Update dependencies.

[openssl.git] / crypto / pem / pem_lib.c

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 9631ee2d5dd34b6dfe781f70c045e7258b27edca..43604d19ff85787e19851411e221009dedabd1cb 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -70,8 +70,11 @@
 #ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 
-const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
+const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
 
 #define MIN_LENGTH     4
 
@@ -197,7 +200,11 @@ static int check_pem(const char *nm, const char *name)
                slen = pem_check_suffix(nm, "PRIVATE KEY"); 
                if (slen > 0)
                        {
-                       ameth = EVP_PKEY_asn1_find_str(nm, slen);
+                       /* NB: ENGINE implementations wont contain
+                        * a deprecated old private key decode function
+                        * so don't look for them.
+                        */
+                       ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
                        if (ameth && ameth->old_priv_decode)
                                return 1;
                        }
@@ -211,9 +218,21 @@ static int check_pem(const char *nm, const char *name)
                slen = pem_check_suffix(nm, "PARAMETERS"); 
                if (slen > 0)
                        {
-                       ameth = EVP_PKEY_asn1_find_str(nm, slen);
-                       if (ameth && ameth->param_decode)
-                               return 1;
+                       ENGINE *e;
+                       ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
+                       if (ameth)
+                               {
+                               int r;
+                               if (ameth->param_decode)
+                                       r = 1;
+                               else
+                                       r = 0;
+#ifndef OPENSSL_NO_ENGINE
+                               if (e)
+                                       ENGINE_finish(e);
+#endif
+                               return r;
+                               }
                        }
                return 0;
                }
@@ -237,6 +256,14 @@ static int check_pem(const char *nm, const char *name)
        if(!strcmp(nm, PEM_STRING_X509) &&
                !strcmp(name, PEM_STRING_PKCS7)) return 1;
 
+#ifndef OPENSSL_NO_CMS
+       if(!strcmp(nm, PEM_STRING_X509) &&
+               !strcmp(name, PEM_STRING_CMS)) return 1;
+       /* Allow CMS to be read from PKCS#7 headers */
+       if(!strcmp(nm, PEM_STRING_PKCS7) &&
+               !strcmp(name, PEM_STRING_CMS)) return 1;
+#endif
+
        return 0;
 }
 
@@ -282,7 +309,7 @@ err:
 
 #ifndef OPENSSL_NO_FP_API
 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
-                  char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                  void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                   int klen, pem_password_cb *callback, void *u)
         {
         BIO *b;
@@ -301,7 +328,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
 #endif
 
 int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
-                      char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                      void *x, const EVP_CIPHER *enc, unsigned char *kstr,
                       int klen, pem_password_cb *callback, void *u)
        {
        EVP_CIPHER_CTX ctx;
@@ -600,6 +627,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                }
        EVP_EncodeFinal(&ctx,buf,&outl);
        if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
+       OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
        OPENSSL_free(buf);
        buf = NULL;
        if (    (BIO_write(bp,"-----END ",9) != 9) ||
@@ -608,8 +636,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                goto err;
        return(i+outl);
 err:
-       if (buf)
+       if (buf) {
+               OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
                OPENSSL_free(buf);
+       }
        PEMerr(PEM_F_PEM_WRITE_BIO,reason);
        return(0);
        }