diff options
author | djm <> | 2010-10-01 22:54:21 +0000 |
---|---|---|
committer | djm <> | 2010-10-01 22:54:21 +0000 |
commit | 829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch) | |
tree | e03b9f1bd051e844b971936729e9df549a209130 /src/lib/libcrypto/pem | |
parent | e6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff) | |
download | openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2 openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip |
import OpenSSL-1.0.0a
Diffstat (limited to 'src/lib/libcrypto/pem')
-rw-r--r-- | src/lib/libcrypto/pem/pem.h | 255 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pem_all.c | 194 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pem_err.c | 28 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pem_info.c | 40 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pem_lib.c | 100 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pem_pkey.c | 109 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pem_seal.c | 2 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pem_x509.c | 1 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pem_xaux.c | 1 | ||||
-rw-r--r-- | src/lib/libcrypto/pem/pvkfmt.c | 942 |
10 files changed, 1241 insertions, 431 deletions
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h index 6c193f1cbf..8a6ababe3a 100644 --- a/src/lib/libcrypto/pem/pem.h +++ b/src/lib/libcrypto/pem/pem.h | |||
@@ -134,6 +134,7 @@ extern "C" { | |||
134 | #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" | 134 | #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" |
135 | #define PEM_STRING_ECPARAMETERS "EC PARAMETERS" | 135 | #define PEM_STRING_ECPARAMETERS "EC PARAMETERS" |
136 | #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" | 136 | #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" |
137 | #define PEM_STRING_PARAMETERS "PARAMETERS" | ||
137 | #define PEM_STRING_CMS "CMS" | 138 | #define PEM_STRING_CMS "CMS" |
138 | 139 | ||
139 | /* Note that this structure is initialised by PEM_SealInit and cleaned up | 140 | /* Note that this structure is initialised by PEM_SealInit and cleaned up |
@@ -183,11 +184,8 @@ typedef struct pem_ctx_st | |||
183 | int num_recipient; | 184 | int num_recipient; |
184 | PEM_USER **recipient; | 185 | PEM_USER **recipient; |
185 | 186 | ||
186 | #ifndef OPENSSL_NO_STACK | 187 | /* XXX(ben): don#t think this is used! |
187 | STACK *x509_chain; /* certificate chain */ | 188 | STACK *x509_chain; / * certificate chain */ |
188 | #else | ||
189 | char *x509_chain; /* certificate chain */ | ||
190 | #endif | ||
191 | EVP_MD *md; /* signature type */ | 189 | EVP_MD *md; /* signature type */ |
192 | 190 | ||
193 | int md_enc; /* is the md encrypted or not? */ | 191 | int md_enc; /* is the md encrypted or not? */ |
@@ -224,28 +222,19 @@ typedef struct pem_ctx_st | |||
224 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ | 222 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ |
225 | type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ | 223 | type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ |
226 | { \ | 224 | { \ |
227 | return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ | 225 | return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ |
228 | str, fp, \ | ||
229 | CHECKED_PPTR_OF(type, x), \ | ||
230 | cb, u); \ | ||
231 | } | 226 | } |
232 | 227 | ||
233 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ | 228 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ |
234 | int PEM_write_##name(FILE *fp, type *x) \ | 229 | int PEM_write_##name(FILE *fp, type *x) \ |
235 | { \ | 230 | { \ |
236 | return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ | 231 | return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ |
237 | str, fp, \ | ||
238 | CHECKED_PTR_OF(type, x), \ | ||
239 | NULL, NULL, 0, NULL, NULL); \ | ||
240 | } | 232 | } |
241 | 233 | ||
242 | #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ | 234 | #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ |
243 | int PEM_write_##name(FILE *fp, const type *x) \ | 235 | int PEM_write_##name(FILE *fp, const type *x) \ |
244 | { \ | 236 | { \ |
245 | return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ | 237 | return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ |
246 | str, fp, \ | ||
247 | CHECKED_PTR_OF(const type, x), \ | ||
248 | NULL, NULL, 0, NULL, NULL); \ | ||
249 | } | 238 | } |
250 | 239 | ||
251 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ | 240 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ |
@@ -253,10 +242,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | |||
253 | unsigned char *kstr, int klen, pem_password_cb *cb, \ | 242 | unsigned char *kstr, int klen, pem_password_cb *cb, \ |
254 | void *u) \ | 243 | void *u) \ |
255 | { \ | 244 | { \ |
256 | return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ | 245 | return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ |
257 | str, fp, \ | ||
258 | CHECKED_PTR_OF(type, x), \ | ||
259 | enc, kstr, klen, cb, u); \ | ||
260 | } | 246 | } |
261 | 247 | ||
262 | #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ | 248 | #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ |
@@ -264,10 +250,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | |||
264 | unsigned char *kstr, int klen, pem_password_cb *cb, \ | 250 | unsigned char *kstr, int klen, pem_password_cb *cb, \ |
265 | void *u) \ | 251 | void *u) \ |
266 | { \ | 252 | { \ |
267 | return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ | 253 | return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ |
268 | str, fp, \ | ||
269 | CHECKED_PTR_OF(const type, x), \ | ||
270 | enc, kstr, klen, cb, u); \ | ||
271 | } | 254 | } |
272 | 255 | ||
273 | #endif | 256 | #endif |
@@ -275,48 +258,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | |||
275 | #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ | 258 | #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ |
276 | type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ | 259 | type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ |
277 | { \ | 260 | { \ |
278 | return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ | 261 | return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ |
279 | str, bp, \ | ||
280 | CHECKED_PPTR_OF(type, x), \ | ||
281 | cb, u); \ | ||
282 | } | 262 | } |
283 | 263 | ||
284 | #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ | 264 | #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ |
285 | int PEM_write_bio_##name(BIO *bp, type *x) \ | 265 | int PEM_write_bio_##name(BIO *bp, type *x) \ |
286 | { \ | 266 | { \ |
287 | return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ | 267 | return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ |
288 | str, bp, \ | ||
289 | CHECKED_PTR_OF(type, x), \ | ||
290 | NULL, NULL, 0, NULL, NULL); \ | ||
291 | } | 268 | } |
292 | 269 | ||
293 | #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ | 270 | #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ |
294 | int PEM_write_bio_##name(BIO *bp, const type *x) \ | 271 | int PEM_write_bio_##name(BIO *bp, const type *x) \ |
295 | { \ | 272 | { \ |
296 | return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ | 273 | return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ |
297 | str, bp, \ | ||
298 | CHECKED_PTR_OF(const type, x), \ | ||
299 | NULL, NULL, 0, NULL, NULL); \ | ||
300 | } | 274 | } |
301 | 275 | ||
302 | #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ | 276 | #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ |
303 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | 277 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ |
304 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ | 278 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ |
305 | { \ | 279 | { \ |
306 | return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ | 280 | return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ |
307 | str, bp, \ | ||
308 | CHECKED_PTR_OF(type, x), \ | ||
309 | enc, kstr, klen, cb, u); \ | ||
310 | } | 281 | } |
311 | 282 | ||
312 | #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ | 283 | #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ |
313 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | 284 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ |
314 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ | 285 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ |
315 | { \ | 286 | { \ |
316 | return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ | 287 | return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ |
317 | str, bp, \ | ||
318 | CHECKED_PTR_OF(const type, x), \ | ||
319 | enc, kstr, klen, cb, u); \ | ||
320 | } | 288 | } |
321 | 289 | ||
322 | #define IMPLEMENT_PEM_write(name, type, str, asn1) \ | 290 | #define IMPLEMENT_PEM_write(name, type, str, asn1) \ |
@@ -353,11 +321,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
353 | 321 | ||
354 | /* These are the same except they are for the declarations */ | 322 | /* These are the same except they are for the declarations */ |
355 | 323 | ||
356 | #if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) | 324 | #if defined(OPENSSL_NO_FP_API) |
357 | 325 | ||
358 | #define DECLARE_PEM_read_fp(name, type) /**/ | 326 | #define DECLARE_PEM_read_fp(name, type) /**/ |
359 | #define DECLARE_PEM_write_fp(name, type) /**/ | 327 | #define DECLARE_PEM_write_fp(name, type) /**/ |
360 | #define DECLARE_PEM_write_fp_const(name, type) /**/ | ||
361 | #define DECLARE_PEM_write_cb_fp(name, type) /**/ | 328 | #define DECLARE_PEM_write_cb_fp(name, type) /**/ |
362 | 329 | ||
363 | #else | 330 | #else |
@@ -428,138 +395,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | |||
428 | DECLARE_PEM_read(name, type) \ | 395 | DECLARE_PEM_read(name, type) \ |
429 | DECLARE_PEM_write_cb(name, type) | 396 | DECLARE_PEM_write_cb(name, type) |
430 | 397 | ||
431 | #ifdef SSLEAY_MACROS | ||
432 | |||
433 | #define PEM_write_SSL_SESSION(fp,x) \ | ||
434 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ | ||
435 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) | ||
436 | #define PEM_write_X509(fp,x) \ | ||
437 | PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ | ||
438 | (char *)x, NULL,NULL,0,NULL,NULL) | ||
439 | #define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ | ||
440 | (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ | ||
441 | NULL,NULL,0,NULL,NULL) | ||
442 | #define PEM_write_X509_CRL(fp,x) \ | ||
443 | PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ | ||
444 | fp,(char *)x, NULL,NULL,0,NULL,NULL) | ||
445 | #define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ | ||
446 | PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ | ||
447 | (char *)x,enc,kstr,klen,cb,u) | ||
448 | #define PEM_write_RSAPublicKey(fp,x) \ | ||
449 | PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ | ||
450 | PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) | ||
451 | #define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ | ||
452 | PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ | ||
453 | (char *)x,enc,kstr,klen,cb,u) | ||
454 | #define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ | ||
455 | PEM_ASN1_write((int (*)())i2d_PrivateKey,\ | ||
456 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ | ||
457 | bp,(char *)x,enc,kstr,klen,cb,u) | ||
458 | #define PEM_write_PKCS7(fp,x) \ | ||
459 | PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ | ||
460 | (char *)x, NULL,NULL,0,NULL,NULL) | ||
461 | #define PEM_write_DHparams(fp,x) \ | ||
462 | PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ | ||
463 | (char *)x,NULL,NULL,0,NULL,NULL) | ||
464 | |||
465 | #define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ | ||
466 | PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ | ||
467 | PEM_STRING_X509,fp, \ | ||
468 | (char *)x, NULL,NULL,0,NULL,NULL) | ||
469 | |||
470 | #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ | ||
471 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) | ||
472 | #define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ | ||
473 | (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) | ||
474 | #define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ | ||
475 | (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) | ||
476 | #define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ | ||
477 | (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) | ||
478 | #define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ | ||
479 | (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) | ||
480 | #define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ | ||
481 | (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) | ||
482 | #define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ | ||
483 | (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) | ||
484 | #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ | ||
485 | (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) | ||
486 | #define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ | ||
487 | (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) | ||
488 | #define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ | ||
489 | (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) | ||
490 | |||
491 | #define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ | ||
492 | (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ | ||
493 | (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ | ||
494 | (char **)x,cb,u) | ||
495 | |||
496 | #define PEM_write_bio_X509(bp,x) \ | ||
497 | PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ | ||
498 | (char *)x, NULL,NULL,0,NULL,NULL) | ||
499 | #define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ | ||
500 | (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ | ||
501 | NULL,NULL,0,NULL,NULL) | ||
502 | #define PEM_write_bio_X509_CRL(bp,x) \ | ||
503 | PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ | ||
504 | bp,(char *)x, NULL,NULL,0,NULL,NULL) | ||
505 | #define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ | ||
506 | PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ | ||
507 | bp,(char *)x,enc,kstr,klen,cb,u) | ||
508 | #define PEM_write_bio_RSAPublicKey(bp,x) \ | ||
509 | PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ | ||
510 | PEM_STRING_RSA_PUBLIC,\ | ||
511 | bp,(char *)x,NULL,NULL,0,NULL,NULL) | ||
512 | #define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ | ||
513 | PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ | ||
514 | bp,(char *)x,enc,kstr,klen,cb,u) | ||
515 | #define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ | ||
516 | PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ | ||
517 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ | ||
518 | bp,(char *)x,enc,kstr,klen,cb,u) | ||
519 | #define PEM_write_bio_PKCS7(bp,x) \ | ||
520 | PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ | ||
521 | (char *)x, NULL,NULL,0,NULL,NULL) | ||
522 | #define PEM_write_bio_DHparams(bp,x) \ | ||
523 | PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ | ||
524 | bp,(char *)x,NULL,NULL,0,NULL,NULL) | ||
525 | #define PEM_write_bio_DSAparams(bp,x) \ | ||
526 | PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ | ||
527 | PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) | ||
528 | |||
529 | #define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ | ||
530 | PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ | ||
531 | PEM_STRING_X509,bp, \ | ||
532 | (char *)x, NULL,NULL,0,NULL,NULL) | ||
533 | |||
534 | #define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ | ||
535 | (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) | ||
536 | #define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ | ||
537 | (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) | ||
538 | #define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ | ||
539 | (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) | ||
540 | #define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ | ||
541 | (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) | ||
542 | #define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ | ||
543 | (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) | ||
544 | #define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ | ||
545 | (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) | ||
546 | #define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ | ||
547 | (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) | ||
548 | |||
549 | #define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ | ||
550 | (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) | ||
551 | #define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ | ||
552 | (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) | ||
553 | #define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ | ||
554 | (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) | ||
555 | |||
556 | #define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ | ||
557 | (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ | ||
558 | (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\ | ||
559 | (char **)x,cb,u) | ||
560 | |||
561 | #endif | ||
562 | |||
563 | #if 1 | 398 | #if 1 |
564 | /* "userdata": new with OpenSSL 0.9.4 */ | 399 | /* "userdata": new with OpenSSL 0.9.4 */ |
565 | typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); | 400 | typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); |
@@ -581,40 +416,25 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char | |||
581 | pem_password_cb *cb, void *u); | 416 | pem_password_cb *cb, void *u); |
582 | void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, | 417 | void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, |
583 | void **x, pem_password_cb *cb, void *u); | 418 | void **x, pem_password_cb *cb, void *u); |
584 | 419 | int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x, | |
585 | #define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ | ||
586 | ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ | ||
587 | name, bp, \ | ||
588 | CHECKED_PPTR_OF(type, x), \ | ||
589 | cb, u)) | ||
590 | |||
591 | int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, | ||
592 | const EVP_CIPHER *enc,unsigned char *kstr,int klen, | 420 | const EVP_CIPHER *enc,unsigned char *kstr,int klen, |
593 | pem_password_cb *cb, void *u); | 421 | pem_password_cb *cb, void *u); |
594 | 422 | ||
595 | #define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ | ||
596 | (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ | ||
597 | name, bp, \ | ||
598 | CHECKED_PTR_OF(type, x), \ | ||
599 | enc, kstr, klen, cb, u)) | ||
600 | |||
601 | STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); | 423 | STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); |
602 | int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, | 424 | int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, |
603 | unsigned char *kstr, int klen, pem_password_cb *cd, void *u); | 425 | unsigned char *kstr, int klen, pem_password_cb *cd, void *u); |
604 | #endif | 426 | #endif |
605 | 427 | ||
606 | #ifndef OPENSSL_SYS_WIN16 | ||
607 | int PEM_read(FILE *fp, char **name, char **header, | 428 | int PEM_read(FILE *fp, char **name, char **header, |
608 | unsigned char **data,long *len); | 429 | unsigned char **data,long *len); |
609 | int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); | 430 | int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); |
610 | void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, | 431 | void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, |
611 | pem_password_cb *cb, void *u); | 432 | pem_password_cb *cb, void *u); |
612 | int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, | 433 | int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, |
613 | char *x,const EVP_CIPHER *enc,unsigned char *kstr, | 434 | void *x,const EVP_CIPHER *enc,unsigned char *kstr, |
614 | int klen,pem_password_cb *callback, void *u); | 435 | int klen,pem_password_cb *callback, void *u); |
615 | STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, | 436 | STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, |
616 | pem_password_cb *cb, void *u); | 437 | pem_password_cb *cb, void *u); |
617 | #endif | ||
618 | 438 | ||
619 | int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, | 439 | int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, |
620 | EVP_MD *md_type, unsigned char **ek, int *ekl, | 440 | EVP_MD *md_type, unsigned char **ek, int *ekl, |
@@ -633,7 +453,6 @@ int PEM_def_callback(char *buf, int num, int w, void *key); | |||
633 | void PEM_proc_type(char *buf, int type); | 453 | void PEM_proc_type(char *buf, int type); |
634 | void PEM_dek_info(char *buf, const char *type, int len, char *str); | 454 | void PEM_dek_info(char *buf, const char *type, int len, char *str); |
635 | 455 | ||
636 | #ifndef SSLEAY_MACROS | ||
637 | 456 | ||
638 | #include <openssl/symhacks.h> | 457 | #include <openssl/symhacks.h> |
639 | 458 | ||
@@ -719,7 +538,21 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo | |||
719 | int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, | 538 | int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, |
720 | char *kstr,int klen, pem_password_cb *cd, void *u); | 539 | char *kstr,int klen, pem_password_cb *cd, void *u); |
721 | 540 | ||
722 | #endif /* SSLEAY_MACROS */ | 541 | EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); |
542 | int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); | ||
543 | |||
544 | |||
545 | EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); | ||
546 | EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); | ||
547 | EVP_PKEY *b2i_PrivateKey_bio(BIO *in); | ||
548 | EVP_PKEY *b2i_PublicKey_bio(BIO *in); | ||
549 | int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); | ||
550 | int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); | ||
551 | #ifndef OPENSSL_NO_RC4 | ||
552 | EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); | ||
553 | int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, | ||
554 | pem_password_cb *cb, void *u); | ||
555 | #endif | ||
723 | 556 | ||
724 | 557 | ||
725 | /* BEGIN ERROR CODES */ | 558 | /* BEGIN ERROR CODES */ |
@@ -731,10 +564,22 @@ void ERR_load_PEM_strings(void); | |||
731 | /* Error codes for the PEM functions. */ | 564 | /* Error codes for the PEM functions. */ |
732 | 565 | ||
733 | /* Function codes. */ | 566 | /* Function codes. */ |
567 | #define PEM_F_B2I_DSS 127 | ||
568 | #define PEM_F_B2I_PVK_BIO 128 | ||
569 | #define PEM_F_B2I_RSA 129 | ||
570 | #define PEM_F_CHECK_BITLEN_DSA 130 | ||
571 | #define PEM_F_CHECK_BITLEN_RSA 131 | ||
734 | #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 | 572 | #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 |
735 | #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 | 573 | #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 |
574 | #define PEM_F_DO_B2I 132 | ||
575 | #define PEM_F_DO_B2I_BIO 133 | ||
576 | #define PEM_F_DO_BLOB_HEADER 134 | ||
736 | #define PEM_F_DO_PK8PKEY 126 | 577 | #define PEM_F_DO_PK8PKEY 126 |
737 | #define PEM_F_DO_PK8PKEY_FP 125 | 578 | #define PEM_F_DO_PK8PKEY_FP 125 |
579 | #define PEM_F_DO_PVK_BODY 135 | ||
580 | #define PEM_F_DO_PVK_HEADER 136 | ||
581 | #define PEM_F_I2B_PVK 137 | ||
582 | #define PEM_F_I2B_PVK_BIO 138 | ||
738 | #define PEM_F_LOAD_IV 101 | 583 | #define PEM_F_LOAD_IV 101 |
739 | #define PEM_F_PEM_ASN1_READ 102 | 584 | #define PEM_F_PEM_ASN1_READ 102 |
740 | #define PEM_F_PEM_ASN1_READ_BIO 103 | 585 | #define PEM_F_PEM_ASN1_READ_BIO 103 |
@@ -747,6 +592,7 @@ void ERR_load_PEM_strings(void); | |||
747 | #define PEM_F_PEM_PK8PKEY 119 | 592 | #define PEM_F_PEM_PK8PKEY 119 |
748 | #define PEM_F_PEM_READ 108 | 593 | #define PEM_F_PEM_READ 108 |
749 | #define PEM_F_PEM_READ_BIO 109 | 594 | #define PEM_F_PEM_READ_BIO 109 |
595 | #define PEM_F_PEM_READ_BIO_PARAMETERS 140 | ||
750 | #define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 | 596 | #define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 |
751 | #define PEM_F_PEM_READ_PRIVATEKEY 124 | 597 | #define PEM_F_PEM_READ_PRIVATEKEY 124 |
752 | #define PEM_F_PEM_SEALFINAL 110 | 598 | #define PEM_F_PEM_SEALFINAL 110 |
@@ -754,6 +600,7 @@ void ERR_load_PEM_strings(void); | |||
754 | #define PEM_F_PEM_SIGNFINAL 112 | 600 | #define PEM_F_PEM_SIGNFINAL 112 |
755 | #define PEM_F_PEM_WRITE 113 | 601 | #define PEM_F_PEM_WRITE 113 |
756 | #define PEM_F_PEM_WRITE_BIO 114 | 602 | #define PEM_F_PEM_WRITE_BIO 114 |
603 | #define PEM_F_PEM_WRITE_PRIVATEKEY 139 | ||
757 | #define PEM_F_PEM_X509_INFO_READ 115 | 604 | #define PEM_F_PEM_X509_INFO_READ 115 |
758 | #define PEM_F_PEM_X509_INFO_READ_BIO 116 | 605 | #define PEM_F_PEM_X509_INFO_READ_BIO 116 |
759 | #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 | 606 | #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 |
@@ -763,18 +610,30 @@ void ERR_load_PEM_strings(void); | |||
763 | #define PEM_R_BAD_DECRYPT 101 | 610 | #define PEM_R_BAD_DECRYPT 101 |
764 | #define PEM_R_BAD_END_LINE 102 | 611 | #define PEM_R_BAD_END_LINE 102 |
765 | #define PEM_R_BAD_IV_CHARS 103 | 612 | #define PEM_R_BAD_IV_CHARS 103 |
613 | #define PEM_R_BAD_MAGIC_NUMBER 116 | ||
766 | #define PEM_R_BAD_PASSWORD_READ 104 | 614 | #define PEM_R_BAD_PASSWORD_READ 104 |
615 | #define PEM_R_BAD_VERSION_NUMBER 117 | ||
616 | #define PEM_R_BIO_WRITE_FAILURE 118 | ||
617 | #define PEM_R_CIPHER_IS_NULL 127 | ||
767 | #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 | 618 | #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 |
619 | #define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 | ||
620 | #define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 | ||
621 | #define PEM_R_INCONSISTENT_HEADER 121 | ||
622 | #define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 | ||
623 | #define PEM_R_KEYBLOB_TOO_SHORT 123 | ||
768 | #define PEM_R_NOT_DEK_INFO 105 | 624 | #define PEM_R_NOT_DEK_INFO 105 |
769 | #define PEM_R_NOT_ENCRYPTED 106 | 625 | #define PEM_R_NOT_ENCRYPTED 106 |
770 | #define PEM_R_NOT_PROC_TYPE 107 | 626 | #define PEM_R_NOT_PROC_TYPE 107 |
771 | #define PEM_R_NO_START_LINE 108 | 627 | #define PEM_R_NO_START_LINE 108 |
772 | #define PEM_R_PROBLEMS_GETTING_PASSWORD 109 | 628 | #define PEM_R_PROBLEMS_GETTING_PASSWORD 109 |
773 | #define PEM_R_PUBLIC_KEY_NO_RSA 110 | 629 | #define PEM_R_PUBLIC_KEY_NO_RSA 110 |
630 | #define PEM_R_PVK_DATA_TOO_SHORT 124 | ||
631 | #define PEM_R_PVK_TOO_SHORT 125 | ||
774 | #define PEM_R_READ_KEY 111 | 632 | #define PEM_R_READ_KEY 111 |
775 | #define PEM_R_SHORT_HEADER 112 | 633 | #define PEM_R_SHORT_HEADER 112 |
776 | #define PEM_R_UNSUPPORTED_CIPHER 113 | 634 | #define PEM_R_UNSUPPORTED_CIPHER 113 |
777 | #define PEM_R_UNSUPPORTED_ENCRYPTION 114 | 635 | #define PEM_R_UNSUPPORTED_ENCRYPTION 114 |
636 | #define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 | ||
778 | 637 | ||
779 | #ifdef __cplusplus | 638 | #ifdef __cplusplus |
780 | } | 639 | } |
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c index 69dd19bf2e..3e7a6093ad 100644 --- a/src/lib/libcrypto/pem/pem_all.c +++ b/src/lib/libcrypto/pem/pem_all.c | |||
@@ -110,7 +110,6 @@ | |||
110 | */ | 110 | */ |
111 | 111 | ||
112 | #include <stdio.h> | 112 | #include <stdio.h> |
113 | #undef SSLEAY_MACROS | ||
114 | #include "cryptlib.h" | 113 | #include "cryptlib.h" |
115 | #include <openssl/bio.h> | 114 | #include <openssl/bio.h> |
116 | #include <openssl/evp.h> | 115 | #include <openssl/evp.h> |
@@ -194,49 +193,7 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, | |||
194 | 193 | ||
195 | #endif | 194 | #endif |
196 | 195 | ||
197 | #ifdef OPENSSL_FIPS | ||
198 | |||
199 | int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, | ||
200 | unsigned char *kstr, int klen, | ||
201 | pem_password_cb *cb, void *u) | ||
202 | { | ||
203 | EVP_PKEY *k; | ||
204 | int ret; | ||
205 | k = EVP_PKEY_new(); | ||
206 | if (!k) | ||
207 | return 0; | ||
208 | EVP_PKEY_set1_RSA(k, x); | ||
209 | |||
210 | ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); | ||
211 | EVP_PKEY_free(k); | ||
212 | return ret; | ||
213 | } | ||
214 | |||
215 | #ifndef OPENSSL_NO_FP_API | ||
216 | int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, | ||
217 | unsigned char *kstr, int klen, | ||
218 | pem_password_cb *cb, void *u) | ||
219 | { | ||
220 | EVP_PKEY *k; | ||
221 | int ret; | ||
222 | k = EVP_PKEY_new(); | ||
223 | if (!k) | ||
224 | return 0; | ||
225 | |||
226 | EVP_PKEY_set1_RSA(k, x); | ||
227 | |||
228 | ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); | ||
229 | EVP_PKEY_free(k); | ||
230 | return ret; | ||
231 | } | ||
232 | #endif | ||
233 | |||
234 | #else | ||
235 | |||
236 | IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) | 196 | IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) |
237 | |||
238 | #endif | ||
239 | |||
240 | IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) | 197 | IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) |
241 | IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) | 198 | IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) |
242 | 199 | ||
@@ -263,50 +220,10 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, | |||
263 | { | 220 | { |
264 | EVP_PKEY *pktmp; | 221 | EVP_PKEY *pktmp; |
265 | pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); | 222 | pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); |
266 | return pkey_get_dsa(pktmp, dsa); | 223 | return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ |
267 | } | 224 | } |
268 | 225 | ||
269 | #ifdef OPENSSL_FIPS | ||
270 | |||
271 | int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, | ||
272 | unsigned char *kstr, int klen, | ||
273 | pem_password_cb *cb, void *u) | ||
274 | { | ||
275 | EVP_PKEY *k; | ||
276 | int ret; | ||
277 | k = EVP_PKEY_new(); | ||
278 | if (!k) | ||
279 | return 0; | ||
280 | EVP_PKEY_set1_DSA(k, x); | ||
281 | |||
282 | ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); | ||
283 | EVP_PKEY_free(k); | ||
284 | return ret; | ||
285 | } | ||
286 | |||
287 | #ifndef OPENSSL_NO_FP_API | ||
288 | int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, | ||
289 | unsigned char *kstr, int klen, | ||
290 | pem_password_cb *cb, void *u) | ||
291 | { | ||
292 | EVP_PKEY *k; | ||
293 | int ret; | ||
294 | k = EVP_PKEY_new(); | ||
295 | if (!k) | ||
296 | return 0; | ||
297 | EVP_PKEY_set1_DSA(k, x); | ||
298 | ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); | ||
299 | EVP_PKEY_free(k); | ||
300 | return ret; | ||
301 | } | ||
302 | #endif | ||
303 | |||
304 | #else | ||
305 | |||
306 | IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) | 226 | IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) |
307 | |||
308 | #endif | ||
309 | |||
310 | IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) | 227 | IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) |
311 | 228 | ||
312 | #ifndef OPENSSL_NO_FP_API | 229 | #ifndef OPENSSL_NO_FP_API |
@@ -316,7 +233,7 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, | |||
316 | { | 233 | { |
317 | EVP_PKEY *pktmp; | 234 | EVP_PKEY *pktmp; |
318 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); | 235 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); |
319 | return pkey_get_dsa(pktmp, dsa); | 236 | return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ |
320 | } | 237 | } |
321 | 238 | ||
322 | #endif | 239 | #endif |
@@ -347,54 +264,13 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, | |||
347 | { | 264 | { |
348 | EVP_PKEY *pktmp; | 265 | EVP_PKEY *pktmp; |
349 | pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); | 266 | pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); |
350 | return pkey_get_eckey(pktmp, key); | 267 | return pkey_get_eckey(pktmp, key); /* will free pktmp */ |
351 | } | 268 | } |
352 | 269 | ||
353 | IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) | 270 | IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) |
354 | 271 | ||
355 | |||
356 | |||
357 | #ifdef OPENSSL_FIPS | ||
358 | |||
359 | int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, | ||
360 | unsigned char *kstr, int klen, | ||
361 | pem_password_cb *cb, void *u) | ||
362 | { | ||
363 | EVP_PKEY *k; | ||
364 | int ret; | ||
365 | k = EVP_PKEY_new(); | ||
366 | if (!k) | ||
367 | return 0; | ||
368 | EVP_PKEY_set1_EC_KEY(k, x); | ||
369 | |||
370 | ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); | ||
371 | EVP_PKEY_free(k); | ||
372 | return ret; | ||
373 | } | ||
374 | |||
375 | #ifndef OPENSSL_NO_FP_API | ||
376 | int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, | ||
377 | unsigned char *kstr, int klen, | ||
378 | pem_password_cb *cb, void *u) | ||
379 | { | ||
380 | EVP_PKEY *k; | ||
381 | int ret; | ||
382 | k = EVP_PKEY_new(); | ||
383 | if (!k) | ||
384 | return 0; | ||
385 | EVP_PKEY_set1_EC_KEY(k, x); | ||
386 | ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); | ||
387 | EVP_PKEY_free(k); | ||
388 | return ret; | ||
389 | } | ||
390 | #endif | ||
391 | |||
392 | #else | ||
393 | |||
394 | IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) | 272 | IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) |
395 | 273 | ||
396 | #endif | ||
397 | |||
398 | IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) | 274 | IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) |
399 | 275 | ||
400 | #ifndef OPENSSL_NO_FP_API | 276 | #ifndef OPENSSL_NO_FP_API |
@@ -404,7 +280,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, | |||
404 | { | 280 | { |
405 | EVP_PKEY *pktmp; | 281 | EVP_PKEY *pktmp; |
406 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); | 282 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); |
407 | return pkey_get_eckey(pktmp, eckey); | 283 | return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ |
408 | } | 284 | } |
409 | 285 | ||
410 | #endif | 286 | #endif |
@@ -417,66 +293,4 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) | |||
417 | 293 | ||
418 | #endif | 294 | #endif |
419 | 295 | ||
420 | |||
421 | /* The PrivateKey case is not that straightforward. | ||
422 | * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey) | ||
423 | * does not work, RSA and DSA keys have specific strings. | ||
424 | * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything | ||
425 | * appropriate.) | ||
426 | */ | ||
427 | |||
428 | #ifdef OPENSSL_FIPS | ||
429 | |||
430 | static const char *pkey_str(EVP_PKEY *x) | ||
431 | { | ||
432 | switch (x->type) | ||
433 | { | ||
434 | case EVP_PKEY_RSA: | ||
435 | return PEM_STRING_RSA; | ||
436 | |||
437 | case EVP_PKEY_DSA: | ||
438 | return PEM_STRING_DSA; | ||
439 | |||
440 | case EVP_PKEY_EC: | ||
441 | return PEM_STRING_ECPRIVATEKEY; | ||
442 | |||
443 | default: | ||
444 | return NULL; | ||
445 | } | ||
446 | } | ||
447 | |||
448 | |||
449 | int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, | ||
450 | unsigned char *kstr, int klen, | ||
451 | pem_password_cb *cb, void *u) | ||
452 | { | ||
453 | if (FIPS_mode()) | ||
454 | return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, | ||
455 | (char *)kstr, klen, cb, u); | ||
456 | else | ||
457 | return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, | ||
458 | pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u); | ||
459 | } | ||
460 | |||
461 | #ifndef OPENSSL_NO_FP_API | ||
462 | int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, | ||
463 | unsigned char *kstr, int klen, | ||
464 | pem_password_cb *cb, void *u) | ||
465 | { | ||
466 | if (FIPS_mode()) | ||
467 | return PEM_write_PKCS8PrivateKey(fp, x, enc, | ||
468 | (char *)kstr, klen, cb, u); | ||
469 | else | ||
470 | return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, | ||
471 | pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u); | ||
472 | } | ||
473 | #endif | ||
474 | |||
475 | #else | ||
476 | IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ | ||
477 | (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) | ||
478 | |||
479 | #endif | ||
480 | |||
481 | IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) | 296 | IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) |
482 | |||
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c index 3133563d77..d644aeedd4 100644 --- a/src/lib/libcrypto/pem/pem_err.c +++ b/src/lib/libcrypto/pem/pem_err.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* crypto/pem/pem_err.c */ | 1 | /* crypto/pem/pem_err.c */ |
2 | /* ==================================================================== | 2 | /* ==================================================================== |
3 | * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. |
4 | * | 4 | * |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
@@ -70,10 +70,22 @@ | |||
70 | 70 | ||
71 | static ERR_STRING_DATA PEM_str_functs[]= | 71 | static ERR_STRING_DATA PEM_str_functs[]= |
72 | { | 72 | { |
73 | {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"}, | ||
74 | {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, | ||
75 | {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"}, | ||
76 | {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"}, | ||
77 | {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"}, | ||
73 | {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, | 78 | {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, |
74 | {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, | 79 | {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, |
80 | {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"}, | ||
81 | {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"}, | ||
82 | {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"}, | ||
75 | {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, | 83 | {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, |
76 | {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, | 84 | {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, |
85 | {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"}, | ||
86 | {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"}, | ||
87 | {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"}, | ||
88 | {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, | ||
77 | {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, | 89 | {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, |
78 | {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, | 90 | {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, |
79 | {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, | 91 | {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, |
@@ -86,6 +98,7 @@ static ERR_STRING_DATA PEM_str_functs[]= | |||
86 | {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, | 98 | {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, |
87 | {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, | 99 | {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, |
88 | {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, | 100 | {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, |
101 | {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, | ||
89 | {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, | 102 | {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, |
90 | {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, | 103 | {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, |
91 | {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, | 104 | {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, |
@@ -93,6 +106,7 @@ static ERR_STRING_DATA PEM_str_functs[]= | |||
93 | {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, | 106 | {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, |
94 | {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, | 107 | {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, |
95 | {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, | 108 | {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, |
109 | {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"}, | ||
96 | {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, | 110 | {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, |
97 | {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, | 111 | {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, |
98 | {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, | 112 | {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, |
@@ -105,18 +119,30 @@ static ERR_STRING_DATA PEM_str_reasons[]= | |||
105 | {ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, | 119 | {ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, |
106 | {ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, | 120 | {ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, |
107 | {ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, | 121 | {ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, |
122 | {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) ,"bad magic number"}, | ||
108 | {ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, | 123 | {ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, |
124 | {ERR_REASON(PEM_R_BAD_VERSION_NUMBER) ,"bad version number"}, | ||
125 | {ERR_REASON(PEM_R_BIO_WRITE_FAILURE) ,"bio write failure"}, | ||
126 | {ERR_REASON(PEM_R_CIPHER_IS_NULL) ,"cipher is null"}, | ||
109 | {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, | 127 | {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, |
128 | {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"}, | ||
129 | {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"}, | ||
130 | {ERR_REASON(PEM_R_INCONSISTENT_HEADER) ,"inconsistent header"}, | ||
131 | {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"}, | ||
132 | {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) ,"keyblob too short"}, | ||
110 | {ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, | 133 | {ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, |
111 | {ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, | 134 | {ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, |
112 | {ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, | 135 | {ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, |
113 | {ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, | 136 | {ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, |
114 | {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, | 137 | {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, |
115 | {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, | 138 | {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, |
139 | {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) ,"pvk data too short"}, | ||
140 | {ERR_REASON(PEM_R_PVK_TOO_SHORT) ,"pvk too short"}, | ||
116 | {ERR_REASON(PEM_R_READ_KEY) ,"read key"}, | 141 | {ERR_REASON(PEM_R_READ_KEY) ,"read key"}, |
117 | {ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, | 142 | {ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, |
118 | {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, | 143 | {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, |
119 | {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, | 144 | {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, |
145 | {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"}, | ||
120 | {0,NULL} | 146 | {0,NULL} |
121 | }; | 147 | }; |
122 | 148 | ||
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 3a273f6f70..1b2be527ed 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c | |||
@@ -98,8 +98,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe | |||
98 | long len,error=0; | 98 | long len,error=0; |
99 | int ok=0; | 99 | int ok=0; |
100 | STACK_OF(X509_INFO) *ret=NULL; | 100 | STACK_OF(X509_INFO) *ret=NULL; |
101 | unsigned int i,raw; | 101 | unsigned int i,raw,ptype; |
102 | d2i_of_void *d2i; | 102 | d2i_of_void *d2i = 0; |
103 | 103 | ||
104 | if (sk == NULL) | 104 | if (sk == NULL) |
105 | { | 105 | { |
@@ -116,6 +116,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe | |||
116 | for (;;) | 116 | for (;;) |
117 | { | 117 | { |
118 | raw=0; | 118 | raw=0; |
119 | ptype = 0; | ||
119 | i=PEM_read_bio(bp,&name,&header,&data,&len); | 120 | i=PEM_read_bio(bp,&name,&header,&data,&len); |
120 | if (i == 0) | 121 | if (i == 0) |
121 | { | 122 | { |
@@ -166,7 +167,6 @@ start: | |||
166 | #ifndef OPENSSL_NO_RSA | 167 | #ifndef OPENSSL_NO_RSA |
167 | if (strcmp(name,PEM_STRING_RSA) == 0) | 168 | if (strcmp(name,PEM_STRING_RSA) == 0) |
168 | { | 169 | { |
169 | d2i=(D2I_OF(void))d2i_RSAPrivateKey; | ||
170 | if (xi->x_pkey != NULL) | 170 | if (xi->x_pkey != NULL) |
171 | { | 171 | { |
172 | if (!sk_X509_INFO_push(ret,xi)) goto err; | 172 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
@@ -178,10 +178,8 @@ start: | |||
178 | xi->enc_len=0; | 178 | xi->enc_len=0; |
179 | 179 | ||
180 | xi->x_pkey=X509_PKEY_new(); | 180 | xi->x_pkey=X509_PKEY_new(); |
181 | if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) | 181 | ptype=EVP_PKEY_RSA; |
182 | goto err; | 182 | pp=&xi->x_pkey->dec_pkey; |
183 | xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; | ||
184 | pp=&(xi->x_pkey->dec_pkey->pkey.rsa); | ||
185 | if ((int)strlen(header) > 10) /* assume encrypted */ | 183 | if ((int)strlen(header) > 10) /* assume encrypted */ |
186 | raw=1; | 184 | raw=1; |
187 | } | 185 | } |
@@ -202,10 +200,8 @@ start: | |||
202 | xi->enc_len=0; | 200 | xi->enc_len=0; |
203 | 201 | ||
204 | xi->x_pkey=X509_PKEY_new(); | 202 | xi->x_pkey=X509_PKEY_new(); |
205 | if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) | 203 | ptype = EVP_PKEY_DSA; |
206 | goto err; | 204 | pp=&xi->x_pkey->dec_pkey; |
207 | xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; | ||
208 | pp=&xi->x_pkey->dec_pkey->pkey.dsa; | ||
209 | if ((int)strlen(header) > 10) /* assume encrypted */ | 205 | if ((int)strlen(header) > 10) /* assume encrypted */ |
210 | raw=1; | 206 | raw=1; |
211 | } | 207 | } |
@@ -226,10 +222,8 @@ start: | |||
226 | xi->enc_len=0; | 222 | xi->enc_len=0; |
227 | 223 | ||
228 | xi->x_pkey=X509_PKEY_new(); | 224 | xi->x_pkey=X509_PKEY_new(); |
229 | if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) | 225 | ptype = EVP_PKEY_EC; |
230 | goto err; | 226 | pp=&xi->x_pkey->dec_pkey; |
231 | xi->x_pkey->dec_pkey->type=EVP_PKEY_EC; | ||
232 | pp=&(xi->x_pkey->dec_pkey->pkey.ec); | ||
233 | if ((int)strlen(header) > 10) /* assume encrypted */ | 227 | if ((int)strlen(header) > 10) /* assume encrypted */ |
234 | raw=1; | 228 | raw=1; |
235 | } | 229 | } |
@@ -251,7 +245,15 @@ start: | |||
251 | if (!PEM_do_header(&cipher,data,&len,cb,u)) | 245 | if (!PEM_do_header(&cipher,data,&len,cb,u)) |
252 | goto err; | 246 | goto err; |
253 | p=data; | 247 | p=data; |
254 | if (d2i(pp,&p,len) == NULL) | 248 | if (ptype) |
249 | { | ||
250 | if (!d2i_PrivateKey(ptype, pp, &p, len)) | ||
251 | { | ||
252 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); | ||
253 | goto err; | ||
254 | } | ||
255 | } | ||
256 | else if (d2i(pp,&p,len) == NULL) | ||
255 | { | 257 | { |
256 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); | 258 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); |
257 | goto err; | 259 | goto err; |
@@ -337,6 +339,12 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, | |||
337 | { | 339 | { |
338 | if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) | 340 | if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) |
339 | { | 341 | { |
342 | if (enc == NULL) | ||
343 | { | ||
344 | PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL); | ||
345 | goto err; | ||
346 | } | ||
347 | |||
340 | /* copy from weirdo names into more normal things */ | 348 | /* copy from weirdo names into more normal things */ |
341 | iv=xi->enc_cipher.iv; | 349 | iv=xi->enc_cipher.iv; |
342 | data=(unsigned char *)xi->enc_data; | 350 | data=(unsigned char *)xi->enc_data; |
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index cbafefe416..42e4861bc1 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c | |||
@@ -57,6 +57,7 @@ | |||
57 | */ | 57 | */ |
58 | 58 | ||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | #include <ctype.h> | ||
60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
61 | #include <openssl/buffer.h> | 62 | #include <openssl/buffer.h> |
62 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
@@ -65,9 +66,13 @@ | |||
65 | #include <openssl/x509.h> | 66 | #include <openssl/x509.h> |
66 | #include <openssl/pem.h> | 67 | #include <openssl/pem.h> |
67 | #include <openssl/pkcs12.h> | 68 | #include <openssl/pkcs12.h> |
69 | #include "asn1_locl.h" | ||
68 | #ifndef OPENSSL_NO_DES | 70 | #ifndef OPENSSL_NO_DES |
69 | #include <openssl/des.h> | 71 | #include <openssl/des.h> |
70 | #endif | 72 | #endif |
73 | #ifndef OPENSSL_NO_ENGINE | ||
74 | #include <openssl/engine.h> | ||
75 | #endif | ||
71 | 76 | ||
72 | const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; | 77 | const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; |
73 | 78 | ||
@@ -75,6 +80,7 @@ const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; | |||
75 | 80 | ||
76 | static int load_iv(char **fromp,unsigned char *to, int num); | 81 | static int load_iv(char **fromp,unsigned char *to, int num); |
77 | static int check_pem(const char *nm, const char *name); | 82 | static int check_pem(const char *nm, const char *name); |
83 | int pem_check_suffix(const char *pem_str, const char *suffix); | ||
78 | 84 | ||
79 | int PEM_def_callback(char *buf, int num, int w, void *key) | 85 | int PEM_def_callback(char *buf, int num, int w, void *key) |
80 | { | 86 | { |
@@ -99,7 +105,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) | |||
99 | 105 | ||
100 | for (;;) | 106 | for (;;) |
101 | { | 107 | { |
102 | i=EVP_read_pw_string(buf,num,prompt,w); | 108 | i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w); |
103 | if (i != 0) | 109 | if (i != 0) |
104 | { | 110 | { |
105 | PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); | 111 | PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); |
@@ -183,20 +189,54 @@ static int check_pem(const char *nm, const char *name) | |||
183 | 189 | ||
184 | /* Make PEM_STRING_EVP_PKEY match any private key */ | 190 | /* Make PEM_STRING_EVP_PKEY match any private key */ |
185 | 191 | ||
186 | if(!strcmp(nm,PEM_STRING_PKCS8) && | 192 | if(!strcmp(name,PEM_STRING_EVP_PKEY)) |
187 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | 193 | { |
188 | 194 | int slen; | |
189 | if(!strcmp(nm,PEM_STRING_PKCS8INF) && | 195 | const EVP_PKEY_ASN1_METHOD *ameth; |
190 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | 196 | if(!strcmp(nm,PEM_STRING_PKCS8)) |
191 | 197 | return 1; | |
192 | if(!strcmp(nm,PEM_STRING_RSA) && | 198 | if(!strcmp(nm,PEM_STRING_PKCS8INF)) |
193 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | 199 | return 1; |
200 | slen = pem_check_suffix(nm, "PRIVATE KEY"); | ||
201 | if (slen > 0) | ||
202 | { | ||
203 | /* NB: ENGINE implementations wont contain | ||
204 | * a deprecated old private key decode function | ||
205 | * so don't look for them. | ||
206 | */ | ||
207 | ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); | ||
208 | if (ameth && ameth->old_priv_decode) | ||
209 | return 1; | ||
210 | } | ||
211 | return 0; | ||
212 | } | ||
194 | 213 | ||
195 | if(!strcmp(nm,PEM_STRING_DSA) && | 214 | if(!strcmp(name,PEM_STRING_PARAMETERS)) |
196 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | 215 | { |
216 | int slen; | ||
217 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
218 | slen = pem_check_suffix(nm, "PARAMETERS"); | ||
219 | if (slen > 0) | ||
220 | { | ||
221 | ENGINE *e; | ||
222 | ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); | ||
223 | if (ameth) | ||
224 | { | ||
225 | int r; | ||
226 | if (ameth->param_decode) | ||
227 | r = 1; | ||
228 | else | ||
229 | r = 0; | ||
230 | #ifndef OPENSSL_NO_ENGINE | ||
231 | if (e) | ||
232 | ENGINE_finish(e); | ||
233 | #endif | ||
234 | return r; | ||
235 | } | ||
236 | } | ||
237 | return 0; | ||
238 | } | ||
197 | 239 | ||
198 | if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) && | ||
199 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | ||
200 | /* Permit older strings */ | 240 | /* Permit older strings */ |
201 | 241 | ||
202 | if(!strcmp(nm,PEM_STRING_X509_OLD) && | 242 | if(!strcmp(nm,PEM_STRING_X509_OLD) && |
@@ -219,6 +259,14 @@ static int check_pem(const char *nm, const char *name) | |||
219 | if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && | 259 | if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && |
220 | !strcmp(name, PEM_STRING_PKCS7)) return 1; | 260 | !strcmp(name, PEM_STRING_PKCS7)) return 1; |
221 | 261 | ||
262 | #ifndef OPENSSL_NO_CMS | ||
263 | if(!strcmp(nm, PEM_STRING_X509) && | ||
264 | !strcmp(name, PEM_STRING_CMS)) return 1; | ||
265 | /* Allow CMS to be read from PKCS#7 headers */ | ||
266 | if(!strcmp(nm, PEM_STRING_PKCS7) && | ||
267 | !strcmp(name, PEM_STRING_CMS)) return 1; | ||
268 | #endif | ||
269 | |||
222 | return 0; | 270 | return 0; |
223 | } | 271 | } |
224 | 272 | ||
@@ -264,7 +312,7 @@ err: | |||
264 | 312 | ||
265 | #ifndef OPENSSL_NO_FP_API | 313 | #ifndef OPENSSL_NO_FP_API |
266 | int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, | 314 | int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, |
267 | char *x, const EVP_CIPHER *enc, unsigned char *kstr, | 315 | void *x, const EVP_CIPHER *enc, unsigned char *kstr, |
268 | int klen, pem_password_cb *callback, void *u) | 316 | int klen, pem_password_cb *callback, void *u) |
269 | { | 317 | { |
270 | BIO *b; | 318 | BIO *b; |
@@ -283,7 +331,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, | |||
283 | #endif | 331 | #endif |
284 | 332 | ||
285 | int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, | 333 | int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, |
286 | char *x, const EVP_CIPHER *enc, unsigned char *kstr, | 334 | void *x, const EVP_CIPHER *enc, unsigned char *kstr, |
287 | int klen, pem_password_cb *callback, void *u) | 335 | int klen, pem_password_cb *callback, void *u) |
288 | { | 336 | { |
289 | EVP_CIPHER_CTX ctx; | 337 | EVP_CIPHER_CTX ctx; |
@@ -782,3 +830,25 @@ err: | |||
782 | BUF_MEM_free(dataB); | 830 | BUF_MEM_free(dataB); |
783 | return(0); | 831 | return(0); |
784 | } | 832 | } |
833 | |||
834 | /* Check pem string and return prefix length. | ||
835 | * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" | ||
836 | * the return value is 3 for the string "RSA". | ||
837 | */ | ||
838 | |||
839 | int pem_check_suffix(const char *pem_str, const char *suffix) | ||
840 | { | ||
841 | int pem_len = strlen(pem_str); | ||
842 | int suffix_len = strlen(suffix); | ||
843 | const char *p; | ||
844 | if (suffix_len + 1 >= pem_len) | ||
845 | return 0; | ||
846 | p = pem_str + pem_len - suffix_len; | ||
847 | if (strcmp(p, suffix)) | ||
848 | return 0; | ||
849 | p--; | ||
850 | if (*p != ' ') | ||
851 | return 0; | ||
852 | return p - pem_str; | ||
853 | } | ||
854 | |||
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c index 4da4c31ce5..8ecf24903b 100644 --- a/src/lib/libcrypto/pem/pem_pkey.c +++ b/src/lib/libcrypto/pem/pem_pkey.c | |||
@@ -65,7 +65,12 @@ | |||
65 | #include <openssl/x509.h> | 65 | #include <openssl/x509.h> |
66 | #include <openssl/pkcs12.h> | 66 | #include <openssl/pkcs12.h> |
67 | #include <openssl/pem.h> | 67 | #include <openssl/pem.h> |
68 | #ifndef OPENSSL_NO_ENGINE | ||
69 | #include <openssl/engine.h> | ||
70 | #endif | ||
71 | #include "asn1_locl.h" | ||
68 | 72 | ||
73 | int pem_check_suffix(const char *pem_str, const char *suffix); | ||
69 | 74 | ||
70 | EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) | 75 | EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) |
71 | { | 76 | { |
@@ -73,19 +78,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo | |||
73 | const unsigned char *p=NULL; | 78 | const unsigned char *p=NULL; |
74 | unsigned char *data=NULL; | 79 | unsigned char *data=NULL; |
75 | long len; | 80 | long len; |
81 | int slen; | ||
76 | EVP_PKEY *ret=NULL; | 82 | EVP_PKEY *ret=NULL; |
77 | 83 | ||
78 | if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) | 84 | if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) |
79 | return NULL; | 85 | return NULL; |
80 | p = data; | 86 | p = data; |
81 | 87 | ||
82 | if (strcmp(nm,PEM_STRING_RSA) == 0) | 88 | if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { |
83 | ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); | ||
84 | else if (strcmp(nm,PEM_STRING_DSA) == 0) | ||
85 | ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); | ||
86 | else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0) | ||
87 | ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); | ||
88 | else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { | ||
89 | PKCS8_PRIV_KEY_INFO *p8inf; | 89 | PKCS8_PRIV_KEY_INFO *p8inf; |
90 | p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); | 90 | p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); |
91 | if(!p8inf) goto p8err; | 91 | if(!p8inf) goto p8err; |
@@ -119,7 +119,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo | |||
119 | *x = ret; | 119 | *x = ret; |
120 | } | 120 | } |
121 | PKCS8_PRIV_KEY_INFO_free(p8inf); | 121 | PKCS8_PRIV_KEY_INFO_free(p8inf); |
122 | } | 122 | } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) |
123 | { | ||
124 | const EVP_PKEY_ASN1_METHOD *ameth; | ||
125 | ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); | ||
126 | if (!ameth || !ameth->old_priv_decode) | ||
127 | goto p8err; | ||
128 | ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len); | ||
129 | } | ||
123 | p8err: | 130 | p8err: |
124 | if (ret == NULL) | 131 | if (ret == NULL) |
125 | PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); | 132 | PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); |
@@ -130,6 +137,74 @@ err: | |||
130 | return(ret); | 137 | return(ret); |
131 | } | 138 | } |
132 | 139 | ||
140 | int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, | ||
141 | unsigned char *kstr, int klen, | ||
142 | pem_password_cb *cb, void *u) | ||
143 | { | ||
144 | char pem_str[80]; | ||
145 | if (!x->ameth || x->ameth->priv_encode) | ||
146 | return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, | ||
147 | (char *)kstr, klen, | ||
148 | cb, u); | ||
149 | |||
150 | BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); | ||
151 | return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, | ||
152 | pem_str,bp,x,enc,kstr,klen,cb,u); | ||
153 | } | ||
154 | |||
155 | EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) | ||
156 | { | ||
157 | char *nm=NULL; | ||
158 | const unsigned char *p=NULL; | ||
159 | unsigned char *data=NULL; | ||
160 | long len; | ||
161 | int slen; | ||
162 | EVP_PKEY *ret=NULL; | ||
163 | |||
164 | if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS, | ||
165 | bp, 0, NULL)) | ||
166 | return NULL; | ||
167 | p = data; | ||
168 | |||
169 | if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) | ||
170 | { | ||
171 | ret = EVP_PKEY_new(); | ||
172 | if (!ret) | ||
173 | goto err; | ||
174 | if (!EVP_PKEY_set_type_str(ret, nm, slen) | ||
175 | || !ret->ameth->param_decode | ||
176 | || !ret->ameth->param_decode(ret, &p, len)) | ||
177 | { | ||
178 | EVP_PKEY_free(ret); | ||
179 | ret = NULL; | ||
180 | goto err; | ||
181 | } | ||
182 | if(x) | ||
183 | { | ||
184 | if(*x) EVP_PKEY_free((EVP_PKEY *)*x); | ||
185 | *x = ret; | ||
186 | } | ||
187 | } | ||
188 | err: | ||
189 | if (ret == NULL) | ||
190 | PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB); | ||
191 | OPENSSL_free(nm); | ||
192 | OPENSSL_free(data); | ||
193 | return(ret); | ||
194 | } | ||
195 | |||
196 | int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) | ||
197 | { | ||
198 | char pem_str[80]; | ||
199 | if (!x->ameth || !x->ameth->param_encode) | ||
200 | return 0; | ||
201 | |||
202 | BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str); | ||
203 | return PEM_ASN1_write_bio( | ||
204 | (i2d_of_void *)x->ameth->param_encode, | ||
205 | pem_str,bp,x,NULL,NULL,0,0,NULL); | ||
206 | } | ||
207 | |||
133 | #ifndef OPENSSL_NO_FP_API | 208 | #ifndef OPENSSL_NO_FP_API |
134 | EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) | 209 | EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) |
135 | { | 210 | { |
@@ -146,4 +221,22 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void | |||
146 | BIO_free(b); | 221 | BIO_free(b); |
147 | return(ret); | 222 | return(ret); |
148 | } | 223 | } |
224 | |||
225 | int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, | ||
226 | unsigned char *kstr, int klen, | ||
227 | pem_password_cb *cb, void *u) | ||
228 | { | ||
229 | BIO *b; | ||
230 | int ret; | ||
231 | |||
232 | if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) | ||
233 | { | ||
234 | PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB); | ||
235 | return 0; | ||
236 | } | ||
237 | ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); | ||
238 | BIO_free(b); | ||
239 | return ret; | ||
240 | } | ||
241 | |||
149 | #endif | 242 | #endif |
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c index 4e554e5481..59690b56ae 100644 --- a/src/lib/libcrypto/pem/pem_seal.c +++ b/src/lib/libcrypto/pem/pem_seal.c | |||
@@ -100,7 +100,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, | |||
100 | 100 | ||
101 | EVP_CIPHER_CTX_init(&ctx->cipher); | 101 | EVP_CIPHER_CTX_init(&ctx->cipher); |
102 | ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); | 102 | ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); |
103 | if (!ret) goto err; | 103 | if (ret <= 0) goto err; |
104 | 104 | ||
105 | /* base64 encode the keys */ | 105 | /* base64 encode the keys */ |
106 | for (i=0; i<npubk; i++) | 106 | for (i=0; i<npubk; i++) |
diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c index 3f709f13e6..b531057dc9 100644 --- a/src/lib/libcrypto/pem/pem_x509.c +++ b/src/lib/libcrypto/pem/pem_x509.c | |||
@@ -57,7 +57,6 @@ | |||
57 | */ | 57 | */ |
58 | 58 | ||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | #undef SSLEAY_MACROS | ||
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
62 | #include <openssl/bio.h> | 61 | #include <openssl/bio.h> |
63 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c index 7cc7491009..328f796200 100644 --- a/src/lib/libcrypto/pem/pem_xaux.c +++ b/src/lib/libcrypto/pem/pem_xaux.c | |||
@@ -57,7 +57,6 @@ | |||
57 | */ | 57 | */ |
58 | 58 | ||
59 | #include <stdio.h> | 59 | #include <stdio.h> |
60 | #undef SSLEAY_MACROS | ||
61 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
62 | #include <openssl/bio.h> | 61 | #include <openssl/bio.h> |
63 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c new file mode 100644 index 0000000000..d998a67fa5 --- /dev/null +++ b/src/lib/libcrypto/pem/pvkfmt.c | |||
@@ -0,0 +1,942 @@ | |||
1 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
2 | * project 2005. | ||
3 | */ | ||
4 | /* ==================================================================== | ||
5 | * Copyright (c) 2005 The OpenSSL Project. All rights reserved. | ||
6 | * | ||
7 | * Redistribution and use in source and binary forms, with or without | ||
8 | * modification, are permitted provided that the following conditions | ||
9 | * are met: | ||
10 | * | ||
11 | * 1. Redistributions of source code must retain the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer. | ||
13 | * | ||
14 | * 2. Redistributions in binary form must reproduce the above copyright | ||
15 | * notice, this list of conditions and the following disclaimer in | ||
16 | * the documentation and/or other materials provided with the | ||
17 | * distribution. | ||
18 | * | ||
19 | * 3. All advertising materials mentioning features or use of this | ||
20 | * software must display the following acknowledgment: | ||
21 | * "This product includes software developed by the OpenSSL Project | ||
22 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
23 | * | ||
24 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
25 | * endorse or promote products derived from this software without | ||
26 | * prior written permission. For written permission, please contact | ||
27 | * licensing@OpenSSL.org. | ||
28 | * | ||
29 | * 5. Products derived from this software may not be called "OpenSSL" | ||
30 | * nor may "OpenSSL" appear in their names without prior written | ||
31 | * permission of the OpenSSL Project. | ||
32 | * | ||
33 | * 6. Redistributions of any form whatsoever must retain the following | ||
34 | * acknowledgment: | ||
35 | * "This product includes software developed by the OpenSSL Project | ||
36 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
37 | * | ||
38 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
39 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
40 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
41 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
42 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
43 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
44 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
45 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
46 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
47 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
48 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
49 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
50 | * ==================================================================== | ||
51 | * | ||
52 | * This product includes cryptographic software written by Eric Young | ||
53 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
54 | * Hudson (tjh@cryptsoft.com). | ||
55 | * | ||
56 | */ | ||
57 | |||
58 | /* Support for PVK format keys and related structures (such a PUBLICKEYBLOB | ||
59 | * and PRIVATEKEYBLOB). | ||
60 | */ | ||
61 | |||
62 | #include "cryptlib.h" | ||
63 | #include <openssl/pem.h> | ||
64 | #include <openssl/rand.h> | ||
65 | #include <openssl/bn.h> | ||
66 | #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) | ||
67 | #include <openssl/dsa.h> | ||
68 | #include <openssl/rsa.h> | ||
69 | |||
70 | /* Utility function: read a DWORD (4 byte unsigned integer) in little endian | ||
71 | * format | ||
72 | */ | ||
73 | |||
74 | static unsigned int read_ledword(const unsigned char **in) | ||
75 | { | ||
76 | const unsigned char *p = *in; | ||
77 | unsigned int ret; | ||
78 | ret = *p++; | ||
79 | ret |= (*p++ << 8); | ||
80 | ret |= (*p++ << 16); | ||
81 | ret |= (*p++ << 24); | ||
82 | *in = p; | ||
83 | return ret; | ||
84 | } | ||
85 | |||
86 | /* Read a BIGNUM in little endian format. The docs say that this should take up | ||
87 | * bitlen/8 bytes. | ||
88 | */ | ||
89 | |||
90 | static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) | ||
91 | { | ||
92 | const unsigned char *p; | ||
93 | unsigned char *tmpbuf, *q; | ||
94 | unsigned int i; | ||
95 | p = *in + nbyte - 1; | ||
96 | tmpbuf = OPENSSL_malloc(nbyte); | ||
97 | if (!tmpbuf) | ||
98 | return 0; | ||
99 | q = tmpbuf; | ||
100 | for (i = 0; i < nbyte; i++) | ||
101 | *q++ = *p--; | ||
102 | *r = BN_bin2bn(tmpbuf, nbyte, NULL); | ||
103 | OPENSSL_free(tmpbuf); | ||
104 | if (*r) | ||
105 | { | ||
106 | *in += nbyte; | ||
107 | return 1; | ||
108 | } | ||
109 | else | ||
110 | return 0; | ||
111 | } | ||
112 | |||
113 | |||
114 | /* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ | ||
115 | |||
116 | #define MS_PUBLICKEYBLOB 0x6 | ||
117 | #define MS_PRIVATEKEYBLOB 0x7 | ||
118 | #define MS_RSA1MAGIC 0x31415352L | ||
119 | #define MS_RSA2MAGIC 0x32415352L | ||
120 | #define MS_DSS1MAGIC 0x31535344L | ||
121 | #define MS_DSS2MAGIC 0x32535344L | ||
122 | |||
123 | #define MS_KEYALG_RSA_KEYX 0xa400 | ||
124 | #define MS_KEYALG_DSS_SIGN 0x2200 | ||
125 | |||
126 | #define MS_KEYTYPE_KEYX 0x1 | ||
127 | #define MS_KEYTYPE_SIGN 0x2 | ||
128 | |||
129 | /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ | ||
130 | #define MS_PVKMAGIC 0xb0b5f11eL | ||
131 | /* Salt length for PVK files */ | ||
132 | #define PVK_SALTLEN 0x10 | ||
133 | |||
134 | static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, | ||
135 | unsigned int bitlen, int ispub); | ||
136 | static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, | ||
137 | unsigned int bitlen, int ispub); | ||
138 | |||
139 | static int do_blob_header(const unsigned char **in, unsigned int length, | ||
140 | unsigned int *pmagic, unsigned int *pbitlen, | ||
141 | int *pisdss, int *pispub) | ||
142 | { | ||
143 | const unsigned char *p = *in; | ||
144 | if (length < 16) | ||
145 | return 0; | ||
146 | /* bType */ | ||
147 | if (*p == MS_PUBLICKEYBLOB) | ||
148 | { | ||
149 | if (*pispub == 0) | ||
150 | { | ||
151 | PEMerr(PEM_F_DO_BLOB_HEADER, | ||
152 | PEM_R_EXPECTING_PRIVATE_KEY_BLOB); | ||
153 | return 0; | ||
154 | } | ||
155 | *pispub = 1; | ||
156 | } | ||
157 | else if (*p == MS_PRIVATEKEYBLOB) | ||
158 | { | ||
159 | if (*pispub == 1) | ||
160 | { | ||
161 | PEMerr(PEM_F_DO_BLOB_HEADER, | ||
162 | PEM_R_EXPECTING_PUBLIC_KEY_BLOB); | ||
163 | return 0; | ||
164 | } | ||
165 | *pispub = 0; | ||
166 | } | ||
167 | else | ||
168 | return 0; | ||
169 | p++; | ||
170 | /* Version */ | ||
171 | if (*p++ != 0x2) | ||
172 | { | ||
173 | PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER); | ||
174 | return 0; | ||
175 | } | ||
176 | /* Ignore reserved, aiKeyAlg */ | ||
177 | p+= 6; | ||
178 | *pmagic = read_ledword(&p); | ||
179 | *pbitlen = read_ledword(&p); | ||
180 | *pisdss = 0; | ||
181 | switch (*pmagic) | ||
182 | { | ||
183 | |||
184 | case MS_DSS1MAGIC: | ||
185 | *pisdss = 1; | ||
186 | case MS_RSA1MAGIC: | ||
187 | if (*pispub == 0) | ||
188 | { | ||
189 | PEMerr(PEM_F_DO_BLOB_HEADER, | ||
190 | PEM_R_EXPECTING_PRIVATE_KEY_BLOB); | ||
191 | return 0; | ||
192 | } | ||
193 | break; | ||
194 | |||
195 | case MS_DSS2MAGIC: | ||
196 | *pisdss = 1; | ||
197 | case MS_RSA2MAGIC: | ||
198 | if (*pispub == 1) | ||
199 | { | ||
200 | PEMerr(PEM_F_DO_BLOB_HEADER, | ||
201 | PEM_R_EXPECTING_PUBLIC_KEY_BLOB); | ||
202 | return 0; | ||
203 | } | ||
204 | break; | ||
205 | |||
206 | default: | ||
207 | PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER); | ||
208 | return -1; | ||
209 | } | ||
210 | *in = p; | ||
211 | return 1; | ||
212 | } | ||
213 | |||
214 | static unsigned int blob_length(unsigned bitlen, int isdss, int ispub) | ||
215 | { | ||
216 | unsigned int nbyte, hnbyte; | ||
217 | nbyte = (bitlen + 7) >> 3; | ||
218 | hnbyte = (bitlen + 15) >> 4; | ||
219 | if (isdss) | ||
220 | { | ||
221 | |||
222 | /* Expected length: 20 for q + 3 components bitlen each + 24 | ||
223 | * for seed structure. | ||
224 | */ | ||
225 | if (ispub) | ||
226 | return 44 + 3 * nbyte; | ||
227 | /* Expected length: 20 for q, priv, 2 bitlen components + 24 | ||
228 | * for seed structure. | ||
229 | */ | ||
230 | else | ||
231 | return 64 + 2 * nbyte; | ||
232 | } | ||
233 | else | ||
234 | { | ||
235 | /* Expected length: 4 for 'e' + 'n' */ | ||
236 | if (ispub) | ||
237 | return 4 + nbyte; | ||
238 | else | ||
239 | /* Expected length: 4 for 'e' and 7 other components. | ||
240 | * 2 components are bitlen size, 5 are bitlen/2 | ||
241 | */ | ||
242 | return 4 + 2*nbyte + 5*hnbyte; | ||
243 | } | ||
244 | |||
245 | } | ||
246 | |||
247 | static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, | ||
248 | int ispub) | ||
249 | { | ||
250 | const unsigned char *p = *in; | ||
251 | unsigned int bitlen, magic; | ||
252 | int isdss; | ||
253 | if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) | ||
254 | { | ||
255 | PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); | ||
256 | return NULL; | ||
257 | } | ||
258 | length -= 16; | ||
259 | if (length < blob_length(bitlen, isdss, ispub)) | ||
260 | { | ||
261 | PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT); | ||
262 | return NULL; | ||
263 | } | ||
264 | if (isdss) | ||
265 | return b2i_dss(&p, length, bitlen, ispub); | ||
266 | else | ||
267 | return b2i_rsa(&p, length, bitlen, ispub); | ||
268 | } | ||
269 | |||
270 | static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) | ||
271 | { | ||
272 | const unsigned char *p; | ||
273 | unsigned char hdr_buf[16], *buf = NULL; | ||
274 | unsigned int bitlen, magic, length; | ||
275 | int isdss; | ||
276 | EVP_PKEY *ret = NULL; | ||
277 | if (BIO_read(in, hdr_buf, 16) != 16) | ||
278 | { | ||
279 | PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); | ||
280 | return NULL; | ||
281 | } | ||
282 | p = hdr_buf; | ||
283 | if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) | ||
284 | return NULL; | ||
285 | |||
286 | length = blob_length(bitlen, isdss, ispub); | ||
287 | buf = OPENSSL_malloc(length); | ||
288 | if (!buf) | ||
289 | { | ||
290 | PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); | ||
291 | goto err; | ||
292 | } | ||
293 | p = buf; | ||
294 | if (BIO_read(in, buf, length) != (int)length) | ||
295 | { | ||
296 | PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT); | ||
297 | goto err; | ||
298 | } | ||
299 | |||
300 | if (isdss) | ||
301 | ret = b2i_dss(&p, length, bitlen, ispub); | ||
302 | else | ||
303 | ret = b2i_rsa(&p, length, bitlen, ispub); | ||
304 | |||
305 | err: | ||
306 | if (buf) | ||
307 | OPENSSL_free(buf); | ||
308 | return ret; | ||
309 | } | ||
310 | |||
311 | static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, | ||
312 | unsigned int bitlen, int ispub) | ||
313 | { | ||
314 | const unsigned char *p = *in; | ||
315 | EVP_PKEY *ret = NULL; | ||
316 | DSA *dsa = NULL; | ||
317 | BN_CTX *ctx = NULL; | ||
318 | unsigned int nbyte; | ||
319 | nbyte = (bitlen + 7) >> 3; | ||
320 | |||
321 | dsa = DSA_new(); | ||
322 | ret = EVP_PKEY_new(); | ||
323 | if (!dsa || !ret) | ||
324 | goto memerr; | ||
325 | if (!read_lebn(&p, nbyte, &dsa->p)) | ||
326 | goto memerr; | ||
327 | if (!read_lebn(&p, 20, &dsa->q)) | ||
328 | goto memerr; | ||
329 | if (!read_lebn(&p, nbyte, &dsa->g)) | ||
330 | goto memerr; | ||
331 | if (ispub) | ||
332 | { | ||
333 | if (!read_lebn(&p, nbyte, &dsa->pub_key)) | ||
334 | goto memerr; | ||
335 | } | ||
336 | else | ||
337 | { | ||
338 | if (!read_lebn(&p, 20, &dsa->priv_key)) | ||
339 | goto memerr; | ||
340 | /* Calculate public key */ | ||
341 | if (!(dsa->pub_key = BN_new())) | ||
342 | goto memerr; | ||
343 | if (!(ctx = BN_CTX_new())) | ||
344 | goto memerr; | ||
345 | |||
346 | if (!BN_mod_exp(dsa->pub_key, dsa->g, | ||
347 | dsa->priv_key, dsa->p, ctx)) | ||
348 | |||
349 | goto memerr; | ||
350 | BN_CTX_free(ctx); | ||
351 | } | ||
352 | |||
353 | EVP_PKEY_set1_DSA(ret, dsa); | ||
354 | DSA_free(dsa); | ||
355 | *in = p; | ||
356 | return ret; | ||
357 | |||
358 | memerr: | ||
359 | PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); | ||
360 | if (dsa) | ||
361 | DSA_free(dsa); | ||
362 | if (ret) | ||
363 | EVP_PKEY_free(ret); | ||
364 | if (ctx) | ||
365 | BN_CTX_free(ctx); | ||
366 | return NULL; | ||
367 | } | ||
368 | |||
369 | static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, | ||
370 | unsigned int bitlen, int ispub) | ||
371 | |||
372 | { | ||
373 | const unsigned char *p = *in; | ||
374 | EVP_PKEY *ret = NULL; | ||
375 | RSA *rsa = NULL; | ||
376 | unsigned int nbyte, hnbyte; | ||
377 | nbyte = (bitlen + 7) >> 3; | ||
378 | hnbyte = (bitlen + 15) >> 4; | ||
379 | rsa = RSA_new(); | ||
380 | ret = EVP_PKEY_new(); | ||
381 | if (!rsa || !ret) | ||
382 | goto memerr; | ||
383 | rsa->e = BN_new(); | ||
384 | if (!rsa->e) | ||
385 | goto memerr; | ||
386 | if (!BN_set_word(rsa->e, read_ledword(&p))) | ||
387 | goto memerr; | ||
388 | if (!read_lebn(&p, nbyte, &rsa->n)) | ||
389 | goto memerr; | ||
390 | if (!ispub) | ||
391 | { | ||
392 | if (!read_lebn(&p, hnbyte, &rsa->p)) | ||
393 | goto memerr; | ||
394 | if (!read_lebn(&p, hnbyte, &rsa->q)) | ||
395 | goto memerr; | ||
396 | if (!read_lebn(&p, hnbyte, &rsa->dmp1)) | ||
397 | goto memerr; | ||
398 | if (!read_lebn(&p, hnbyte, &rsa->dmq1)) | ||
399 | goto memerr; | ||
400 | if (!read_lebn(&p, hnbyte, &rsa->iqmp)) | ||
401 | goto memerr; | ||
402 | if (!read_lebn(&p, nbyte, &rsa->d)) | ||
403 | goto memerr; | ||
404 | } | ||
405 | |||
406 | EVP_PKEY_set1_RSA(ret, rsa); | ||
407 | RSA_free(rsa); | ||
408 | *in = p; | ||
409 | return ret; | ||
410 | memerr: | ||
411 | PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); | ||
412 | if (rsa) | ||
413 | RSA_free(rsa); | ||
414 | if (ret) | ||
415 | EVP_PKEY_free(ret); | ||
416 | return NULL; | ||
417 | } | ||
418 | |||
419 | EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length) | ||
420 | { | ||
421 | return do_b2i(in, length, 0); | ||
422 | } | ||
423 | |||
424 | EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length) | ||
425 | { | ||
426 | return do_b2i(in, length, 1); | ||
427 | } | ||
428 | |||
429 | |||
430 | EVP_PKEY *b2i_PrivateKey_bio(BIO *in) | ||
431 | { | ||
432 | return do_b2i_bio(in, 0); | ||
433 | } | ||
434 | |||
435 | EVP_PKEY *b2i_PublicKey_bio(BIO *in) | ||
436 | { | ||
437 | return do_b2i_bio(in, 1); | ||
438 | } | ||
439 | |||
440 | static void write_ledword(unsigned char **out, unsigned int dw) | ||
441 | { | ||
442 | unsigned char *p = *out; | ||
443 | *p++ = dw & 0xff; | ||
444 | *p++ = (dw>>8) & 0xff; | ||
445 | *p++ = (dw>>16) & 0xff; | ||
446 | *p++ = (dw>>24) & 0xff; | ||
447 | *out = p; | ||
448 | } | ||
449 | |||
450 | static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) | ||
451 | { | ||
452 | int nb, i; | ||
453 | unsigned char *p = *out, *q, c; | ||
454 | nb = BN_num_bytes(bn); | ||
455 | BN_bn2bin(bn, p); | ||
456 | q = p + nb - 1; | ||
457 | /* In place byte order reversal */ | ||
458 | for (i = 0; i < nb/2; i++) | ||
459 | { | ||
460 | c = *p; | ||
461 | *p++ = *q; | ||
462 | *q-- = c; | ||
463 | } | ||
464 | *out += nb; | ||
465 | /* Pad with zeroes if we have to */ | ||
466 | if (len > 0) | ||
467 | { | ||
468 | len -= nb; | ||
469 | if (len > 0) | ||
470 | { | ||
471 | memset(*out, 0, len); | ||
472 | *out += len; | ||
473 | } | ||
474 | } | ||
475 | } | ||
476 | |||
477 | |||
478 | static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); | ||
479 | static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic); | ||
480 | |||
481 | static void write_rsa(unsigned char **out, RSA *rsa, int ispub); | ||
482 | static void write_dsa(unsigned char **out, DSA *dsa, int ispub); | ||
483 | |||
484 | static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) | ||
485 | { | ||
486 | unsigned char *p; | ||
487 | unsigned int bitlen, magic = 0, keyalg; | ||
488 | int outlen, noinc = 0; | ||
489 | if (pk->type == EVP_PKEY_DSA) | ||
490 | { | ||
491 | bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); | ||
492 | keyalg = MS_KEYALG_DSS_SIGN; | ||
493 | } | ||
494 | else if (pk->type == EVP_PKEY_RSA) | ||
495 | { | ||
496 | bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); | ||
497 | keyalg = MS_KEYALG_RSA_KEYX; | ||
498 | } | ||
499 | else | ||
500 | return -1; | ||
501 | if (bitlen == 0) | ||
502 | return -1; | ||
503 | outlen = 16 + blob_length(bitlen, | ||
504 | keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub); | ||
505 | if (out == NULL) | ||
506 | return outlen; | ||
507 | if (*out) | ||
508 | p = *out; | ||
509 | else | ||
510 | { | ||
511 | p = OPENSSL_malloc(outlen); | ||
512 | if (!p) | ||
513 | return -1; | ||
514 | *out = p; | ||
515 | noinc = 1; | ||
516 | } | ||
517 | if (ispub) | ||
518 | *p++ = MS_PUBLICKEYBLOB; | ||
519 | else | ||
520 | *p++ = MS_PRIVATEKEYBLOB; | ||
521 | *p++ = 0x2; | ||
522 | *p++ = 0; | ||
523 | *p++ = 0; | ||
524 | write_ledword(&p, keyalg); | ||
525 | write_ledword(&p, magic); | ||
526 | write_ledword(&p, bitlen); | ||
527 | if (keyalg == MS_KEYALG_DSS_SIGN) | ||
528 | write_dsa(&p, pk->pkey.dsa, ispub); | ||
529 | else | ||
530 | write_rsa(&p, pk->pkey.rsa, ispub); | ||
531 | if (!noinc) | ||
532 | *out += outlen; | ||
533 | return outlen; | ||
534 | } | ||
535 | |||
536 | static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) | ||
537 | { | ||
538 | unsigned char *tmp = NULL; | ||
539 | int outlen, wrlen; | ||
540 | outlen = do_i2b(&tmp, pk, ispub); | ||
541 | if (outlen < 0) | ||
542 | return -1; | ||
543 | wrlen = BIO_write(out, tmp, outlen); | ||
544 | OPENSSL_free(tmp); | ||
545 | if (wrlen == outlen) | ||
546 | return outlen; | ||
547 | return -1; | ||
548 | } | ||
549 | |||
550 | static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) | ||
551 | { | ||
552 | int bitlen; | ||
553 | bitlen = BN_num_bits(dsa->p); | ||
554 | if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) | ||
555 | || (BN_num_bits(dsa->g) > bitlen)) | ||
556 | goto badkey; | ||
557 | if (ispub) | ||
558 | { | ||
559 | if (BN_num_bits(dsa->pub_key) > bitlen) | ||
560 | goto badkey; | ||
561 | *pmagic = MS_DSS1MAGIC; | ||
562 | } | ||
563 | else | ||
564 | { | ||
565 | if (BN_num_bits(dsa->priv_key) > 160) | ||
566 | goto badkey; | ||
567 | *pmagic = MS_DSS2MAGIC; | ||
568 | } | ||
569 | |||
570 | return bitlen; | ||
571 | badkey: | ||
572 | PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); | ||
573 | return 0; | ||
574 | } | ||
575 | |||
576 | static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) | ||
577 | { | ||
578 | int nbyte, hnbyte, bitlen; | ||
579 | if (BN_num_bits(rsa->e) > 32) | ||
580 | goto badkey; | ||
581 | bitlen = BN_num_bits(rsa->n); | ||
582 | nbyte = BN_num_bytes(rsa->n); | ||
583 | hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; | ||
584 | if (ispub) | ||
585 | { | ||
586 | *pmagic = MS_RSA1MAGIC; | ||
587 | return bitlen; | ||
588 | } | ||
589 | else | ||
590 | { | ||
591 | *pmagic = MS_RSA2MAGIC; | ||
592 | /* For private key each component must fit within nbyte or | ||
593 | * hnbyte. | ||
594 | */ | ||
595 | if (BN_num_bytes(rsa->d) > nbyte) | ||
596 | goto badkey; | ||
597 | if ((BN_num_bytes(rsa->iqmp) > hnbyte) | ||
598 | || (BN_num_bytes(rsa->p) > hnbyte) | ||
599 | || (BN_num_bytes(rsa->q) > hnbyte) | ||
600 | || (BN_num_bytes(rsa->dmp1) > hnbyte) | ||
601 | || (BN_num_bytes(rsa->dmq1) > hnbyte)) | ||
602 | goto badkey; | ||
603 | } | ||
604 | return bitlen; | ||
605 | badkey: | ||
606 | PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS); | ||
607 | return 0; | ||
608 | } | ||
609 | |||
610 | |||
611 | static void write_rsa(unsigned char **out, RSA *rsa, int ispub) | ||
612 | { | ||
613 | int nbyte, hnbyte; | ||
614 | nbyte = BN_num_bytes(rsa->n); | ||
615 | hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; | ||
616 | write_lebn(out, rsa->e, 4); | ||
617 | write_lebn(out, rsa->n, -1); | ||
618 | if (ispub) | ||
619 | return; | ||
620 | write_lebn(out, rsa->p, hnbyte); | ||
621 | write_lebn(out, rsa->q, hnbyte); | ||
622 | write_lebn(out, rsa->dmp1, hnbyte); | ||
623 | write_lebn(out, rsa->dmq1, hnbyte); | ||
624 | write_lebn(out, rsa->iqmp, hnbyte); | ||
625 | write_lebn(out, rsa->d, nbyte); | ||
626 | } | ||
627 | |||
628 | |||
629 | static void write_dsa(unsigned char **out, DSA *dsa, int ispub) | ||
630 | { | ||
631 | int nbyte; | ||
632 | nbyte = BN_num_bytes(dsa->p); | ||
633 | write_lebn(out, dsa->p, nbyte); | ||
634 | write_lebn(out, dsa->q, 20); | ||
635 | write_lebn(out, dsa->g, nbyte); | ||
636 | if (ispub) | ||
637 | write_lebn(out, dsa->pub_key, nbyte); | ||
638 | else | ||
639 | write_lebn(out, dsa->priv_key, 20); | ||
640 | /* Set "invalid" for seed structure values */ | ||
641 | memset(*out, 0xff, 24); | ||
642 | *out += 24; | ||
643 | return; | ||
644 | } | ||
645 | |||
646 | |||
647 | int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk) | ||
648 | { | ||
649 | return do_i2b_bio(out, pk, 0); | ||
650 | } | ||
651 | |||
652 | int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk) | ||
653 | { | ||
654 | return do_i2b_bio(out, pk, 1); | ||
655 | } | ||
656 | |||
657 | #ifndef OPENSSL_NO_RC4 | ||
658 | |||
659 | static int do_PVK_header(const unsigned char **in, unsigned int length, | ||
660 | int skip_magic, | ||
661 | unsigned int *psaltlen, unsigned int *pkeylen) | ||
662 | |||
663 | { | ||
664 | const unsigned char *p = *in; | ||
665 | unsigned int pvk_magic, keytype, is_encrypted; | ||
666 | if (skip_magic) | ||
667 | { | ||
668 | if (length < 20) | ||
669 | { | ||
670 | PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); | ||
671 | return 0; | ||
672 | } | ||
673 | length -= 20; | ||
674 | } | ||
675 | else | ||
676 | { | ||
677 | if (length < 24) | ||
678 | { | ||
679 | PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT); | ||
680 | return 0; | ||
681 | } | ||
682 | length -= 24; | ||
683 | pvk_magic = read_ledword(&p); | ||
684 | if (pvk_magic != MS_PVKMAGIC) | ||
685 | { | ||
686 | PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER); | ||
687 | return 0; | ||
688 | } | ||
689 | } | ||
690 | /* Skip reserved */ | ||
691 | p += 4; | ||
692 | keytype = read_ledword(&p); | ||
693 | is_encrypted = read_ledword(&p); | ||
694 | *psaltlen = read_ledword(&p); | ||
695 | *pkeylen = read_ledword(&p); | ||
696 | |||
697 | if (is_encrypted && !*psaltlen) | ||
698 | { | ||
699 | PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER); | ||
700 | return 0; | ||
701 | } | ||
702 | |||
703 | *in = p; | ||
704 | return 1; | ||
705 | } | ||
706 | |||
707 | static int derive_pvk_key(unsigned char *key, | ||
708 | const unsigned char *salt, unsigned int saltlen, | ||
709 | const unsigned char *pass, int passlen) | ||
710 | { | ||
711 | EVP_MD_CTX mctx; | ||
712 | EVP_MD_CTX_init(&mctx); | ||
713 | EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL); | ||
714 | EVP_DigestUpdate(&mctx, salt, saltlen); | ||
715 | EVP_DigestUpdate(&mctx, pass, passlen); | ||
716 | EVP_DigestFinal_ex(&mctx, key, NULL); | ||
717 | EVP_MD_CTX_cleanup(&mctx); | ||
718 | return 1; | ||
719 | } | ||
720 | |||
721 | |||
722 | static EVP_PKEY *do_PVK_body(const unsigned char **in, | ||
723 | unsigned int saltlen, unsigned int keylen, | ||
724 | pem_password_cb *cb, void *u) | ||
725 | { | ||
726 | EVP_PKEY *ret = NULL; | ||
727 | const unsigned char *p = *in; | ||
728 | unsigned int magic; | ||
729 | unsigned char *enctmp = NULL, *q; | ||
730 | if (saltlen) | ||
731 | { | ||
732 | char psbuf[PEM_BUFSIZE]; | ||
733 | unsigned char keybuf[20]; | ||
734 | EVP_CIPHER_CTX cctx; | ||
735 | int enctmplen, inlen; | ||
736 | if (cb) | ||
737 | inlen=cb(psbuf,PEM_BUFSIZE,0,u); | ||
738 | else | ||
739 | inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); | ||
740 | if (inlen <= 0) | ||
741 | { | ||
742 | PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ); | ||
743 | return NULL; | ||
744 | } | ||
745 | enctmp = OPENSSL_malloc(keylen + 8); | ||
746 | if (!enctmp) | ||
747 | { | ||
748 | PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); | ||
749 | return NULL; | ||
750 | } | ||
751 | if (!derive_pvk_key(keybuf, p, saltlen, | ||
752 | (unsigned char *)psbuf, inlen)) | ||
753 | return NULL; | ||
754 | p += saltlen; | ||
755 | /* Copy BLOBHEADER across, decrypt rest */ | ||
756 | memcpy(enctmp, p, 8); | ||
757 | p += 8; | ||
758 | inlen = keylen - 8; | ||
759 | q = enctmp + 8; | ||
760 | EVP_CIPHER_CTX_init(&cctx); | ||
761 | EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); | ||
762 | EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); | ||
763 | EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen); | ||
764 | magic = read_ledword((const unsigned char **)&q); | ||
765 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) | ||
766 | { | ||
767 | q = enctmp + 8; | ||
768 | memset(keybuf + 5, 0, 11); | ||
769 | EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, | ||
770 | NULL); | ||
771 | OPENSSL_cleanse(keybuf, 20); | ||
772 | EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen); | ||
773 | EVP_DecryptFinal_ex(&cctx, q + enctmplen, | ||
774 | &enctmplen); | ||
775 | magic = read_ledword((const unsigned char **)&q); | ||
776 | if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) | ||
777 | { | ||
778 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
779 | PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); | ||
780 | goto err; | ||
781 | } | ||
782 | } | ||
783 | else | ||
784 | OPENSSL_cleanse(keybuf, 20); | ||
785 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
786 | p = enctmp; | ||
787 | } | ||
788 | |||
789 | ret = b2i_PrivateKey(&p, keylen); | ||
790 | err: | ||
791 | if (enctmp && saltlen) | ||
792 | OPENSSL_free(enctmp); | ||
793 | return ret; | ||
794 | } | ||
795 | |||
796 | |||
797 | EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) | ||
798 | { | ||
799 | unsigned char pvk_hdr[24], *buf = NULL; | ||
800 | const unsigned char *p; | ||
801 | int buflen; | ||
802 | EVP_PKEY *ret = NULL; | ||
803 | unsigned int saltlen, keylen; | ||
804 | if (BIO_read(in, pvk_hdr, 24) != 24) | ||
805 | { | ||
806 | PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); | ||
807 | return NULL; | ||
808 | } | ||
809 | p = pvk_hdr; | ||
810 | |||
811 | if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) | ||
812 | return 0; | ||
813 | buflen = (int) keylen + saltlen; | ||
814 | buf = OPENSSL_malloc(buflen); | ||
815 | if (!buf) | ||
816 | { | ||
817 | PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); | ||
818 | return 0; | ||
819 | } | ||
820 | p = buf; | ||
821 | if (BIO_read(in, buf, buflen) != buflen) | ||
822 | { | ||
823 | PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT); | ||
824 | goto err; | ||
825 | } | ||
826 | ret = do_PVK_body(&p, saltlen, keylen, cb, u); | ||
827 | |||
828 | err: | ||
829 | if (buf) | ||
830 | { | ||
831 | OPENSSL_cleanse(buf, buflen); | ||
832 | OPENSSL_free(buf); | ||
833 | } | ||
834 | return ret; | ||
835 | } | ||
836 | |||
837 | |||
838 | |||
839 | static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, | ||
840 | pem_password_cb *cb, void *u) | ||
841 | { | ||
842 | int outlen = 24, noinc, pklen; | ||
843 | unsigned char *p, *salt = NULL; | ||
844 | if (enclevel) | ||
845 | outlen += PVK_SALTLEN; | ||
846 | pklen = do_i2b(NULL, pk, 0); | ||
847 | if (pklen < 0) | ||
848 | return -1; | ||
849 | outlen += pklen; | ||
850 | if (!out) | ||
851 | return outlen; | ||
852 | if (*out) | ||
853 | { | ||
854 | p = *out; | ||
855 | noinc = 0; | ||
856 | } | ||
857 | else | ||
858 | { | ||
859 | p = OPENSSL_malloc(outlen); | ||
860 | if (!p) | ||
861 | { | ||
862 | PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE); | ||
863 | return -1; | ||
864 | } | ||
865 | *out = p; | ||
866 | noinc = 1; | ||
867 | } | ||
868 | |||
869 | write_ledword(&p, MS_PVKMAGIC); | ||
870 | write_ledword(&p, 0); | ||
871 | if (pk->type == EVP_PKEY_DSA) | ||
872 | write_ledword(&p, MS_KEYTYPE_SIGN); | ||
873 | else | ||
874 | write_ledword(&p, MS_KEYTYPE_KEYX); | ||
875 | write_ledword(&p, enclevel ? 1 : 0); | ||
876 | write_ledword(&p, enclevel ? PVK_SALTLEN: 0); | ||
877 | write_ledword(&p, pklen); | ||
878 | if (enclevel) | ||
879 | { | ||
880 | if (RAND_bytes(p, PVK_SALTLEN) <= 0) | ||
881 | goto error; | ||
882 | salt = p; | ||
883 | p += PVK_SALTLEN; | ||
884 | } | ||
885 | do_i2b(&p, pk, 0); | ||
886 | if (enclevel == 0) | ||
887 | return outlen; | ||
888 | else | ||
889 | { | ||
890 | char psbuf[PEM_BUFSIZE]; | ||
891 | unsigned char keybuf[20]; | ||
892 | EVP_CIPHER_CTX cctx; | ||
893 | int enctmplen, inlen; | ||
894 | if (cb) | ||
895 | inlen=cb(psbuf,PEM_BUFSIZE,1,u); | ||
896 | else | ||
897 | inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u); | ||
898 | if (inlen <= 0) | ||
899 | { | ||
900 | PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ); | ||
901 | goto error; | ||
902 | } | ||
903 | if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, | ||
904 | (unsigned char *)psbuf, inlen)) | ||
905 | goto error; | ||
906 | if (enclevel == 1) | ||
907 | memset(keybuf + 5, 0, 11); | ||
908 | p = salt + PVK_SALTLEN + 8; | ||
909 | EVP_CIPHER_CTX_init(&cctx); | ||
910 | EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL); | ||
911 | OPENSSL_cleanse(keybuf, 20); | ||
912 | EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8); | ||
913 | EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen); | ||
914 | EVP_CIPHER_CTX_cleanup(&cctx); | ||
915 | } | ||
916 | return outlen; | ||
917 | |||
918 | error: | ||
919 | return -1; | ||
920 | } | ||
921 | |||
922 | int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, | ||
923 | pem_password_cb *cb, void *u) | ||
924 | { | ||
925 | unsigned char *tmp = NULL; | ||
926 | int outlen, wrlen; | ||
927 | outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); | ||
928 | if (outlen < 0) | ||
929 | return -1; | ||
930 | wrlen = BIO_write(out, tmp, outlen); | ||
931 | OPENSSL_free(tmp); | ||
932 | if (wrlen == outlen) | ||
933 | { | ||
934 | PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE); | ||
935 | return outlen; | ||
936 | } | ||
937 | return -1; | ||
938 | } | ||
939 | |||
940 | #endif | ||
941 | |||
942 | #endif | ||