pem_lib.c revision 59191
1/* crypto/pem/pem_lib.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/buffer.h> 62#include <openssl/objects.h> 63#include <openssl/evp.h> 64#include <openssl/rand.h> 65#include <openssl/x509.h> 66#include <openssl/pem.h> 67#include <openssl/pkcs12.h> 68#ifndef NO_DES 69#include <openssl/des.h> 70#endif 71 72const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT; 73 74#define MIN_LENGTH 4 75 76static int def_callback(char *buf, int num, int w, void *userdata); 77static int load_iv(unsigned char **fromp,unsigned char *to, int num); 78static int check_pem(const char *nm, const char *name); 79static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, 80 int nid, const EVP_CIPHER *enc, 81 char *kstr, int klen, 82 pem_password_cb *cb, void *u); 83static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, 84 int nid, const EVP_CIPHER *enc, 85 char *kstr, int klen, 86 pem_password_cb *cb, void *u); 87 88static int def_callback(char *buf, int num, int w, void *key) 89 { 90#ifdef NO_FP_API 91 /* We should not ever call the default callback routine from 92 * windows. */ 93 PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 94 return(-1); 95#else 96 int i,j; 97 const char *prompt; 98 if(key) { 99 i=strlen(key); 100 i=(i > num)?num:i; 101 memcpy(buf,key,i); 102 return(i); 103 } 104 105 prompt=EVP_get_pw_prompt(); 106 if (prompt == NULL) 107 prompt="Enter PEM pass phrase:"; 108 109 for (;;) 110 { 111 i=EVP_read_pw_string(buf,num,prompt,w); 112 if (i != 0) 113 { 114 PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); 115 memset(buf,0,(unsigned int)num); 116 return(-1); 117 } 118 j=strlen(buf); 119 if (j < MIN_LENGTH) 120 { 121 fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH); 122 } 123 else 124 break; 125 } 126 return(j); 127#endif 128 } 129 130void PEM_proc_type(char *buf, int type) 131 { 132 const char *str; 133 134 if (type == PEM_TYPE_ENCRYPTED) 135 str="ENCRYPTED"; 136 else if (type == PEM_TYPE_MIC_CLEAR) 137 str="MIC-CLEAR"; 138 else if (type == PEM_TYPE_MIC_ONLY) 139 str="MIC-ONLY"; 140 else 141 str="BAD-TYPE"; 142 143 strcat(buf,"Proc-Type: 4,"); 144 strcat(buf,str); 145 strcat(buf,"\n"); 146 } 147 148void PEM_dek_info(char *buf, const char *type, int len, char *str) 149 { 150 static unsigned char map[17]="0123456789ABCDEF"; 151 long i; 152 int j; 153 154 strcat(buf,"DEK-Info: "); 155 strcat(buf,type); 156 strcat(buf,","); 157 j=strlen(buf); 158 for (i=0; i<len; i++) 159 { 160 buf[j+i*2] =map[(str[i]>>4)&0x0f]; 161 buf[j+i*2+1]=map[(str[i] )&0x0f]; 162 } 163 buf[j+i*2]='\n'; 164 buf[j+i*2+1]='\0'; 165 } 166 167#ifndef NO_FP_API 168char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x, 169 pem_password_cb *cb, void *u) 170 { 171 BIO *b; 172 char *ret; 173 174 if ((b=BIO_new(BIO_s_file())) == NULL) 175 { 176 PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); 177 return(0); 178 } 179 BIO_set_fp(b,fp,BIO_NOCLOSE); 180 ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); 181 BIO_free(b); 182 return(ret); 183 } 184#endif 185 186static int check_pem(const char *nm, const char *name) 187{ 188 /* Normal matching nm and name */ 189 if (!strcmp(nm,name)) return 1; 190 191 /* Make PEM_STRING_EVP_PKEY match any private key */ 192 193 if(!strcmp(nm,PEM_STRING_PKCS8) && 194 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; 195 196 if(!strcmp(nm,PEM_STRING_PKCS8INF) && 197 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; 198 199 if(!strcmp(nm,PEM_STRING_RSA) && 200 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; 201 202 if(!strcmp(nm,PEM_STRING_DSA) && 203 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; 204 205 /* Permit older strings */ 206 207 if(!strcmp(nm,PEM_STRING_X509_OLD) && 208 !strcmp(name,PEM_STRING_X509)) return 1; 209 210 if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && 211 !strcmp(name,PEM_STRING_X509_REQ)) return 1; 212 213 /* Allow normal certs to be read as trusted certs */ 214 if(!strcmp(nm,PEM_STRING_X509) && 215 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; 216 217 if(!strcmp(nm,PEM_STRING_X509_OLD) && 218 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; 219 220 /* Some CAs use PKCS#7 with CERTIFICATE headers */ 221 if(!strcmp(nm, PEM_STRING_X509) && 222 !strcmp(name, PEM_STRING_PKCS7)) return 1; 223 224 return 0; 225} 226 227char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x, 228 pem_password_cb *cb, void *u) 229 { 230 EVP_CIPHER_INFO cipher; 231 char *nm=NULL,*header=NULL; 232 unsigned char *p=NULL,*data=NULL; 233 long len; 234 char *ret=NULL; 235 236 for (;;) 237 { 238 if (!PEM_read_bio(bp,&nm,&header,&data,&len)) { 239 if(ERR_GET_REASON(ERR_peek_error()) == 240 PEM_R_NO_START_LINE) 241 ERR_add_error_data(2, "Expecting: ", name); 242 return(NULL); 243 } 244 if(check_pem(nm, name)) break; 245 Free(nm); 246 Free(header); 247 Free(data); 248 } 249 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; 250 if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; 251 p=data; 252 if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) { 253 if (strcmp(nm,PEM_STRING_RSA) == 0) 254 ret=d2i(EVP_PKEY_RSA,x,&p,len); 255 else if (strcmp(nm,PEM_STRING_DSA) == 0) 256 ret=d2i(EVP_PKEY_DSA,x,&p,len); 257 else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { 258 PKCS8_PRIV_KEY_INFO *p8inf; 259 p8inf=d2i_PKCS8_PRIV_KEY_INFO( 260 (PKCS8_PRIV_KEY_INFO **) x, &p, len); 261 ret = (char *)EVP_PKCS82PKEY(p8inf); 262 PKCS8_PRIV_KEY_INFO_free(p8inf); 263 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { 264 PKCS8_PRIV_KEY_INFO *p8inf; 265 X509_SIG *p8; 266 int klen; 267 char psbuf[PEM_BUFSIZE]; 268 p8 = d2i_X509_SIG(NULL, &p, len); 269 if(!p8) goto p8err; 270 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); 271 else klen=def_callback(psbuf,PEM_BUFSIZE,0,u); 272 if (klen <= 0) { 273 PEMerr(PEM_F_PEM_ASN1_READ_BIO, 274 PEM_R_BAD_PASSWORD_READ); 275 goto err; 276 } 277 p8inf = M_PKCS8_decrypt(p8, psbuf, klen); 278 X509_SIG_free(p8); 279 if(!p8inf) goto p8err; 280 ret = (char *)EVP_PKCS82PKEY(p8inf); 281 if(x) { 282 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 283 *x = ret; 284 } 285 PKCS8_PRIV_KEY_INFO_free(p8inf); 286 } 287 } else ret=d2i(x,&p,len); 288p8err: 289 if (ret == NULL) 290 PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); 291err: 292 Free(nm); 293 Free(header); 294 Free(data); 295 return(ret); 296 } 297 298#ifndef NO_FP_API 299int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, 300 const EVP_CIPHER *enc, unsigned char *kstr, int klen, 301 pem_password_cb *callback, void *u) 302 { 303 BIO *b; 304 int ret; 305 306 if ((b=BIO_new(BIO_s_file())) == NULL) 307 { 308 PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB); 309 return(0); 310 } 311 BIO_set_fp(b,fp,BIO_NOCLOSE); 312 ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u); 313 BIO_free(b); 314 return(ret); 315 } 316#endif 317 318int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, 319 const EVP_CIPHER *enc, unsigned char *kstr, int klen, 320 pem_password_cb *callback, void *u) 321 { 322 EVP_CIPHER_CTX ctx; 323 int dsize=0,i,j,ret=0; 324 unsigned char *p,*data=NULL; 325 const char *objstr=NULL; 326 char buf[PEM_BUFSIZE]; 327 unsigned char key[EVP_MAX_KEY_LENGTH]; 328 unsigned char iv[EVP_MAX_IV_LENGTH]; 329 330 if (enc != NULL) 331 { 332 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); 333 if (objstr == NULL) 334 { 335 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); 336 goto err; 337 } 338 } 339 340 if ((dsize=i2d(x,NULL)) < 0) 341 { 342 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); 343 dsize=0; 344 goto err; 345 } 346 /* dzise + 8 bytes are needed */ 347 data=(unsigned char *)Malloc((unsigned int)dsize+20); 348 if (data == NULL) 349 { 350 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); 351 goto err; 352 } 353 p=data; 354 i=i2d(x,&p); 355 356 if (enc != NULL) 357 { 358 if (kstr == NULL) 359 { 360 if (callback == NULL) 361 klen=def_callback(buf,PEM_BUFSIZE,1,u); 362 else 363 klen=(*callback)(buf,PEM_BUFSIZE,1,u); 364 if (klen <= 0) 365 { 366 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); 367 goto err; 368 } 369#ifdef CHARSET_EBCDIC 370 /* Convert the pass phrase from EBCDIC */ 371 ebcdic2ascii(buf, buf, klen); 372#endif 373 kstr=(unsigned char *)buf; 374 } 375 RAND_add(data,i,0);/* put in the RSA key. */ 376 if (RAND_pseudo_bytes(iv,8) < 0) /* Generate a salt */ 377 goto err; 378 /* The 'iv' is used as the iv and as a salt. It is 379 * NOT taken from the BytesToKey function */ 380 EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); 381 382 if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); 383 384 buf[0]='\0'; 385 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); 386 PEM_dek_info(buf,objstr,8,(char *)iv); 387 /* k=strlen(buf); */ 388 389 EVP_EncryptInit(&ctx,enc,key,iv); 390 EVP_EncryptUpdate(&ctx,data,&j,data,i); 391 EVP_EncryptFinal(&ctx,&(data[j]),&i); 392 i+=j; 393 ret=1; 394 } 395 else 396 { 397 ret=1; 398 buf[0]='\0'; 399 } 400 i=PEM_write_bio(bp,name,buf,data,i); 401 if (i <= 0) ret=0; 402err: 403 memset(key,0,sizeof(key)); 404 memset(iv,0,sizeof(iv)); 405 memset((char *)&ctx,0,sizeof(ctx)); 406 memset(buf,0,PEM_BUFSIZE); 407 memset(data,0,(unsigned int)dsize); 408 Free(data); 409 return(ret); 410 } 411 412int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, 413 pem_password_cb *callback,void *u) 414 { 415 int i,j,o,klen; 416 long len; 417 EVP_CIPHER_CTX ctx; 418 unsigned char key[EVP_MAX_KEY_LENGTH]; 419 char buf[PEM_BUFSIZE]; 420 421 len= *plen; 422 423 if (cipher->cipher == NULL) return(1); 424 if (callback == NULL) 425 klen=def_callback(buf,PEM_BUFSIZE,0,u); 426 else 427 klen=callback(buf,PEM_BUFSIZE,0,u); 428 if (klen <= 0) 429 { 430 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); 431 return(0); 432 } 433#ifdef CHARSET_EBCDIC 434 /* Convert the pass phrase from EBCDIC */ 435 ebcdic2ascii(buf, buf, klen); 436#endif 437 438 EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), 439 (unsigned char *)buf,klen,1,key,NULL); 440 441 j=(int)len; 442 EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0])); 443 EVP_DecryptUpdate(&ctx,data,&i,data,j); 444 o=EVP_DecryptFinal(&ctx,&(data[i]),&j); 445 EVP_CIPHER_CTX_cleanup(&ctx); 446 memset((char *)buf,0,sizeof(buf)); 447 memset((char *)key,0,sizeof(key)); 448 j+=i; 449 if (!o) 450 { 451 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); 452 return(0); 453 } 454 *plen=j; 455 return(1); 456 } 457 458int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) 459 { 460 int o; 461 const EVP_CIPHER *enc=NULL; 462 char *p,c; 463 464 cipher->cipher=NULL; 465 if ((header == NULL) || (*header == '\0') || (*header == '\n')) 466 return(1); 467 if (strncmp(header,"Proc-Type: ",11) != 0) 468 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } 469 header+=11; 470 if (*header != '4') return(0); header++; 471 if (*header != ',') return(0); header++; 472 if (strncmp(header,"ENCRYPTED",9) != 0) 473 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } 474 for (; (*header != '\n') && (*header != '\0'); header++) 475 ; 476 if (*header == '\0') 477 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } 478 header++; 479 if (strncmp(header,"DEK-Info: ",10) != 0) 480 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } 481 header+=10; 482 483 p=header; 484 for (;;) 485 { 486 c= *header; 487#ifndef CHARSET_EBCDIC 488 if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || 489 ((c >= '0') && (c <= '9')))) 490 break; 491#else 492 if (!( isupper(c) || (c == '-') || 493 isdigit(c))) 494 break; 495#endif 496 header++; 497 } 498 *header='\0'; 499 o=OBJ_sn2nid(p); 500 cipher->cipher=enc=EVP_get_cipherbyname(p); 501 *header=c; 502 header++; 503 504 if (enc == NULL) 505 { 506 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); 507 return(0); 508 } 509 if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0); 510 511 return(1); 512 } 513 514static int load_iv(unsigned char **fromp, unsigned char *to, int num) 515 { 516 int v,i; 517 unsigned char *from; 518 519 from= *fromp; 520 for (i=0; i<num; i++) to[i]=0; 521 num*=2; 522 for (i=0; i<num; i++) 523 { 524 if ((*from >= '0') && (*from <= '9')) 525 v= *from-'0'; 526 else if ((*from >= 'A') && (*from <= 'F')) 527 v= *from-'A'+10; 528 else if ((*from >= 'a') && (*from <= 'f')) 529 v= *from-'a'+10; 530 else 531 { 532 PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS); 533 return(0); 534 } 535 from++; 536 to[i/2]|=v<<(long)((!(i&1))*4); 537 } 538 539 *fromp=from; 540 return(1); 541 } 542 543#ifndef NO_FP_API 544int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, 545 long len) 546 { 547 BIO *b; 548 int ret; 549 550 if ((b=BIO_new(BIO_s_file())) == NULL) 551 { 552 PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB); 553 return(0); 554 } 555 BIO_set_fp(b,fp,BIO_NOCLOSE); 556 ret=PEM_write_bio(b, name, header, data,len); 557 BIO_free(b); 558 return(ret); 559 } 560#endif 561 562int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, 563 long len) 564 { 565 int nlen,n,i,j,outl; 566 unsigned char *buf; 567 EVP_ENCODE_CTX ctx; 568 int reason=ERR_R_BUF_LIB; 569 570 EVP_EncodeInit(&ctx); 571 nlen=strlen(name); 572 573 if ( (BIO_write(bp,"-----BEGIN ",11) != 11) || 574 (BIO_write(bp,name,nlen) != nlen) || 575 (BIO_write(bp,"-----\n",6) != 6)) 576 goto err; 577 578 i=strlen(header); 579 if (i > 0) 580 { 581 if ( (BIO_write(bp,header,i) != i) || 582 (BIO_write(bp,"\n",1) != 1)) 583 goto err; 584 } 585 586 buf=(unsigned char *)Malloc(PEM_BUFSIZE*8); 587 if (buf == NULL) 588 { 589 reason=ERR_R_MALLOC_FAILURE; 590 goto err; 591 } 592 593 i=j=0; 594 while (len > 0) 595 { 596 n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len); 597 EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n); 598 if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl)) 599 goto err; 600 i+=outl; 601 len-=n; 602 j+=n; 603 } 604 EVP_EncodeFinal(&ctx,buf,&outl); 605 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; 606 Free(buf); 607 if ( (BIO_write(bp,"-----END ",9) != 9) || 608 (BIO_write(bp,name,nlen) != nlen) || 609 (BIO_write(bp,"-----\n",6) != 6)) 610 goto err; 611 return(i+outl); 612err: 613 PEMerr(PEM_F_PEM_WRITE_BIO,reason); 614 return(0); 615 } 616 617#ifndef NO_FP_API 618int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, 619 long *len) 620 { 621 BIO *b; 622 int ret; 623 624 if ((b=BIO_new(BIO_s_file())) == NULL) 625 { 626 PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB); 627 return(0); 628 } 629 BIO_set_fp(b,fp,BIO_NOCLOSE); 630 ret=PEM_read_bio(b, name, header, data,len); 631 BIO_free(b); 632 return(ret); 633 } 634#endif 635 636int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, 637 long *len) 638 { 639 EVP_ENCODE_CTX ctx; 640 int end=0,i,k,bl=0,hl=0,nohead=0; 641 char buf[256]; 642 BUF_MEM *nameB; 643 BUF_MEM *headerB; 644 BUF_MEM *dataB,*tmpB; 645 646 nameB=BUF_MEM_new(); 647 headerB=BUF_MEM_new(); 648 dataB=BUF_MEM_new(); 649 if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) 650 { 651 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 652 return(0); 653 } 654 655 buf[254]='\0'; 656 for (;;) 657 { 658 i=BIO_gets(bp,buf,254); 659 660 if (i <= 0) 661 { 662 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE); 663 goto err; 664 } 665 666 while ((i >= 0) && (buf[i] <= ' ')) i--; 667 buf[++i]='\n'; buf[++i]='\0'; 668 669 if (strncmp(buf,"-----BEGIN ",11) == 0) 670 { 671 i=strlen(&(buf[11])); 672 673 if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0) 674 continue; 675 if (!BUF_MEM_grow(nameB,i+9)) 676 { 677 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 678 goto err; 679 } 680 memcpy(nameB->data,&(buf[11]),i-6); 681 nameB->data[i-6]='\0'; 682 break; 683 } 684 } 685 hl=0; 686 if (!BUF_MEM_grow(headerB,256)) 687 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 688 headerB->data[0]='\0'; 689 for (;;) 690 { 691 i=BIO_gets(bp,buf,254); 692 if (i <= 0) break; 693 694 while ((i >= 0) && (buf[i] <= ' ')) i--; 695 buf[++i]='\n'; buf[++i]='\0'; 696 697 if (buf[0] == '\n') break; 698 if (!BUF_MEM_grow(headerB,hl+i+9)) 699 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 700 if (strncmp(buf,"-----END ",9) == 0) 701 { 702 nohead=1; 703 break; 704 } 705 memcpy(&(headerB->data[hl]),buf,i); 706 headerB->data[hl+i]='\0'; 707 hl+=i; 708 } 709 710 bl=0; 711 if (!BUF_MEM_grow(dataB,1024)) 712 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 713 dataB->data[0]='\0'; 714 if (!nohead) 715 { 716 for (;;) 717 { 718 i=BIO_gets(bp,buf,254); 719 if (i <= 0) break; 720 721 while ((i >= 0) && (buf[i] <= ' ')) i--; 722 buf[++i]='\n'; buf[++i]='\0'; 723 724 if (i != 65) end=1; 725 if (strncmp(buf,"-----END ",9) == 0) 726 break; 727 if (i > 65) break; 728 if (!BUF_MEM_grow(dataB,i+bl+9)) 729 { 730 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 731 goto err; 732 } 733 memcpy(&(dataB->data[bl]),buf,i); 734 dataB->data[bl+i]='\0'; 735 bl+=i; 736 if (end) 737 { 738 buf[0]='\0'; 739 i=BIO_gets(bp,buf,254); 740 if (i <= 0) break; 741 742 while ((i >= 0) && (buf[i] <= ' ')) i--; 743 buf[++i]='\n'; buf[++i]='\0'; 744 745 break; 746 } 747 } 748 } 749 else 750 { 751 tmpB=headerB; 752 headerB=dataB; 753 dataB=tmpB; 754 bl=hl; 755 } 756 i=strlen(nameB->data); 757 if ( (strncmp(buf,"-----END ",9) != 0) || 758 (strncmp(nameB->data,&(buf[9]),i) != 0) || 759 (strncmp(&(buf[9+i]),"-----\n",6) != 0)) 760 { 761 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE); 762 goto err; 763 } 764 765 EVP_DecodeInit(&ctx); 766 i=EVP_DecodeUpdate(&ctx, 767 (unsigned char *)dataB->data,&bl, 768 (unsigned char *)dataB->data,bl); 769 if (i < 0) 770 { 771 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); 772 goto err; 773 } 774 i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); 775 if (i < 0) 776 { 777 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); 778 goto err; 779 } 780 bl+=k; 781 782 if (bl == 0) goto err; 783 *name=nameB->data; 784 *header=headerB->data; 785 *data=(unsigned char *)dataB->data; 786 *len=bl; 787 Free(nameB); 788 Free(headerB); 789 Free(dataB); 790 return(1); 791err: 792 BUF_MEM_free(nameB); 793 BUF_MEM_free(headerB); 794 BUF_MEM_free(dataB); 795 return(0); 796 } 797 798/* These functions write a private key in PKCS#8 format: it is a "drop in" 799 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' 800 * is NULL then it uses the unencrypted private key form. The 'nid' versions 801 * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0. 802 */ 803 804int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, 805 char *kstr, int klen, 806 pem_password_cb *cb, void *u) 807{ 808 return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u); 809} 810 811int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 812 char *kstr, int klen, 813 pem_password_cb *cb, void *u) 814{ 815 return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u); 816} 817 818int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 819 char *kstr, int klen, 820 pem_password_cb *cb, void *u) 821{ 822 return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u); 823} 824 825int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, 826 char *kstr, int klen, 827 pem_password_cb *cb, void *u) 828{ 829 return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u); 830} 831 832static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, 833 char *kstr, int klen, 834 pem_password_cb *cb, void *u) 835{ 836 X509_SIG *p8; 837 PKCS8_PRIV_KEY_INFO *p8inf; 838 char buf[PEM_BUFSIZE]; 839 int ret; 840 if(!(p8inf = EVP_PKEY2PKCS8(x))) { 841 PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY, 842 PEM_R_ERROR_CONVERTING_PRIVATE_KEY); 843 return 0; 844 } 845 if(enc || (nid != -1)) { 846 if(!kstr) { 847 if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1, u); 848 else klen = cb(buf, PEM_BUFSIZE, 1, u); 849 if(klen <= 0) { 850 PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY, 851 PEM_R_READ_KEY); 852 PKCS8_PRIV_KEY_INFO_free(p8inf); 853 return 0; 854 } 855 856 kstr = buf; 857 } 858 p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); 859 if(kstr == buf) memset(buf, 0, klen); 860 PKCS8_PRIV_KEY_INFO_free(p8inf); 861 if(isder) ret = i2d_PKCS8_bio(bp, p8); 862 else ret = PEM_write_bio_PKCS8(bp, p8); 863 X509_SIG_free(p8); 864 return ret; 865 } else { 866 if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); 867 else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); 868 PKCS8_PRIV_KEY_INFO_free(p8inf); 869 return ret; 870 } 871} 872 873/* Finally the DER version to read PKCS#8 encrypted private keys. It has to be 874 * here to access the default callback. 875 */ 876 877EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) 878{ 879 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 880 X509_SIG *p8 = NULL; 881 int klen; 882 EVP_PKEY *ret; 883 char psbuf[PEM_BUFSIZE]; 884 p8 = d2i_PKCS8_bio(bp, NULL); 885 if(!p8) return NULL; 886 if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); 887 else klen=def_callback(psbuf,PEM_BUFSIZE,0,u); 888 if (klen <= 0) { 889 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); 890 X509_SIG_free(p8); 891 return NULL; 892 } 893 p8inf = M_PKCS8_decrypt(p8, psbuf, klen); 894 X509_SIG_free(p8); 895 if(!p8inf) return NULL; 896 ret = EVP_PKCS82PKEY(p8inf); 897 PKCS8_PRIV_KEY_INFO_free(p8inf); 898 if(!ret) return NULL; 899 if(x) { 900 if(*x) EVP_PKEY_free(*x); 901 *x = ret; 902 } 903 return ret; 904} 905 906#ifndef NO_FP_API 907 908int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 909 char *kstr, int klen, 910 pem_password_cb *cb, void *u) 911{ 912 return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u); 913} 914 915int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, 916 char *kstr, int klen, 917 pem_password_cb *cb, void *u) 918{ 919 return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u); 920} 921 922int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, 923 char *kstr, int klen, 924 pem_password_cb *cb, void *u) 925{ 926 return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u); 927} 928 929int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 930 char *kstr, int klen, pem_password_cb *cb, void *u) 931{ 932 return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); 933} 934 935static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, 936 char *kstr, int klen, 937 pem_password_cb *cb, void *u) 938{ 939 BIO *bp; 940 int ret; 941 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { 942 PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB); 943 return(0); 944 } 945 ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); 946 BIO_free(bp); 947 return ret; 948} 949 950EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) 951{ 952 BIO *bp; 953 EVP_PKEY *ret; 954 if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { 955 PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB); 956 return NULL; 957 } 958 ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); 959 BIO_free(bp); 960 return ret; 961} 962 963#endif 964