+ if (got_header == MAYBE_HEADER) {
+ if (memchr(linebuf, ':', len) != NULL)
+ got_header = IN_HEADER;
+ }
+ if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER)
+ flags_mask &= ~PEM_FLAG_ONLY_B64;
+ len = sanitize_line(linebuf, len, flags & flags_mask);
+
+ /* Check for end of header. */
+ if (linebuf[0] == '\n') {
+ if (got_header == POST_HEADER) {
+ /* Another blank line is an error. */
+ PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+ goto err;
+ }
+ got_header = POST_HEADER;
+ tmp = *data;
+ continue;
+ }
+
+ /* Check for end of stream (which means there is no header). */
+ if (strncmp(linebuf, endstr, ENDLEN) == 0) {
+ p = linebuf + ENDLEN;
+ namelen = strlen(name);
+ if (strncmp(p, name, namelen) != 0 ||
+ strncmp(p + namelen, tailstr, TAILLEN) != 0) {
+ PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+ goto err;
+ }
+ if (got_header == MAYBE_HEADER) {
+ *header = *data;
+ *data = tmp;
+ }
+ break;
+ } else if (end) {
+ /* Malformed input; short line not at end of data. */
+ PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+ goto err;
+ }
+ /*
+ * Else, a line of text -- could be header or data; we don't
+ * know yet. Just pass it through.
+ */
+ if (BIO_puts(tmp, linebuf) < 0)
+ goto err;
+ /*
+ * Only encrypted files need the line length check applied.
+ */
+ if (got_header == POST_HEADER) {
+ /* 65 includes the trailing newline */
+ if (len > 65)
+ goto err;
+ if (len < 65)
+ end = 1;
+ }
+ }
+
+ ret = 1;
+err:
+ pem_free(linebuf, flags, LINESIZE + 1);
+ return ret;
+}
+
+/**
+ * Read in PEM-formatted data from the given BIO.
+ *
+ * By nature of the PEM format, all content must be printable ASCII (except
+ * for line endings). Other characters, or lines that are longer than 80
+ * characters, are malformed input and will be rejected.
+ */
+int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+ unsigned char **data, long *len_out, unsigned int flags)
+{
+ EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+ const BIO_METHOD *bmeth;
+ BIO *headerB = NULL, *dataB = NULL;
+ char *name = NULL;
+ int len, taillen, headerlen, ret = 0;
+ BUF_MEM * buf_mem;
+
+ if (ctx == NULL) {
+ PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ *len_out = 0;
+ *name_out = *header = NULL;
+ *data = NULL;
+ if ((flags & PEM_FLAG_EAY_COMPATIBLE) && (flags & PEM_FLAG_ONLY_B64)) {
+ /* These two are mutually incompatible; bail out. */
+ PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_PASSED_INVALID_ARGUMENT);
+ goto end;
+ }
+ bmeth = (flags & PEM_FLAG_SECURE) ? BIO_s_secmem() : BIO_s_mem();
+
+ headerB = BIO_new(bmeth);
+ dataB = BIO_new(bmeth);
+ if (headerB == NULL || dataB == NULL) {
+ PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+
+ if (!get_name(bp, &name, flags))
+ goto end;
+ if (!get_header_and_data(bp, &headerB, &dataB, name, flags))
+ goto end;
+
+ EVP_DecodeInit(ctx);
+ BIO_get_mem_ptr(dataB, &buf_mem);
+ len = buf_mem->length;
+ if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len,
+ (unsigned char*)buf_mem->data, len) < 0
+ || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]),
+ &taillen) < 0) {
+ PEMerr(PEM_F_PEM_READ_BIO_EX, PEM_R_BAD_BASE64_DECODE);
+ goto end;
+ }
+ len += taillen;
+ buf_mem->length = len;
+
+ /* There was no data in the PEM file; avoid malloc(0). */
+ if (len == 0)
+ goto end;
+ headerlen = BIO_get_mem_data(headerB, NULL);
+ *header = pem_malloc(headerlen + 1, flags);
+ *data = pem_malloc(len, flags);
+ if (*header == NULL || *data == NULL) {
+ pem_free(*header, flags, 0);
+ pem_free(*data, flags, 0);
+ goto end;
+ }
+ BIO_read(headerB, *header, headerlen);
+ (*header)[headerlen] = '\0';
+ BIO_read(dataB, *data, len);
+ *len_out = len;
+ *name_out = name;
+ name = NULL;
+ ret = 1;
+
+end:
+ EVP_ENCODE_CTX_free(ctx);
+ pem_free(name, flags, 0);
+ BIO_free(headerB);
+ BIO_free(dataB);
+ return ret;
+}
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+ long *len)
+{
+ return PEM_read_bio_ex(bp, name, header, data, len, PEM_FLAG_EAY_COMPATIBLE);
+}
+
+/*
+ * Check pem string and return prefix length. If for example the pem_str ==
+ * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
+ * string "RSA".
+ */