From 6b62d1fdd8a4fd35acfcc0c4bb1bf8b757fa8cda Mon Sep 17 00:00:00 2001 From: djm <> Date: Sat, 6 Sep 2008 12:17:54 +0000 Subject: resolve conflicts --- src/lib/libcrypto/pem/pem.h | 173 +++++++++++++++++++++++------ src/lib/libcrypto/pem/pem_all.c | 233 +++++++++++++++++++-------------------- src/lib/libcrypto/pem/pem_err.c | 18 +-- src/lib/libcrypto/pem/pem_info.c | 58 +++++++--- src/lib/libcrypto/pem/pem_lib.c | 33 +++--- src/lib/libcrypto/pem/pem_oth.c | 7 +- src/lib/libcrypto/pem/pem_pk8.c | 7 +- src/lib/libcrypto/pem/pem_pkey.c | 12 +- src/lib/libcrypto/pem/pem_seal.c | 2 + src/lib/libcrypto/pem/pem_xaux.c | 1 + 10 files changed, 343 insertions(+), 201 deletions(-) (limited to 'src/lib/libcrypto/pem') diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h index d330cbf9a3..670afa670b 100644 --- a/src/lib/libcrypto/pem/pem.h +++ b/src/lib/libcrypto/pem/pem.h @@ -59,6 +59,7 @@ #ifndef HEADER_PEM_H #define HEADER_PEM_H +#include #ifndef OPENSSL_NO_BIO #include #endif @@ -68,7 +69,6 @@ #include #include #include -#include #ifdef __cplusplus extern "C" { @@ -91,6 +91,9 @@ extern "C" { #define PEM_OBJ_DHPARAMS 17 #define PEM_OBJ_DSAPARAMS 18 #define PEM_OBJ_PRIV_RSA_PUBLIC 19 +#define PEM_OBJ_PRIV_ECDSA 20 +#define PEM_OBJ_PUB_ECDSA 21 +#define PEM_OBJ_ECPARAMETERS 22 #define PEM_ERROR 30 #define PEM_DEK_DES_CBC 40 @@ -110,6 +113,7 @@ extern "C" { #define PEM_STRING_X509_OLD "X509 CERTIFICATE" #define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" @@ -126,6 +130,10 @@ extern "C" { #define PEM_STRING_DHPARAMS "DH PARAMETERS" #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_CMS "CMS" /* Note that this structure is initialised by PEM_SealInit and cleaned up by PEM_SealFinal (at least for now) */ @@ -213,24 +221,50 @@ typedef struct pem_ctx_st #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ { \ -return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\ - cb,u)); \ -} \ + return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ + str, fp, \ + CHECKED_PPTR_OF(type, x), \ + cb, u); \ +} #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x) \ { \ -return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \ - NULL,NULL,0,NULL,NULL)); \ -} + return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ + str, fp, \ + CHECKED_PTR_OF(type, x), \ + NULL, NULL, 0, NULL, NULL); \ +} + +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ + return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ + str, fp, \ + CHECKED_PTR_OF(const type, x), \ + NULL, NULL, 0, NULL, NULL); \ +} #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \ - (char *)x,enc,kstr,klen,cb,u)); \ + return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ + str, fp, \ + CHECKED_PTR_OF(type, x), \ + enc, kstr, klen, cb, u); \ + } + +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ + str, fp, \ + CHECKED_PTR_OF(const type, x), \ + enc, kstr, klen, cb, u); \ } #endif @@ -238,33 +272,66 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ { \ -return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\ - (char **)x,cb,u)); \ + return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ + str, bp, \ + CHECKED_PPTR_OF(type, x), \ + cb, u); \ } #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x) \ { \ -return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \ - NULL,NULL,0,NULL,NULL)); \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ + str, bp, \ + CHECKED_PTR_OF(type, x), \ + NULL, NULL, 0, NULL, NULL); \ +} + +#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ + str, bp, \ + CHECKED_PTR_OF(const type, x), \ + NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \ - (char *)x,enc,kstr,klen,cb,u)); \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ + str, bp, \ + CHECKED_PTR_OF(type, x), \ + enc, kstr, klen, cb, u); \ + } + +#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ + str, bp, \ + CHECKED_PTR_OF(const type, x), \ + enc, kstr, klen, cb, u); \ } #define IMPLEMENT_PEM_write(name, type, str, asn1) \ IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ IMPLEMENT_PEM_write_fp(name, type, str, asn1) +#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) +#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + #define IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ IMPLEMENT_PEM_read_fp(name, type, str, asn1) @@ -273,6 +340,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_write(name, type, str, asn1) +#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb(name, type, str, asn1) @@ -293,6 +364,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_write_fp(name, type) \ int PEM_write_##name(FILE *fp, type *x); +#define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + #define DECLARE_PEM_write_cb_fp(name, type) \ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); @@ -306,6 +380,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_write_bio(name, type) \ int PEM_write_bio_##name(BIO *bp, type *x); +#define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + #define DECLARE_PEM_write_cb_bio(name, type) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); @@ -322,6 +399,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ DECLARE_PEM_write_bio(name, type) \ DECLARE_PEM_write_fp(name, type) +#define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) + #define DECLARE_PEM_write_cb(name, type) \ DECLARE_PEM_write_cb_bio(name, type) \ DECLARE_PEM_write_cb_fp(name, type) @@ -334,6 +415,10 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write(name, type) +#define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) + #define DECLARE_PEM_rw_cb(name, type) \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) @@ -403,9 +488,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ (char **)x,cb,u) -#define PEM_write_bio_SSL_SESSION(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) #define PEM_write_bio_X509(bp,x) \ PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ (char *)x, NULL,NULL,0,NULL,NULL) @@ -444,8 +526,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ PEM_STRING_X509,bp, \ (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) #define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) #define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ @@ -494,11 +574,25 @@ int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, long len); int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u); -char * PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x, - pem_password_cb *cb, void *u); -int PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x, +void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, + void **x, pem_password_cb *cb, void *u); + +#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ + ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ + name, bp, \ + CHECKED_PPTR_OF(type, x), \ + cb, u)) + +int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, const EVP_CIPHER *enc,unsigned char *kstr,int klen, pem_password_cb *cb, void *u); + +#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ + (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ + name, bp, \ + CHECKED_PTR_OF(type, x), \ + enc, kstr, klen, cb, u)) + STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u); @@ -508,11 +602,11 @@ int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,long *len); int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); -char * PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x, - pem_password_cb *cb, void *u); -int PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x, - const EVP_CIPHER *enc,unsigned char *kstr,int klen, - pem_password_cb *callback, void *u); +void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, + char *x,const EVP_CIPHER *enc,unsigned char *kstr, + int klen,pem_password_cb *callback, void *u); STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); #endif @@ -542,6 +636,8 @@ DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) + DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) @@ -559,7 +655,7 @@ DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw(RSAPublicKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) #endif @@ -570,13 +666,19 @@ DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) DECLARE_PEM_rw(DSA_PUBKEY, DSA) -DECLARE_PEM_rw(DSAparams, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) + +#endif +#ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) #endif #ifndef OPENSSL_NO_DH -DECLARE_PEM_rw(DHparams, DH) +DECLARE_PEM_rw_const(DHparams, DH) #endif @@ -626,24 +728,27 @@ void ERR_load_PEM_strings(void); /* Function codes. */ #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 -#define PEM_F_DEF_CALLBACK 100 +#define PEM_F_DO_PK8PKEY 126 +#define PEM_F_DO_PK8PKEY_FP 125 #define PEM_F_LOAD_IV 101 #define PEM_F_PEM_ASN1_READ 102 #define PEM_F_PEM_ASN1_READ_BIO 103 #define PEM_F_PEM_ASN1_WRITE 104 #define PEM_F_PEM_ASN1_WRITE_BIO 105 +#define PEM_F_PEM_DEF_CALLBACK 100 #define PEM_F_PEM_DO_HEADER 106 -#define PEM_F_PEM_F_DO_PK8KEY_FP 122 #define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 #define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +#define PEM_F_PEM_PK8PKEY 119 #define PEM_F_PEM_READ 108 #define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +#define PEM_F_PEM_READ_PRIVATEKEY 124 #define PEM_F_PEM_SEALFINAL 110 #define PEM_F_PEM_SEALINIT 111 #define PEM_F_PEM_SIGNFINAL 112 #define PEM_F_PEM_WRITE 113 #define PEM_F_PEM_WRITE_BIO 114 -#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY 119 #define PEM_F_PEM_X509_INFO_READ 115 #define PEM_F_PEM_X509_INFO_READ_BIO 116 #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c index 07963314c9..66cbc7eb82 100644 --- a/src/lib/libcrypto/pem/pem_all.c +++ b/src/lib/libcrypto/pem/pem_all.c @@ -55,6 +55,59 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #undef SSLEAY_MACROS @@ -64,7 +117,15 @@ #include #include #include -#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif #ifndef OPENSSL_NO_RSA static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); @@ -73,6 +134,10 @@ static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa); #endif +#ifndef OPENSSL_NO_EC +static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey); +#endif + IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) @@ -129,50 +194,8 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, #endif -#ifdef OPENSSL_FIPS - -int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_RSA(k, x); - - ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} - -#ifndef OPENSSL_NO_FP_API -int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - - EVP_PKEY_set1_RSA(k, x); - - ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; -} -#endif - -#else - -IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) - -#endif - -IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) +IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) +IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) #endif @@ -201,69 +224,73 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, return pkey_get_dsa(pktmp, dsa); } +IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) -#ifdef OPENSSL_FIPS +#ifndef OPENSSL_NO_FP_API -int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) +DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, + void *u) { - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_DSA(k, x); - - ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; + EVP_PKEY *pktmp; + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); + return pkey_get_dsa(pktmp, dsa); } -#ifndef OPENSSL_NO_FP_API -int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) +#endif + +IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) + +#endif + + +#ifndef OPENSSL_NO_EC +static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) { - EVP_PKEY *k; - int ret; - k = EVP_PKEY_new(); - if (!k) - return 0; - EVP_PKEY_set1_DSA(k, x); - ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); - EVP_PKEY_free(k); - return ret; + EC_KEY *dtmp; + if(!key) return NULL; + dtmp = EVP_PKEY_get1_EC_KEY(key); + EVP_PKEY_free(key); + if(!dtmp) return NULL; + if(eckey) + { + EC_KEY_free(*eckey); + *eckey = dtmp; + } + return dtmp; } -#endif -#else +EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, + void *u) +{ + EVP_PKEY *pktmp; + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); + return pkey_get_eckey(pktmp, key); +} -IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) -#endif +IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) -IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) +IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) #ifndef OPENSSL_NO_FP_API - -DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, - void *u) + +EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, + void *u) { EVP_PKEY *pktmp; pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); - return pkey_get_dsa(pktmp, dsa); + return pkey_get_eckey(pktmp, eckey); } #endif -IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) - #endif #ifndef OPENSSL_NO_DH -IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) +IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) #endif @@ -274,42 +301,8 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything * appropriate.) */ - -#ifdef OPENSSL_FIPS - -int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) - { - if (FIPS_mode()) - return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, - (char *)kstr, klen, cb, u); - else - return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey, - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), - bp,(char *)x,enc,kstr,klen,cb,u); - } - -#ifndef OPENSSL_NO_FP_API -int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) - { - if (FIPS_mode()) - return PEM_write_PKCS8PrivateKey(fp, x, enc, - (char *)kstr, klen, cb, u); - else - return PEM_ASN1_write((int (*)())i2d_PrivateKey, - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), - fp,(char *)x,enc,kstr,klen,cb,u); - } -#endif - -#else - -IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey) - -#endif +IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ + (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c index 8527028ebc..3133563d77 100644 --- a/src/lib/libcrypto/pem/pem_err.c +++ b/src/lib/libcrypto/pem/pem_err.c @@ -72,24 +72,27 @@ static ERR_STRING_DATA PEM_str_functs[]= { {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, -{ERR_FUNC(PEM_F_DEF_CALLBACK), "DEF_CALLBACK"}, +{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, +{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, +{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, -{ERR_FUNC(PEM_F_PEM_F_DO_PK8KEY_FP), "PEM_F_DO_PK8KEY_FP"}, {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, +{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, +{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, +{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, -{ERR_FUNC(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY), "PEM_write_bio_PKCS8PrivateKey"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, @@ -121,15 +124,12 @@ static ERR_STRING_DATA PEM_str_reasons[]= void ERR_load_PEM_strings(void) { - static int init=1; +#ifndef OPENSSL_NO_ERR - if (init) + if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) { - init=0; -#ifndef OPENSSL_NO_ERR ERR_load_strings(0,PEM_str_functs); ERR_load_strings(0,PEM_str_reasons); -#endif - } +#endif } diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 9e4af29c95..3a273f6f70 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c @@ -63,6 +63,12 @@ #include #include #include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif #ifndef OPENSSL_NO_FP_API STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) @@ -85,13 +91,15 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_p STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { X509_INFO *xi=NULL; - char *name=NULL,*header=NULL,**pp; - unsigned char *data=NULL,*p; + char *name=NULL,*header=NULL; + void *pp; + unsigned char *data=NULL; + const unsigned char *p; long len,error=0; int ok=0; STACK_OF(X509_INFO) *ret=NULL; unsigned int i,raw; - char *(*d2i)(); + d2i_of_void *d2i; if (sk == NULL) { @@ -123,42 +131,42 @@ start: if ( (strcmp(name,PEM_STRING_X509) == 0) || (strcmp(name,PEM_STRING_X509_OLD) == 0)) { - d2i=(char *(*)())d2i_X509; + d2i=(D2I_OF(void))d2i_X509; if (xi->x509 != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->x509); + pp=&(xi->x509); } else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) { - d2i=(char *(*)())d2i_X509_AUX; + d2i=(D2I_OF(void))d2i_X509_AUX; if (xi->x509 != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->x509); + pp=&(xi->x509); } else if (strcmp(name,PEM_STRING_X509_CRL) == 0) { - d2i=(char *(*)())d2i_X509_CRL; + d2i=(D2I_OF(void))d2i_X509_CRL; if (xi->crl != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; if ((xi=X509_INFO_new()) == NULL) goto err; goto start; } - pp=(char **)&(xi->crl); + pp=&(xi->crl); } else #ifndef OPENSSL_NO_RSA if (strcmp(name,PEM_STRING_RSA) == 0) { - d2i=(char *(*)())d2i_RSAPrivateKey; + d2i=(D2I_OF(void))d2i_RSAPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; @@ -173,7 +181,7 @@ start: if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) goto err; xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa); + pp=&(xi->x_pkey->dec_pkey->pkey.rsa); if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } @@ -182,7 +190,7 @@ start: #ifndef OPENSSL_NO_DSA if (strcmp(name,PEM_STRING_DSA) == 0) { - d2i=(char *(*)())d2i_DSAPrivateKey; + d2i=(D2I_OF(void))d2i_DSAPrivateKey; if (xi->x_pkey != NULL) { if (!sk_X509_INFO_push(ret,xi)) goto err; @@ -197,11 +205,35 @@ start: if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) goto err; xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa); + pp=&xi->x_pkey->dec_pkey->pkey.dsa; if ((int)strlen(header) > 10) /* assume encrypted */ raw=1; } else +#endif +#ifndef OPENSSL_NO_EC + if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0) + { + d2i=(D2I_OF(void))d2i_ECPrivateKey; + if (xi->x_pkey != NULL) + { + if (!sk_X509_INFO_push(ret,xi)) goto err; + if ((xi=X509_INFO_new()) == NULL) goto err; + goto start; + } + + xi->enc_data=NULL; + xi->enc_len=0; + + xi->x_pkey=X509_PKEY_new(); + if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) + goto err; + xi->x_pkey->dec_pkey->type=EVP_PKEY_EC; + pp=&(xi->x_pkey->dec_pkey->pkey.ec); + if ((int)strlen(header) > 10) /* assume encrypted */ + raw=1; + } + else #endif { d2i=NULL; diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index 82815067b3..9bae4c8850 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c @@ -69,7 +69,7 @@ #include #endif -const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT; +const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; #define MIN_LENGTH 4 @@ -81,7 +81,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) #ifdef OPENSSL_NO_FP_API /* We should not ever call the default callback routine from * windows. */ - PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return(-1); #else int i,j; @@ -102,7 +102,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) i=EVP_read_pw_string(buf,num,prompt,w); if (i != 0) { - PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); + PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); memset(buf,0,(unsigned int)num); return(-1); } @@ -158,11 +158,11 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) } #ifndef OPENSSL_NO_FP_API -char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x, - pem_password_cb *cb, void *u) +void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u) { BIO *b; - char *ret; + void *ret; if ((b=BIO_new(BIO_s_file())) == NULL) { @@ -195,6 +195,8 @@ static int check_pem(const char *nm, const char *name) if(!strcmp(nm,PEM_STRING_DSA) && !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) && + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; /* Permit older strings */ if(!strcmp(nm,PEM_STRING_X509_OLD) && @@ -258,9 +260,9 @@ err: } #ifndef OPENSSL_NO_FP_API -int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, - const EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + char *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u) { BIO *b; int ret; @@ -277,9 +279,9 @@ int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, } #endif -int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, - const EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + char *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u) { EVP_CIPHER_CTX ctx; int dsize=0,i,j,ret=0; @@ -336,7 +338,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, kstr=(unsigned char *)buf; } RAND_add(data,i,0);/* put in the RSA key. */ - OPENSSL_assert(enc->iv_len <= sizeof iv); + OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ goto err; /* The 'iv' is used as the iv and as a salt. It is @@ -577,6 +579,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, } EVP_EncodeFinal(&ctx,buf,&outl); if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; + OPENSSL_cleanse(buf, PEM_BUFSIZE*8); OPENSSL_free(buf); buf = NULL; if ( (BIO_write(bp,"-----END ",9) != 9) || @@ -585,8 +588,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, goto err; return(i+outl); err: - if (buf) + if (buf) { + OPENSSL_cleanse(buf, PEM_BUFSIZE*8); OPENSSL_free(buf); + } PEMerr(PEM_F_PEM_WRITE_BIO,reason); return(0); } diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c index 8d9064ea7c..b33868d25a 100644 --- a/src/lib/libcrypto/pem/pem_oth.c +++ b/src/lib/libcrypto/pem/pem_oth.c @@ -67,10 +67,11 @@ /* Handle 'other' PEMs: not private keys */ -char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x, - pem_password_cb *cb, void *u) +void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u) { - unsigned char *p=NULL,*data=NULL; + const unsigned char *p=NULL; + unsigned char *data=NULL; long len; char *ret=NULL; diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c index db38a2a79d..6deab8c338 100644 --- a/src/lib/libcrypto/pem/pem_pk8.c +++ b/src/lib/libcrypto/pem/pem_pk8.c @@ -118,7 +118,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER char buf[PEM_BUFSIZE]; int ret; if(!(p8inf = EVP_PKEY2PKCS8(x))) { - PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY, + PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); return 0; } @@ -127,8 +127,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); else klen = cb(buf, PEM_BUFSIZE, 1, u); if(klen <= 0) { - PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY, - PEM_R_READ_KEY); + PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY); PKCS8_PRIV_KEY_INFO_free(p8inf); return 0; } @@ -215,7 +214,7 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CI BIO *bp; int ret; if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { - PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB); + PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB); return(0); } ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c index 9ecdbd5419..4da4c31ce5 100644 --- a/src/lib/libcrypto/pem/pem_pkey.c +++ b/src/lib/libcrypto/pem/pem_pkey.c @@ -70,7 +70,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) { char *nm=NULL; - unsigned char *p=NULL,*data=NULL; + const unsigned char *p=NULL; + unsigned char *data=NULL; long len; EVP_PKEY *ret=NULL; @@ -82,6 +83,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); else if (strcmp(nm,PEM_STRING_DSA) == 0) ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); + else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0) + ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { PKCS8_PRIV_KEY_INFO *p8inf; p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); @@ -102,7 +105,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); if (klen <= 0) { - PEMerr(PEM_F_PEM_ASN1_READ_BIO, + PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; @@ -119,9 +122,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo } p8err: if (ret == NULL) - PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); + PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); err: OPENSSL_free(nm); + OPENSSL_cleanse(data, len); OPENSSL_free(data); return(ret); } @@ -134,7 +138,7 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void if ((b=BIO_new(BIO_s_file())) == NULL) { - PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); + PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); return(0); } BIO_set_fp(b,fp,BIO_NOCLOSE); diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c index 56e08abd70..4e554e5481 100644 --- a/src/lib/libcrypto/pem/pem_seal.c +++ b/src/lib/libcrypto/pem/pem_seal.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include /* for OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_RSA #include #include "cryptlib.h" @@ -64,6 +65,7 @@ #include #include #include +#include int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c index 2f579b5421..63ce660cf1 100644 --- a/src/lib/libcrypto/pem/pem_xaux.c +++ b/src/lib/libcrypto/pem/pem_xaux.c @@ -66,3 +66,4 @@ #include IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) +IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR) -- cgit v1.2.3-55-g6feb