#include <stdio.h>
#include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "rand.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
#ifndef NO_DES
-#include "des.h"
+#include <openssl/des.h>
#endif
-char *PEM_version="PEM part of SSLeay 0.9.0b 29-Jun-1998";
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
#define MIN_LENGTH 4
-/* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE);
- * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
static int def_callback(char *buf, int num, int w);
static int load_iv(unsigned char **fromp,unsigned char *to, int num);
-#else
-static int def_callback();
-static int load_iv();
-#endif
-static int def_callback(buf, num, w)
-char *buf;
-int num;
-int w;
+static int def_callback(char *buf, int num, int w)
{
#ifdef NO_FP_API
/* We should not ever call the default callback routine from
return(-1);
#else
int i,j;
- char *prompt;
+ const char *prompt;
prompt=EVP_get_pw_prompt();
if (prompt == NULL)
#endif
}
-void PEM_proc_type(buf, type)
-char *buf;
-int type;
+void PEM_proc_type(char *buf, int type)
{
- char *str;
+ const char *str;
if (type == PEM_TYPE_ENCRYPTED)
str="ENCRYPTED";
strcat(buf,"\n");
}
-void PEM_dek_info(buf, type, len, str)
-char *buf;
-char *type;
-int len;
-char *str;
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
{
static unsigned char map[17]="0123456789ABCDEF";
long i;
}
#ifndef NO_FP_API
-char *PEM_ASN1_read(d2i,name,fp, x, cb)
-char *(*d2i)();
-char *name;
-FILE *fp;
-char **x;
-int (*cb)();
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
+ pem_password_cb *cb)
{
BIO *b;
char *ret;
}
#endif
-char *PEM_ASN1_read_bio(d2i,name,bp, x, cb)
-char *(*d2i)();
-char *name;
-BIO *bp;
-char **x;
-int (*cb)();
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+ pem_password_cb *cb)
{
EVP_CIPHER_INFO cipher;
char *nm=NULL,*header=NULL;
(strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
((strcmp(nm,PEM_STRING_DSA) == 0) &&
(strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+ ((strcmp(nm,PEM_STRING_PKCS8) == 0) &&
+ (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
+ ((strcmp(nm,PEM_STRING_PKCS8INF) == 0) &&
+ (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
(strcmp(name,PEM_STRING_X509) == 0)) ||
((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
- (strcmp(name,PEM_STRING_X509_REQ) == 0))
+ (strcmp(name,PEM_STRING_X509_REQ) == 0))
)
break;
Free(nm);
if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
if (!PEM_do_header(&cipher,data,&len,cb)) goto err;
p=data;
- if (strcmp(name,PEM_STRING_EVP_PKEY) == 0)
- {
+ if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) {
if (strcmp(nm,PEM_STRING_RSA) == 0)
ret=d2i(EVP_PKEY_RSA,x,&p,len);
else if (strcmp(nm,PEM_STRING_DSA) == 0)
ret=d2i(EVP_PKEY_DSA,x,&p,len);
+ else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ p8inf=d2i_PKCS8_PRIV_KEY_INFO(
+ (PKCS8_PRIV_KEY_INFO **) x, &p, len);
+ ret = (char *)EVP_PKCS82PKEY(p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ X509_SIG *p8;
+ int klen;
+ char psbuf[PEM_BUFSIZE];
+ p8 = d2i_X509_SIG((X509_SIG **)x, &p, len);
+ if(!p8) goto p8err;
+ if (cb) klen=cb(psbuf,PEM_BUFSIZE,0);
+ else klen=def_callback(psbuf,PEM_BUFSIZE,0);
+ if (klen <= 0) {
+ PEMerr(PEM_F_PEM_ASN1_READ_BIO,
+ PEM_R_BAD_PASSWORD_READ);
+ goto err;
+ }
+ p8inf = M_PKCS8_decrypt(p8, psbuf, klen);
+ X509_SIG_free(p8);
+ if(!p8inf) goto p8err;
+ ret = (char *)EVP_PKCS82PKEY(p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
}
- else
- ret=d2i(x,&p,len);
+ } else ret=d2i(x,&p,len);
+p8err:
if (ret == NULL)
PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
err:
}
#ifndef NO_FP_API
-int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-FILE *fp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
+ const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+ pem_password_cb *callback)
{
BIO *b;
int ret;
}
#endif
-int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-BIO *bp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
+ const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+ pem_password_cb *callback)
{
EVP_CIPHER_CTX ctx;
int dsize=0,i,j,ret=0;
unsigned char *p,*data=NULL;
- char *objstr=NULL;
-#define PEM_BUFSIZE 1024
+ const char *objstr=NULL;
char buf[PEM_BUFSIZE];
unsigned char key[EVP_MAX_KEY_LENGTH];
unsigned char iv[EVP_MAX_IV_LENGTH];
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
goto err;
}
+#ifdef CHARSET_EBCDIC
+ /* Convert the pass phrase from EBCDIC */
+ ebcdic2ascii(buf, buf, klen);
+#endif
kstr=(unsigned char *)buf;
}
RAND_seed(data,i);/* put in the RSA key. */
return(ret);
}
-int PEM_do_header(cipher, data, plen, callback)
-EVP_CIPHER_INFO *cipher;
-unsigned char *data;
-long *plen;
-int (*callback)();
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+ pem_password_cb *callback)
{
int i,j,o,klen;
long len;
PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
return(0);
}
+#ifdef CHARSET_EBCDIC
+ /* Convert the pass phrase from EBCDIC */
+ ebcdic2ascii(buf, buf, klen);
+#endif
+
EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
(unsigned char *)buf,klen,1,key,NULL);
return(1);
}
-int PEM_get_EVP_CIPHER_INFO(header,cipher)
-char *header;
-EVP_CIPHER_INFO *cipher;
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
{
int o;
- EVP_CIPHER *enc=NULL;
+ const EVP_CIPHER *enc=NULL;
char *p,c;
cipher->cipher=NULL;
for (;;)
{
c= *header;
+#ifndef CHARSET_EBCDIC
if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
((c >= '0') && (c <= '9'))))
break;
+#else
+ if (!( isupper(c) || (c == '-') ||
+ isdigit(c)))
+ break;
+#endif
header++;
}
*header='\0';
return(1);
}
-static int load_iv(fromp,to,num)
-unsigned char **fromp,*to;
-int num;
+static int load_iv(unsigned char **fromp, unsigned char *to, int num)
{
int v,i;
unsigned char *from;
}
#ifndef NO_FP_API
-int PEM_write(fp, name, header, data,len)
-FILE *fp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+ long len)
{
BIO *b;
int ret;
}
#endif
-int PEM_write_bio(bp, name, header, data,len)
-BIO *bp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
+ long len)
{
int nlen,n,i,j,outl;
unsigned char *buf;
}
#ifndef NO_FP_API
-int PEM_read(fp, name, header, data,len)
-FILE *fp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+ long *len)
{
BIO *b;
int ret;
}
#endif
-int PEM_read_bio(bp, name, header, data, len)
-BIO *bp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+ long *len)
{
EVP_ENCODE_CTX ctx;
int end=0,i,k,bl=0,hl=0,nohead=0;
PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
- strncpy(nameB->data,&(buf[11]),(unsigned int)i-6);
+ memcpy(nameB->data,&(buf[11]),i-6);
nameB->data[i-6]='\0';
break;
}
nohead=1;
break;
}
- strncpy(&(headerB->data[hl]),buf,(unsigned int)i);
+ memcpy(&(headerB->data[hl]),buf,i);
headerB->data[hl+i]='\0';
hl+=i;
}
PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
goto err;
}
- strncpy(&(dataB->data[bl]),buf,(unsigned int)i);
+ memcpy(&(dataB->data[bl]),buf,i);
dataB->data[bl+i]='\0';
bl+=i;
if (end)
}
i=strlen(nameB->data);
if ( (strncmp(buf,"-----END ",9) != 0) ||
- (strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) ||
+ (strncmp(nameB->data,&(buf[9]),i) != 0) ||
(strncmp(&(buf[9+i]),"-----\n",6) != 0))
{
PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
BUF_MEM_free(dataB);
return(0);
}
+
+/* This function writes a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey(). As usual if 'enc' is NULL then
+ * it uses the unencrypted private key form. It uses PKCS#5 v2.0 password based
+ * encryption algorithms.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen,
+ pem_password_cb *cb)
+{
+ X509_SIG *p8;
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ char buf[PEM_BUFSIZE];
+ int ret;
+ if(!(p8inf = EVP_PKEY2PKCS8(x))) {
+ PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+ PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+ return 0;
+ }
+ if(enc) {
+ if(!kstr) {
+ if(!cb) klen = def_callback(buf, PEM_BUFSIZE, 1);
+ else klen = cb(buf, PEM_BUFSIZE, 1);
+ if(klen <= 0) {
+ PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+ PEM_R_READ_KEY);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return 0;
+ }
+
+ kstr = buf;
+ }
+ p8 = PKCS8_encrypt(-1, enc, kstr, klen, NULL, 0, 0, p8inf);
+ if(kstr == buf) memset(buf, 0, klen);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ ret = PEM_write_bio_PKCS8(bp, p8);
+ X509_SIG_free(p8);
+ return ret;
+ } else {
+ ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return ret;
+ }
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen, pem_password_cb *cb)
+{
+ BIO *bp;
+ int ret;
+ if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+ PEMerr(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,ERR_R_BUF_LIB);
+ return(0);
+ }
+ ret = PEM_write_bio_PKCS8PrivateKey(bp, x, enc, kstr, klen, cb);
+ BIO_free(bp);
+ return ret;
+}