp.h>
63#include <openssl/x509.h>
64#include <openssl/pkcs7.h>
65#include <openssl/pem.h>
66
67IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
68
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c
deleted file mode 100644
index 328f796200..0000000000
--- a/src/lib/libcrypto/pem/pem_xaux.c
+++ /dev/null
@@ -1,68 +0,0 @@
1/* pem_xaux.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bio.h>
62#include <openssl/evp.h>
63#include <openssl/x509.h>
64#include <openssl/pkcs7.h>
65#include <openssl/pem.h>
66
67IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
68IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)
diff --git a/src/lib/libcrypto/pem/pkcs7.lis b/src/lib/libcrypto/pem/pkcs7.lis
deleted file mode 100644
index be90c5d87f..0000000000
--- a/src/lib/libcrypto/pem/pkcs7.lis
+++ /dev/null
@@ -1,22 +0,0 @@
121 0:d=0 hl=2 l= 0 cons: univ: SEQUENCE
2 00 2:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
3 21 13:d=0 hl=2 l= 0 cons: cont: 00 # explicit tag
4 21 15:d=0 hl=2 l= 0 cons: univ: SEQUENCE
5 00 17:d=0 hl=2 l= 1 prim: univ: INTEGER # version
6 20 20:d=0 hl=2 l= 0 cons: univ: SET
7 21 22:d=0 hl=2 l= 0 cons: univ: SEQUENCE
8 00 24:d=0 hl=2 l= 9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
9 00 35:d=0 hl=2 l= 0 prim: univ: EOC
10 21 37:d=0 hl=2 l= 0 cons: cont: 00 # cert tag
11 20 39:d=0 hl=4 l=545 cons: univ: SEQUENCE
12 20 588:d=0 hl=4 l=524 cons: univ: SEQUENCE
13 00 1116:d=0 hl=2 l= 0 prim: univ: EOC
14 21 1118:d=0 hl=2 l= 0 cons: cont: 01 # crl tag
15 20 1120:d=0 hl=4 l=653 cons: univ: SEQUENCE
16 20 1777:d=0 hl=4 l=285 cons: univ: SEQUENCE
17 00 2066:d=0 hl=2 l= 0 prim: univ: EOC
18 21 2068:d=0 hl=2 l= 0 cons: univ: SET # signers
19 00 2070:d=0 hl=2 l= 0 prim: univ: EOC
20 00 2072:d=0 hl=2 l= 0 prim: univ: EOC
21 00 2074:d=0 hl=2 l= 0 prim: univ: EOC
2200 2076:d=0 hl=2 l= 0 prim: univ: EOC
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
deleted file mode 100644
index 5f130c4528..0000000000
--- a/src/lib/libcrypto/pem/pvkfmt.c
+++ /dev/null
@@ -1,938 +0,0 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2005.
3 */
4/* ====================================================================
5 * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB
59 * and PRIVATEKEYBLOB).
60 */
61
62#include "cryptlib.h"
63#include <openssl/pem.h>
64#include <openssl/rand.h>
65#include <openssl/bn.h>
66#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
67#include <openssl/dsa.h>
68#include <openssl/rsa.h>
69
70/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
71 * format
72 */
73
74static unsigned int read_ledword(const unsigned char **in)
75 {
76 const unsigned char *p = *in;
77 unsigned int ret;
78 ret = *p++;
79 ret |= (*p++ << 8);
80 ret |= (*p++ << 16);
81 ret |= (*p++ << 24);
82 *in = p;
83 return ret;
84 }
85
86/* Read a BIGNUM in little endian format. The docs say that this should take up
87 * bitlen/8 bytes.
88 */
89
90static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
91 {
92 const unsigned char *p;
93 unsigned char *tmpbuf, *q;
94 unsigned int i;
95 p = *in + nbyte - 1;
96 tmpbuf = OPENSSL_malloc(nbyte);
97 if (!tmpbuf)
98 return 0;
99 q = tmpbuf;
100 for (i = 0; i < nbyte; i++)
101 *q++ = *p--;
102 *r = BN_bin2bn(tmpbuf, nbyte, NULL);
103 OPENSSL_free(tmpbuf);
104 if (*r)
105 {
106 *in += nbyte;
107 return 1;
108 }
109 else
110 return 0;
111 }
112
113
114/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
115
116#define MS_PUBLICKEYBLOB 0x6
117#define MS_PRIVATEKEYBLOB 0x7
118#define MS_RSA1MAGIC 0x31415352L
119#define MS_RSA2MAGIC 0x32415352L
120#define MS_DSS1MAGIC 0x31535344L
121#define MS_DSS2MAGIC 0x32535344L
122
123#define MS_KEYALG_RSA_KEYX 0xa400
124#define MS_KEYALG_DSS_SIGN 0x2200
125
126#define MS_KEYTYPE_KEYX 0x1
127#define MS_KEYTYPE_SIGN 0x2
128
129/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
130#define MS_PVKMAGIC 0xb0b5f11eL
131/* Salt length for PVK files */
132#define PVK_SALTLEN 0x10
133
134static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
135 unsigned int bitlen, int ispub);
136static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
137 unsigned int bitlen, int ispub);
138
139static int do_blob_header(const unsigned char **in, unsigned int length,
140 unsigned int *pmagic, unsigned int *pbitlen,
141 int *pisdss, int *pispub)
142 {
143 const unsigned char *p = *in;
144 if (length < 16)
145 return 0;
146 /* bType */
147 if (*p == MS_PUBLICKEYBLOB)
148 {
149 if (*pispub == 0)
150 {
151 PEMerr(PEM_F_DO_BLOB_HEADER,
152 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
153 return 0;
154 }
155 *pispub = 1;
156 }
157 else if (*p == MS_PRIVATEKEYBLOB)
158 {
159 if (*pispub == 1)
160 {
161 PEMerr(PEM_F_DO_BLOB_HEADER,
162 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
163 return 0;
164 }
165 *pispub = 0;
166 }
167 else
168 return 0;
169 p++;
170 /* Version */
171 if (*p++ != 0x2)
172 {
173 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
174 return 0;
175 }
176 /* Ignore reserved, aiKeyAlg */
177 p+= 6;
178 *pmagic = read_ledword(&p);
179 *pbitlen = read_ledword(&p);
180 *pisdss = 0;
181 switch (*pmagic)
182 {
183
184 case MS_DSS1MAGIC:
185 *pisdss = 1;
186 case MS_RSA1MAGIC:
187 if (*pispub == 0)
188 {
189 PEMerr(PEM_F_DO_BLOB_HEADER,
190 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
191 return 0;
192 }
193 break;
194
195 case MS_DSS2MAGIC:
196 *pisdss = 1;
197 case MS_RSA2MAGIC:
198 if (*pispub == 1)
199 {
200 PEMerr(PEM_F_DO_BLOB_HEADER,
201 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
202 return 0;
203 }
204 break;
205
206 default:
207 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
208 return -1;
209 }
210 *in = p;
211 return 1;
212 }
213
214static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
215 {
216 unsigned int nbyte, hnbyte;
217 nbyte = (bitlen + 7) >> 3;
218 hnbyte = (bitlen + 15) >> 4;
219 if (isdss)
220 {
221
222 /* Expected length: 20 for q + 3 components bitlen each + 24
223 * for seed structure.
224 */
225 if (ispub)
226 return 44 + 3 * nbyte;
227 /* Expected length: 20 for q, priv, 2 bitlen components + 24
228 * for seed structure.
229 */
230 else
231 return 64 + 2 * nbyte;
232 }
233 else
234 {
235 /* Expected length: 4 for 'e' + 'n' */
236 if (ispub)
237 return 4 + nbyte;
238 else
239 /* Expected length: 4 for 'e' and 7 other components.
240 * 2 components are bitlen size, 5 are bitlen/2
241 */
242 return 4 + 2*nbyte + 5*hnbyte;
243 }
244
245 }
246
247static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
248 int ispub)
249 {
250 const unsigned char *p = *in;
251 unsigned int bitlen, magic;
252 int isdss;
253 if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0)
254 {
255 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
256 return NULL;
257 }
258 length -= 16;
259 if (length < blob_length(bitlen, isdss, ispub))
260 {
261 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
262 return NULL;
263 }
264 if (isdss)
265 return b2i_dss(&p, length, bitlen, ispub);
266 else
267 return b2i_rsa(&p, length, bitlen, ispub);
268 }
269
270static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
271 {
272 const unsigned char *p;
273 unsigned char hdr_buf[16], *buf = NULL;
274 unsigned int bitlen, magic, length;
275 int isdss;
276 EVP_PKEY *ret = NULL;
277 if (BIO_read(in, hdr_buf, 16) != 16)
278 {
279 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
280 return NULL;
281 }
282 p = hdr_buf;
283 if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
284 return NULL;
285
286 length = blob_length(bitlen, isdss, ispub);
287 buf = OPENSSL_malloc(length);
288 if (!buf)
289 {
290 PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
291 goto err;
292 }
293 p = buf;
294 if (BIO_read(in, buf, length) != (int)length)
295 {
296 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
297 goto err;
298 }
299
300 if (isdss)
301 ret = b2i_dss(&p, length, bitlen, ispub);
302 else
303 ret = b2i_rsa(&p, length, bitlen, ispub);
304
305 err:
306 if (buf)
307 OPENSSL_free(buf);
308 return ret;
309 }
310
311static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
312 unsigned int bitlen, int ispub)
313 {
314 const unsigned char *p = *in;
315 EVP_PKEY *ret = NULL;
316 DSA *dsa = NULL;
317 BN_CTX *ctx = NULL;
318 unsigned int nbyte;
319 nbyte = (bitlen + 7) >> 3;
320
321 dsa = DSA_new();
322 ret = EVP_PKEY_new();
323 if (!dsa || !ret)
324 goto memerr;
325 if (!read_lebn(&p, nbyte, &dsa->p))
326 goto memerr;
327 if (!read_lebn(&p, 20, &dsa->q))
328 goto memerr;
329 if (!read_lebn(&p, nbyte, &dsa->g))
330 goto memerr;
331 if (ispub)
332 {
333 if (!read_lebn(&p, nbyte, &dsa->pub_key))
334 goto memerr;
335 }
336 else
337 {
338 if (!read_lebn(&p, 20, &dsa->priv_key))
339 goto memerr;
340 /* Calculate public key */
341 if (!(dsa->pub_key = BN_new()))
342 goto memerr;
343 if (!(ctx = BN_CTX_new()))
344 goto memerr;
345
346 if (!BN_mod_exp(dsa->pub_key, dsa->g,
347 dsa->priv_key, dsa->p, ctx))
348
349 goto memerr;
350 BN_CTX_free(ctx);
351 }
352
353 EVP_PKEY_set1_DSA(ret, dsa);
354 DSA_free(dsa);
355 *in = p;
356 return ret;
357
358 memerr:
359 PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
360 if (dsa)
361 DSA_free(dsa);
362 if (ret)
363 EVP_PKEY_free(ret);
364 if (ctx)
365 BN_CTX_free(ctx);
366 return NULL;
367 }
368
369static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
370 unsigned int bitlen, int ispub)
371
372 {
373 const unsigned char *p = *in;
374 EVP_PKEY *ret = NULL;
375 RSA *rsa = NULL;
376 unsigned int nbyte, hnbyte;
377 nbyte = (bitlen + 7) >> 3;
378 hnbyte = (bitlen + 15) >> 4;
379 rsa = RSA_new();
380 ret = EVP_PKEY_new();
381 if (!rsa || !ret)
382 goto memerr;
383 rsa->e = BN_new();
384 if (!rsa->e)
385 goto memerr;
386 if (!BN_set_word(rsa->e, read_ledword(&p)))
387 goto memerr;
388 if (!read_lebn(&p, nbyte, &rsa->n))
389 goto memerr;
390 if (!ispub)
391 {
392 if (!read_lebn(&p, hnbyte, &rsa->p))
393 goto memerr;
394 if (!read_lebn(&p, hnbyte, &rsa->q))
395 goto memerr;
396 if (!read_lebn(&p, hnbyte, &rsa->dmp1))
397 goto memerr;
398 if (!read_lebn(&p, hnbyte, &rsa->dmq1))
399 goto memerr;
400 if (!read_lebn(&p, hnbyte, &rsa->iqmp))
401 goto memerr;
402 if (!read_lebn(&p, nbyte, &rsa->d))
403 goto memerr;
404 }
405
406 EVP_PKEY_set1_RSA(ret, rsa);
407 RSA_free(rsa);
408 *in = p;
409 return ret;
410 memerr:
411 PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
412 if (rsa)
413 RSA_free(rsa);
414 if (ret)
415 EVP_PKEY_free(ret);
416 return NULL;
417 }
418
419EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
420 {
421 return do_b2i(in, length, 0);
422 }
423
424EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
425 {
426 return do_b2i(in, length, 1);
427 }
428
429
430EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
431 {
432 return do_b2i_bio(in, 0);
433 }
434
435EVP_PKEY *b2i_PublicKey_bio(BIO *in)
436 {
437 return do_b2i_bio(in, 1);
438 }
439
440static void write_ledword(unsigned char **out, unsigned int dw)
441 {
442 unsigned char *p = *out;
443 *p++ = dw & 0xff;
444 *p++ = (dw>>8) & 0xff;
445 *p++ = (dw>>16) & 0xff;
446 *p++ = (dw>>24) & 0xff;
447 *out = p;
448 }
449
450static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
451 {
452 int nb, i;
453 unsigned char *p = *out, *q, c;
454 nb = BN_num_bytes(bn);
455 BN_bn2bin(bn, p);
456 q = p + nb - 1;
457 /* In place byte order reversal */
458 for (i = 0; i < nb/2; i++)
459 {
460 c = *p;
461 *p++ = *q;
462 *q-- = c;
463 }
464 *out += nb;
465 /* Pad with zeroes if we have to */
466 if (len > 0)
467 {
468 len -= nb;
469 if (len > 0)
470 {
471 memset(*out, 0, len);
472 *out += len;
473 }
474 }
475 }
476
477
478static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
479static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
480
481static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
482static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
483
484static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
485 {
486 unsigned char *p;
487 unsigned int bitlen, magic = 0, keyalg;
488 int outlen, noinc = 0;
489 if (pk->type == EVP_PKEY_DSA)
490 {
491 bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
492 keyalg = MS_KEYALG_DSS_SIGN;
493 }
494 else if (pk->type == EVP_PKEY_RSA)
495 {
496 bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
497 keyalg = MS_KEYALG_RSA_KEYX;
498 }
499 else
500 return -1;
501 if (bitlen == 0)
502 return -1;
503 outlen = 16 + blob_length(bitlen,
504 keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
505 if (out == NULL)
506 return outlen;
507 if (*out)
508 p = *out;
509 else
510 {
511 p = OPENSSL_malloc(outlen);
512 if (!p)
513 return -1;
514 *out = p;
515 noinc = 1;
516 }
517 if (ispub)
518 *p++ = MS_PUBLICKEYBLOB;
519 else
520 *p++ = MS_PRIVATEKEYBLOB;
521 *p++ = 0x2;
522 *p++ = 0;
523 *p++ = 0;
524 write_ledword(&p, keyalg);
525 write_ledword(&p, magic);
526 write_ledword(&p, bitlen);
527 if (keyalg == MS_KEYALG_DSS_SIGN)
528 write_dsa(&p, pk->pkey.dsa, ispub);
529 else
530 write_rsa(&p, pk->pkey.rsa, ispub);
531 if (!noinc)
532 *out += outlen;
533 return outlen;
534 }
535
536static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
537 {
538 unsigned char *tmp = NULL;
539 int outlen, wrlen;
540 outlen = do_i2b(&tmp, pk, ispub);
541 if (outlen < 0)
542 return -1;
543 wrlen = BIO_write(out, tmp, outlen);
544 OPENSSL_free(tmp);
545 if (wrlen == outlen)
546 return outlen;
547 return -1;
548 }
549
550static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
551 {
552 int bitlen;
553 bitlen = BN_num_bits(dsa->p);
554 if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
555 || (BN_num_bits(dsa->g) > bitlen))
556 goto badkey;
557 if (ispub)
558 {
559 if (BN_num_bits(dsa->pub_key) > bitlen)
560 goto badkey;
561 *pmagic = MS_DSS1MAGIC;
562 }
563 else
564 {
565 if (BN_num_bits(dsa->priv_key) > 160)
566 goto badkey;
567 *pmagic = MS_DSS2MAGIC;
568 }
569
570 return bitlen;
571 badkey:
572 PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
573 return 0;
574 }
575
576static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
577 {
578 int nbyte, hnbyte, bitlen;
579 if (BN_num_bits(rsa->e) > 32)
580 goto badkey;
581 bitlen = BN_num_bits(rsa->n);
582 nbyte = BN_num_bytes(rsa->n);
583 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
584 if (ispub)
585 {
586 *pmagic = MS_RSA1MAGIC;
587 return bitlen;
588 }
589 else
590 {
591 *pmagic = MS_RSA2MAGIC;
592 /* For private key each component must fit within nbyte or
593 * hnbyte.
594 */
595 if (BN_num_bytes(rsa->d) > nbyte)
596 goto badkey;
597 if ((BN_num_bytes(rsa->iqmp) > hnbyte)
598 || (BN_num_bytes(rsa->p) > hnbyte)
599 || (BN_num_bytes(rsa->q) > hnbyte)
600 || (BN_num_bytes(rsa->dmp1) > hnbyte)
601 || (BN_num_bytes(rsa->dmq1) > hnbyte))
602 goto badkey;
603 }
604 return bitlen;
605 badkey:
606 PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
607 return 0;
608 }
609
610
611static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
612 {
613 int nbyte, hnbyte;
614 nbyte = BN_num_bytes(rsa->n);
615 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
616 write_lebn(out, rsa->e, 4);
617 write_lebn(out, rsa->n, -1);
618 if (ispub)
619 return;
620 write_lebn(out, rsa->p, hnbyte);
621 write_lebn(out, rsa->q, hnbyte);
622 write_lebn(out, rsa->dmp1, hnbyte);
623 write_lebn(out, rsa->dmq1, hnbyte);
624 write_lebn(out, rsa->iqmp, hnbyte);
625 write_lebn(out, rsa->d, nbyte);
626 }
627
628
629static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
630 {
631 int nbyte;
632 nbyte = BN_num_bytes(dsa->p);
633 write_lebn(out, dsa->p, nbyte);
634 write_lebn(out, dsa->q, 20);
635 write_lebn(out, dsa->g, nbyte);
636 if (ispub)
637 write_lebn(out, dsa->pub_key, nbyte);
638 else
639 write_lebn(out, dsa->priv_key, 20);
640 /* Set "invalid" for seed structure values */
641 memset(*out, 0xff, 24);
642 *out += 24;
643 return;
644 }
645
646
647int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
648 {
649 return do_i2b_bio(out, pk, 0);
650 }
651
652int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
653 {
654 return do_i2b_bio(out, pk, 1);
655 }
656
657#ifndef OPENSSL_NO_RC4
658
659static int do_PVK_header(const unsigned char **in, unsigned int length,
660 int skip_magic,
661 unsigned int *psaltlen, unsigned int *pkeylen)
662
663 {
664 const unsigned char *p = *in;
665 unsigned int pvk_magic, is_encrypted;
666 if (skip_magic)
667 {
668 if (length < 20)
669 {
670 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
671 return 0;
672 }
673 length -= 20;
674 }
675 else
676 {
677 if (length < 24)
678 {
679 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
680 return 0;
681 }
682 length -= 24;
683 pvk_magic = read_ledword(&p);
684 if (pvk_magic != MS_PVKMAGIC)
685 {
686 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
687 return 0;
688 }
689 }
690 /* Skip reserved */
691 p += 4;
692 /*keytype = */read_ledword(&p);
693 is_encrypted = read_ledword(&p);
694 *psaltlen = read_ledword(&p);
695 *pkeylen = read_ledword(&p);
696
697 if (is_encrypted && !*psaltlen)
698 {
699 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
700 return 0;
701 }
702
703 *in = p;
704 return 1;
705 }
706
707static int derive_pvk_key(unsigned char *key,
708 const unsigned char *salt, unsigned int saltlen,
709 const unsigned char *pass, int passlen)
710 {
711 EVP_MD_CTX mctx;
712 EVP_MD_CTX_init(&mctx);
713 EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
714 EVP_DigestUpdate(&mctx, salt, saltlen);
715 EVP_DigestUpdate(&mctx, pass, passlen);
716 EVP_DigestFinal_ex(&mctx, key, NULL);
717 EVP_MD_CTX_cleanup(&mctx);
718 return 1;
719 }
720
721
722static EVP_PKEY *do_PVK_body(const unsigned char **in,
723 unsigned int saltlen, unsigned int keylen,
724 pem_password_cb *cb, void *u)
725 {
726 EVP_PKEY *ret = NULL;
727 const unsigned char *p = *in;
728 unsigned int magic;
729 unsigned char *enctmp = NULL, *q;
730 if (saltlen)
731 {
732 char psbuf[PEM_BUFSIZE];
733 unsigned char keybuf[20];
734 EVP_CIPHER_CTX cctx;
735 int enctmplen, inlen;
736 if (cb)
737 inlen=cb(psbuf,PEM_BUFSIZE,0,u);
738 else
739 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
740 if (inlen <= 0)
741 {
742 PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
743 return NULL;
744 }
745 enctmp = OPENSSL_malloc(keylen + 8);
746 if (!enctmp)
747 {
748 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
749 return NULL;
750 }
751 if (!derive_pvk_key(keybuf, p, saltlen,
752 (unsigned char *)psbuf, inlen))
753 return NULL;
754 p += saltlen;
755 /* Copy BLOBHEADER across, decrypt rest */
756 memcpy(enctmp, p, 8);
757 p += 8;
758 inlen = keylen - 8;
759 q = enctmp + 8;
760 EVP_CIPHER_CTX_init(&cctx);
761 EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
762 EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
763 EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen);
764 magic = read_ledword((const unsigned char **)&q);
765 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
766 {
767 q = enctmp + 8;
768 memset(keybuf + 5, 0, 11);
769 EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
770 NULL);
771 OPENSSL_cleanse(keybuf, 20);
772 EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
773 EVP_DecryptFinal_ex(&cctx, q + enctmplen,
774 &enctmplen);
775 magic = read_ledword((const unsigned char **)&q);
776 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
777 {
778 EVP_CIPHER_CTX_cleanup(&cctx);
779 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
780 goto err;
781 }
782 }
783 else
784 OPENSSL_cleanse(keybuf, 20);
785 EVP_CIPHER_CTX_cleanup(&cctx);
786 p = enctmp;
787 }
788
789 ret = b2i_PrivateKey(&p, keylen);
790 err:
791 if (enctmp && saltlen)
792 OPENSSL_free(enctmp);
793 return ret;
794 }
795
796
797EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
798 {
799 unsigned char pvk_hdr[24], *buf = NULL;
800 const unsigned char *p;
801 int buflen;
802 EVP_PKEY *ret = NULL;
803 unsigned int saltlen, keylen;
804 if (BIO_read(in, pvk_hdr, 24) != 24)
805 {
806 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
807 return NULL;
808 }
809 p = pvk_hdr;
810
811 if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
812 return 0;
813 buflen = (int) keylen + saltlen;
814 buf = OPENSSL_malloc(buflen);
815 if (!buf)
816 {
817 PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
818 return 0;
819 }
820 p = buf;
821 if (BIO_read(in, buf, buflen) != buflen)
822 {
823 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
824 goto err;
825 }
826 ret = do_PVK_body(&p, saltlen, keylen, cb, u);
827
828 err:
829 if (buf)
830 {
831 OPENSSL_cleanse(buf, buflen);
832 OPENSSL_free(buf);
833 }
834 return ret;
835 }
836
837
838
839static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
840 pem_password_cb *cb, void *u)
841 {
842 int outlen = 24, pklen;
843 unsigned char *p, *salt = NULL;
844 if (enclevel)
845 outlen += PVK_SALTLEN;
846 pklen = do_i2b(NULL, pk, 0);
847 if (pklen < 0)
848 return -1;
849 outlen += pklen;
850 if (!out)
851 return outlen;
852 if (*out)
853 p = *out;
854 else
855 {
856 p = OPENSSL_malloc(outlen);
857 if (!p)
858 {
859 PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
860 return -1;
861 }
862 *out = p;
863 }
864
865 write_ledword(&p, MS_PVKMAGIC);
866 write_ledword(&p, 0);
867 if (pk->type == EVP_PKEY_DSA)
868 write_ledword(&p, MS_KEYTYPE_SIGN);
869 else
870 write_ledword(&p, MS_KEYTYPE_KEYX);
871 write_ledword(&p, enclevel ? 1 : 0);
872 write_ledword(&p, enclevel ? PVK_SALTLEN: 0);
873 write_ledword(&p, pklen);
874 if (enclevel)
875 {
876 if (RAND_bytes(p, PVK_SALTLEN) <= 0)
877 goto error;
878 salt = p;
879 p += PVK_SALTLEN;
880 }
881 do_i2b(&p, pk, 0);
882 if (enclevel == 0)
883 return outlen;
884 else
885 {
886 char psbuf[PEM_BUFSIZE];
887 unsigned char keybuf[20];
888 EVP_CIPHER_CTX cctx;
889 int enctmplen, inlen;
890 if (cb)
891 inlen=cb(psbuf,PEM_BUFSIZE,1,u);
892 else
893 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u);
894 if (inlen <= 0)
895 {
896 PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
897 goto error;
898 }
899 if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
900 (unsigned char *)psbuf, inlen))
901 goto error;
902 if (enclevel == 1)
903 memset(keybuf + 5, 0, 11);
904 p = salt + PVK_SALTLEN + 8;
905 EVP_CIPHER_CTX_init(&cctx);
906 EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
907 OPENSSL_cleanse(keybuf, 20);
908 EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8);
909 EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen);
910 EVP_CIPHER_CTX_cleanup(&cctx);
911 }
912 return outlen;
913
914 error:
915 return -1;
916 }
917
918int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
919 pem_password_cb *cb, void *u)
920 {
921 unsigned char *tmp = NULL;
922 int outlen, wrlen;
923 outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
924 if (outlen < 0)
925 return -1;
926 wrlen = BIO_write(out, tmp, outlen);
927 OPENSSL_free(tmp);
928 if (wrlen == outlen)
929 {
930 PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
931 return outlen;
932 }
933 return -1;
934 }
935
936#endif
937
938#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 18:20:57 +0000