2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 # define OPENSSL_PEM_H
14 # include <openssl/macros.h>
15 # ifndef OPENSSL_NO_DEPRECATED_3_0
19 # include <openssl/e_os2.h>
20 # include <openssl/bio.h>
21 # include <openssl/safestack.h>
22 # include <openssl/evp.h>
23 # include <openssl/x509.h>
24 # include <openssl/pemerr.h>
30 # define PEM_BUFSIZE 1024
32 # define PEM_STRING_X509_OLD "X509 CERTIFICATE"
33 # define PEM_STRING_X509 "CERTIFICATE"
34 # define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
35 # define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
36 # define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
37 # define PEM_STRING_X509_CRL "X509 CRL"
38 # define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
39 # define PEM_STRING_PUBLIC "PUBLIC KEY"
40 # define PEM_STRING_RSA "RSA PRIVATE KEY"
41 # define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
42 # define PEM_STRING_DSA "DSA PRIVATE KEY"
43 # define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
44 # define PEM_STRING_PKCS7 "PKCS7"
45 # define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
46 # define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
47 # define PEM_STRING_PKCS8INF "PRIVATE KEY"
48 # define PEM_STRING_DHPARAMS "DH PARAMETERS"
49 # define PEM_STRING_DHXPARAMS "X9.42 DH PARAMETERS"
50 # define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
51 # define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
52 # define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
53 # define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
54 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
55 # define PEM_STRING_PARAMETERS "PARAMETERS"
56 # define PEM_STRING_CMS "CMS"
58 # define PEM_TYPE_ENCRYPTED 10
59 # define PEM_TYPE_MIC_ONLY 20
60 # define PEM_TYPE_MIC_CLEAR 30
61 # define PEM_TYPE_CLEAR 40
64 * These macros make the PEM_read/PEM_write functions easier to maintain and
65 * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
66 * IMPLEMENT_PEM_rw_cb(...)
69 # ifdef OPENSSL_NO_STDIO
71 # define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
72 # define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
73 # ifndef OPENSSL_NO_DEPRECATED_3_0
74 # define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
76 # define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
77 # ifndef OPENSSL_NO_DEPRECATED_3_0
78 # define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
82 # define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
83 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u) \
85 return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str, fp, \
89 # define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
90 int PEM_write_##name(FILE *fp, const type *x) \
92 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, fp, \
93 x, NULL, NULL, 0, NULL, NULL); \
96 # ifndef OPENSSL_NO_DEPRECATED_3_0
97 # define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
98 IMPLEMENT_PEM_write_fp(name, type, str, asn1)
101 # define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
102 int PEM_write_##name(FILE *fp, const type *x, \
103 const EVP_CIPHER *enc, \
104 const unsigned char *kstr, int klen, \
105 pem_password_cb *cb, void *u) \
107 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1, str, fp, \
108 x, enc, kstr, klen, cb, u); \
111 # ifndef OPENSSL_NO_DEPRECATED_3_0
112 # define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
113 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
117 # define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
118 type *PEM_read_bio_##name(BIO *bp, type **x, \
119 pem_password_cb *cb, void *u) \
121 return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str, bp, \
122 (void **)x, cb, u); \
125 # define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
126 int PEM_write_bio_##name(BIO *bp, const type *x) \
128 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, bp, \
129 x, NULL,NULL,0,NULL,NULL); \
132 # ifndef OPENSSL_NO_DEPRECATED_3_0
133 # define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
134 IMPLEMENT_PEM_write_bio(name, type, str, asn1)
137 # define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
138 int PEM_write_bio_##name(BIO *bp, const type *x, \
139 const EVP_CIPHER *enc, \
140 const unsigned char *kstr, int klen, \
141 pem_password_cb *cb, void *u) \
143 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1, str, bp, \
144 x, enc, kstr, klen, cb, u); \
147 # ifndef OPENSSL_NO_DEPRECATED_3_0
148 # define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
149 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1)
152 # define IMPLEMENT_PEM_write(name, type, str, asn1) \
153 IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
154 IMPLEMENT_PEM_write_fp(name, type, str, asn1)
156 # ifndef OPENSSL_NO_DEPRECATED_3_0
157 # define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
158 IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
159 IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
162 # define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
163 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
164 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
166 # ifndef OPENSSL_NO_DEPRECATED_3_0
167 # define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
168 IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
169 IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
172 # define IMPLEMENT_PEM_read(name, type, str, asn1) \
173 IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
174 IMPLEMENT_PEM_read_fp(name, type, str, asn1)
176 # define IMPLEMENT_PEM_rw(name, type, str, asn1) \
177 IMPLEMENT_PEM_read(name, type, str, asn1) \
178 IMPLEMENT_PEM_write(name, type, str, asn1)
180 # ifndef OPENSSL_NO_DEPRECATED_3_0
181 # define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
182 IMPLEMENT_PEM_read(name, type, str, asn1) \
183 IMPLEMENT_PEM_write_const(name, type, str, asn1)
186 # define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
187 IMPLEMENT_PEM_read(name, type, str, asn1) \
188 IMPLEMENT_PEM_write_cb(name, type, str, asn1)
190 /* These are the same except they are for the declarations */
192 # if defined(OPENSSL_NO_STDIO)
194 # define DECLARE_PEM_read_fp(name, type) /**/
195 # define DECLARE_PEM_write_fp(name, type) /**/
196 # ifndef OPENSSL_NO_DEPRECATED_3_0
197 # define DECLARE_PEM_write_fp_const(name, type) /**/
199 # define DECLARE_PEM_write_cb_fp(name, type) /**/
202 # define DECLARE_PEM_read_fp(name, type) \
203 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
205 # define DECLARE_PEM_write_fp(name, type) \
206 int PEM_write_##name(FILE *fp, const type *x);
208 # ifndef OPENSSL_NO_DEPRECATED_3_0
209 # define DECLARE_PEM_write_fp_const(name, type) \
210 DECLARE_PEM_write_fp(name, type)
213 # define DECLARE_PEM_write_cb_fp(name, type) \
214 int PEM_write_##name(FILE *fp, const type *x, \
215 const EVP_CIPHER *enc, \
216 const unsigned char *kstr, int klen, \
217 pem_password_cb *cb, void *u);
221 # define DECLARE_PEM_read_bio(name, type) \
222 type *PEM_read_bio_##name(BIO *bp, type **x, \
223 pem_password_cb *cb, void *u);
225 # define DECLARE_PEM_write_bio(name, type) \
226 int PEM_write_bio_##name(BIO *bp, const type *x);
228 # ifndef OPENSSL_NO_DEPRECATED_3_0
229 # define DECLARE_PEM_write_bio_const(name, type) \
230 DECLARE_PEM_write_bio(name, type)
233 # define DECLARE_PEM_write_cb_bio(name, type) \
234 int PEM_write_bio_##name(BIO *bp, const type *x, \
235 const EVP_CIPHER *enc, \
236 const unsigned char *kstr, int klen, \
237 pem_password_cb *cb, void *u);
239 # define DECLARE_PEM_write(name, type) \
240 DECLARE_PEM_write_bio(name, type) \
241 DECLARE_PEM_write_fp(name, type)
242 # ifndef OPENSSL_NO_DEPRECATED_3_0
243 # define DECLARE_PEM_write_const(name, type) \
244 DECLARE_PEM_write_bio_const(name, type) \
245 DECLARE_PEM_write_fp_const(name, type)
247 # define DECLARE_PEM_write_cb(name, type) \
248 DECLARE_PEM_write_cb_bio(name, type) \
249 DECLARE_PEM_write_cb_fp(name, type)
250 # define DECLARE_PEM_read(name, type) \
251 DECLARE_PEM_read_bio(name, type) \
252 DECLARE_PEM_read_fp(name, type)
253 # define DECLARE_PEM_rw(name, type) \
254 DECLARE_PEM_read(name, type) \
255 DECLARE_PEM_write(name, type)
256 # ifndef OPENSSL_NO_DEPRECATED_3_0
257 # define DECLARE_PEM_rw_const(name, type) \
258 DECLARE_PEM_read(name, type) \
259 DECLARE_PEM_write_const(name, type)
261 # define DECLARE_PEM_rw_cb(name, type) \
262 DECLARE_PEM_read(name, type) \
263 DECLARE_PEM_write_cb(name, type)
264 typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
266 int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
267 int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
268 pem_password_cb *callback, void *u);
270 int PEM_read_bio(BIO *bp, char **name, char **header,
271 unsigned char **data, long *len);
272 # define PEM_FLAG_SECURE 0x1
273 # define PEM_FLAG_EAY_COMPATIBLE 0x2
274 # define PEM_FLAG_ONLY_B64 0x4
275 int PEM_read_bio_ex(BIO *bp, char **name, char **header,
276 unsigned char **data, long *len, unsigned int flags);
277 int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
278 const char *name, BIO *bp, pem_password_cb *cb,
280 int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
281 const unsigned char *data, long len);
282 int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
283 const char *name, BIO *bp, pem_password_cb *cb,
285 void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
286 pem_password_cb *cb, void *u);
287 int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
288 const void *x, const EVP_CIPHER *enc,
289 const unsigned char *kstr, int klen,
290 pem_password_cb *cb, void *u);
292 STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
293 pem_password_cb *cb, void *u);
294 int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
295 const unsigned char *kstr, int klen,
296 pem_password_cb *cd, void *u);
298 #ifndef OPENSSL_NO_STDIO
299 int PEM_read(FILE *fp, char **name, char **header,
300 unsigned char **data, long *len);
301 int PEM_write(FILE *fp, const char *name, const char *hdr,
302 const unsigned char *data, long len);
303 void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
304 pem_password_cb *cb, void *u);
305 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
306 const void *x, const EVP_CIPHER *enc,
307 const unsigned char *kstr, int klen,
308 pem_password_cb *callback, void *u);
309 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
310 pem_password_cb *cb, void *u);
313 int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
314 int PEM_SignUpdate(EVP_MD_CTX *ctx, const unsigned char *d, unsigned int cnt);
315 int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
316 unsigned int *siglen, EVP_PKEY *pkey);
318 /* The default pem_password_cb that's used internally */
319 int PEM_def_callback(char *buf, int num, int rwflag, void *userdata);
320 void PEM_proc_type(char *buf, int type);
321 void PEM_dek_info(char *buf, const char *type, int len, const char *str);
323 # include <openssl/symhacks.h>
325 DECLARE_PEM_rw(X509, X509)
326 DECLARE_PEM_rw(X509_AUX, X509)
327 DECLARE_PEM_rw(X509_REQ, X509_REQ)
328 DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
329 DECLARE_PEM_rw(X509_CRL, X509_CRL)
330 DECLARE_PEM_rw(PKCS7, PKCS7)
331 DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
332 DECLARE_PEM_rw(PKCS8, X509_SIG)
333 DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
334 # ifndef OPENSSL_NO_RSA
335 DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
336 DECLARE_PEM_rw(RSAPublicKey, RSA)
337 DECLARE_PEM_rw(RSA_PUBKEY, RSA)
339 # ifndef OPENSSL_NO_DSA
340 DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
341 DECLARE_PEM_rw(DSA_PUBKEY, DSA)
342 DECLARE_PEM_rw(DSAparams, DSA)
344 # ifndef OPENSSL_NO_EC
345 DECLARE_PEM_rw(ECPKParameters, EC_GROUP)
346 DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
347 DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
349 # ifndef OPENSSL_NO_DH
350 DECLARE_PEM_rw(DHparams, DH)
351 DECLARE_PEM_write(DHxparams, DH)
353 DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
354 DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
356 int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
357 const EVP_CIPHER *enc,
358 const unsigned char *kstr, int klen,
359 pem_password_cb *cb, void *u);
361 /* Why do these take a signed char *kstr? */
362 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid,
363 const char *kstr, int klen,
364 pem_password_cb *cb, void *u);
365 int PEM_write_bio_PKCS8PrivateKey(BIO *, const EVP_PKEY *, const EVP_CIPHER *,
366 const char *kstr, int klen,
367 pem_password_cb *cb, void *u);
368 int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc,
369 const char *kstr, int klen,
370 pem_password_cb *cb, void *u);
371 int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid,
372 const char *kstr, int klen,
373 pem_password_cb *cb, void *u);
374 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
377 # ifndef OPENSSL_NO_STDIO
378 int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc,
379 const char *kstr, int klen,
380 pem_password_cb *cb, void *u);
381 int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid,
382 const char *kstr, int klen,
383 pem_password_cb *cb, void *u);
384 int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid,
385 const char *kstr, int klen,
386 pem_password_cb *cb, void *u);
388 EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
391 int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc,
392 const char *kstr, int klen,
393 pem_password_cb *cd, void *u);
395 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
396 int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
398 # ifndef OPENSSL_NO_DSA
399 EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
400 EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
401 EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
402 EVP_PKEY *b2i_PublicKey_bio(BIO *in);
403 int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk);
404 int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk);
405 # ifndef OPENSSL_NO_RC4
406 EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
407 int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel,
408 pem_password_cb *cb, void *u);