summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pem
diff options
context:
space:
mode:
authordjm <>2010-10-01 22:54:21 +0000
committerdjm <>2010-10-01 22:54:21 +0000
commit829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch)
treee03b9f1bd051e844b971936729e9df549a209130 /src/lib/libcrypto/pem
parente6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff)
downloadopenbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip
import OpenSSL-1.0.0a
Diffstat (limited to 'src/lib/libcrypto/pem')
-rw-r--r--src/lib/libcrypto/pem/pem.h255
-rw-r--r--src/lib/libcrypto/pem/pem_all.c194
-rw-r--r--src/lib/libcrypto/pem/pem_err.c28
-rw-r--r--src/lib/libcrypto/pem/pem_info.c40
-rw-r--r--src/lib/libcrypto/pem/pem_lib.c100
-rw-r--r--src/lib/libcrypto/pem/pem_pkey.c109
-rw-r--r--src/lib/libcrypto/pem/pem_seal.c2
-rw-r--r--src/lib/libcrypto/pem/pem_x509.c1
-rw-r--r--src/lib/libcrypto/pem/pem_xaux.c1
-rw-r--r--src/lib/libcrypto/pem/pvkfmt.c942
10 files changed, 1241 insertions, 431 deletions
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 6c193f1cbf..8a6ababe3a 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -134,6 +134,7 @@ extern "C" {
134#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" 134#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
135#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" 135#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
136#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" 136#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
137#define PEM_STRING_PARAMETERS "PARAMETERS"
137#define PEM_STRING_CMS "CMS" 138#define PEM_STRING_CMS "CMS"
138 139
139 /* Note that this structure is initialised by PEM_SealInit and cleaned up 140 /* Note that this structure is initialised by PEM_SealInit and cleaned up
@@ -183,11 +184,8 @@ typedef struct pem_ctx_st
183 int num_recipient; 184 int num_recipient;
184 PEM_USER **recipient; 185 PEM_USER **recipient;
185 186
186#ifndef OPENSSL_NO_STACK 187 /* XXX(ben): don#t think this is used!
187 STACK *x509_chain; /* certificate chain */ 188 STACK *x509_chain; / * certificate chain */
188#else
189 char *x509_chain; /* certificate chain */
190#endif
191 EVP_MD *md; /* signature type */ 189 EVP_MD *md; /* signature type */
192 190
193 int md_enc; /* is the md encrypted or not? */ 191 int md_enc; /* is the md encrypted or not? */
@@ -224,28 +222,19 @@ typedef struct pem_ctx_st
224#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ 222#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
225type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ 223type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
226{ \ 224{ \
227 return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ 225return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
228 str, fp, \
229 CHECKED_PPTR_OF(type, x), \
230 cb, u); \
231} 226}
232 227
233#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ 228#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
234int PEM_write_##name(FILE *fp, type *x) \ 229int PEM_write_##name(FILE *fp, type *x) \
235{ \ 230{ \
236 return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ 231return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
237 str, fp, \
238 CHECKED_PTR_OF(type, x), \
239 NULL, NULL, 0, NULL, NULL); \
240} 232}
241 233
242#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ 234#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
243int PEM_write_##name(FILE *fp, const type *x) \ 235int PEM_write_##name(FILE *fp, const type *x) \
244{ \ 236{ \
245 return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ 237return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
246 str, fp, \
247 CHECKED_PTR_OF(const type, x), \
248 NULL, NULL, 0, NULL, NULL); \
249} 238}
250 239
251#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ 240#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
@@ -253,10 +242,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
253 unsigned char *kstr, int klen, pem_password_cb *cb, \ 242 unsigned char *kstr, int klen, pem_password_cb *cb, \
254 void *u) \ 243 void *u) \
255 { \ 244 { \
256 return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ 245 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
257 str, fp, \
258 CHECKED_PTR_OF(type, x), \
259 enc, kstr, klen, cb, u); \
260 } 246 }
261 247
262#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ 248#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
@@ -264,10 +250,7 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
264 unsigned char *kstr, int klen, pem_password_cb *cb, \ 250 unsigned char *kstr, int klen, pem_password_cb *cb, \
265 void *u) \ 251 void *u) \
266 { \ 252 { \
267 return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ 253 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
268 str, fp, \
269 CHECKED_PTR_OF(const type, x), \
270 enc, kstr, klen, cb, u); \
271 } 254 }
272 255
273#endif 256#endif
@@ -275,48 +258,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
275#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ 258#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
276type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ 259type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
277{ \ 260{ \
278 return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ 261return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
279 str, bp, \
280 CHECKED_PPTR_OF(type, x), \
281 cb, u); \
282} 262}
283 263
284#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ 264#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
285int PEM_write_bio_##name(BIO *bp, type *x) \ 265int PEM_write_bio_##name(BIO *bp, type *x) \
286{ \ 266{ \
287 return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ 267return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
288 str, bp, \
289 CHECKED_PTR_OF(type, x), \
290 NULL, NULL, 0, NULL, NULL); \
291} 268}
292 269
293#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ 270#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
294int PEM_write_bio_##name(BIO *bp, const type *x) \ 271int PEM_write_bio_##name(BIO *bp, const type *x) \
295{ \ 272{ \
296 return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ 273return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
297 str, bp, \
298 CHECKED_PTR_OF(const type, x), \
299 NULL, NULL, 0, NULL, NULL); \
300} 274}
301 275
302#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ 276#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
303int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ 277int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
304 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ 278 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
305 { \ 279 { \
306 return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ 280 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
307 str, bp, \
308 CHECKED_PTR_OF(type, x), \
309 enc, kstr, klen, cb, u); \
310 } 281 }
311 282
312#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ 283#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
313int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ 284int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
314 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ 285 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
315 { \ 286 { \
316 return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ 287 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
317 str, bp, \
318 CHECKED_PTR_OF(const type, x), \
319 enc, kstr, klen, cb, u); \
320 } 288 }
321 289
322#define IMPLEMENT_PEM_write(name, type, str, asn1) \ 290#define IMPLEMENT_PEM_write(name, type, str, asn1) \
@@ -353,11 +321,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
353 321
354/* These are the same except they are for the declarations */ 322/* These are the same except they are for the declarations */
355 323
356#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) 324#if defined(OPENSSL_NO_FP_API)
357 325
358#define DECLARE_PEM_read_fp(name, type) /**/ 326#define DECLARE_PEM_read_fp(name, type) /**/
359#define DECLARE_PEM_write_fp(name, type) /**/ 327#define DECLARE_PEM_write_fp(name, type) /**/
360#define DECLARE_PEM_write_fp_const(name, type) /**/
361#define DECLARE_PEM_write_cb_fp(name, type) /**/ 328#define DECLARE_PEM_write_cb_fp(name, type) /**/
362 329
363#else 330#else
@@ -428,138 +395,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
428 DECLARE_PEM_read(name, type) \ 395 DECLARE_PEM_read(name, type) \
429 DECLARE_PEM_write_cb(name, type) 396 DECLARE_PEM_write_cb(name, type)
430 397
431#ifdef SSLEAY_MACROS
432
433#define PEM_write_SSL_SESSION(fp,x) \
434 PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
435 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
436#define PEM_write_X509(fp,x) \
437 PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
438 (char *)x, NULL,NULL,0,NULL,NULL)
439#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
440 (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
441 NULL,NULL,0,NULL,NULL)
442#define PEM_write_X509_CRL(fp,x) \
443 PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
444 fp,(char *)x, NULL,NULL,0,NULL,NULL)
445#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
446 PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
447 (char *)x,enc,kstr,klen,cb,u)
448#define PEM_write_RSAPublicKey(fp,x) \
449 PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
450 PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
451#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
452 PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
453 (char *)x,enc,kstr,klen,cb,u)
454#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
455 PEM_ASN1_write((int (*)())i2d_PrivateKey,\
456 (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
457 bp,(char *)x,enc,kstr,klen,cb,u)
458#define PEM_write_PKCS7(fp,x) \
459 PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
460 (char *)x, NULL,NULL,0,NULL,NULL)
461#define PEM_write_DHparams(fp,x) \
462 PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
463 (char *)x,NULL,NULL,0,NULL,NULL)
464
465#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
466 PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
467 PEM_STRING_X509,fp, \
468 (char *)x, NULL,NULL,0,NULL,NULL)
469
470#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
471 (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
472#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
473 (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
474#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
475 (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
476#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
477 (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
478#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
479 (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
480#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
481 (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
482#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
483 (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
484#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
485 (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
486#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
487 (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
488#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
489 (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
490
491#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
492 (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
493 (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
494 (char **)x,cb,u)
495
496#define PEM_write_bio_X509(bp,x) \
497 PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
498 (char *)x, NULL,NULL,0,NULL,NULL)
499#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
500 (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
501 NULL,NULL,0,NULL,NULL)
502#define PEM_write_bio_X509_CRL(bp,x) \
503 PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
504 bp,(char *)x, NULL,NULL,0,NULL,NULL)
505#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
506 PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
507 bp,(char *)x,enc,kstr,klen,cb,u)
508#define PEM_write_bio_RSAPublicKey(bp,x) \
509 PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
510 PEM_STRING_RSA_PUBLIC,\
511 bp,(char *)x,NULL,NULL,0,NULL,NULL)
512#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
513 PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
514 bp,(char *)x,enc,kstr,klen,cb,u)
515#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
516 PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
517 (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
518 bp,(char *)x,enc,kstr,klen,cb,u)
519#define PEM_write_bio_PKCS7(bp,x) \
520 PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
521 (char *)x, NULL,NULL,0,NULL,NULL)
522#define PEM_write_bio_DHparams(bp,x) \
523 PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
524 bp,(char *)x,NULL,NULL,0,NULL,NULL)
525#define PEM_write_bio_DSAparams(bp,x) \
526 PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
527 PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
528
529#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
530 PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
531 PEM_STRING_X509,bp, \
532 (char *)x, NULL,NULL,0,NULL,NULL)
533
534#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
535 (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
536#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
537 (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
538#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
539 (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
540#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
541 (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
542#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
543 (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
544#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
545 (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
546#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
547 (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
548
549#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
550 (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
551#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
552 (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
553#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
554 (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
555
556#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
557 (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
558 (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
559 (char **)x,cb,u)
560
561#endif
562
563#if 1 398#if 1
564/* "userdata": new with OpenSSL 0.9.4 */ 399/* "userdata": new with OpenSSL 0.9.4 */
565typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); 400typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
@@ -581,40 +416,25 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char
581 pem_password_cb *cb, void *u); 416 pem_password_cb *cb, void *u);
582void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, 417void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
583 void **x, pem_password_cb *cb, void *u); 418 void **x, pem_password_cb *cb, void *u);
584 419int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x,
585#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
586 ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
587 name, bp, \
588 CHECKED_PPTR_OF(type, x), \
589 cb, u))
590
591int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,
592 const EVP_CIPHER *enc,unsigned char *kstr,int klen, 420 const EVP_CIPHER *enc,unsigned char *kstr,int klen,
593 pem_password_cb *cb, void *u); 421 pem_password_cb *cb, void *u);
594 422
595#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
596 (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
597 name, bp, \
598 CHECKED_PTR_OF(type, x), \
599 enc, kstr, klen, cb, u))
600
601STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); 423STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
602int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, 424int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
603 unsigned char *kstr, int klen, pem_password_cb *cd, void *u); 425 unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
604#endif 426#endif
605 427
606#ifndef OPENSSL_SYS_WIN16
607int PEM_read(FILE *fp, char **name, char **header, 428int PEM_read(FILE *fp, char **name, char **header,
608 unsigned char **data,long *len); 429 unsigned char **data,long *len);
609int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); 430int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
610void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, 431void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
611 pem_password_cb *cb, void *u); 432 pem_password_cb *cb, void *u);
612int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, 433int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
613 char *x,const EVP_CIPHER *enc,unsigned char *kstr, 434 void *x,const EVP_CIPHER *enc,unsigned char *kstr,
614 int klen,pem_password_cb *callback, void *u); 435 int klen,pem_password_cb *callback, void *u);
615STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, 436STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
616 pem_password_cb *cb, void *u); 437 pem_password_cb *cb, void *u);
617#endif
618 438
619int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, 439int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
620 EVP_MD *md_type, unsigned char **ek, int *ekl, 440 EVP_MD *md_type, unsigned char **ek, int *ekl,
@@ -633,7 +453,6 @@ int PEM_def_callback(char *buf, int num, int w, void *key);
633void PEM_proc_type(char *buf, int type); 453void PEM_proc_type(char *buf, int type);
634void PEM_dek_info(char *buf, const char *type, int len, char *str); 454void PEM_dek_info(char *buf, const char *type, int len, char *str);
635 455
636#ifndef SSLEAY_MACROS
637 456
638#include <openssl/symhacks.h> 457#include <openssl/symhacks.h>
639 458
@@ -719,7 +538,21 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, vo
719int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, 538int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
720 char *kstr,int klen, pem_password_cb *cd, void *u); 539 char *kstr,int klen, pem_password_cb *cd, void *u);
721 540
722#endif /* SSLEAY_MACROS */ 541EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
542int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
543
544
545EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
546EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
547EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
548EVP_PKEY *b2i_PublicKey_bio(BIO *in);
549int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
550int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
551#ifndef OPENSSL_NO_RC4
552EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
553int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
554 pem_password_cb *cb, void *u);
555#endif
723 556
724 557
725/* BEGIN ERROR CODES */ 558/* BEGIN ERROR CODES */
@@ -731,10 +564,22 @@ void ERR_load_PEM_strings(void);
731/* Error codes for the PEM functions. */ 564/* Error codes for the PEM functions. */
732 565
733/* Function codes. */ 566/* Function codes. */
567#define PEM_F_B2I_DSS 127
568#define PEM_F_B2I_PVK_BIO 128
569#define PEM_F_B2I_RSA 129
570#define PEM_F_CHECK_BITLEN_DSA 130
571#define PEM_F_CHECK_BITLEN_RSA 131
734#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 572#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120
735#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 573#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121
574#define PEM_F_DO_B2I 132
575#define PEM_F_DO_B2I_BIO 133
576#define PEM_F_DO_BLOB_HEADER 134
736#define PEM_F_DO_PK8PKEY 126 577#define PEM_F_DO_PK8PKEY 126
737#define PEM_F_DO_PK8PKEY_FP 125 578#define PEM_F_DO_PK8PKEY_FP 125
579#define PEM_F_DO_PVK_BODY 135
580#define PEM_F_DO_PVK_HEADER 136
581#define PEM_F_I2B_PVK 137
582#define PEM_F_I2B_PVK_BIO 138
738#define PEM_F_LOAD_IV 101 583#define PEM_F_LOAD_IV 101
739#define PEM_F_PEM_ASN1_READ 102 584#define PEM_F_PEM_ASN1_READ 102
740#define PEM_F_PEM_ASN1_READ_BIO 103 585#define PEM_F_PEM_ASN1_READ_BIO 103
@@ -747,6 +592,7 @@ void ERR_load_PEM_strings(void);
747#define PEM_F_PEM_PK8PKEY 119 592#define PEM_F_PEM_PK8PKEY 119
748#define PEM_F_PEM_READ 108 593#define PEM_F_PEM_READ 108
749#define PEM_F_PEM_READ_BIO 109 594#define PEM_F_PEM_READ_BIO 109
595#define PEM_F_PEM_READ_BIO_PARAMETERS 140
750#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 596#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123
751#define PEM_F_PEM_READ_PRIVATEKEY 124 597#define PEM_F_PEM_READ_PRIVATEKEY 124
752#define PEM_F_PEM_SEALFINAL 110 598#define PEM_F_PEM_SEALFINAL 110
@@ -754,6 +600,7 @@ void ERR_load_PEM_strings(void);
754#define PEM_F_PEM_SIGNFINAL 112 600#define PEM_F_PEM_SIGNFINAL 112
755#define PEM_F_PEM_WRITE 113 601#define PEM_F_PEM_WRITE 113
756#define PEM_F_PEM_WRITE_BIO 114 602#define PEM_F_PEM_WRITE_BIO 114
603#define PEM_F_PEM_WRITE_PRIVATEKEY 139
757#define PEM_F_PEM_X509_INFO_READ 115 604#define PEM_F_PEM_X509_INFO_READ 115
758#define PEM_F_PEM_X509_INFO_READ_BIO 116 605#define PEM_F_PEM_X509_INFO_READ_BIO 116
759#define PEM_F_PEM_X509_INFO_WRITE_BIO 117 606#define PEM_F_PEM_X509_INFO_WRITE_BIO 117
@@ -763,18 +610,30 @@ void ERR_load_PEM_strings(void);
763#define PEM_R_BAD_DECRYPT 101 610#define PEM_R_BAD_DECRYPT 101
764#define PEM_R_BAD_END_LINE 102 611#define PEM_R_BAD_END_LINE 102
765#define PEM_R_BAD_IV_CHARS 103 612#define PEM_R_BAD_IV_CHARS 103
613#define PEM_R_BAD_MAGIC_NUMBER 116
766#define PEM_R_BAD_PASSWORD_READ 104 614#define PEM_R_BAD_PASSWORD_READ 104
615#define PEM_R_BAD_VERSION_NUMBER 117
616#define PEM_R_BIO_WRITE_FAILURE 118
617#define PEM_R_CIPHER_IS_NULL 127
767#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 618#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
619#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119
620#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120
621#define PEM_R_INCONSISTENT_HEADER 121
622#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122
623#define PEM_R_KEYBLOB_TOO_SHORT 123
768#define PEM_R_NOT_DEK_INFO 105 624#define PEM_R_NOT_DEK_INFO 105
769#define PEM_R_NOT_ENCRYPTED 106 625#define PEM_R_NOT_ENCRYPTED 106
770#define PEM_R_NOT_PROC_TYPE 107 626#define PEM_R_NOT_PROC_TYPE 107
771#define PEM_R_NO_START_LINE 108 627#define PEM_R_NO_START_LINE 108
772#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 628#define PEM_R_PROBLEMS_GETTING_PASSWORD 109
773#define PEM_R_PUBLIC_KEY_NO_RSA 110 629#define PEM_R_PUBLIC_KEY_NO_RSA 110
630#define PEM_R_PVK_DATA_TOO_SHORT 124
631#define PEM_R_PVK_TOO_SHORT 125
774#define PEM_R_READ_KEY 111 632#define PEM_R_READ_KEY 111
775#define PEM_R_SHORT_HEADER 112 633#define PEM_R_SHORT_HEADER 112
776#define PEM_R_UNSUPPORTED_CIPHER 113 634#define PEM_R_UNSUPPORTED_CIPHER 113
777#define PEM_R_UNSUPPORTED_ENCRYPTION 114 635#define PEM_R_UNSUPPORTED_ENCRYPTION 114
636#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126
778 637
779#ifdef __cplusplus 638#ifdef __cplusplus
780} 639}
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index 69dd19bf2e..3e7a6093ad 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -110,7 +110,6 @@
110 */ 110 */
111 111
112#include <stdio.h> 112#include <stdio.h>
113#undef SSLEAY_MACROS
114#include "cryptlib.h" 113#include "cryptlib.h"
115#include <openssl/bio.h> 114#include <openssl/bio.h>
116#include <openssl/evp.h> 115#include <openssl/evp.h>
@@ -194,49 +193,7 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
194 193
195#endif 194#endif
196 195
197#ifdef OPENSSL_FIPS
198
199int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
200 unsigned char *kstr, int klen,
201 pem_password_cb *cb, void *u)
202{
203 EVP_PKEY *k;
204 int ret;
205 k = EVP_PKEY_new();
206 if (!k)
207 return 0;
208 EVP_PKEY_set1_RSA(k, x);
209
210 ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
211 EVP_PKEY_free(k);
212 return ret;
213}
214
215#ifndef OPENSSL_NO_FP_API
216int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
217 unsigned char *kstr, int klen,
218 pem_password_cb *cb, void *u)
219{
220 EVP_PKEY *k;
221 int ret;
222 k = EVP_PKEY_new();
223 if (!k)
224 return 0;
225
226 EVP_PKEY_set1_RSA(k, x);
227
228 ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
229 EVP_PKEY_free(k);
230 return ret;
231}
232#endif
233
234#else
235
236IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) 196IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
237
238#endif
239
240IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) 197IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
241IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) 198IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
242 199
@@ -263,50 +220,10 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
263{ 220{
264 EVP_PKEY *pktmp; 221 EVP_PKEY *pktmp;
265 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); 222 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
266 return pkey_get_dsa(pktmp, dsa); 223 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
267} 224}
268 225
269#ifdef OPENSSL_FIPS
270
271int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
272 unsigned char *kstr, int klen,
273 pem_password_cb *cb, void *u)
274{
275 EVP_PKEY *k;
276 int ret;
277 k = EVP_PKEY_new();
278 if (!k)
279 return 0;
280 EVP_PKEY_set1_DSA(k, x);
281
282 ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
283 EVP_PKEY_free(k);
284 return ret;
285}
286
287#ifndef OPENSSL_NO_FP_API
288int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
289 unsigned char *kstr, int klen,
290 pem_password_cb *cb, void *u)
291{
292 EVP_PKEY *k;
293 int ret;
294 k = EVP_PKEY_new();
295 if (!k)
296 return 0;
297 EVP_PKEY_set1_DSA(k, x);
298 ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
299 EVP_PKEY_free(k);
300 return ret;
301}
302#endif
303
304#else
305
306IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) 226IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
307
308#endif
309
310IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) 227IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
311 228
312#ifndef OPENSSL_NO_FP_API 229#ifndef OPENSSL_NO_FP_API
@@ -316,7 +233,7 @@ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
316{ 233{
317 EVP_PKEY *pktmp; 234 EVP_PKEY *pktmp;
318 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); 235 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
319 return pkey_get_dsa(pktmp, dsa); 236 return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
320} 237}
321 238
322#endif 239#endif
@@ -347,54 +264,13 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
347{ 264{
348 EVP_PKEY *pktmp; 265 EVP_PKEY *pktmp;
349 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); 266 pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
350 return pkey_get_eckey(pktmp, key); 267 return pkey_get_eckey(pktmp, key); /* will free pktmp */
351} 268}
352 269
353IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) 270IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
354 271
355
356
357#ifdef OPENSSL_FIPS
358
359int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
360 unsigned char *kstr, int klen,
361 pem_password_cb *cb, void *u)
362{
363 EVP_PKEY *k;
364 int ret;
365 k = EVP_PKEY_new();
366 if (!k)
367 return 0;
368 EVP_PKEY_set1_EC_KEY(k, x);
369
370 ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
371 EVP_PKEY_free(k);
372 return ret;
373}
374
375#ifndef OPENSSL_NO_FP_API
376int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
377 unsigned char *kstr, int klen,
378 pem_password_cb *cb, void *u)
379{
380 EVP_PKEY *k;
381 int ret;
382 k = EVP_PKEY_new();
383 if (!k)
384 return 0;
385 EVP_PKEY_set1_EC_KEY(k, x);
386 ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
387 EVP_PKEY_free(k);
388 return ret;
389}
390#endif
391
392#else
393
394IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) 272IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
395 273
396#endif
397
398IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) 274IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
399 275
400#ifndef OPENSSL_NO_FP_API 276#ifndef OPENSSL_NO_FP_API
@@ -404,7 +280,7 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
404{ 280{
405 EVP_PKEY *pktmp; 281 EVP_PKEY *pktmp;
406 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); 282 pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
407 return pkey_get_eckey(pktmp, eckey); 283 return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
408} 284}
409 285
410#endif 286#endif
@@ -417,66 +293,4 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
417 293
418#endif 294#endif
419 295
420
421/* The PrivateKey case is not that straightforward.
422 * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
423 * does not work, RSA and DSA keys have specific strings.
424 * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
425 * appropriate.)
426 */
427
428#ifdef OPENSSL_FIPS
429
430static const char *pkey_str(EVP_PKEY *x)
431 {
432 switch (x->type)
433 {
434 case EVP_PKEY_RSA:
435 return PEM_STRING_RSA;
436
437 case EVP_PKEY_DSA:
438 return PEM_STRING_DSA;
439
440 case EVP_PKEY_EC:
441 return PEM_STRING_ECPRIVATEKEY;
442
443 default:
444 return NULL;
445 }
446 }
447
448
449int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
450 unsigned char *kstr, int klen,
451 pem_password_cb *cb, void *u)
452 {
453 if (FIPS_mode())
454 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
455 (char *)kstr, klen, cb, u);
456 else
457 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
458 pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u);
459 }
460
461#ifndef OPENSSL_NO_FP_API
462int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
463 unsigned char *kstr, int klen,
464 pem_password_cb *cb, void *u)
465 {
466 if (FIPS_mode())
467 return PEM_write_PKCS8PrivateKey(fp, x, enc,
468 (char *)kstr, klen, cb, u);
469 else
470 return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
471 pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u);
472 }
473#endif
474
475#else
476IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
477 (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
478
479#endif
480
481IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) 296IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
482
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
index 3133563d77..d644aeedd4 100644
--- a/src/lib/libcrypto/pem/pem_err.c
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -1,6 +1,6 @@
1/* crypto/pem/pem_err.c */ 1/* crypto/pem/pem_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -70,10 +70,22 @@
70 70
71static ERR_STRING_DATA PEM_str_functs[]= 71static ERR_STRING_DATA PEM_str_functs[]=
72 { 72 {
73{ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"},
74{ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"},
75{ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"},
76{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"},
77{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"},
73{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, 78{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
74{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, 79{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
80{ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"},
81{ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"},
82{ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"},
75{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, 83{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
76{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, 84{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
85{ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"},
86{ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"},
87{ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"},
88{ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"},
77{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, 89{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
78{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, 90{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
79{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, 91{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
@@ -86,6 +98,7 @@ static ERR_STRING_DATA PEM_str_functs[]=
86{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, 98{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
87{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, 99{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
88{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, 100{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
101{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"},
89{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, 102{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
90{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, 103{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
91{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, 104{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
@@ -93,6 +106,7 @@ static ERR_STRING_DATA PEM_str_functs[]=
93{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, 106{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
94{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, 107{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
95{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, 108{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
109{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"},
96{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, 110{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
97{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, 111{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
98{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, 112{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
@@ -105,18 +119,30 @@ static ERR_STRING_DATA PEM_str_reasons[]=
105{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, 119{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"},
106{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, 120{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"},
107{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, 121{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"},
122{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) ,"bad magic number"},
108{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, 123{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"},
124{ERR_REASON(PEM_R_BAD_VERSION_NUMBER) ,"bad version number"},
125{ERR_REASON(PEM_R_BIO_WRITE_FAILURE) ,"bio write failure"},
126{ERR_REASON(PEM_R_CIPHER_IS_NULL) ,"cipher is null"},
109{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, 127{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
128{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"},
129{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"},
130{ERR_REASON(PEM_R_INCONSISTENT_HEADER) ,"inconsistent header"},
131{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"},
132{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) ,"keyblob too short"},
110{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, 133{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"},
111{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, 134{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"},
112{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, 135{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"},
113{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, 136{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"},
114{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, 137{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
115{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, 138{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"},
139{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) ,"pvk data too short"},
140{ERR_REASON(PEM_R_PVK_TOO_SHORT) ,"pvk too short"},
116{ERR_REASON(PEM_R_READ_KEY) ,"read key"}, 141{ERR_REASON(PEM_R_READ_KEY) ,"read key"},
117{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, 142{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"},
118{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, 143{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
119{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, 144{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
145{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"},
120{0,NULL} 146{0,NULL}
121 }; 147 };
122 148
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 3a273f6f70..1b2be527ed 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -98,8 +98,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe
98 long len,error=0; 98 long len,error=0;
99 int ok=0; 99 int ok=0;
100 STACK_OF(X509_INFO) *ret=NULL; 100 STACK_OF(X509_INFO) *ret=NULL;
101 unsigned int i,raw; 101 unsigned int i,raw,ptype;
102 d2i_of_void *d2i; 102 d2i_of_void *d2i = 0;
103 103
104 if (sk == NULL) 104 if (sk == NULL)
105 { 105 {
@@ -116,6 +116,7 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pe
116 for (;;) 116 for (;;)
117 { 117 {
118 raw=0; 118 raw=0;
119 ptype = 0;
119 i=PEM_read_bio(bp,&name,&header,&data,&len); 120 i=PEM_read_bio(bp,&name,&header,&data,&len);
120 if (i == 0) 121 if (i == 0)
121 { 122 {
@@ -166,7 +167,6 @@ start:
166#ifndef OPENSSL_NO_RSA 167#ifndef OPENSSL_NO_RSA
167 if (strcmp(name,PEM_STRING_RSA) == 0) 168 if (strcmp(name,PEM_STRING_RSA) == 0)
168 { 169 {
169 d2i=(D2I_OF(void))d2i_RSAPrivateKey;
170 if (xi->x_pkey != NULL) 170 if (xi->x_pkey != NULL)
171 { 171 {
172 if (!sk_X509_INFO_push(ret,xi)) goto err; 172 if (!sk_X509_INFO_push(ret,xi)) goto err;
@@ -178,10 +178,8 @@ start:
178 xi->enc_len=0; 178 xi->enc_len=0;
179 179
180 xi->x_pkey=X509_PKEY_new(); 180 xi->x_pkey=X509_PKEY_new();
181 if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) 181 ptype=EVP_PKEY_RSA;
182 goto err; 182 pp=&xi->x_pkey->dec_pkey;
183 xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
184 pp=&(xi->x_pkey->dec_pkey->pkey.rsa);
185 if ((int)strlen(header) > 10) /* assume encrypted */ 183 if ((int)strlen(header) > 10) /* assume encrypted */
186 raw=1; 184 raw=1;
187 } 185 }
@@ -202,10 +200,8 @@ start:
202 xi->enc_len=0; 200 xi->enc_len=0;
203 201
204 xi->x_pkey=X509_PKEY_new(); 202 xi->x_pkey=X509_PKEY_new();
205 if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) 203 ptype = EVP_PKEY_DSA;
206 goto err; 204 pp=&xi->x_pkey->dec_pkey;
207 xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
208 pp=&xi->x_pkey->dec_pkey->pkey.dsa;
209 if ((int)strlen(header) > 10) /* assume encrypted */ 205 if ((int)strlen(header) > 10) /* assume encrypted */
210 raw=1; 206 raw=1;
211 } 207 }
@@ -226,10 +222,8 @@ start:
226 xi->enc_len=0; 222 xi->enc_len=0;
227 223
228 xi->x_pkey=X509_PKEY_new(); 224 xi->x_pkey=X509_PKEY_new();
229 if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) 225 ptype = EVP_PKEY_EC;
230 goto err; 226 pp=&xi->x_pkey->dec_pkey;
231 xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;
232 pp=&(xi->x_pkey->dec_pkey->pkey.ec);
233 if ((int)strlen(header) > 10) /* assume encrypted */ 227 if ((int)strlen(header) > 10) /* assume encrypted */
234 raw=1; 228 raw=1;
235 } 229 }
@@ -251,7 +245,15 @@ start:
251 if (!PEM_do_header(&cipher,data,&len,cb,u)) 245 if (!PEM_do_header(&cipher,data,&len,cb,u))
252 goto err; 246 goto err;
253 p=data; 247 p=data;
254 if (d2i(pp,&p,len) == NULL) 248 if (ptype)
249 {
250 if (!d2i_PrivateKey(ptype, pp, &p, len))
251 {
252 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
253 goto err;
254 }
255 }
256 else if (d2i(pp,&p,len) == NULL)
255 { 257 {
256 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); 258 PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
257 goto err; 259 goto err;
@@ -337,6 +339,12 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
337 { 339 {
338 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) 340 if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
339 { 341 {
342 if (enc == NULL)
343 {
344 PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL);
345 goto err;
346 }
347
340 /* copy from weirdo names into more normal things */ 348 /* copy from weirdo names into more normal things */
341 iv=xi->enc_cipher.iv; 349 iv=xi->enc_cipher.iv;
342 data=(unsigned char *)xi->enc_data; 350 data=(unsigned char *)xi->enc_data;
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index cbafefe416..42e4861bc1 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -57,6 +57,7 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include <ctype.h>
60#include "cryptlib.h" 61#include "cryptlib.h"
61#include <openssl/buffer.h> 62#include <openssl/buffer.h>
62#include <openssl/objects.h> 63#include <openssl/objects.h>
@@ -65,9 +66,13 @@
65#include <openssl/x509.h> 66#include <openssl/x509.h>
66#include <openssl/pem.h> 67#include <openssl/pem.h>
67#include <openssl/pkcs12.h> 68#include <openssl/pkcs12.h>
69#include "asn1_locl.h"
68#ifndef OPENSSL_NO_DES 70#ifndef OPENSSL_NO_DES
69#include <openssl/des.h> 71#include <openssl/des.h>
70#endif 72#endif
73#ifndef OPENSSL_NO_ENGINE
74#include <openssl/engine.h>
75#endif
71 76
72const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; 77const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
73 78
@@ -75,6 +80,7 @@ const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
75 80
76static int load_iv(char **fromp,unsigned char *to, int num); 81static int load_iv(char **fromp,unsigned char *to, int num);
77static int check_pem(const char *nm, const char *name); 82static int check_pem(const char *nm, const char *name);
83int pem_check_suffix(const char *pem_str, const char *suffix);
78 84
79int PEM_def_callback(char *buf, int num, int w, void *key) 85int PEM_def_callback(char *buf, int num, int w, void *key)
80 { 86 {
@@ -99,7 +105,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
99 105
100 for (;;) 106 for (;;)
101 { 107 {
102 i=EVP_read_pw_string(buf,num,prompt,w); 108 i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
103 if (i != 0) 109 if (i != 0)
104 { 110 {
105 PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); 111 PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
@@ -183,20 +189,54 @@ static int check_pem(const char *nm, const char *name)
183 189
184 /* Make PEM_STRING_EVP_PKEY match any private key */ 190 /* Make PEM_STRING_EVP_PKEY match any private key */
185 191
186 if(!strcmp(nm,PEM_STRING_PKCS8) && 192 if(!strcmp(name,PEM_STRING_EVP_PKEY))
187 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; 193 {
188 194 int slen;
189 if(!strcmp(nm,PEM_STRING_PKCS8INF) && 195 const EVP_PKEY_ASN1_METHOD *ameth;
190 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; 196 if(!strcmp(nm,PEM_STRING_PKCS8))
191 197 return 1;
192 if(!strcmp(nm,PEM_STRING_RSA) && 198 if(!strcmp(nm,PEM_STRING_PKCS8INF))
193 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; 199 return 1;
200 slen = pem_check_suffix(nm, "PRIVATE KEY");
201 if (slen > 0)
202 {
203 /* NB: ENGINE implementations wont contain
204 * a deprecated old private key decode function
205 * so don't look for them.
206 */
207 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
208 if (ameth && ameth->old_priv_decode)
209 return 1;
210 }
211 return 0;
212 }
194 213
195 if(!strcmp(nm,PEM_STRING_DSA) && 214 if(!strcmp(name,PEM_STRING_PARAMETERS))
196 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; 215 {
216 int slen;
217 const EVP_PKEY_ASN1_METHOD *ameth;
218 slen = pem_check_suffix(nm, "PARAMETERS");
219 if (slen > 0)
220 {
221 ENGINE *e;
222 ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
223 if (ameth)
224 {
225 int r;
226 if (ameth->param_decode)
227 r = 1;
228 else
229 r = 0;
230#ifndef OPENSSL_NO_ENGINE
231 if (e)
232 ENGINE_finish(e);
233#endif
234 return r;
235 }
236 }
237 return 0;
238 }
197 239
198 if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&
199 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
200 /* Permit older strings */ 240 /* Permit older strings */
201 241
202 if(!strcmp(nm,PEM_STRING_X509_OLD) && 242 if(!strcmp(nm,PEM_STRING_X509_OLD) &&
@@ -219,6 +259,14 @@ static int check_pem(const char *nm, const char *name)
219 if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && 259 if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
220 !strcmp(name, PEM_STRING_PKCS7)) return 1; 260 !strcmp(name, PEM_STRING_PKCS7)) return 1;
221 261
262#ifndef OPENSSL_NO_CMS
263 if(!strcmp(nm, PEM_STRING_X509) &&
264 !strcmp(name, PEM_STRING_CMS)) return 1;
265 /* Allow CMS to be read from PKCS#7 headers */
266 if(!strcmp(nm, PEM_STRING_PKCS7) &&
267 !strcmp(name, PEM_STRING_CMS)) return 1;
268#endif
269
222 return 0; 270 return 0;
223} 271}
224 272
@@ -264,7 +312,7 @@ err:
264 312
265#ifndef OPENSSL_NO_FP_API 313#ifndef OPENSSL_NO_FP_API
266int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, 314int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
267 char *x, const EVP_CIPHER *enc, unsigned char *kstr, 315 void *x, const EVP_CIPHER *enc, unsigned char *kstr,
268 int klen, pem_password_cb *callback, void *u) 316 int klen, pem_password_cb *callback, void *u)
269 { 317 {
270 BIO *b; 318 BIO *b;
@@ -283,7 +331,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
283#endif 331#endif
284 332
285int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, 333int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
286 char *x, const EVP_CIPHER *enc, unsigned char *kstr, 334 void *x, const EVP_CIPHER *enc, unsigned char *kstr,
287 int klen, pem_password_cb *callback, void *u) 335 int klen, pem_password_cb *callback, void *u)
288 { 336 {
289 EVP_CIPHER_CTX ctx; 337 EVP_CIPHER_CTX ctx;
@@ -782,3 +830,25 @@ err:
782 BUF_MEM_free(dataB); 830 BUF_MEM_free(dataB);
783 return(0); 831 return(0);
784 } 832 }
833
834/* Check pem string and return prefix length.
835 * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY"
836 * the return value is 3 for the string "RSA".
837 */
838
839int pem_check_suffix(const char *pem_str, const char *suffix)
840 {
841 int pem_len = strlen(pem_str);
842 int suffix_len = strlen(suffix);
843 const char *p;
844 if (suffix_len + 1 >= pem_len)
845 return 0;
846 p = pem_str + pem_len - suffix_len;
847 if (strcmp(p, suffix))
848 return 0;
849 p--;
850 if (*p != ' ')
851 return 0;
852 return p - pem_str;
853 }
854
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index 4da4c31ce5..8ecf24903b 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -65,7 +65,12 @@
65#include <openssl/x509.h> 65#include <openssl/x509.h>
66#include <openssl/pkcs12.h> 66#include <openssl/pkcs12.h>
67#include <openssl/pem.h> 67#include <openssl/pem.h>
68#ifndef OPENSSL_NO_ENGINE
69#include <openssl/engine.h>
70#endif
71#include "asn1_locl.h"
68 72
73int pem_check_suffix(const char *pem_str, const char *suffix);
69 74
70EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) 75EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
71 { 76 {
@@ -73,19 +78,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
73 const unsigned char *p=NULL; 78 const unsigned char *p=NULL;
74 unsigned char *data=NULL; 79 unsigned char *data=NULL;
75 long len; 80 long len;
81 int slen;
76 EVP_PKEY *ret=NULL; 82 EVP_PKEY *ret=NULL;
77 83
78 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) 84 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
79 return NULL; 85 return NULL;
80 p = data; 86 p = data;
81 87
82 if (strcmp(nm,PEM_STRING_RSA) == 0) 88 if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
83 ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
84 else if (strcmp(nm,PEM_STRING_DSA) == 0)
85 ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
86 else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
87 ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
88 else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
89 PKCS8_PRIV_KEY_INFO *p8inf; 89 PKCS8_PRIV_KEY_INFO *p8inf;
90 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); 90 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
91 if(!p8inf) goto p8err; 91 if(!p8inf) goto p8err;
@@ -119,7 +119,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
119 *x = ret; 119 *x = ret;
120 } 120 }
121 PKCS8_PRIV_KEY_INFO_free(p8inf); 121 PKCS8_PRIV_KEY_INFO_free(p8inf);
122 } 122 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0)
123 {
124 const EVP_PKEY_ASN1_METHOD *ameth;
125 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
126 if (!ameth || !ameth->old_priv_decode)
127 goto p8err;
128 ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len);
129 }
123p8err: 130p8err:
124 if (ret == NULL) 131 if (ret == NULL)
125 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); 132 PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
@@ -130,6 +137,74 @@ err:
130 return(ret); 137 return(ret);
131 } 138 }
132 139
140int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
141 unsigned char *kstr, int klen,
142 pem_password_cb *cb, void *u)
143 {
144 char pem_str[80];
145 if (!x->ameth || x->ameth->priv_encode)
146 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
147 (char *)kstr, klen,
148 cb, u);
149
150 BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
151 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
152 pem_str,bp,x,enc,kstr,klen,cb,u);
153 }
154
155EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
156 {
157 char *nm=NULL;
158 const unsigned char *p=NULL;
159 unsigned char *data=NULL;
160 long len;
161 int slen;
162 EVP_PKEY *ret=NULL;
163
164 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
165 bp, 0, NULL))
166 return NULL;
167 p = data;
168
169 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0)
170 {
171 ret = EVP_PKEY_new();
172 if (!ret)
173 goto err;
174 if (!EVP_PKEY_set_type_str(ret, nm, slen)
175 || !ret->ameth->param_decode
176 || !ret->ameth->param_decode(ret, &p, len))
177 {
178 EVP_PKEY_free(ret);
179 ret = NULL;
180 goto err;
181 }
182 if(x)
183 {
184 if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
185 *x = ret;
186 }
187 }
188err:
189 if (ret == NULL)
190 PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB);
191 OPENSSL_free(nm);
192 OPENSSL_free(data);
193 return(ret);
194 }
195
196int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
197 {
198 char pem_str[80];
199 if (!x->ameth || !x->ameth->param_encode)
200 return 0;
201
202 BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
203 return PEM_ASN1_write_bio(
204 (i2d_of_void *)x->ameth->param_encode,
205 pem_str,bp,x,NULL,NULL,0,0,NULL);
206 }
207
133#ifndef OPENSSL_NO_FP_API 208#ifndef OPENSSL_NO_FP_API
134EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) 209EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
135 { 210 {
@@ -146,4 +221,22 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void
146 BIO_free(b); 221 BIO_free(b);
147 return(ret); 222 return(ret);
148 } 223 }
224
225int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
226 unsigned char *kstr, int klen,
227 pem_password_cb *cb, void *u)
228 {
229 BIO *b;
230 int ret;
231
232 if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
233 {
234 PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB);
235 return 0;
236 }
237 ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
238 BIO_free(b);
239 return ret;
240 }
241
149#endif 242#endif
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index 4e554e5481..59690b56ae 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -100,7 +100,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
100 100
101 EVP_CIPHER_CTX_init(&ctx->cipher); 101 EVP_CIPHER_CTX_init(&ctx->cipher);
102 ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); 102 ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
103 if (!ret) goto err; 103 if (ret <= 0) goto err;
104 104
105 /* base64 encode the keys */ 105 /* base64 encode the keys */
106 for (i=0; i<npubk; i++) 106 for (i=0; i<npubk; i++)
diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c
index 3f709f13e6..b531057dc9 100644
--- a/src/lib/libcrypto/pem/pem_x509.c
+++ b/src/lib/libcrypto/pem/pem_x509.c
@@ -57,7 +57,6 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include "cryptlib.h" 60#include "cryptlib.h"
62#include <openssl/bio.h> 61#include <openssl/bio.h>
63#include <openssl/evp.h> 62#include <openssl/evp.h>
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c
index 7cc7491009..328f796200 100644
--- a/src/lib/libcrypto/pem/pem_xaux.c
+++ b/src/lib/libcrypto/pem/pem_xaux.c
@@ -57,7 +57,6 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#undef SSLEAY_MACROS
61#include "cryptlib.h" 60#include "cryptlib.h"
62#include <openssl/bio.h> 61#include <openssl/bio.h>
63#include <openssl/evp.h> 62#include <openssl/evp.h>
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
new file mode 100644
index 0000000000..d998a67fa5
--- /dev/null
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -0,0 +1,942 @@
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2005.
3 */
4/* ====================================================================
5 * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB
59 * and PRIVATEKEYBLOB).
60 */
61
62#include "cryptlib.h"
63#include <openssl/pem.h>
64#include <openssl/rand.h>
65#include <openssl/bn.h>
66#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
67#include <openssl/dsa.h>
68#include <openssl/rsa.h>
69
70/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
71 * format
72 */
73
74static unsigned int read_ledword(const unsigned char **in)
75 {
76 const unsigned char *p = *in;
77 unsigned int ret;
78 ret = *p++;
79 ret |= (*p++ << 8);
80 ret |= (*p++ << 16);
81 ret |= (*p++ << 24);
82 *in = p;
83 return ret;
84 }
85
86/* Read a BIGNUM in little endian format. The docs say that this should take up
87 * bitlen/8 bytes.
88 */
89
90static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
91 {
92 const unsigned char *p;
93 unsigned char *tmpbuf, *q;
94 unsigned int i;
95 p = *in + nbyte - 1;
96 tmpbuf = OPENSSL_malloc(nbyte);
97 if (!tmpbuf)
98 return 0;
99 q = tmpbuf;
100 for (i = 0; i < nbyte; i++)
101 *q++ = *p--;
102 *r = BN_bin2bn(tmpbuf, nbyte, NULL);
103 OPENSSL_free(tmpbuf);
104 if (*r)
105 {
106 *in += nbyte;
107 return 1;
108 }
109 else
110 return 0;
111 }
112
113
114/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
115
116#define MS_PUBLICKEYBLOB 0x6
117#define MS_PRIVATEKEYBLOB 0x7
118#define MS_RSA1MAGIC 0x31415352L
119#define MS_RSA2MAGIC 0x32415352L
120#define MS_DSS1MAGIC 0x31535344L
121#define MS_DSS2MAGIC 0x32535344L
122
123#define MS_KEYALG_RSA_KEYX 0xa400
124#define MS_KEYALG_DSS_SIGN 0x2200
125
126#define MS_KEYTYPE_KEYX 0x1
127#define MS_KEYTYPE_SIGN 0x2
128
129/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
130#define MS_PVKMAGIC 0xb0b5f11eL
131/* Salt length for PVK files */
132#define PVK_SALTLEN 0x10
133
134static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
135 unsigned int bitlen, int ispub);
136static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
137 unsigned int bitlen, int ispub);
138
139static int do_blob_header(const unsigned char **in, unsigned int length,
140 unsigned int *pmagic, unsigned int *pbitlen,
141 int *pisdss, int *pispub)
142 {
143 const unsigned char *p = *in;
144 if (length < 16)
145 return 0;
146 /* bType */
147 if (*p == MS_PUBLICKEYBLOB)
148 {
149 if (*pispub == 0)
150 {
151 PEMerr(PEM_F_DO_BLOB_HEADER,
152 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
153 return 0;
154 }
155 *pispub = 1;
156 }
157 else if (*p == MS_PRIVATEKEYBLOB)
158 {
159 if (*pispub == 1)
160 {
161 PEMerr(PEM_F_DO_BLOB_HEADER,
162 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
163 return 0;
164 }
165 *pispub = 0;
166 }
167 else
168 return 0;
169 p++;
170 /* Version */
171 if (*p++ != 0x2)
172 {
173 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
174 return 0;
175 }
176 /* Ignore reserved, aiKeyAlg */
177 p+= 6;
178 *pmagic = read_ledword(&p);
179 *pbitlen = read_ledword(&p);
180 *pisdss = 0;
181 switch (*pmagic)
182 {
183
184 case MS_DSS1MAGIC:
185 *pisdss = 1;
186 case MS_RSA1MAGIC:
187 if (*pispub == 0)
188 {
189 PEMerr(PEM_F_DO_BLOB_HEADER,
190 PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
191 return 0;
192 }
193 break;
194
195 case MS_DSS2MAGIC:
196 *pisdss = 1;
197 case MS_RSA2MAGIC:
198 if (*pispub == 1)
199 {
200 PEMerr(PEM_F_DO_BLOB_HEADER,
201 PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
202 return 0;
203 }
204 break;
205
206 default:
207 PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
208 return -1;
209 }
210 *in = p;
211 return 1;
212 }
213
214static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
215 {
216 unsigned int nbyte, hnbyte;
217 nbyte = (bitlen + 7) >> 3;
218 hnbyte = (bitlen + 15) >> 4;
219 if (isdss)
220 {
221
222 /* Expected length: 20 for q + 3 components bitlen each + 24
223 * for seed structure.
224 */
225 if (ispub)
226 return 44 + 3 * nbyte;
227 /* Expected length: 20 for q, priv, 2 bitlen components + 24
228 * for seed structure.
229 */
230 else
231 return 64 + 2 * nbyte;
232 }
233 else
234 {
235 /* Expected length: 4 for 'e' + 'n' */
236 if (ispub)
237 return 4 + nbyte;
238 else
239 /* Expected length: 4 for 'e' and 7 other components.
240 * 2 components are bitlen size, 5 are bitlen/2
241 */
242 return 4 + 2*nbyte + 5*hnbyte;
243 }
244
245 }
246
247static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
248 int ispub)
249 {
250 const unsigned char *p = *in;
251 unsigned int bitlen, magic;
252 int isdss;
253 if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0)
254 {
255 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
256 return NULL;
257 }
258 length -= 16;
259 if (length < blob_length(bitlen, isdss, ispub))
260 {
261 PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
262 return NULL;
263 }
264 if (isdss)
265 return b2i_dss(&p, length, bitlen, ispub);
266 else
267 return b2i_rsa(&p, length, bitlen, ispub);
268 }
269
270static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
271 {
272 const unsigned char *p;
273 unsigned char hdr_buf[16], *buf = NULL;
274 unsigned int bitlen, magic, length;
275 int isdss;
276 EVP_PKEY *ret = NULL;
277 if (BIO_read(in, hdr_buf, 16) != 16)
278 {
279 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
280 return NULL;
281 }
282 p = hdr_buf;
283 if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
284 return NULL;
285
286 length = blob_length(bitlen, isdss, ispub);
287 buf = OPENSSL_malloc(length);
288 if (!buf)
289 {
290 PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
291 goto err;
292 }
293 p = buf;
294 if (BIO_read(in, buf, length) != (int)length)
295 {
296 PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
297 goto err;
298 }
299
300 if (isdss)
301 ret = b2i_dss(&p, length, bitlen, ispub);
302 else
303 ret = b2i_rsa(&p, length, bitlen, ispub);
304
305 err:
306 if (buf)
307 OPENSSL_free(buf);
308 return ret;
309 }
310
311static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
312 unsigned int bitlen, int ispub)
313 {
314 const unsigned char *p = *in;
315 EVP_PKEY *ret = NULL;
316 DSA *dsa = NULL;
317 BN_CTX *ctx = NULL;
318 unsigned int nbyte;
319 nbyte = (bitlen + 7) >> 3;
320
321 dsa = DSA_new();
322 ret = EVP_PKEY_new();
323 if (!dsa || !ret)
324 goto memerr;
325 if (!read_lebn(&p, nbyte, &dsa->p))
326 goto memerr;
327 if (!read_lebn(&p, 20, &dsa->q))
328 goto memerr;
329 if (!read_lebn(&p, nbyte, &dsa->g))
330 goto memerr;
331 if (ispub)
332 {
333 if (!read_lebn(&p, nbyte, &dsa->pub_key))
334 goto memerr;
335 }
336 else
337 {
338 if (!read_lebn(&p, 20, &dsa->priv_key))
339 goto memerr;
340 /* Calculate public key */
341 if (!(dsa->pub_key = BN_new()))
342 goto memerr;
343 if (!(ctx = BN_CTX_new()))
344 goto memerr;
345
346 if (!BN_mod_exp(dsa->pub_key, dsa->g,
347 dsa->priv_key, dsa->p, ctx))
348
349 goto memerr;
350 BN_CTX_free(ctx);
351 }
352
353 EVP_PKEY_set1_DSA(ret, dsa);
354 DSA_free(dsa);
355 *in = p;
356 return ret;
357
358 memerr:
359 PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
360 if (dsa)
361 DSA_free(dsa);
362 if (ret)
363 EVP_PKEY_free(ret);
364 if (ctx)
365 BN_CTX_free(ctx);
366 return NULL;
367 }
368
369static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
370 unsigned int bitlen, int ispub)
371
372 {
373 const unsigned char *p = *in;
374 EVP_PKEY *ret = NULL;
375 RSA *rsa = NULL;
376 unsigned int nbyte, hnbyte;
377 nbyte = (bitlen + 7) >> 3;
378 hnbyte = (bitlen + 15) >> 4;
379 rsa = RSA_new();
380 ret = EVP_PKEY_new();
381 if (!rsa || !ret)
382 goto memerr;
383 rsa->e = BN_new();
384 if (!rsa->e)
385 goto memerr;
386 if (!BN_set_word(rsa->e, read_ledword(&p)))
387 goto memerr;
388 if (!read_lebn(&p, nbyte, &rsa->n))
389 goto memerr;
390 if (!ispub)
391 {
392 if (!read_lebn(&p, hnbyte, &rsa->p))
393 goto memerr;
394 if (!read_lebn(&p, hnbyte, &rsa->q))
395 goto memerr;
396 if (!read_lebn(&p, hnbyte, &rsa->dmp1))
397 goto memerr;
398 if (!read_lebn(&p, hnbyte, &rsa->dmq1))
399 goto memerr;
400 if (!read_lebn(&p, hnbyte, &rsa->iqmp))
401 goto memerr;
402 if (!read_lebn(&p, nbyte, &rsa->d))
403 goto memerr;
404 }
405
406 EVP_PKEY_set1_RSA(ret, rsa);
407 RSA_free(rsa);
408 *in = p;
409 return ret;
410 memerr:
411 PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
412 if (rsa)
413 RSA_free(rsa);
414 if (ret)
415 EVP_PKEY_free(ret);
416 return NULL;
417 }
418
419EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
420 {
421 return do_b2i(in, length, 0);
422 }
423
424EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
425 {
426 return do_b2i(in, length, 1);
427 }
428
429
430EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
431 {
432 return do_b2i_bio(in, 0);
433 }
434
435EVP_PKEY *b2i_PublicKey_bio(BIO *in)
436 {
437 return do_b2i_bio(in, 1);
438 }
439
440static void write_ledword(unsigned char **out, unsigned int dw)
441 {
442 unsigned char *p = *out;
443 *p++ = dw & 0xff;
444 *p++ = (dw>>8) & 0xff;
445 *p++ = (dw>>16) & 0xff;
446 *p++ = (dw>>24) & 0xff;
447 *out = p;
448 }
449
450static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
451 {
452 int nb, i;
453 unsigned char *p = *out, *q, c;
454 nb = BN_num_bytes(bn);
455 BN_bn2bin(bn, p);
456 q = p + nb - 1;
457 /* In place byte order reversal */
458 for (i = 0; i < nb/2; i++)
459 {
460 c = *p;
461 *p++ = *q;
462 *q-- = c;
463 }
464 *out += nb;
465 /* Pad with zeroes if we have to */
466 if (len > 0)
467 {
468 len -= nb;
469 if (len > 0)
470 {
471 memset(*out, 0, len);
472 *out += len;
473 }
474 }
475 }
476
477
478static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
479static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
480
481static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
482static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
483
484static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
485 {
486 unsigned char *p;
487 unsigned int bitlen, magic = 0, keyalg;
488 int outlen, noinc = 0;
489 if (pk->type == EVP_PKEY_DSA)
490 {
491 bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
492 keyalg = MS_KEYALG_DSS_SIGN;
493 }
494 else if (pk->type == EVP_PKEY_RSA)
495 {
496 bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
497 keyalg = MS_KEYALG_RSA_KEYX;
498 }
499 else
500 return -1;
501 if (bitlen == 0)
502 return -1;
503 outlen = 16 + blob_length(bitlen,
504 keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
505 if (out == NULL)
506 return outlen;
507 if (*out)
508 p = *out;
509 else
510 {
511 p = OPENSSL_malloc(outlen);
512 if (!p)
513 return -1;
514 *out = p;
515 noinc = 1;
516 }
517 if (ispub)
518 *p++ = MS_PUBLICKEYBLOB;
519 else
520 *p++ = MS_PRIVATEKEYBLOB;
521 *p++ = 0x2;
522 *p++ = 0;
523 *p++ = 0;
524 write_ledword(&p, keyalg);
525 write_ledword(&p, magic);
526 write_ledword(&p, bitlen);
527 if (keyalg == MS_KEYALG_DSS_SIGN)
528 write_dsa(&p, pk->pkey.dsa, ispub);
529 else
530 write_rsa(&p, pk->pkey.rsa, ispub);
531 if (!noinc)
532 *out += outlen;
533 return outlen;
534 }
535
536static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
537 {
538 unsigned char *tmp = NULL;
539 int outlen, wrlen;
540 outlen = do_i2b(&tmp, pk, ispub);
541 if (outlen < 0)
542 return -1;
543 wrlen = BIO_write(out, tmp, outlen);
544 OPENSSL_free(tmp);
545 if (wrlen == outlen)
546 return outlen;
547 return -1;
548 }
549
550static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
551 {
552 int bitlen;
553 bitlen = BN_num_bits(dsa->p);
554 if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
555 || (BN_num_bits(dsa->g) > bitlen))
556 goto badkey;
557 if (ispub)
558 {
559 if (BN_num_bits(dsa->pub_key) > bitlen)
560 goto badkey;
561 *pmagic = MS_DSS1MAGIC;
562 }
563 else
564 {
565 if (BN_num_bits(dsa->priv_key) > 160)
566 goto badkey;
567 *pmagic = MS_DSS2MAGIC;
568 }
569
570 return bitlen;
571 badkey:
572 PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
573 return 0;
574 }
575
576static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
577 {
578 int nbyte, hnbyte, bitlen;
579 if (BN_num_bits(rsa->e) > 32)
580 goto badkey;
581 bitlen = BN_num_bits(rsa->n);
582 nbyte = BN_num_bytes(rsa->n);
583 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
584 if (ispub)
585 {
586 *pmagic = MS_RSA1MAGIC;
587 return bitlen;
588 }
589 else
590 {
591 *pmagic = MS_RSA2MAGIC;
592 /* For private key each component must fit within nbyte or
593 * hnbyte.
594 */
595 if (BN_num_bytes(rsa->d) > nbyte)
596 goto badkey;
597 if ((BN_num_bytes(rsa->iqmp) > hnbyte)
598 || (BN_num_bytes(rsa->p) > hnbyte)
599 || (BN_num_bytes(rsa->q) > hnbyte)
600 || (BN_num_bytes(rsa->dmp1) > hnbyte)
601 || (BN_num_bytes(rsa->dmq1) > hnbyte))
602 goto badkey;
603 }
604 return bitlen;
605 badkey:
606 PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
607 return 0;
608 }
609
610
611static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
612 {
613 int nbyte, hnbyte;
614 nbyte = BN_num_bytes(rsa->n);
615 hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
616 write_lebn(out, rsa->e, 4);
617 write_lebn(out, rsa->n, -1);
618 if (ispub)
619 return;
620 write_lebn(out, rsa->p, hnbyte);
621 write_lebn(out, rsa->q, hnbyte);
622 write_lebn(out, rsa->dmp1, hnbyte);
623 write_lebn(out, rsa->dmq1, hnbyte);
624 write_lebn(out, rsa->iqmp, hnbyte);
625 write_lebn(out, rsa->d, nbyte);
626 }
627
628
629static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
630 {
631 int nbyte;
632 nbyte = BN_num_bytes(dsa->p);
633 write_lebn(out, dsa->p, nbyte);
634 write_lebn(out, dsa->q, 20);
635 write_lebn(out, dsa->g, nbyte);
636 if (ispub)
637 write_lebn(out, dsa->pub_key, nbyte);
638 else
639 write_lebn(out, dsa->priv_key, 20);
640 /* Set "invalid" for seed structure values */
641 memset(*out, 0xff, 24);
642 *out += 24;
643 return;
644 }
645
646
647int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
648 {
649 return do_i2b_bio(out, pk, 0);
650 }
651
652int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
653 {
654 return do_i2b_bio(out, pk, 1);
655 }
656
657#ifndef OPENSSL_NO_RC4
658
659static int do_PVK_header(const unsigned char **in, unsigned int length,
660 int skip_magic,
661 unsigned int *psaltlen, unsigned int *pkeylen)
662
663 {
664 const unsigned char *p = *in;
665 unsigned int pvk_magic, keytype, is_encrypted;
666 if (skip_magic)
667 {
668 if (length < 20)
669 {
670 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
671 return 0;
672 }
673 length -= 20;
674 }
675 else
676 {
677 if (length < 24)
678 {
679 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
680 return 0;
681 }
682 length -= 24;
683 pvk_magic = read_ledword(&p);
684 if (pvk_magic != MS_PVKMAGIC)
685 {
686 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
687 return 0;
688 }
689 }
690 /* Skip reserved */
691 p += 4;
692 keytype = read_ledword(&p);
693 is_encrypted = read_ledword(&p);
694 *psaltlen = read_ledword(&p);
695 *pkeylen = read_ledword(&p);
696
697 if (is_encrypted && !*psaltlen)
698 {
699 PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
700 return 0;
701 }
702
703 *in = p;
704 return 1;
705 }
706
707static int derive_pvk_key(unsigned char *key,
708 const unsigned char *salt, unsigned int saltlen,
709 const unsigned char *pass, int passlen)
710 {
711 EVP_MD_CTX mctx;
712 EVP_MD_CTX_init(&mctx);
713 EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
714 EVP_DigestUpdate(&mctx, salt, saltlen);
715 EVP_DigestUpdate(&mctx, pass, passlen);
716 EVP_DigestFinal_ex(&mctx, key, NULL);
717 EVP_MD_CTX_cleanup(&mctx);
718 return 1;
719 }
720
721
722static EVP_PKEY *do_PVK_body(const unsigned char **in,
723 unsigned int saltlen, unsigned int keylen,
724 pem_password_cb *cb, void *u)
725 {
726 EVP_PKEY *ret = NULL;
727 const unsigned char *p = *in;
728 unsigned int magic;
729 unsigned char *enctmp = NULL, *q;
730 if (saltlen)
731 {
732 char psbuf[PEM_BUFSIZE];
733 unsigned char keybuf[20];
734 EVP_CIPHER_CTX cctx;
735 int enctmplen, inlen;
736 if (cb)
737 inlen=cb(psbuf,PEM_BUFSIZE,0,u);
738 else
739 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
740 if (inlen <= 0)
741 {
742 PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
743 return NULL;
744 }
745 enctmp = OPENSSL_malloc(keylen + 8);
746 if (!enctmp)
747 {
748 PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
749 return NULL;
750 }
751 if (!derive_pvk_key(keybuf, p, saltlen,
752 (unsigned char *)psbuf, inlen))
753 return NULL;
754 p += saltlen;
755 /* Copy BLOBHEADER across, decrypt rest */
756 memcpy(enctmp, p, 8);
757 p += 8;
758 inlen = keylen - 8;
759 q = enctmp + 8;
760 EVP_CIPHER_CTX_init(&cctx);
761 EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
762 EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
763 EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen);
764 magic = read_ledword((const unsigned char **)&q);
765 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
766 {
767 q = enctmp + 8;
768 memset(keybuf + 5, 0, 11);
769 EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
770 NULL);
771 OPENSSL_cleanse(keybuf, 20);
772 EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
773 EVP_DecryptFinal_ex(&cctx, q + enctmplen,
774 &enctmplen);
775 magic = read_ledword((const unsigned char **)&q);
776 if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
777 {
778 EVP_CIPHER_CTX_cleanup(&cctx);
779 PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
780 goto err;
781 }
782 }
783 else
784 OPENSSL_cleanse(keybuf, 20);
785 EVP_CIPHER_CTX_cleanup(&cctx);
786 p = enctmp;
787 }
788
789 ret = b2i_PrivateKey(&p, keylen);
790 err:
791 if (enctmp && saltlen)
792 OPENSSL_free(enctmp);
793 return ret;
794 }
795
796
797EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
798 {
799 unsigned char pvk_hdr[24], *buf = NULL;
800 const unsigned char *p;
801 int buflen;
802 EVP_PKEY *ret = NULL;
803 unsigned int saltlen, keylen;
804 if (BIO_read(in, pvk_hdr, 24) != 24)
805 {
806 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
807 return NULL;
808 }
809 p = pvk_hdr;
810
811 if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
812 return 0;
813 buflen = (int) keylen + saltlen;
814 buf = OPENSSL_malloc(buflen);
815 if (!buf)
816 {
817 PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
818 return 0;
819 }
820 p = buf;
821 if (BIO_read(in, buf, buflen) != buflen)
822 {
823 PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
824 goto err;
825 }
826 ret = do_PVK_body(&p, saltlen, keylen, cb, u);
827
828 err:
829 if (buf)
830 {
831 OPENSSL_cleanse(buf, buflen);
832 OPENSSL_free(buf);
833 }
834 return ret;
835 }
836
837
838
839static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
840 pem_password_cb *cb, void *u)
841 {
842 int outlen = 24, noinc, pklen;
843 unsigned char *p, *salt = NULL;
844 if (enclevel)
845 outlen += PVK_SALTLEN;
846 pklen = do_i2b(NULL, pk, 0);
847 if (pklen < 0)
848 return -1;
849 outlen += pklen;
850 if (!out)
851 return outlen;
852 if (*out)
853 {
854 p = *out;
855 noinc = 0;
856 }
857 else
858 {
859 p = OPENSSL_malloc(outlen);
860 if (!p)
861 {
862 PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
863 return -1;
864 }
865 *out = p;
866 noinc = 1;
867 }
868
869 write_ledword(&p, MS_PVKMAGIC);
870 write_ledword(&p, 0);
871 if (pk->type == EVP_PKEY_DSA)
872 write_ledword(&p, MS_KEYTYPE_SIGN);
873 else
874 write_ledword(&p, MS_KEYTYPE_KEYX);
875 write_ledword(&p, enclevel ? 1 : 0);
876 write_ledword(&p, enclevel ? PVK_SALTLEN: 0);
877 write_ledword(&p, pklen);
878 if (enclevel)
879 {
880 if (RAND_bytes(p, PVK_SALTLEN) <= 0)
881 goto error;
882 salt = p;
883 p += PVK_SALTLEN;
884 }
885 do_i2b(&p, pk, 0);
886 if (enclevel == 0)
887 return outlen;
888 else
889 {
890 char psbuf[PEM_BUFSIZE];
891 unsigned char keybuf[20];
892 EVP_CIPHER_CTX cctx;
893 int enctmplen, inlen;
894 if (cb)
895 inlen=cb(psbuf,PEM_BUFSIZE,1,u);
896 else
897 inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u);
898 if (inlen <= 0)
899 {
900 PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
901 goto error;
902 }
903 if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
904 (unsigned char *)psbuf, inlen))
905 goto error;
906 if (enclevel == 1)
907 memset(keybuf + 5, 0, 11);
908 p = salt + PVK_SALTLEN + 8;
909 EVP_CIPHER_CTX_init(&cctx);
910 EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
911 OPENSSL_cleanse(keybuf, 20);
912 EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8);
913 EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen);
914 EVP_CIPHER_CTX_cleanup(&cctx);
915 }
916 return outlen;
917
918 error:
919 return -1;
920 }
921
922int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
923 pem_password_cb *cb, void *u)
924 {
925 unsigned char *tmp = NULL;
926 int outlen, wrlen;
927 outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
928 if (outlen < 0)
929 return -1;
930 wrlen = BIO_write(out, tmp, outlen);
931 OPENSSL_free(tmp);
932 if (wrlen == outlen)
933 {
934 PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
935 return outlen;
936 }
937 return -1;
938 }
939
940#endif
941
942#endif