1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/pem/pem_lib.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,781 @@
1.4 +/* crypto/pem/pem_lib.c */
1.5 +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
1.6 + * All rights reserved.
1.7 + *
1.8 + * This package is an SSL implementation written
1.9 + * by Eric Young (eay@cryptsoft.com).
1.10 + * The implementation was written so as to conform with Netscapes SSL.
1.11 + *
1.12 + * This library is free for commercial and non-commercial use as long as
1.13 + * the following conditions are aheared to. The following conditions
1.14 + * apply to all code found in this distribution, be it the RC4, RSA,
1.15 + * lhash, DES, etc., code; not just the SSL code. The SSL documentation
1.16 + * included with this distribution is covered by the same copyright terms
1.17 + * except that the holder is Tim Hudson (tjh@cryptsoft.com).
1.18 + *
1.19 + * Copyright remains Eric Young's, and as such any Copyright notices in
1.20 + * the code are not to be removed.
1.21 + * If this package is used in a product, Eric Young should be given attribution
1.22 + * as the author of the parts of the library used.
1.23 + * This can be in the form of a textual message at program startup or
1.24 + * in documentation (online or textual) provided with the package.
1.25 + *
1.26 + * Redistribution and use in source and binary forms, with or without
1.27 + * modification, are permitted provided that the following conditions
1.28 + * are met:
1.29 + * 1. Redistributions of source code must retain the copyright
1.30 + * notice, this list of conditions and the following disclaimer.
1.31 + * 2. Redistributions in binary form must reproduce the above copyright
1.32 + * notice, this list of conditions and the following disclaimer in the
1.33 + * documentation and/or other materials provided with the distribution.
1.34 + * 3. All advertising materials mentioning features or use of this software
1.35 + * must display the following acknowledgement:
1.36 + * "This product includes cryptographic software written by
1.37 + * Eric Young (eay@cryptsoft.com)"
1.38 + * The word 'cryptographic' can be left out if the rouines from the library
1.39 + * being used are not cryptographic related :-).
1.40 + * 4. If you include any Windows specific code (or a derivative thereof) from
1.41 + * the apps directory (application code) you must include an acknowledgement:
1.42 + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
1.43 + *
1.44 + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
1.45 + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.46 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1.47 + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1.48 + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1.49 + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1.50 + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.51 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1.52 + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1.53 + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1.54 + * SUCH DAMAGE.
1.55 + *
1.56 + * The licence and distribution terms for any publically available version or
1.57 + * derivative of this code cannot be changed. i.e. this code cannot simply be
1.58 + * copied and put under another distribution licence
1.59 + * [including the GNU Public Licence.]
1.60 + */
1.61 +
1.62 +#include <stdio.h>
1.63 +#include "cryptlib.h"
1.64 +#include <openssl/buffer.h>
1.65 +#include <openssl/objects.h>
1.66 +#include <openssl/evp.h>
1.67 +#include <openssl/rand.h>
1.68 +#include <openssl/x509.h>
1.69 +#include <openssl/pem.h>
1.70 +#include <openssl/pkcs12.h>
1.71 +#ifndef OPENSSL_NO_DES
1.72 +#include <openssl/des.h>
1.73 +#endif
1.74 +
1.75 +const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
1.76 +
1.77 +#define MIN_LENGTH 4
1.78 +
1.79 +static int load_iv(char **fromp,unsigned char *to, int num);
1.80 +static int check_pem(const char *nm, const char *name);
1.81 +
1.82 +EXPORT_C int PEM_def_callback(char *buf, int num, int w, void *key)
1.83 + {
1.84 +#ifdef OPENSSL_NO_FP_API
1.85 + /* We should not ever call the default callback routine from
1.86 + * windows. */
1.87 + PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
1.88 + return(-1);
1.89 +#else
1.90 + int i,j;
1.91 + const char *prompt;
1.92 + if(key) {
1.93 + i=strlen(key);
1.94 + i=(i > num)?num:i;
1.95 + memcpy(buf,key,i);
1.96 + return(i);
1.97 + }
1.98 +
1.99 + prompt=EVP_get_pw_prompt();
1.100 + if (prompt == NULL)
1.101 + prompt="Enter PEM pass phrase:";
1.102 +
1.103 + for (;;)
1.104 + {
1.105 + i=EVP_read_pw_string(buf,num,prompt,w);
1.106 + if (i != 0)
1.107 + {
1.108 + PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1.109 + memset(buf,0,(unsigned int)num);
1.110 + return(-1);
1.111 + }
1.112 + j=strlen(buf);
1.113 + if (j < MIN_LENGTH)
1.114 + {
1.115 + fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
1.116 + }
1.117 + else
1.118 + break;
1.119 + }
1.120 + return(j);
1.121 +#endif
1.122 + }
1.123 +
1.124 +EXPORT_C void PEM_proc_type(char *buf, int type)
1.125 + {
1.126 + const char *str;
1.127 +
1.128 + if (type == PEM_TYPE_ENCRYPTED)
1.129 + str="ENCRYPTED";
1.130 + else if (type == PEM_TYPE_MIC_CLEAR)
1.131 + str="MIC-CLEAR";
1.132 + else if (type == PEM_TYPE_MIC_ONLY)
1.133 + str="MIC-ONLY";
1.134 + else
1.135 + str="BAD-TYPE";
1.136 +
1.137 + BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
1.138 + BUF_strlcat(buf,str,PEM_BUFSIZE);
1.139 + BUF_strlcat(buf,"\n",PEM_BUFSIZE);
1.140 + }
1.141 +
1.142 +EXPORT_C void PEM_dek_info(char *buf, const char *type, int len, char *str)
1.143 + {
1.144 + static const unsigned char map[17]="0123456789ABCDEF";
1.145 + long i;
1.146 + int j;
1.147 +
1.148 + BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
1.149 + BUF_strlcat(buf,type,PEM_BUFSIZE);
1.150 + BUF_strlcat(buf,",",PEM_BUFSIZE);
1.151 + j=strlen(buf);
1.152 + if (j + (len * 2) + 1 > PEM_BUFSIZE)
1.153 + return;
1.154 + for (i=0; i<len; i++)
1.155 + {
1.156 + buf[j+i*2] =map[(str[i]>>4)&0x0f];
1.157 + buf[j+i*2+1]=map[(str[i] )&0x0f];
1.158 + }
1.159 + buf[j+i*2]='\n';
1.160 + buf[j+i*2+1]='\0';
1.161 + }
1.162 +
1.163 +#ifndef OPENSSL_NO_FP_API
1.164 +EXPORT_C void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
1.165 + pem_password_cb *cb, void *u)
1.166 + {
1.167 + BIO *b;
1.168 + void *ret;
1.169 +
1.170 + if ((b=BIO_new(BIO_s_file())) == NULL)
1.171 + {
1.172 + PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
1.173 + return(0);
1.174 + }
1.175 + BIO_set_fp(b,fp,BIO_NOCLOSE);
1.176 + ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
1.177 + BIO_free(b);
1.178 + return(ret);
1.179 + }
1.180 +#endif
1.181 +
1.182 +static int check_pem(const char *nm, const char *name)
1.183 +{
1.184 + /* Normal matching nm and name */
1.185 + if (!strcmp(nm,name)) return 1;
1.186 +
1.187 + /* Make PEM_STRING_EVP_PKEY match any private key */
1.188 +
1.189 + if(!strcmp(nm,PEM_STRING_PKCS8) &&
1.190 + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
1.191 +
1.192 + if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
1.193 + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
1.194 +
1.195 + if(!strcmp(nm,PEM_STRING_RSA) &&
1.196 + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
1.197 +
1.198 + if(!strcmp(nm,PEM_STRING_DSA) &&
1.199 + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
1.200 +
1.201 + if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&
1.202 + !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
1.203 + /* Permit older strings */
1.204 +
1.205 + if(!strcmp(nm,PEM_STRING_X509_OLD) &&
1.206 + !strcmp(name,PEM_STRING_X509)) return 1;
1.207 +
1.208 + if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
1.209 + !strcmp(name,PEM_STRING_X509_REQ)) return 1;
1.210 +
1.211 + /* Allow normal certs to be read as trusted certs */
1.212 + if(!strcmp(nm,PEM_STRING_X509) &&
1.213 + !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
1.214 +
1.215 + if(!strcmp(nm,PEM_STRING_X509_OLD) &&
1.216 + !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
1.217 +
1.218 + /* Some CAs use PKCS#7 with CERTIFICATE headers */
1.219 + if(!strcmp(nm, PEM_STRING_X509) &&
1.220 + !strcmp(name, PEM_STRING_PKCS7)) return 1;
1.221 +
1.222 + return 0;
1.223 +}
1.224 +
1.225 +EXPORT_C int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
1.226 + pem_password_cb *cb, void *u)
1.227 + {
1.228 + EVP_CIPHER_INFO cipher;
1.229 + char *nm=NULL,*header=NULL;
1.230 + unsigned char *data=NULL;
1.231 + long len;
1.232 + int ret = 0;
1.233 +
1.234 + for (;;)
1.235 + {
1.236 + if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
1.237 + if(ERR_GET_REASON(ERR_peek_error()) ==
1.238 + PEM_R_NO_START_LINE)
1.239 + ERR_add_error_data(2, "Expecting: ", name);
1.240 + return 0;
1.241 + }
1.242 + if(check_pem(nm, name)) break;
1.243 + OPENSSL_free(nm);
1.244 + OPENSSL_free(header);
1.245 + OPENSSL_free(data);
1.246 + }
1.247 + if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
1.248 + if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
1.249 +
1.250 + *pdata = data;
1.251 + *plen = len;
1.252 +
1.253 + if (pnm)
1.254 + *pnm = nm;
1.255 +
1.256 + ret = 1;
1.257 +
1.258 +err:
1.259 + if (!ret || !pnm) OPENSSL_free(nm);
1.260 + OPENSSL_free(header);
1.261 + if (!ret) OPENSSL_free(data);
1.262 + return ret;
1.263 + }
1.264 +
1.265 +#ifndef OPENSSL_NO_FP_API
1.266 +EXPORT_C int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
1.267 + char *x, const EVP_CIPHER *enc, unsigned char *kstr,
1.268 + int klen, pem_password_cb *callback, void *u)
1.269 + {
1.270 + BIO *b;
1.271 + int ret;
1.272 +
1.273 + if ((b=BIO_new(BIO_s_file())) == NULL)
1.274 + {
1.275 + PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
1.276 + return(0);
1.277 + }
1.278 + BIO_set_fp(b,fp,BIO_NOCLOSE);
1.279 + ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
1.280 + BIO_free(b);
1.281 + return(ret);
1.282 + }
1.283 +#endif
1.284 +
1.285 +EXPORT_C int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
1.286 + char *x, const EVP_CIPHER *enc, unsigned char *kstr,
1.287 + int klen, pem_password_cb *callback, void *u)
1.288 + {
1.289 + EVP_CIPHER_CTX ctx;
1.290 + int dsize=0,i,j,ret=0;
1.291 + unsigned char *p,*data=NULL;
1.292 + const char *objstr=NULL;
1.293 + char buf[PEM_BUFSIZE];
1.294 + unsigned char key[EVP_MAX_KEY_LENGTH];
1.295 + unsigned char iv[EVP_MAX_IV_LENGTH];
1.296 +
1.297 + if (enc != NULL)
1.298 + {
1.299 + objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
1.300 + if (objstr == NULL)
1.301 + {
1.302 + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
1.303 + goto err;
1.304 + }
1.305 + }
1.306 +
1.307 + if ((dsize=i2d(x,NULL)) < 0)
1.308 + {
1.309 + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
1.310 + dsize=0;
1.311 + goto err;
1.312 + }
1.313 + /* dzise + 8 bytes are needed */
1.314 + /* actually it needs the cipher block size extra... */
1.315 + data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
1.316 + if (data == NULL)
1.317 + {
1.318 + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
1.319 + goto err;
1.320 + }
1.321 + p=data;
1.322 + i=i2d(x,&p);
1.323 +
1.324 + if (enc != NULL)
1.325 + {
1.326 + if (kstr == NULL)
1.327 + {
1.328 + if (callback == NULL)
1.329 + klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
1.330 + else
1.331 + klen=(*callback)(buf,PEM_BUFSIZE,1,u);
1.332 + if (klen <= 0)
1.333 + {
1.334 + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
1.335 + goto err;
1.336 + }
1.337 +#ifdef CHARSET_EBCDIC
1.338 + /* Convert the pass phrase from EBCDIC */
1.339 + ebcdic2ascii(buf, buf, klen);
1.340 +#endif
1.341 + kstr=(unsigned char *)buf;
1.342 + }
1.343 + RAND_add(data,i,0);/* put in the RSA key. */
1.344 + OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
1.345 + if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
1.346 + goto err;
1.347 + /* The 'iv' is used as the iv and as a salt. It is
1.348 + * NOT taken from the BytesToKey function */
1.349 + EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
1.350 +
1.351 + if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
1.352 +
1.353 + OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
1.354 +
1.355 + buf[0]='\0';
1.356 + PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
1.357 + PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
1.358 + /* k=strlen(buf); */
1.359 +
1.360 + EVP_CIPHER_CTX_init(&ctx);
1.361 + EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
1.362 + EVP_EncryptUpdate(&ctx,data,&j,data,i);
1.363 + EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
1.364 + EVP_CIPHER_CTX_cleanup(&ctx);
1.365 + i+=j;
1.366 + ret=1;
1.367 + }
1.368 + else
1.369 + {
1.370 + ret=1;
1.371 + buf[0]='\0';
1.372 + }
1.373 + i=PEM_write_bio(bp,name,buf,data,i);
1.374 + if (i <= 0) ret=0;
1.375 +err:
1.376 + OPENSSL_cleanse(key,sizeof(key));
1.377 + OPENSSL_cleanse(iv,sizeof(iv));
1.378 + OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
1.379 + OPENSSL_cleanse(buf,PEM_BUFSIZE);
1.380 + if (data != NULL)
1.381 + {
1.382 + OPENSSL_cleanse(data,(unsigned int)dsize);
1.383 + OPENSSL_free(data);
1.384 + }
1.385 + return(ret);
1.386 + }
1.387 +
1.388 +EXPORT_C int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
1.389 + pem_password_cb *callback,void *u)
1.390 + {
1.391 + int i,j,o,klen;
1.392 + long len;
1.393 + EVP_CIPHER_CTX ctx;
1.394 + unsigned char key[EVP_MAX_KEY_LENGTH];
1.395 + char buf[PEM_BUFSIZE];
1.396 +
1.397 + len= *plen;
1.398 +
1.399 + if (cipher->cipher == NULL) return(1);
1.400 + if (callback == NULL)
1.401 + klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
1.402 + else
1.403 + klen=callback(buf,PEM_BUFSIZE,0,u);
1.404 + if (klen <= 0)
1.405 + {
1.406 + PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
1.407 + return(0);
1.408 + }
1.409 +#ifdef CHARSET_EBCDIC
1.410 + /* Convert the pass phrase from EBCDIC */
1.411 + ebcdic2ascii(buf, buf, klen);
1.412 +#endif
1.413 +
1.414 + EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
1.415 + (unsigned char *)buf,klen,1,key,NULL);
1.416 +
1.417 + j=(int)len;
1.418 + EVP_CIPHER_CTX_init(&ctx);
1.419 + EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
1.420 + EVP_DecryptUpdate(&ctx,data,&i,data,j);
1.421 + o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
1.422 + EVP_CIPHER_CTX_cleanup(&ctx);
1.423 + OPENSSL_cleanse((char *)buf,sizeof(buf));
1.424 + OPENSSL_cleanse((char *)key,sizeof(key));
1.425 + j+=i;
1.426 + if (!o)
1.427 + {
1.428 + PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
1.429 + return(0);
1.430 + }
1.431 + *plen=j;
1.432 + return(1);
1.433 + }
1.434 +
1.435 +EXPORT_C int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
1.436 + {
1.437 + int o;
1.438 + const EVP_CIPHER *enc=NULL;
1.439 + char *p,c;
1.440 + char **header_pp = &header;
1.441 +
1.442 + cipher->cipher=NULL;
1.443 + if ((header == NULL) || (*header == '\0') || (*header == '\n'))
1.444 + return(1);
1.445 + if (strncmp(header,"Proc-Type: ",11) != 0)
1.446 + { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
1.447 + header+=11;
1.448 + if (*header != '4') return(0); header++;
1.449 + if (*header != ',') return(0); header++;
1.450 + if (strncmp(header,"ENCRYPTED",9) != 0)
1.451 + { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
1.452 + for (; (*header != '\n') && (*header != '\0'); header++)
1.453 + ;
1.454 + if (*header == '\0')
1.455 + { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
1.456 + header++;
1.457 + if (strncmp(header,"DEK-Info: ",10) != 0)
1.458 + { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
1.459 + header+=10;
1.460 +
1.461 + p=header;
1.462 + for (;;)
1.463 + {
1.464 + c= *header;
1.465 +#ifndef CHARSET_EBCDIC
1.466 + if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
1.467 + ((c >= '0') && (c <= '9'))))
1.468 + break;
1.469 +#else
1.470 + if (!( isupper(c) || (c == '-') ||
1.471 + isdigit(c)))
1.472 + break;
1.473 +#endif
1.474 + header++;
1.475 + }
1.476 + *header='\0';
1.477 + o=OBJ_sn2nid(p);
1.478 + cipher->cipher=enc=EVP_get_cipherbyname(p);
1.479 + *header=c;
1.480 + header++;
1.481 +
1.482 + if (enc == NULL)
1.483 + {
1.484 + PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
1.485 + return(0);
1.486 + }
1.487 + if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
1.488 + return(0);
1.489 +
1.490 + return(1);
1.491 + }
1.492 +
1.493 +static int load_iv(char **fromp, unsigned char *to, int num)
1.494 + {
1.495 + int v,i;
1.496 + char *from;
1.497 +
1.498 + from= *fromp;
1.499 + for (i=0; i<num; i++) to[i]=0;
1.500 + num*=2;
1.501 + for (i=0; i<num; i++)
1.502 + {
1.503 + if ((*from >= '0') && (*from <= '9'))
1.504 + v= *from-'0';
1.505 + else if ((*from >= 'A') && (*from <= 'F'))
1.506 + v= *from-'A'+10;
1.507 + else if ((*from >= 'a') && (*from <= 'f'))
1.508 + v= *from-'a'+10;
1.509 + else
1.510 + {
1.511 + PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
1.512 + return(0);
1.513 + }
1.514 + from++;
1.515 + to[i/2]|=v<<(long)((!(i&1))*4);
1.516 + }
1.517 +
1.518 + *fromp=from;
1.519 + return(1);
1.520 + }
1.521 +
1.522 +#ifndef OPENSSL_NO_FP_API
1.523 +EXPORT_C int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
1.524 + long len)
1.525 + {
1.526 + BIO *b;
1.527 + int ret;
1.528 +
1.529 + if ((b=BIO_new(BIO_s_file())) == NULL)
1.530 + {
1.531 + PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
1.532 + return(0);
1.533 + }
1.534 + BIO_set_fp(b,fp,BIO_NOCLOSE);
1.535 + ret=PEM_write_bio(b, name, header, data,len);
1.536 + BIO_free(b);
1.537 + return(ret);
1.538 + }
1.539 +#endif
1.540 +
1.541 +EXPORT_C int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
1.542 + long len)
1.543 + {
1.544 + int nlen,n,i,j,outl;
1.545 + unsigned char *buf = NULL;
1.546 + EVP_ENCODE_CTX ctx;
1.547 + int reason=ERR_R_BUF_LIB;
1.548 +
1.549 + EVP_EncodeInit(&ctx);
1.550 + nlen=strlen(name);
1.551 +
1.552 + if ( (BIO_write(bp,"-----BEGIN ",11) != 11) ||
1.553 + (BIO_write(bp,name,nlen) != nlen) ||
1.554 + (BIO_write(bp,"-----\n",6) != 6))
1.555 + goto err;
1.556 +
1.557 + i=strlen(header);
1.558 + if (i > 0)
1.559 + {
1.560 + if ( (BIO_write(bp,header,i) != i) ||
1.561 + (BIO_write(bp,"\n",1) != 1))
1.562 + goto err;
1.563 + }
1.564 +
1.565 + buf = OPENSSL_malloc(PEM_BUFSIZE*8);
1.566 + if (buf == NULL)
1.567 + {
1.568 + reason=ERR_R_MALLOC_FAILURE;
1.569 + goto err;
1.570 + }
1.571 +
1.572 + i=j=0;
1.573 + while (len > 0)
1.574 + {
1.575 + n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
1.576 + EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
1.577 + if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
1.578 + goto err;
1.579 + i+=outl;
1.580 + len-=n;
1.581 + j+=n;
1.582 + }
1.583 + EVP_EncodeFinal(&ctx,buf,&outl);
1.584 + if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
1.585 + OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
1.586 + OPENSSL_free(buf);
1.587 + buf = NULL;
1.588 + if ( (BIO_write(bp,"-----END ",9) != 9) ||
1.589 + (BIO_write(bp,name,nlen) != nlen) ||
1.590 + (BIO_write(bp,"-----\n",6) != 6))
1.591 + goto err;
1.592 + return(i+outl);
1.593 +err:
1.594 + if (buf) {
1.595 + OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
1.596 + OPENSSL_free(buf);
1.597 + }
1.598 + PEMerr(PEM_F_PEM_WRITE_BIO,reason);
1.599 + return(0);
1.600 + }
1.601 +
1.602 +#ifndef OPENSSL_NO_FP_API
1.603 +EXPORT_C int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
1.604 + long *len)
1.605 + {
1.606 + BIO *b;
1.607 + int ret;
1.608 +
1.609 + if ((b=BIO_new(BIO_s_file())) == NULL)
1.610 + {
1.611 + PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
1.612 + return(0);
1.613 + }
1.614 + BIO_set_fp(b,fp,BIO_NOCLOSE);
1.615 + ret=PEM_read_bio(b, name, header, data,len);
1.616 + BIO_free(b);
1.617 + return(ret);
1.618 + }
1.619 +#endif
1.620 +
1.621 +EXPORT_C int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
1.622 + long *len)
1.623 + {
1.624 + EVP_ENCODE_CTX ctx;
1.625 + int end=0,i,k,bl=0,hl=0,nohead=0;
1.626 + char buf[256];
1.627 + BUF_MEM *nameB;
1.628 + BUF_MEM *headerB;
1.629 + BUF_MEM *dataB,*tmpB;
1.630 +
1.631 + nameB=BUF_MEM_new();
1.632 + headerB=BUF_MEM_new();
1.633 + dataB=BUF_MEM_new();
1.634 + if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
1.635 + {
1.636 + BUF_MEM_free(nameB);
1.637 + BUF_MEM_free(headerB);
1.638 + BUF_MEM_free(dataB);
1.639 + PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
1.640 + return(0);
1.641 + }
1.642 +
1.643 + buf[254]='\0';
1.644 + for (;;)
1.645 + {
1.646 + i=BIO_gets(bp,buf,254);
1.647 +
1.648 + if (i <= 0)
1.649 + {
1.650 + PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
1.651 + goto err;
1.652 + }
1.653 +
1.654 + while ((i >= 0) && (buf[i] <= ' ')) i--;
1.655 + buf[++i]='\n'; buf[++i]='\0';
1.656 +
1.657 + if (strncmp(buf,"-----BEGIN ",11) == 0)
1.658 + {
1.659 + i=strlen(&(buf[11]));
1.660 +
1.661 + if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
1.662 + continue;
1.663 + if (!BUF_MEM_grow(nameB,i+9))
1.664 + {
1.665 + PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
1.666 + goto err;
1.667 + }
1.668 + memcpy(nameB->data,&(buf[11]),i-6);
1.669 + nameB->data[i-6]='\0';
1.670 + break;
1.671 + }
1.672 + }
1.673 + hl=0;
1.674 + if (!BUF_MEM_grow(headerB,256))
1.675 + { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
1.676 + headerB->data[0]='\0';
1.677 + for (;;)
1.678 + {
1.679 + i=BIO_gets(bp,buf,254);
1.680 + if (i <= 0) break;
1.681 +
1.682 + while ((i >= 0) && (buf[i] <= ' ')) i--;
1.683 + buf[++i]='\n'; buf[++i]='\0';
1.684 +
1.685 + if (buf[0] == '\n') break;
1.686 + if (!BUF_MEM_grow(headerB,hl+i+9))
1.687 + { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
1.688 + if (strncmp(buf,"-----END ",9) == 0)
1.689 + {
1.690 + nohead=1;
1.691 + break;
1.692 + }
1.693 + memcpy(&(headerB->data[hl]),buf,i);
1.694 + headerB->data[hl+i]='\0';
1.695 + hl+=i;
1.696 + }
1.697 +
1.698 + bl=0;
1.699 + if (!BUF_MEM_grow(dataB,1024))
1.700 + { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
1.701 + dataB->data[0]='\0';
1.702 + if (!nohead)
1.703 + {
1.704 + for (;;)
1.705 + {
1.706 + i=BIO_gets(bp,buf,254);
1.707 + if (i <= 0) break;
1.708 +
1.709 + while ((i >= 0) && (buf[i] <= ' ')) i--;
1.710 + buf[++i]='\n'; buf[++i]='\0';
1.711 +
1.712 + if (i != 65) end=1;
1.713 + if (strncmp(buf,"-----END ",9) == 0)
1.714 + break;
1.715 + if (i > 65) break;
1.716 + if (!BUF_MEM_grow_clean(dataB,i+bl+9))
1.717 + {
1.718 + PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
1.719 + goto err;
1.720 + }
1.721 + memcpy(&(dataB->data[bl]),buf,i);
1.722 + dataB->data[bl+i]='\0';
1.723 + bl+=i;
1.724 + if (end)
1.725 + {
1.726 + buf[0]='\0';
1.727 + i=BIO_gets(bp,buf,254);
1.728 + if (i <= 0) break;
1.729 +
1.730 + while ((i >= 0) && (buf[i] <= ' ')) i--;
1.731 + buf[++i]='\n'; buf[++i]='\0';
1.732 +
1.733 + break;
1.734 + }
1.735 + }
1.736 + }
1.737 + else
1.738 + {
1.739 + tmpB=headerB;
1.740 + headerB=dataB;
1.741 + dataB=tmpB;
1.742 + bl=hl;
1.743 + }
1.744 + i=strlen(nameB->data);
1.745 + if ( (strncmp(buf,"-----END ",9) != 0) ||
1.746 + (strncmp(nameB->data,&(buf[9]),i) != 0) ||
1.747 + (strncmp(&(buf[9+i]),"-----\n",6) != 0))
1.748 + {
1.749 + PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
1.750 + goto err;
1.751 + }
1.752 +
1.753 + EVP_DecodeInit(&ctx);
1.754 + i=EVP_DecodeUpdate(&ctx,
1.755 + (unsigned char *)dataB->data,&bl,
1.756 + (unsigned char *)dataB->data,bl);
1.757 + if (i < 0)
1.758 + {
1.759 + PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
1.760 + goto err;
1.761 + }
1.762 + i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
1.763 + if (i < 0)
1.764 + {
1.765 + PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
1.766 + goto err;
1.767 + }
1.768 + bl+=k;
1.769 +
1.770 + if (bl == 0) goto err;
1.771 + *name=nameB->data;
1.772 + *header=headerB->data;
1.773 + *data=(unsigned char *)dataB->data;
1.774 + *len=bl;
1.775 + OPENSSL_free(nameB);
1.776 + OPENSSL_free(headerB);
1.777 + OPENSSL_free(dataB);
1.778 + return(1);
1.779 +err:
1.780 + BUF_MEM_free(nameB);
1.781 + BUF_MEM_free(headerB);
1.782 + BUF_MEM_free(dataB);
1.783 + return(0);
1.784 + }