1 files changed, 157 insertions, 116 deletions
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 7a2c0ad83b..90f02011ba 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -58,36 +58,25 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
+#include <openssl/buffer.h>
-#include "objects.h"
+#include <openssl/objects.h>
-#include "evp.h"
+#include <openssl/evp.h>
-#include "rand.h"
+#include <openssl/rand.h>
-#include "x509.h"
+#include <openssl/x509.h>
-#include "pem.h"
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
 #ifndef NO_DES
-#include "des.h"
+#include <openssl/des.h>
 #endif
-char *PEM_version="PEM part of SSLeay 0.9.0b 29-Jun-1998";
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 #define MIN_LENGTH      4
-/* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+static int def_callback(char *buf, int num, int w, void *userdata);
- * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- */
-#ifndef NOPROTO
-static int def_callback(char *buf, int num, int w);
 static int load_iv(unsigned char **fromp,unsigned char *to, int num);
-#else
-static int def_callback();
-static int load_iv();
-#endif
-static int def_callback(buf, num, w)
+static int def_callback(char *buf, int num, int w, void *userdata)
-char *buf;
-int num;
-int w;
        {
 #ifdef NO_FP_API
        /* We should not ever call the default callback routine from
@@ -96,7 +85,7 @@ int w;
        return(-1);
 #else
        int i,j;
-        char *prompt;
+        const char *prompt;
        prompt=EVP_get_pw_prompt();
        if (prompt == NULL)
@@ -123,11 +112,9 @@ int w;
 #endif
        }
-void PEM_proc_type(buf, type)
+void PEM_proc_type(char *buf, int type)
-char *buf;
-int type;
        {
-        char *str;
+        const char *str;
        if (type == PEM_TYPE_ENCRYPTED)
                str="ENCRYPTED";
@@ -143,11 +130,7 @@ int type;
        strcat(buf,"\n");
        }
-void PEM_dek_info(buf, type, len, str)
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
-char *buf;
-char *type;
-int len;
-char *str;
        {
        static unsigned char map[17]="0123456789ABCDEF";
        long i;
@@ -167,12 +150,8 @@ char *str;
        }
 #ifndef NO_FP_API
-char *PEM_ASN1_read(d2i,name,fp, x, cb)
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
-char *(*d2i)();
+             pem_password_cb *cb, void *u)
-char *name;
-FILE *fp;
-char **x;
-int (*cb)();
        {
        BIO *b;
        char *ret;
@@ -183,18 +162,14 @@ int (*cb)();
                return(0);
                }
        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb);
+        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
        BIO_free(b);
        return(ret);
        }
 #endif
-char *PEM_ASN1_read_bio(d2i,name,bp, x, cb)
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
-char *(*d2i)();
+             pem_password_cb *cb, void *u)
-char *name;
-BIO *bp;
-char **x;
-int (*cb)();
        {
        EVP_CIPHER_INFO cipher;
        char *nm=NULL,*header=NULL;
@@ -210,10 +185,14 @@ int (*cb)();
                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
                        ((strcmp(nm,PEM_STRING_DSA) == 0) &&
                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+                        ((strcmp(nm,PEM_STRING_PKCS8) == 0) &&
+                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+                        ((strcmp(nm,PEM_STRING_PKCS8INF) == 0) &&
+                         (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
                        ((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
                         (strcmp(name,PEM_STRING_X509) == 0)) ||
                        ((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
-                         (strcmp(name,PEM_STRING_X509_REQ) == 0))
+                         (strcmp(name,PEM_STRING_X509_REQ) == 0)) 
                        )
                        break;
                Free(nm);
@@ -221,17 +200,41 @@ int (*cb)();
                Free(data);
                }
        if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
-        if (!PEM_do_header(&cipher,data,&len,cb)) goto err;
+        if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
        p=data;
-        if (strcmp(name,PEM_STRING_EVP_PKEY) == 0)
+        if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) {
-                {
                if (strcmp(nm,PEM_STRING_RSA) == 0)
                        ret=d2i(EVP_PKEY_RSA,x,&p,len);
                else if (strcmp(nm,PEM_STRING_DSA) == 0)
                        ret=d2i(EVP_PKEY_DSA,x,&p,len);
+                else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
+                        PKCS8_PRIV_KEY_INFO *p8inf;
+                        p8inf=d2i_PKCS8_PRIV_KEY_INFO(
+                                        (PKCS8_PRIV_KEY_INFO **) x, &p, len);
+                        ret = (char *)EVP_PKCS82PKEY(p8inf);
+                        PKCS8_PRIV_KEY_INFO_free(p8inf);
+                } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+                        PKCS8_PRIV_KEY_INFO *p8inf;
+                        X509_SIG *p8;
+                        int klen;
+                        char psbuf[PEM_BUFSIZE];
+                        p8 = d2i_X509_SIG((X509_SIG **)x, &p, len);
+                        if(!p8) goto p8err;
+                        if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+                        else klen=def_callback(psbuf,PEM_BUFSIZE,0,u);
+                        if (klen <= 0) {
+                                PEMerr(PEM_F_PEM_ASN1_READ_BIO,
+                                                PEM_R_BAD_PASSWORD_READ);
+                                goto err;
+                        }
+                        p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
+                        X509_SIG_free(p8);
+                        if(!p8inf) goto p8err;
+                        ret = (char *)EVP_PKCS82PKEY(p8inf);
+                        PKCS8_PRIV_KEY_INFO_free(p8inf);
                }
-        else    
+        } else  ret=d2i(x,&p,len);
-                ret=d2i(x,&p,len);
+p8err:
        if (ret == NULL)
                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
 err:
@@ -242,15 +245,9 @@ err:
        }
 #ifndef NO_FP_API
-int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback)
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
-int (*i2d)();
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
-char *name;
+             pem_password_cb *callback, void *u)
-FILE *fp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
        {
        BIO *b;
        int ret;
@@ -261,27 +258,20 @@ int (*callback)();
                return(0);
                }
        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback);
+        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
        BIO_free(b);
        return(ret);
        }
 #endif
-int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback)
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
-int (*i2d)();
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
-char *name;
+             pem_password_cb *callback, void *u)
-BIO *bp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
        {
        EVP_CIPHER_CTX ctx;
        int dsize=0,i,j,ret=0;
        unsigned char *p,*data=NULL;
-        char *objstr=NULL;
+        const char *objstr=NULL;
-#define PEM_BUFSIZE     1024
        char buf[PEM_BUFSIZE];
        unsigned char key[EVP_MAX_KEY_LENGTH];
        unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -317,14 +307,18 @@ int (*callback)();
                if (kstr == NULL)
                        {
                        if (callback == NULL)
-                                klen=def_callback(buf,PEM_BUFSIZE,1);
+                                klen=def_callback(buf,PEM_BUFSIZE,1,u);
                        else
-                                klen=(*callback)(buf,PEM_BUFSIZE,1);
+                                klen=(*callback)(buf,PEM_BUFSIZE,1,u);
                        if (klen <= 0)
                                {
                                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
                                goto err;
                                }
+#ifdef CHARSET_EBCDIC
+                        /* Convert the pass phrase from EBCDIC */
+                        ebcdic2ascii(buf, buf, klen);
+#endif
                        kstr=(unsigned char *)buf;
                        }
                RAND_seed(data,i);/* put in the RSA key. */
@@ -363,11 +357,8 @@ err:
        return(ret);
        }
-int PEM_do_header(cipher, data, plen, callback)
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
-EVP_CIPHER_INFO *cipher;
+             pem_password_cb *callback,void *u)
-unsigned char *data;
-long *plen;
-int (*callback)();
        {
        int i,j,o,klen;
        long len;
@@ -379,14 +370,19 @@ int (*callback)();
        if (cipher->cipher == NULL) return(1);
        if (callback == NULL)
-                klen=def_callback(buf,PEM_BUFSIZE,0);
+                klen=def_callback(buf,PEM_BUFSIZE,0,u);
        else
-                klen=callback(buf,PEM_BUFSIZE,0);
+                klen=callback(buf,PEM_BUFSIZE,0,u);
        if (klen <= 0)
                {
                PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
                return(0);
                }
+#ifdef CHARSET_EBCDIC
+        /* Convert the pass phrase from EBCDIC */
+        ebcdic2ascii(buf, buf, klen);
+#endif
        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
                (unsigned char *)buf,klen,1,key,NULL);
@@ -407,12 +403,10 @@ int (*callback)();
        return(1);
        }
-int PEM_get_EVP_CIPHER_INFO(header,cipher)
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
-char *header;
-EVP_CIPHER_INFO *cipher;
        {
        int o;
-        EVP_CIPHER *enc=NULL;
+        const EVP_CIPHER *enc=NULL;
        char *p,c;
        cipher->cipher=NULL;
@@ -438,9 +432,15 @@ EVP_CIPHER_INFO *cipher;
        for (;;)
                {
                c= *header;
+#ifndef CHARSET_EBCDIC
                if (!(  ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
                        ((c >= '0') && (c <= '9'))))
                        break;
+#else
+                if (!(  isupper(c) || (c == '-') ||
+                        isdigit(c)))
+                        break;
+#endif
                header++;
                }
        *header='\0';
@@ -459,9 +459,7 @@ EVP_CIPHER_INFO *cipher;
        return(1);
        }
-static int load_iv(fromp,to,num)
+static int load_iv(unsigned char **fromp, unsigned char *to, int num)
-unsigned char **fromp,*to;
-int num;
        {
        int v,i;
        unsigned char *from;
@@ -491,12 +489,8 @@ int num;
        }
 #ifndef NO_FP_API
-int PEM_write(fp, name, header, data,len)
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
-FILE *fp;
+             long len)
-char *name;
-char *header;
-unsigned char *data;
-long len;
        {
        BIO *b;
        int ret;
@@ -513,12 +507,8 @@ long len;
        }
 #endif
-int PEM_write_bio(bp, name, header, data,len)
+int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
-BIO *bp;
+             long len)
-char *name;
-char *header;
-unsigned char *data;
-long len;
        {
        int nlen,n,i,j,outl;
        unsigned char *buf;
@@ -573,12 +563,8 @@ err:
        }
 #ifndef NO_FP_API
-int PEM_read(fp, name, header, data,len)
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
-FILE *fp;
+             long *len)
-char **name;
-char **header;
-unsigned char **data;
-long *len;
        {
        BIO *b;
        int ret;
@@ -595,12 +581,8 @@ long *len;
        }
 #endif
-int PEM_read_bio(bp, name, header, data, len)
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
-BIO *bp;
+             long *len)
-char **name;
-char **header;
-unsigned char **data;
-long *len;
        {
        EVP_ENCODE_CTX ctx;
        int end=0,i,k,bl=0,hl=0,nohead=0;
@@ -643,7 +625,7 @@ long *len;
                                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
                                goto err;
                                }
-                        strncpy(nameB->data,&(buf[11]),(unsigned int)i-6);
+                        memcpy(nameB->data,&(buf[11]),i-6);
                        nameB->data[i-6]='\0';
                        break;
                        }
@@ -668,7 +650,7 @@ long *len;
                        nohead=1;
                        break;
                        }
-                strncpy(&(headerB->data[hl]),buf,(unsigned int)i);
+                memcpy(&(headerB->data[hl]),buf,i);
                headerB->data[hl+i]='\0';
                hl+=i;
                }
@@ -696,7 +678,7 @@ long *len;
                                PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
                                goto err;
                                }
-                        strncpy(&(dataB->data[bl]),buf,(unsigned int)i);
+                        memcpy(&(dataB->data[bl]),buf,i);
                        dataB->data[bl+i]='\0';
                        bl+=i;
                        if (end)
@@ -721,7 +703,7 @@ long *len;
                }
        i=strlen(nameB->data);
        if (    (strncmp(buf,"-----END ",9) != 0) ||
-                (strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) ||
+                (strncmp(nameB->data,&(buf[9]),i) != 0) ||
                (strncmp(&(buf[9+i]),"-----\n",6) != 0))
                {
                PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
@@ -760,3 +742,62 @@ err:
        BUF_MEM_free(dataB);
        return(0);
        }
+/* This function writes a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey(). As usual if 'enc' is NULL then
+ * it uses the unencrypted private key form. It uses PKCS#5 v2.0 password based
+ * encryption algorithms.
+ */
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+        X509_SIG *p8;
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        char buf[PEM_BUFSIZE];
+        int ret;
+        if(!(p8inf = EVP_PKEY2PKCS8(x))) {
+                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+                                        PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+                return 0;
+        }
+        if(enc) {
+                if(!kstr) {
+                        if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u);
+                        else klen = cb(buf, PEM_BUFSIZE, 1, u);
+                        if(klen <= 0) {
+                                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+                                                                PEM_R_READ_KEY);
+                                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                                return 0;
+                        }
+                                
+                        kstr = buf;
+                }
+                p8 = PKCS8_encrypt(-1, enc, kstr, klen, NULL, 0, 0, p8inf);
+                if(kstr == buf) memset(buf, 0, klen);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                ret = PEM_write_bio_PKCS8(bp, p8);
+                X509_SIG_free(p8);
+                return ret;
+        } else {
+                ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                return ret;
+        }
+}
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+        BIO *bp;
+        int ret;
+        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+                PEMerr(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,ERR_R_BUF_LIB);
+                return(0);
+        }
+        ret = PEM_write_bio_PKCS8PrivateKey(bp, x, enc, kstr, klen, cb, u);
+        BIO_free(bp);
+        return ret;
+}