1 files changed, 37 insertions, 241 deletions
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index a17c3ed57f..18b751a91a 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -65,7 +65,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
@@ -73,21 +73,12 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 #define MIN_LENGTH      4
-static int def_callback(char *buf, int num, int w, void *userdata);
 static int load_iv(unsigned char **fromp,unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
-                                int nid, const EVP_CIPHER *enc,
+int PEM_def_callback(char *buf, int num, int w, void *key)
-                                char *kstr, int klen,
-                                pem_password_cb *cb, void *u);
-static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
-                                int nid, const EVP_CIPHER *enc,
-                                char *kstr, int klen,
-                                pem_password_cb *cb, void *u);
-static int def_callback(char *buf, int num, int w, void *key)
        {
-#ifdef NO_FP_API
+#ifdef OPENSSL_NO_FP_API
        /* We should not ever call the default callback routine from
         * windows. */
        PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -164,7 +155,7 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
        buf[j+i*2+1]='\0';
        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
             pem_password_cb *cb, void *u)
        {
@@ -224,14 +215,14 @@ static int check_pem(const char *nm, const char *name)
        return 0;
 }
-char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
             pem_password_cb *cb, void *u)
        {
        EVP_CIPHER_INFO cipher;
        char *nm=NULL,*header=NULL;
-        unsigned char *p=NULL,*data=NULL;
+        unsigned char *data=NULL;
        long len;
-        char *ret=NULL;
+        int ret = 0;
        for (;;)
                {
@@ -239,7 +230,7 @@ char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
                        if(ERR_GET_REASON(ERR_peek_error()) ==
                                PEM_R_NO_START_LINE)
                                ERR_add_error_data(2, "Expecting: ", name);
-                        return(NULL);
+                        return 0;
                }
                if(check_pem(nm, name)) break;
                OPENSSL_free(nm);
@@ -248,54 +239,23 @@ char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
                }
        if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
        if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
-        p=data;
-        if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) {
+        *pdata = data;
-                if (strcmp(nm,PEM_STRING_RSA) == 0)
+        *plen = len;
-                        ret=d2i(EVP_PKEY_RSA,x,&p,len);
-                else if (strcmp(nm,PEM_STRING_DSA) == 0)
+        if (pnm)
-                        ret=d2i(EVP_PKEY_DSA,x,&p,len);
+                *pnm = nm;
-                else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
-                        PKCS8_PRIV_KEY_INFO *p8inf;
+        ret = 1;
-                        p8inf=d2i_PKCS8_PRIV_KEY_INFO(
-                                        (PKCS8_PRIV_KEY_INFO **) x, &p, len);
-                        ret = (char *)EVP_PKCS82PKEY(p8inf);
-                        PKCS8_PRIV_KEY_INFO_free(p8inf);
-                } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
-                        PKCS8_PRIV_KEY_INFO *p8inf;
-                        X509_SIG *p8;
-                        int klen;
-                        char psbuf[PEM_BUFSIZE];
-                        p8 = d2i_X509_SIG(NULL, &p, len);
-                        if(!p8) goto p8err;
-                        if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-                        else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
-                        if (klen <= 0) {
-                                PEMerr(PEM_F_PEM_ASN1_READ_BIO,
-                                                PEM_R_BAD_PASSWORD_READ);
-                                goto err;
-                        }
-                        p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
-                        X509_SIG_free(p8);
-                        if(!p8inf) goto p8err;
-                        ret = (char *)EVP_PKCS82PKEY(p8inf);
-                        if(x) {
-                                if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-                                *x = ret;
-                        }
-                        PKCS8_PRIV_KEY_INFO_free(p8inf);
-                }
-        } else  ret=d2i(x,&p,len);
-p8err:
-        if (ret == NULL)
-                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
 err:
-        OPENSSL_free(nm);
+        if (!pnm) OPENSSL_free(nm);
        OPENSSL_free(header);
-        OPENSSL_free(data);
+        if (!ret) OPENSSL_free(data);
-        return(ret);
+        return ret;
        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
             pem_password_cb *callback, void *u)
@@ -358,7 +318,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                if (kstr == NULL)
                        {
                        if (callback == NULL)
-                                klen=def_callback(buf,PEM_BUFSIZE,1,u);
+                                klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
                        else
                                klen=(*callback)(buf,PEM_BUFSIZE,1,u);
                        if (klen <= 0)
@@ -373,7 +333,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                        kstr=(unsigned char *)buf;
                        }
                RAND_add(data,i,0);/* put in the RSA key. */
-                if (RAND_pseudo_bytes(iv,8) < 0)        /* Generate a salt */
+                if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
                 * NOT taken from the BytesToKey function */
@@ -383,12 +343,14 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
                buf[0]='\0';
                PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-                PEM_dek_info(buf,objstr,8,(char *)iv);
+                PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
                /* k=strlen(buf); */
-        
-                EVP_EncryptInit(&ctx,enc,key,iv);
+                EVP_CIPHER_CTX_init(&ctx);
+                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
                EVP_EncryptUpdate(&ctx,data,&j,data,i);
-                EVP_EncryptFinal(&ctx,&(data[j]),&i);
+                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+                EVP_CIPHER_CTX_cleanup(&ctx);
                i+=j;
                ret=1;
                }
@@ -422,7 +384,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
        if (cipher->cipher == NULL) return(1);
        if (callback == NULL)
-                klen=def_callback(buf,PEM_BUFSIZE,0,u);
+                klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
        else
                klen=callback(buf,PEM_BUFSIZE,0,u);
        if (klen <= 0)
@@ -439,9 +401,10 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
                (unsigned char *)buf,klen,1,key,NULL);
        j=(int)len;
-        EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
        EVP_DecryptUpdate(&ctx,data,&i,data,j);
-        o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
        memset((char *)buf,0,sizeof(buf));
        memset((char *)key,0,sizeof(key));
@@ -506,7 +469,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
                PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
                return(0);
                }
-        if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0);
+        if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);
        return(1);
        }
@@ -540,7 +503,7 @@ static int load_iv(unsigned char **fromp, unsigned char *to, int num)
        return(1);
        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
             long len)
        {
@@ -614,7 +577,7 @@ err:
        return(0);
        }
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
             long *len)
        {
@@ -794,170 +757,3 @@ err:
        BUF_MEM_free(dataB);
        return(0);
        }
-/* These functions write a private key in PKCS#8 format: it is a "drop in"
- * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
- * is NULL then it uses the unencrypted private key form. The 'nid' versions
- * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
- */
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        X509_SIG *p8;
-        PKCS8_PRIV_KEY_INFO *p8inf;
-        char buf[PEM_BUFSIZE];
-        int ret;
-        if(!(p8inf = EVP_PKEY2PKCS8(x))) {
-                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
-                                        PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
-                return 0;
-        }
-        if(enc || (nid != -1)) {
-                if(!kstr) {
-                        if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u);
-                        else klen = cb(buf, PEM_BUFSIZE, 1, u);
-                        if(klen <= 0) {
-                                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
-                                                                PEM_R_READ_KEY);
-                                PKCS8_PRIV_KEY_INFO_free(p8inf);
-                                return 0;
-                        }
-                                
-                        kstr = buf;
-                }
-                p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
-                if(kstr == buf) memset(buf, 0, klen);
-                PKCS8_PRIV_KEY_INFO_free(p8inf);
-                if(isder) ret = i2d_PKCS8_bio(bp, p8);
-                else ret = PEM_write_bio_PKCS8(bp, p8);
-                X509_SIG_free(p8);
-                return ret;
-        } else {
-                if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
-                else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
-                PKCS8_PRIV_KEY_INFO_free(p8inf);
-                return ret;
-        }
-}
-/* Finally the DER version to read PKCS#8 encrypted private keys. It has to be
- * here to access the default callback.
- */
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
-        PKCS8_PRIV_KEY_INFO *p8inf = NULL;
-        X509_SIG *p8 = NULL;
-        int klen;
-        EVP_PKEY *ret;
-        char psbuf[PEM_BUFSIZE];
-        p8 = d2i_PKCS8_bio(bp, NULL);
-        if(!p8) return NULL;
-        if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-        else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
-        if (klen <= 0) {
-                PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
-                X509_SIG_free(p8);
-                return NULL;    
-        }
-        p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
-        X509_SIG_free(p8);
-        if(!p8inf) return NULL;
-        ret = EVP_PKCS82PKEY(p8inf);
-        PKCS8_PRIV_KEY_INFO_free(p8inf);
-        if(!ret) return NULL;
-        if(x) {
-                if(*x) EVP_PKEY_free(*x);
-                *x = ret;
-        }
-        return ret;
-}
-#ifndef NO_FP_API
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                              char *kstr, int klen, pem_password_cb *cb, void *u)
-{
-        return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-                                  char *kstr, int klen,
-                                  pem_password_cb *cb, void *u)
-{
-        BIO *bp;
-        int ret;
-        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB);
-                return(0);
-        }
-        ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
-        BIO_free(bp);
-        return ret;
-}
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
-        BIO *bp;
-        EVP_PKEY *ret;
-        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
-                return NULL;
-        }
-        ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
-        BIO_free(bp);
-        return ret;
-}
-#endif

diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index a17c3ed57f..18b751a91a 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -65,7 +65,7 @@
65	#include <openssl/x509.h>	65	#include <openssl/x509.h>
66	#include <openssl/pem.h>	66	#include <openssl/pem.h>
67	#include <openssl/pkcs12.h>	67	#include <openssl/pkcs12.h>
68	#ifndef NO_DES	68	#ifndef OPENSSL_NO_DES
69	#include <openssl/des.h>	69	#include <openssl/des.h>
70	#endif	70	#endif
71		71
@@ -73,21 +73,12 @@ const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
73		73
74	#define MIN_LENGTH 4	74	#define MIN_LENGTH 4
75		75
76	static int def_callback(char buf, int num, int w, void userdata);
77	static int load_iv(unsigned char *fromp,unsigned char to, int num);	76	static int load_iv(unsigned char *fromp,unsigned char to, int num);
78	static int check_pem(const char nm, const char name);	77	static int check_pem(const char nm, const char name);
79	static int do_pk8pkey(BIO bp, EVP_PKEY x, int isder,	78
80	int nid, const EVP_CIPHER *enc,	79	int PEM_def_callback(char buf, int num, int w, void key)
81	char *kstr, int klen,
82	pem_password_cb cb, void u);
83	static int do_pk8pkey_fp(FILE bp, EVP_PKEY x, int isder,
84	int nid, const EVP_CIPHER *enc,
85	char *kstr, int klen,
86	pem_password_cb cb, void u);
87
88	static int def_callback(char buf, int num, int w, void key)
89	{	80	{
90	#ifdef NO_FP_API	81	#ifdef OPENSSL_NO_FP_API
91	/* We should not ever call the default callback routine from	82	/* We should not ever call the default callback routine from
92	* windows. */	83	* windows. */
93	PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);	84	PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -164,7 +155,7 @@ void PEM_dek_info(char buf, const char type, int len, char *str)
164	buf[j+i*2+1]='\0';	155	buf[j+i*2+1]='\0';
165	}	156	}
166		157
167	#ifndef NO_FP_API	158	#ifndef OPENSSL_NO_FP_API
168	char PEM_ASN1_read(char (d2i)(), const char name, FILE fp, char *x,	159	char PEM_ASN1_read(char (d2i)(), const char name, FILE fp, char *x,
169	pem_password_cb cb, void u)	160	pem_password_cb cb, void u)
170	{	161	{
@@ -224,14 +215,14 @@ static int check_pem(const char nm, const char name)
224	return 0;	215	return 0;
225	}	216	}
226		217
227	char PEM_ASN1_read_bio(char (d2i)(), const char name, BIO bp, char *x,	218	int PEM_bytes_read_bio(unsigned char *pdata, long plen, char *pnm, const char name, BIO *bp,
228	pem_password_cb cb, void u)	219	pem_password_cb cb, void u)
229	{	220	{
230	EVP_CIPHER_INFO cipher;	221	EVP_CIPHER_INFO cipher;
231	char nm=NULL,header=NULL;	222	char nm=NULL,header=NULL;
232	unsigned char p=NULL,data=NULL;	223	unsigned char *data=NULL;
233	long len;	224	long len;
234	char *ret=NULL;	225	int ret = 0;
235		226
236	for (;;)	227	for (;;)
237	{	228	{
@@ -239,7 +230,7 @@ char PEM_ASN1_read_bio(char (d2i)(), const char name, BIO bp, char *x,
239	if(ERR_GET_REASON(ERR_peek_error()) ==	230	if(ERR_GET_REASON(ERR_peek_error()) ==
240	PEM_R_NO_START_LINE)	231	PEM_R_NO_START_LINE)
241	ERR_add_error_data(2, "Expecting: ", name);	232	ERR_add_error_data(2, "Expecting: ", name);
242	return(NULL);	233	return 0;
243	}	234	}
244	if(check_pem(nm, name)) break;	235	if(check_pem(nm, name)) break;
245	OPENSSL_free(nm);	236	OPENSSL_free(nm);
@@ -248,54 +239,23 @@ char PEM_ASN1_read_bio(char (d2i)(), const char name, BIO bp, char *x,
248	}	239	}
249	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;	240	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
250	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;	241	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
251	p=data;	242
252	if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) {	243	*pdata = data;
253	if (strcmp(nm,PEM_STRING_RSA) == 0)	244	*plen = len;
254	ret=d2i(EVP_PKEY_RSA,x,&p,len);	245
255	else if (strcmp(nm,PEM_STRING_DSA) == 0)	246	if (pnm)
256	ret=d2i(EVP_PKEY_DSA,x,&p,len);	247	*pnm = nm;
257	else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {	248
258	PKCS8_PRIV_KEY_INFO *p8inf;	249	ret = 1;
259	p8inf=d2i_PKCS8_PRIV_KEY_INFO(	250
260	(PKCS8_PRIV_KEY_INFO **) x, &p, len);
261	ret = (char *)EVP_PKCS82PKEY(p8inf);
262	PKCS8_PRIV_KEY_INFO_free(p8inf);
263	} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
264	PKCS8_PRIV_KEY_INFO *p8inf;
265	X509_SIG *p8;
266	int klen;
267	char psbuf[PEM_BUFSIZE];
268	p8 = d2i_X509_SIG(NULL, &p, len);
269	if(!p8) goto p8err;
270	if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
271	else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
272	if (klen <= 0) {
273	PEMerr(PEM_F_PEM_ASN1_READ_BIO,
274	PEM_R_BAD_PASSWORD_READ);
275	goto err;
276	}
277	p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
278	X509_SIG_free(p8);
279	if(!p8inf) goto p8err;
280	ret = (char *)EVP_PKCS82PKEY(p8inf);
281	if(x) {
282	if(x) EVP_PKEY_free((EVP_PKEY )*x);
283	*x = ret;
284	}
285	PKCS8_PRIV_KEY_INFO_free(p8inf);
286	}
287	} else ret=d2i(x,&p,len);
288	p8err:
289	if (ret == NULL)
290	PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
291	err:	251	err:
292	OPENSSL_free(nm);	252	if (!pnm) OPENSSL_free(nm);
293	OPENSSL_free(header);	253	OPENSSL_free(header);
294	OPENSSL_free(data);	254	if (!ret) OPENSSL_free(data);
295	return(ret);	255	return ret;
296	}	256	}
297		257
298	#ifndef NO_FP_API	258	#ifndef OPENSSL_NO_FP_API
299	int PEM_ASN1_write(int (i2d)(), const char name, FILE fp, char x,	259	int PEM_ASN1_write(int (i2d)(), const char name, FILE fp, char x,
300	const EVP_CIPHER enc, unsigned char kstr, int klen,	260	const EVP_CIPHER enc, unsigned char kstr, int klen,
301	pem_password_cb callback, void u)	261	pem_password_cb callback, void u)
@@ -358,7 +318,7 @@ int PEM_ASN1_write_bio(int (i2d)(), const char name, BIO bp, char x,
358	if (kstr == NULL)	318	if (kstr == NULL)
359	{	319	{
360	if (callback == NULL)	320	if (callback == NULL)
361	klen=def_callback(buf,PEM_BUFSIZE,1,u);	321	klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
362	else	322	else
363	klen=(*callback)(buf,PEM_BUFSIZE,1,u);	323	klen=(*callback)(buf,PEM_BUFSIZE,1,u);
364	if (klen <= 0)	324	if (klen <= 0)
@@ -373,7 +333,7 @@ int PEM_ASN1_write_bio(int (i2d)(), const char name, BIO bp, char x,
373	kstr=(unsigned char *)buf;	333	kstr=(unsigned char *)buf;
374	}	334	}
375	RAND_add(data,i,0);/* put in the RSA key. */	335	RAND_add(data,i,0);/* put in the RSA key. */
376	if (RAND_pseudo_bytes(iv,8) < 0) /* Generate a salt */	336	if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
377	goto err;	337	goto err;
378	/* The 'iv' is used as the iv and as a salt. It is	338	/* The 'iv' is used as the iv and as a salt. It is
379	* NOT taken from the BytesToKey function */	339	* NOT taken from the BytesToKey function */
@@ -383,12 +343,14 @@ int PEM_ASN1_write_bio(int (i2d)(), const char name, BIO bp, char x,
383		343
384	buf[0]='\0';	344	buf[0]='\0';
385	PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);	345	PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
386	PEM_dek_info(buf,objstr,8,(char *)iv);	346	PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
387	/* k=strlen(buf); */	347	/* k=strlen(buf); */
388		348
389	EVP_EncryptInit(&ctx,enc,key,iv);	349	EVP_CIPHER_CTX_init(&ctx);
		350	EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
390	EVP_EncryptUpdate(&ctx,data,&j,data,i);	351	EVP_EncryptUpdate(&ctx,data,&j,data,i);
391	EVP_EncryptFinal(&ctx,&(data[j]),&i);	352	EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
		353	EVP_CIPHER_CTX_cleanup(&ctx);
392	i+=j;	354	i+=j;
393	ret=1;	355	ret=1;
394	}	356	}
@@ -422,7 +384,7 @@ int PEM_do_header(EVP_CIPHER_INFO cipher, unsigned char data, long *plen,
422		384
423	if (cipher->cipher == NULL) return(1);	385	if (cipher->cipher == NULL) return(1);
424	if (callback == NULL)	386	if (callback == NULL)
425	klen=def_callback(buf,PEM_BUFSIZE,0,u);	387	klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
426	else	388	else
427	klen=callback(buf,PEM_BUFSIZE,0,u);	389	klen=callback(buf,PEM_BUFSIZE,0,u);
428	if (klen <= 0)	390	if (klen <= 0)
@@ -439,9 +401,10 @@ int PEM_do_header(EVP_CIPHER_INFO cipher, unsigned char data, long *plen,
439	(unsigned char *)buf,klen,1,key,NULL);	401	(unsigned char *)buf,klen,1,key,NULL);
440		402
441	j=(int)len;	403	j=(int)len;
442	EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));	404	EVP_CIPHER_CTX_init(&ctx);
		405	EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
443	EVP_DecryptUpdate(&ctx,data,&i,data,j);	406	EVP_DecryptUpdate(&ctx,data,&i,data,j);
444	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);	407	o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
445	EVP_CIPHER_CTX_cleanup(&ctx);	408	EVP_CIPHER_CTX_cleanup(&ctx);
446	memset((char *)buf,0,sizeof(buf));	409	memset((char *)buf,0,sizeof(buf));
447	memset((char *)key,0,sizeof(key));	410	memset((char *)key,0,sizeof(key));
@@ -506,7 +469,7 @@ int PEM_get_EVP_CIPHER_INFO(char header, EVP_CIPHER_INFO cipher)
506	PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);	469	PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
507	return(0);	470	return(0);
508	}	471	}
509	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0);	472	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);
510		473
511	return(1);	474	return(1);
512	}	475	}
@@ -540,7 +503,7 @@ static int load_iv(unsigned char *fromp, unsigned char to, int num)
540	return(1);	503	return(1);
541	}	504	}
542		505
543	#ifndef NO_FP_API	506	#ifndef OPENSSL_NO_FP_API
544	int PEM_write(FILE fp, char name, char header, unsigned char data,	507	int PEM_write(FILE fp, char name, char header, unsigned char data,
545	long len)	508	long len)
546	{	509	{
@@ -614,7 +577,7 @@ err:
614	return(0);	577	return(0);
615	}	578	}
616		579
617	#ifndef NO_FP_API	580	#ifndef OPENSSL_NO_FP_API
618	int PEM_read(FILE fp, char name, char header, unsigned char *data,	581	int PEM_read(FILE fp, char name, char header, unsigned char *data,
619	long *len)	582	long *len)
620	{	583	{
@@ -794,170 +757,3 @@ err:
794	BUF_MEM_free(dataB);	757	BUF_MEM_free(dataB);
795	return(0);	758	return(0);
796	}	759	}
797
798	/* These functions write a private key in PKCS#8 format: it is a "drop in"
799	* replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
800	* is NULL then it uses the unencrypted private key form. The 'nid' versions
801	* uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
802	*/
803
804	int PEM_write_bio_PKCS8PrivateKey_nid(BIO bp, EVP_PKEY x, int nid,
805	char *kstr, int klen,
806	pem_password_cb cb, void u)
807	{
808	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
809	}
810
811	int PEM_write_bio_PKCS8PrivateKey(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
812	char *kstr, int klen,
813	pem_password_cb cb, void u)
814	{
815	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
816	}
817
818	int i2d_PKCS8PrivateKey_bio(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
819	char *kstr, int klen,
820	pem_password_cb cb, void u)
821	{
822	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
823	}
824
825	int i2d_PKCS8PrivateKey_nid_bio(BIO bp, EVP_PKEY x, int nid,
826	char *kstr, int klen,
827	pem_password_cb cb, void u)
828	{
829	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
830	}
831
832	static int do_pk8pkey(BIO bp, EVP_PKEY x, int isder, int nid, const EVP_CIPHER *enc,
833	char *kstr, int klen,
834	pem_password_cb cb, void u)
835	{
836	X509_SIG *p8;
837	PKCS8_PRIV_KEY_INFO *p8inf;
838	char buf[PEM_BUFSIZE];
839	int ret;
840	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
841	PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
842	PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
843	return 0;
844	}
845	if(enc \|\| (nid != -1)) {
846	if(!kstr) {
847	if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u);
848	else klen = cb(buf, PEM_BUFSIZE, 1, u);
849	if(klen <= 0) {
850	PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
851	PEM_R_READ_KEY);
852	PKCS8_PRIV_KEY_INFO_free(p8inf);
853	return 0;
854	}
855
856	kstr = buf;
857	}
858	p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
859	if(kstr == buf) memset(buf, 0, klen);
860	PKCS8_PRIV_KEY_INFO_free(p8inf);
861	if(isder) ret = i2d_PKCS8_bio(bp, p8);
862	else ret = PEM_write_bio_PKCS8(bp, p8);
863	X509_SIG_free(p8);
864	return ret;
865	} else {
866	if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
867	else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
868	PKCS8_PRIV_KEY_INFO_free(p8inf);
869	return ret;
870	}
871	}
872
873	/* Finally the DER version to read PKCS#8 encrypted private keys. It has to be
874	* here to access the default callback.
875	*/
876
877	EVP_PKEY d2i_PKCS8PrivateKey_bio(BIO bp, EVP_PKEY *x, pem_password_cb cb, void *u)
878	{
879	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
880	X509_SIG *p8 = NULL;
881	int klen;
882	EVP_PKEY *ret;
883	char psbuf[PEM_BUFSIZE];
884	p8 = d2i_PKCS8_bio(bp, NULL);
885	if(!p8) return NULL;
886	if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
887	else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
888	if (klen <= 0) {
889	PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
890	X509_SIG_free(p8);
891	return NULL;
892	}
893	p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
894	X509_SIG_free(p8);
895	if(!p8inf) return NULL;
896	ret = EVP_PKCS82PKEY(p8inf);
897	PKCS8_PRIV_KEY_INFO_free(p8inf);
898	if(!ret) return NULL;
899	if(x) {
900	if(x) EVP_PKEY_free(x);
901	*x = ret;
902	}
903	return ret;
904	}
905
906	#ifndef NO_FP_API
907
908	int i2d_PKCS8PrivateKey_fp(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
909	char *kstr, int klen,
910	pem_password_cb cb, void u)
911	{
912	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
913	}
914
915	int i2d_PKCS8PrivateKey_nid_fp(FILE fp, EVP_PKEY x, int nid,
916	char *kstr, int klen,
917	pem_password_cb cb, void u)
918	{
919	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
920	}
921
922	int PEM_write_PKCS8PrivateKey_nid(FILE fp, EVP_PKEY x, int nid,
923	char *kstr, int klen,
924	pem_password_cb cb, void u)
925	{
926	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
927	}
928
929	int PEM_write_PKCS8PrivateKey(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
930	char kstr, int klen, pem_password_cb cb, void *u)
931	{
932	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
933	}
934
935	static int do_pk8pkey_fp(FILE fp, EVP_PKEY x, int isder, int nid, const EVP_CIPHER *enc,
936	char *kstr, int klen,
937	pem_password_cb cb, void u)
938	{
939	BIO *bp;
940	int ret;
941	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
942	PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB);
943	return(0);
944	}
945	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
946	BIO_free(bp);
947	return ret;
948	}
949
950	EVP_PKEY d2i_PKCS8PrivateKey_fp(FILE fp, EVP_PKEY *x, pem_password_cb cb, void *u)
951	{
952	BIO *bp;
953	EVP_PKEY *ret;
954	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
955	PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
956	return NULL;
957	}
958	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
959	BIO_free(bp);
960	return ret;
961	}
962
963	#endif