1 files changed, 365 insertions, 0 deletions
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
new file mode 100644
index 0000000000..9e4af29c95
--- /dev/null
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -0,0 +1,365 @@
+/* crypto/pem/pem_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_FP_API
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
+        {
+        BIO *b;
+        STACK_OF(X509_INFO) *ret;
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+                {
+                PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
+                return(0);
+                }
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
+        {
+        X509_INFO *xi=NULL;
+        char *name=NULL,*header=NULL,**pp;
+        unsigned char *data=NULL,*p;
+        long len,error=0;
+        int ok=0;
+        STACK_OF(X509_INFO) *ret=NULL;
+        unsigned int i,raw;
+        char *(*d2i)();
+        if (sk == NULL)
+                {
+                if ((ret=sk_X509_INFO_new_null()) == NULL)
+                        {
+                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                ret=sk;
+        if ((xi=X509_INFO_new()) == NULL) goto err;
+        for (;;)
+                {
+                raw=0;
+                i=PEM_read_bio(bp,&name,&header,&data,&len);
+                if (i == 0)
+                        {
+                        error=ERR_GET_REASON(ERR_peek_last_error());
+                        if (error == PEM_R_NO_START_LINE)
+                                {
+                                ERR_clear_error();
+                                break;
+                                }
+                        goto err;
+                        }
+start:
+                if (    (strcmp(name,PEM_STRING_X509) == 0) ||
+                        (strcmp(name,PEM_STRING_X509_OLD) == 0))
+                        {
+                        d2i=(char *(*)())d2i_X509;
+                        if (xi->x509 != NULL)
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->x509);
+                        }
+                else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
+                        {
+                        d2i=(char *(*)())d2i_X509_AUX;
+                        if (xi->x509 != NULL)
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->x509);
+                        }
+                else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
+                        {
+                        d2i=(char *(*)())d2i_X509_CRL;
+                        if (xi->crl != NULL)
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        pp=(char **)&(xi->crl);
+                        }
+                else
+#ifndef OPENSSL_NO_RSA
+                        if (strcmp(name,PEM_STRING_RSA) == 0)
+                        {
+                        d2i=(char *(*)())d2i_RSAPrivateKey;
+                        if (xi->x_pkey != NULL) 
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        xi->enc_data=NULL;
+                        xi->enc_len=0;
+                        xi->x_pkey=X509_PKEY_new();
+                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                                goto err;
+                        xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
+                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa);
+                        if ((int)strlen(header) > 10) /* assume encrypted */
+                                raw=1;
+                        }
+                else
+#endif
+#ifndef OPENSSL_NO_DSA
+                        if (strcmp(name,PEM_STRING_DSA) == 0)
+                        {
+                        d2i=(char *(*)())d2i_DSAPrivateKey;
+                        if (xi->x_pkey != NULL) 
+                                {
+                                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                                if ((xi=X509_INFO_new()) == NULL) goto err;
+                                goto start;
+                                }
+                        xi->enc_data=NULL;
+                        xi->enc_len=0;
+                        xi->x_pkey=X509_PKEY_new();
+                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+                                goto err;
+                        xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
+                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa);
+                        if ((int)strlen(header) > 10) /* assume encrypted */
+                                raw=1;
+                        }
+                else
+#endif
+                        {
+                        d2i=NULL;
+                        pp=NULL;
+                        }
+                if (d2i != NULL)
+                        {
+                        if (!raw)
+                                {
+                                EVP_CIPHER_INFO cipher;
+                                if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
+                                        goto err;
+                                if (!PEM_do_header(&cipher,data,&len,cb,u))
+                                        goto err;
+                                p=data;
+                                if (d2i(pp,&p,len) == NULL)
+                                        {
+                                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
+                                        goto err;
+                                        }
+                                }
+                        else
+                                { /* encrypted RSA data */
+                                if (!PEM_get_EVP_CIPHER_INFO(header,
+                                        &xi->enc_cipher)) goto err;
+                                xi->enc_data=(char *)data;
+                                xi->enc_len=(int)len;
+                                data=NULL;
+                                }
+                        }
+                else    {
+                        /* unknown */
+                        }
+                if (name != NULL) OPENSSL_free(name);
+                if (header != NULL) OPENSSL_free(header);
+                if (data != NULL) OPENSSL_free(data);
+                name=NULL;
+                header=NULL;
+                data=NULL;
+                }
+        /* if the last one hasn't been pushed yet and there is anything
+         * in it then add it to the stack ... 
+         */
+        if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+                (xi->x_pkey != NULL) || (xi->enc_data != NULL))
+                {
+                if (!sk_X509_INFO_push(ret,xi)) goto err;
+                xi=NULL;
+                }
+        ok=1;
+err:
+        if (xi != NULL) X509_INFO_free(xi);
+        if (!ok)
+                {
+                for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
+                        {
+                        xi=sk_X509_INFO_value(ret,i);
+                        X509_INFO_free(xi);
+                        }
+                if (ret != sk) sk_X509_INFO_free(ret);
+                ret=NULL;
+                }
+                
+        if (name != NULL) OPENSSL_free(name);
+        if (header != NULL) OPENSSL_free(header);
+        if (data != NULL) OPENSSL_free(data);
+        return(ret);
+        }
+/* A TJH addition */
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
+        {
+        EVP_CIPHER_CTX ctx;
+        int i,ret=0;
+        unsigned char *data=NULL;
+        const char *objstr=NULL;
+        char buf[PEM_BUFSIZE];
+        unsigned char *iv=NULL;
+        
+        if (enc != NULL)
+                {
+                objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
+                if (objstr == NULL)
+                        {
+                        PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+                        goto err;
+                        }
+                }
+        /* now for the fun part ... if we have a private key then 
+         * we have to be able to handle a not-yet-decrypted key
+         * being written out correctly ... if it is decrypted or
+         * it is non-encrypted then we use the base code
+         */
+        if (xi->x_pkey!=NULL)
+                {
+                if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
+                        {
+                        /* copy from weirdo names into more normal things */
+                        iv=xi->enc_cipher.iv;
+                        data=(unsigned char *)xi->enc_data;
+                        i=xi->enc_len;
+                        /* we take the encryption data from the
+                         * internal stuff rather than what the
+                         * user has passed us ... as we have to 
+                         * match exactly for some strange reason
+                         */
+                        objstr=OBJ_nid2sn(
+                                EVP_CIPHER_nid(xi->enc_cipher.cipher));
+                        if (objstr == NULL)
+                                {
+                                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
+                                goto err;
+                                }
+                        /* create the right magic header stuff */
+                        OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
+                        buf[0]='\0';
+                        PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+                        PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
+                        /* use the normal code to write things out */
+                        i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
+                        if (i <= 0) goto err;
+                        }
+                else
+                        {
+                        /* Add DSA/DH */
+#ifndef OPENSSL_NO_RSA
+                        /* normal optionally encrypted stuff */
+                        if (PEM_write_bio_RSAPrivateKey(bp,
+                                xi->x_pkey->dec_pkey->pkey.rsa,
+                                enc,kstr,klen,cb,u)<=0)
+                                goto err;
+#endif
+                        }
+                }
+        /* if we have a certificate then write it out now */
+        if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
+                goto err;
+        /* we are ignoring anything else that is loaded into the X509_INFO
+         * structure for the moment ... as I don't need it so I'm not
+         * coding it here and Eric can do it when this makes it into the
+         * base library --tjh
+         */
+        ret=1;
+err:
+        OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+        OPENSSL_cleanse(buf,PEM_BUFSIZE);
+        return(ret);
+        }

diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c new file mode 100644 index 0000000000..9e4af29c95 --- /dev/null +++ b/src/lib/libcrypto/pem/pem_info.c
@@ -0,0 +1,365 @@
	1	/* crypto/pem/pem_info.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "cryptlib.h"
	61	#include <openssl/buffer.h>
	62	#include <openssl/objects.h>
	63	#include <openssl/evp.h>
	64	#include <openssl/x509.h>
	65	#include <openssl/pem.h>
	66
	67	#ifndef OPENSSL_NO_FP_API
	68	STACK_OF(X509_INFO) PEM_X509_INFO_read(FILE fp, STACK_OF(X509_INFO) sk, pem_password_cb cb, void *u)
	69	{
	70	BIO *b;
	71	STACK_OF(X509_INFO) *ret;
	72
	73	if ((b=BIO_new(BIO_s_file())) == NULL)
	74	{
	75	PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
	76	return(0);
	77	}
	78	BIO_set_fp(b,fp,BIO_NOCLOSE);
	79	ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
	80	BIO_free(b);
	81	return(ret);
	82	}
	83	#endif
	84
	85	STACK_OF(X509_INFO) PEM_X509_INFO_read_bio(BIO bp, STACK_OF(X509_INFO) sk, pem_password_cb cb, void *u)
	86	{
	87	X509_INFO *xi=NULL;
	88	char name=NULL,header=NULL,**pp;
	89	unsigned char data=NULL,p;
	90	long len,error=0;
	91	int ok=0;
	92	STACK_OF(X509_INFO) *ret=NULL;
	93	unsigned int i,raw;
	94	char (d2i)();
	95
	96	if (sk == NULL)
	97	{
	98	if ((ret=sk_X509_INFO_new_null()) == NULL)
	99	{
	100	PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
	101	goto err;
	102	}
	103	}
	104	else
	105	ret=sk;
	106
	107	if ((xi=X509_INFO_new()) == NULL) goto err;
	108	for (;;)
	109	{
	110	raw=0;
	111	i=PEM_read_bio(bp,&name,&header,&data,&len);
	112	if (i == 0)
	113	{
	114	error=ERR_GET_REASON(ERR_peek_last_error());
	115	if (error == PEM_R_NO_START_LINE)
	116	{
	117	ERR_clear_error();
	118	break;
	119	}
	120	goto err;
	121	}
	122	start:
	123	if ( (strcmp(name,PEM_STRING_X509) == 0) \|\|
	124	(strcmp(name,PEM_STRING_X509_OLD) == 0))
	125	{
	126	d2i=(char ()())d2i_X509;
	127	if (xi->x509 != NULL)
	128	{
	129	if (!sk_X509_INFO_push(ret,xi)) goto err;
	130	if ((xi=X509_INFO_new()) == NULL) goto err;
	131	goto start;
	132	}
	133	pp=(char **)&(xi->x509);
	134	}
	135	else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
	136	{
	137	d2i=(char ()())d2i_X509_AUX;
	138	if (xi->x509 != NULL)
	139	{
	140	if (!sk_X509_INFO_push(ret,xi)) goto err;
	141	if ((xi=X509_INFO_new()) == NULL) goto err;
	142	goto start;
	143	}
	144	pp=(char **)&(xi->x509);
	145	}
	146	else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
	147	{
	148	d2i=(char ()())d2i_X509_CRL;
	149	if (xi->crl != NULL)
	150	{
	151	if (!sk_X509_INFO_push(ret,xi)) goto err;
	152	if ((xi=X509_INFO_new()) == NULL) goto err;
	153	goto start;
	154	}
	155	pp=(char **)&(xi->crl);
	156	}
	157	else
	158	#ifndef OPENSSL_NO_RSA
	159	if (strcmp(name,PEM_STRING_RSA) == 0)
	160	{
	161	d2i=(char ()())d2i_RSAPrivateKey;
	162	if (xi->x_pkey != NULL)
	163	{
	164	if (!sk_X509_INFO_push(ret,xi)) goto err;
	165	if ((xi=X509_INFO_new()) == NULL) goto err;
	166	goto start;
	167	}
	168
	169	xi->enc_data=NULL;
	170	xi->enc_len=0;
	171
	172	xi->x_pkey=X509_PKEY_new();
	173	if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
	174	goto err;
	175	xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
	176	pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa);
	177	if ((int)strlen(header) > 10) /* assume encrypted */
	178	raw=1;
	179	}
	180	else
	181	#endif
	182	#ifndef OPENSSL_NO_DSA
	183	if (strcmp(name,PEM_STRING_DSA) == 0)
	184	{
	185	d2i=(char ()())d2i_DSAPrivateKey;
	186	if (xi->x_pkey != NULL)
	187	{
	188	if (!sk_X509_INFO_push(ret,xi)) goto err;
	189	if ((xi=X509_INFO_new()) == NULL) goto err;
	190	goto start;
	191	}
	192
	193	xi->enc_data=NULL;
	194	xi->enc_len=0;
	195
	196	xi->x_pkey=X509_PKEY_new();
	197	if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
	198	goto err;
	199	xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
	200	pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa);
	201	if ((int)strlen(header) > 10) /* assume encrypted */
	202	raw=1;
	203	}
	204	else
	205	#endif
	206	{
	207	d2i=NULL;
	208	pp=NULL;
	209	}
	210
	211	if (d2i != NULL)
	212	{
	213	if (!raw)
	214	{
	215	EVP_CIPHER_INFO cipher;
	216
	217	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
	218	goto err;
	219	if (!PEM_do_header(&cipher,data,&len,cb,u))
	220	goto err;
	221	p=data;
	222	if (d2i(pp,&p,len) == NULL)
	223	{
	224	PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
	225	goto err;
	226	}
	227	}
	228	else
	229	{ /* encrypted RSA data */
	230	if (!PEM_get_EVP_CIPHER_INFO(header,
	231	&xi->enc_cipher)) goto err;
	232	xi->enc_data=(char *)data;
	233	xi->enc_len=(int)len;
	234	data=NULL;
	235	}
	236	}
	237	else {
	238	/* unknown */
	239	}
	240	if (name != NULL) OPENSSL_free(name);
	241	if (header != NULL) OPENSSL_free(header);
	242	if (data != NULL) OPENSSL_free(data);
	243	name=NULL;
	244	header=NULL;
	245	data=NULL;
	246	}
	247
	248	/* if the last one hasn't been pushed yet and there is anything
	249	* in it then add it to the stack ...
	250	*/
	251	if ((xi->x509 != NULL) \|\| (xi->crl != NULL) \|\|
	252	(xi->x_pkey != NULL) \|\| (xi->enc_data != NULL))
	253	{
	254	if (!sk_X509_INFO_push(ret,xi)) goto err;
	255	xi=NULL;
	256	}
	257	ok=1;
	258	err:
	259	if (xi != NULL) X509_INFO_free(xi);
	260	if (!ok)
	261	{
	262	for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
	263	{
	264	xi=sk_X509_INFO_value(ret,i);
	265	X509_INFO_free(xi);
	266	}
	267	if (ret != sk) sk_X509_INFO_free(ret);
	268	ret=NULL;
	269	}
	270
	271	if (name != NULL) OPENSSL_free(name);
	272	if (header != NULL) OPENSSL_free(header);
	273	if (data != NULL) OPENSSL_free(data);
	274	return(ret);
	275	}
	276
	277
	278	/* A TJH addition */
	279	int PEM_X509_INFO_write_bio(BIO bp, X509_INFO xi, EVP_CIPHER *enc,
	280	unsigned char kstr, int klen, pem_password_cb cb, void *u)
	281	{
	282	EVP_CIPHER_CTX ctx;
	283	int i,ret=0;
	284	unsigned char *data=NULL;
	285	const char *objstr=NULL;
	286	char buf[PEM_BUFSIZE];
	287	unsigned char *iv=NULL;
	288
	289	if (enc != NULL)
	290	{
	291	objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
	292	if (objstr == NULL)
	293	{
	294	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
	295	goto err;
	296	}
	297	}
	298
	299	/* now for the fun part ... if we have a private key then
	300	* we have to be able to handle a not-yet-decrypted key
	301	* being written out correctly ... if it is decrypted or
	302	* it is non-encrypted then we use the base code
	303	*/
	304	if (xi->x_pkey!=NULL)
	305	{
	306	if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
	307	{
	308	/* copy from weirdo names into more normal things */
	309	iv=xi->enc_cipher.iv;
	310	data=(unsigned char *)xi->enc_data;
	311	i=xi->enc_len;
	312
	313	/* we take the encryption data from the
	314	* internal stuff rather than what the
	315	* user has passed us ... as we have to
	316	* match exactly for some strange reason
	317	*/
	318	objstr=OBJ_nid2sn(
	319	EVP_CIPHER_nid(xi->enc_cipher.cipher));
	320	if (objstr == NULL)
	321	{
	322	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
	323	goto err;
	324	}
	325
	326	/* create the right magic header stuff */
	327	OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
	328	buf[0]='\0';
	329	PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
	330	PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
	331
	332	/* use the normal code to write things out */
	333	i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
	334	if (i <= 0) goto err;
	335	}
	336	else
	337	{
	338	/* Add DSA/DH */
	339	#ifndef OPENSSL_NO_RSA
	340	/* normal optionally encrypted stuff */
	341	if (PEM_write_bio_RSAPrivateKey(bp,
	342	xi->x_pkey->dec_pkey->pkey.rsa,
	343	enc,kstr,klen,cb,u)<=0)
	344	goto err;
	345	#endif
	346	}
	347	}
	348
	349	/* if we have a certificate then write it out now */
	350	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
	351	goto err;
	352
	353	/* we are ignoring anything else that is loaded into the X509_INFO
	354	* structure for the moment ... as I don't need it so I'm not
	355	* coding it here and Eric can do it when this makes it into the
	356	* base library --tjh
	357	*/
	358
	359	ret=1;
	360
	361	err:
	362	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
	363	OPENSSL_cleanse(buf,PEM_BUFSIZE);
	364	return(ret);
	365	}