1 /* crypto/pem/pem_lib.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay (at) cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay (at) cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include <ctype.h> 61 #include "cryptlib.h" 62 #include <openssl/buffer.h> 63 #include <openssl/objects.h> 64 #include <openssl/evp.h> 65 #include <openssl/rand.h> 66 #include <openssl/x509.h> 67 #include <openssl/pem.h> 68 #include <openssl/pkcs12.h> 69 #include "asn1_locl.h" 70 #ifndef OPENSSL_NO_DES 71 #include <openssl/des.h> 72 #endif 73 #ifndef OPENSSL_NO_ENGINE 74 #include <openssl/engine.h> 75 #endif 76 77 const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; 78 79 #define MIN_LENGTH 4 80 81 static int load_iv(char **fromp,unsigned char *to, int num); 82 static int check_pem(const char *nm, const char *name); 83 int pem_check_suffix(const char *pem_str, const char *suffix); 84 85 int PEM_def_callback(char *buf, int num, int w, void *key) 86 { 87 #ifdef OPENSSL_NO_FP_API 88 /* We should not ever call the default callback routine from 89 * windows. */ 90 PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 91 return(-1); 92 #else 93 int i,j; 94 const char *prompt; 95 if(key) { 96 i=strlen(key); 97 i=(i > num)?num:i; 98 memcpy(buf,key,i); 99 return(i); 100 } 101 102 prompt=EVP_get_pw_prompt(); 103 if (prompt == NULL) 104 prompt="Enter PEM pass phrase:"; 105 106 for (;;) 107 { 108 i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w); 109 if (i != 0) 110 { 111 PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); 112 memset(buf,0,(unsigned int)num); 113 return(-1); 114 } 115 j=strlen(buf); 116 if (j < MIN_LENGTH) 117 { 118 fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH); 119 } 120 else 121 break; 122 } 123 return(j); 124 #endif 125 } 126 127 void PEM_proc_type(char *buf, int type) 128 { 129 const char *str; 130 131 if (type == PEM_TYPE_ENCRYPTED) 132 str="ENCRYPTED"; 133 else if (type == PEM_TYPE_MIC_CLEAR) 134 str="MIC-CLEAR"; 135 else if (type == PEM_TYPE_MIC_ONLY) 136 str="MIC-ONLY"; 137 else 138 str="BAD-TYPE"; 139 140 BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); 141 BUF_strlcat(buf,str,PEM_BUFSIZE); 142 BUF_strlcat(buf,"\n",PEM_BUFSIZE); 143 } 144 145 void PEM_dek_info(char *buf, const char *type, int len, char *str) 146 { 147 static const unsigned char map[17]="0123456789ABCDEF"; 148 long i; 149 int j; 150 151 BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); 152 BUF_strlcat(buf,type,PEM_BUFSIZE); 153 BUF_strlcat(buf,",",PEM_BUFSIZE); 154 j=strlen(buf); 155 if (j + (len * 2) + 1 > PEM_BUFSIZE) 156 return; 157 for (i=0; i<len; i++) 158 { 159 buf[j+i*2] =map[(str[i]>>4)&0x0f]; 160 buf[j+i*2+1]=map[(str[i] )&0x0f]; 161 } 162 buf[j+i*2]='\n'; 163 buf[j+i*2+1]='\0'; 164 } 165 166 #ifndef OPENSSL_NO_FP_API 167 void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, 168 pem_password_cb *cb, void *u) 169 { 170 BIO *b; 171 void *ret; 172 173 if ((b=BIO_new(BIO_s_file())) == NULL) 174 { 175 PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); 176 return(0); 177 } 178 BIO_set_fp(b,fp,BIO_NOCLOSE); 179 ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); 180 BIO_free(b); 181 return(ret); 182 } 183 #endif 184 185 static int check_pem(const char *nm, const char *name) 186 { 187 /* Normal matching nm and name */ 188 if (!strcmp(nm,name)) return 1; 189 190 /* Make PEM_STRING_EVP_PKEY match any private key */ 191 192 if(!strcmp(name,PEM_STRING_EVP_PKEY)) 193 { 194 int slen; 195 const EVP_PKEY_ASN1_METHOD *ameth; 196 if(!strcmp(nm,PEM_STRING_PKCS8)) 197 return 1; 198 if(!strcmp(nm,PEM_STRING_PKCS8INF)) 199 return 1; 200 slen = pem_check_suffix(nm, "PRIVATE KEY"); 201 if (slen > 0) 202 { 203 /* NB: ENGINE implementations wont contain 204 * a deprecated old private key decode function 205 * so don't look for them. 206 */ 207 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); 208 if (ameth && ameth->old_priv_decode) 209 return 1; 210 } 211 return 0; 212 } 213 214 if(!strcmp(name,PEM_STRING_PARAMETERS)) 215 { 216 int slen; 217 const EVP_PKEY_ASN1_METHOD *ameth; 218 slen = pem_check_suffix(nm, "PARAMETERS"); 219 if (slen > 0) 220 { 221 ENGINE *e; 222 ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); 223 if (ameth) 224 { 225 int r; 226 if (ameth->param_decode) 227 r = 1; 228 else 229 r = 0; 230 #ifndef OPENSSL_NO_ENGINE 231 if (e) 232 ENGINE_finish(e); 233 #endif 234 return r; 235 } 236 } 237 return 0; 238 } 239 240 /* Permit older strings */ 241 242 if(!strcmp(nm,PEM_STRING_X509_OLD) && 243 !strcmp(name,PEM_STRING_X509)) return 1; 244 245 if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && 246 !strcmp(name,PEM_STRING_X509_REQ)) return 1; 247 248 /* Allow normal certs to be read as trusted certs */ 249 if(!strcmp(nm,PEM_STRING_X509) && 250 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; 251 252 if(!strcmp(nm,PEM_STRING_X509_OLD) && 253 !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; 254 255 /* Some CAs use PKCS#7 with CERTIFICATE headers */ 256 if(!strcmp(nm, PEM_STRING_X509) && 257 !strcmp(name, PEM_STRING_PKCS7)) return 1; 258 259 if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && 260 !strcmp(name, PEM_STRING_PKCS7)) return 1; 261 262 #ifndef OPENSSL_NO_CMS 263 if(!strcmp(nm, PEM_STRING_X509) && 264 !strcmp(name, PEM_STRING_CMS)) return 1; 265 /* Allow CMS to be read from PKCS#7 headers */ 266 if(!strcmp(nm, PEM_STRING_PKCS7) && 267 !strcmp(name, PEM_STRING_CMS)) return 1; 268 #endif 269 270 return 0; 271 } 272 273 int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, 274 pem_password_cb *cb, void *u) 275 { 276 EVP_CIPHER_INFO cipher; 277 char *nm=NULL,*header=NULL; 278 unsigned char *data=NULL; 279 long len; 280 int ret = 0; 281 282 for (;;) 283 { 284 if (!PEM_read_bio(bp,&nm,&header,&data,&len)) { 285 if(ERR_GET_REASON(ERR_peek_error()) == 286 PEM_R_NO_START_LINE) 287 ERR_add_error_data(2, "Expecting: ", name); 288 return 0; 289 } 290 if(check_pem(nm, name)) break; 291 OPENSSL_free(nm); 292 OPENSSL_free(header); 293 OPENSSL_free(data); 294 } 295 if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; 296 if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; 297 298 *pdata = data; 299 *plen = len; 300 301 if (pnm) 302 *pnm = nm; 303 304 ret = 1; 305 306 err: 307 if (!ret || !pnm) OPENSSL_free(nm); 308 OPENSSL_free(header); 309 if (!ret) OPENSSL_free(data); 310 return ret; 311 } 312 313 #ifndef OPENSSL_NO_FP_API 314 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, 315 void *x, const EVP_CIPHER *enc, unsigned char *kstr, 316 int klen, pem_password_cb *callback, void *u) 317 { 318 BIO *b; 319 int ret; 320 321 if ((b=BIO_new(BIO_s_file())) == NULL) 322 { 323 PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB); 324 return(0); 325 } 326 BIO_set_fp(b,fp,BIO_NOCLOSE); 327 ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u); 328 BIO_free(b); 329 return(ret); 330 } 331 #endif 332 333 int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, 334 void *x, const EVP_CIPHER *enc, unsigned char *kstr, 335 int klen, pem_password_cb *callback, void *u) 336 { 337 EVP_CIPHER_CTX ctx; 338 int dsize=0,i,j,ret=0; 339 unsigned char *p,*data=NULL; 340 const char *objstr=NULL; 341 char buf[PEM_BUFSIZE]; 342 unsigned char key[EVP_MAX_KEY_LENGTH]; 343 unsigned char iv[EVP_MAX_IV_LENGTH]; 344 345 if (enc != NULL) 346 { 347 objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); 348 if (objstr == NULL) 349 { 350 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); 351 goto err; 352 } 353 } 354 355 if ((dsize=i2d(x,NULL)) < 0) 356 { 357 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB); 358 dsize=0; 359 goto err; 360 } 361 /* dzise + 8 bytes are needed */ 362 /* actually it needs the cipher block size extra... */ 363 data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); 364 if (data == NULL) 365 { 366 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); 367 goto err; 368 } 369 p=data; 370 i=i2d(x,&p); 371 372 if (enc != NULL) 373 { 374 if (kstr == NULL) 375 { 376 if (callback == NULL) 377 klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u); 378 else 379 klen=(*callback)(buf,PEM_BUFSIZE,1,u); 380 if (klen <= 0) 381 { 382 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); 383 goto err; 384 } 385 #ifdef CHARSET_EBCDIC 386 /* Convert the pass phrase from EBCDIC */ 387 ebcdic2ascii(buf, buf, klen); 388 #endif 389 kstr=(unsigned char *)buf; 390 } 391 RAND_add(data,i,0);/* put in the RSA key. */ 392 OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); 393 if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ 394 goto err; 395 /* The 'iv' is used as the iv and as a salt. It is 396 * NOT taken from the BytesToKey function */ 397 EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); 398 399 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); 400 401 OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); 402 403 buf[0]='\0'; 404 PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); 405 PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); 406 /* k=strlen(buf); */ 407 408 EVP_CIPHER_CTX_init(&ctx); 409 EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv); 410 EVP_EncryptUpdate(&ctx,data,&j,data,i); 411 EVP_EncryptFinal_ex(&ctx,&(data[j]),&i); 412 EVP_CIPHER_CTX_cleanup(&ctx); 413 i+=j; 414 ret=1; 415 } 416 else 417 { 418 ret=1; 419 buf[0]='\0'; 420 } 421 i=PEM_write_bio(bp,name,buf,data,i); 422 if (i <= 0) ret=0; 423 err: 424 OPENSSL_cleanse(key,sizeof(key)); 425 OPENSSL_cleanse(iv,sizeof(iv)); 426 OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); 427 OPENSSL_cleanse(buf,PEM_BUFSIZE); 428 if (data != NULL) 429 { 430 OPENSSL_cleanse(data,(unsigned int)dsize); 431 OPENSSL_free(data); 432 } 433 return(ret); 434 } 435 436 int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, 437 pem_password_cb *callback,void *u) 438 { 439 int i,j,o,klen; 440 long len; 441 EVP_CIPHER_CTX ctx; 442 unsigned char key[EVP_MAX_KEY_LENGTH]; 443 char buf[PEM_BUFSIZE]; 444 445 len= *plen; 446 447 if (cipher->cipher == NULL) return(1); 448 if (callback == NULL) 449 klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u); 450 else 451 klen=callback(buf,PEM_BUFSIZE,0,u); 452 if (klen <= 0) 453 { 454 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); 455 return(0); 456 } 457 #ifdef CHARSET_EBCDIC 458 /* Convert the pass phrase from EBCDIC */ 459 ebcdic2ascii(buf, buf, klen); 460 #endif 461 462 EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), 463 (unsigned char *)buf,klen,1,key,NULL); 464 465 j=(int)len; 466 EVP_CIPHER_CTX_init(&ctx); 467 EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); 468 EVP_DecryptUpdate(&ctx,data,&i,data,j); 469 o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); 470 EVP_CIPHER_CTX_cleanup(&ctx); 471 OPENSSL_cleanse((char *)buf,sizeof(buf)); 472 OPENSSL_cleanse((char *)key,sizeof(key)); 473 j+=i; 474 if (!o) 475 { 476 PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); 477 return(0); 478 } 479 *plen=j; 480 return(1); 481 } 482 483 int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) 484 { 485 int o; 486 const EVP_CIPHER *enc=NULL; 487 char *p,c; 488 char **header_pp = &header; 489 490 cipher->cipher=NULL; 491 if ((header == NULL) || (*header == '\0') || (*header == '\n')) 492 return(1); 493 if (strncmp(header,"Proc-Type: ",11) != 0) 494 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } 495 header+=11; 496 if (*header != '4') return(0); header++; 497 if (*header != ',') return(0); header++; 498 if (strncmp(header,"ENCRYPTED",9) != 0) 499 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } 500 for (; (*header != '\n') && (*header != '\0'); header++) 501 ; 502 if (*header == '\0') 503 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } 504 header++; 505 if (strncmp(header,"DEK-Info: ",10) != 0) 506 { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } 507 header+=10; 508 509 p=header; 510 for (;;) 511 { 512 c= *header; 513 #ifndef CHARSET_EBCDIC 514 if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || 515 ((c >= '0') && (c <= '9')))) 516 break; 517 #else 518 if (!( isupper(c) || (c == '-') || 519 isdigit(c))) 520 break; 521 #endif 522 header++; 523 } 524 *header='\0'; 525 o=OBJ_sn2nid(p); 526 cipher->cipher=enc=EVP_get_cipherbyname(p); 527 *header=c; 528 header++; 529 530 if (enc == NULL) 531 { 532 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); 533 return(0); 534 } 535 if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len)) 536 return(0); 537 538 return(1); 539 } 540 541 static int load_iv(char **fromp, unsigned char *to, int num) 542 { 543 int v,i; 544 char *from; 545 546 from= *fromp; 547 for (i=0; i<num; i++) to[i]=0; 548 num*=2; 549 for (i=0; i<num; i++) 550 { 551 if ((*from >= '0') && (*from <= '9')) 552 v= *from-'0'; 553 else if ((*from >= 'A') && (*from <= 'F')) 554 v= *from-'A'+10; 555 else if ((*from >= 'a') && (*from <= 'f')) 556 v= *from-'a'+10; 557 else 558 { 559 PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS); 560 return(0); 561 } 562 from++; 563 to[i/2]|=v<<(long)((!(i&1))*4); 564 } 565 566 *fromp=from; 567 return(1); 568 } 569 570 #ifndef OPENSSL_NO_FP_API 571 int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, 572 long len) 573 { 574 BIO *b; 575 int ret; 576 577 if ((b=BIO_new(BIO_s_file())) == NULL) 578 { 579 PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB); 580 return(0); 581 } 582 BIO_set_fp(b,fp,BIO_NOCLOSE); 583 ret=PEM_write_bio(b, name, header, data,len); 584 BIO_free(b); 585 return(ret); 586 } 587 #endif 588 589 int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, 590 long len) 591 { 592 int nlen,n,i,j,outl; 593 unsigned char *buf = NULL; 594 EVP_ENCODE_CTX ctx; 595 int reason=ERR_R_BUF_LIB; 596 597 EVP_EncodeInit(&ctx); 598 nlen=strlen(name); 599 600 if ( (BIO_write(bp,"-----BEGIN ",11) != 11) || 601 (BIO_write(bp,name,nlen) != nlen) || 602 (BIO_write(bp,"-----\n",6) != 6)) 603 goto err; 604 605 i=strlen(header); 606 if (i > 0) 607 { 608 if ( (BIO_write(bp,header,i) != i) || 609 (BIO_write(bp,"\n",1) != 1)) 610 goto err; 611 } 612 613 buf = OPENSSL_malloc(PEM_BUFSIZE*8); 614 if (buf == NULL) 615 { 616 reason=ERR_R_MALLOC_FAILURE; 617 goto err; 618 } 619 620 i=j=0; 621 while (len > 0) 622 { 623 n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len); 624 EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n); 625 if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl)) 626 goto err; 627 i+=outl; 628 len-=n; 629 j+=n; 630 } 631 EVP_EncodeFinal(&ctx,buf,&outl); 632 if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; 633 OPENSSL_cleanse(buf, PEM_BUFSIZE*8); 634 OPENSSL_free(buf); 635 buf = NULL; 636 if ( (BIO_write(bp,"-----END ",9) != 9) || 637 (BIO_write(bp,name,nlen) != nlen) || 638 (BIO_write(bp,"-----\n",6) != 6)) 639 goto err; 640 return(i+outl); 641 err: 642 if (buf) { 643 OPENSSL_cleanse(buf, PEM_BUFSIZE*8); 644 OPENSSL_free(buf); 645 } 646 PEMerr(PEM_F_PEM_WRITE_BIO,reason); 647 return(0); 648 } 649 650 #ifndef OPENSSL_NO_FP_API 651 int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, 652 long *len) 653 { 654 BIO *b; 655 int ret; 656 657 if ((b=BIO_new(BIO_s_file())) == NULL) 658 { 659 PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB); 660 return(0); 661 } 662 BIO_set_fp(b,fp,BIO_NOCLOSE); 663 ret=PEM_read_bio(b, name, header, data,len); 664 BIO_free(b); 665 return(ret); 666 } 667 #endif 668 669 int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, 670 long *len) 671 { 672 EVP_ENCODE_CTX ctx; 673 int end=0,i,k,bl=0,hl=0,nohead=0; 674 char buf[256]; 675 BUF_MEM *nameB; 676 BUF_MEM *headerB; 677 BUF_MEM *dataB,*tmpB; 678 679 nameB=BUF_MEM_new(); 680 headerB=BUF_MEM_new(); 681 dataB=BUF_MEM_new(); 682 if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) 683 { 684 BUF_MEM_free(nameB); 685 BUF_MEM_free(headerB); 686 BUF_MEM_free(dataB); 687 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 688 return(0); 689 } 690 691 buf[254]='\0'; 692 for (;;) 693 { 694 i=BIO_gets(bp,buf,254); 695 696 if (i <= 0) 697 { 698 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE); 699 goto err; 700 } 701 702 while ((i >= 0) && (buf[i] <= ' ')) i--; 703 buf[++i]='\n'; buf[++i]='\0'; 704 705 if (strncmp(buf,"-----BEGIN ",11) == 0) 706 { 707 i=strlen(&(buf[11])); 708 709 if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0) 710 continue; 711 if (!BUF_MEM_grow(nameB,i+9)) 712 { 713 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 714 goto err; 715 } 716 memcpy(nameB->data,&(buf[11]),i-6); 717 nameB->data[i-6]='\0'; 718 break; 719 } 720 } 721 hl=0; 722 if (!BUF_MEM_grow(headerB,256)) 723 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 724 headerB->data[0]='\0'; 725 for (;;) 726 { 727 i=BIO_gets(bp,buf,254); 728 if (i <= 0) break; 729 730 while ((i >= 0) && (buf[i] <= ' ')) i--; 731 buf[++i]='\n'; buf[++i]='\0'; 732 733 if (buf[0] == '\n') break; 734 if (!BUF_MEM_grow(headerB,hl+i+9)) 735 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 736 if (strncmp(buf,"-----END ",9) == 0) 737 { 738 nohead=1; 739 break; 740 } 741 memcpy(&(headerB->data[hl]),buf,i); 742 headerB->data[hl+i]='\0'; 743 hl+=i; 744 } 745 746 bl=0; 747 if (!BUF_MEM_grow(dataB,1024)) 748 { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } 749 dataB->data[0]='\0'; 750 if (!nohead) 751 { 752 for (;;) 753 { 754 i=BIO_gets(bp,buf,254); 755 if (i <= 0) break; 756 757 while ((i >= 0) && (buf[i] <= ' ')) i--; 758 buf[++i]='\n'; buf[++i]='\0'; 759 760 if (i != 65) end=1; 761 if (strncmp(buf,"-----END ",9) == 0) 762 break; 763 if (i > 65) break; 764 if (!BUF_MEM_grow_clean(dataB,i+bl+9)) 765 { 766 PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); 767 goto err; 768 } 769 memcpy(&(dataB->data[bl]),buf,i); 770 dataB->data[bl+i]='\0'; 771 bl+=i; 772 if (end) 773 { 774 buf[0]='\0'; 775 i=BIO_gets(bp,buf,254); 776 if (i <= 0) break; 777 778 while ((i >= 0) && (buf[i] <= ' ')) i--; 779 buf[++i]='\n'; buf[++i]='\0'; 780 781 break; 782 } 783 } 784 } 785 else 786 { 787 tmpB=headerB; 788 headerB=dataB; 789 dataB=tmpB; 790 bl=hl; 791 } 792 i=strlen(nameB->data); 793 if ( (strncmp(buf,"-----END ",9) != 0) || 794 (strncmp(nameB->data,&(buf[9]),i) != 0) || 795 (strncmp(&(buf[9+i]),"-----\n",6) != 0)) 796 { 797 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE); 798 goto err; 799 } 800 801 EVP_DecodeInit(&ctx); 802 i=EVP_DecodeUpdate(&ctx, 803 (unsigned char *)dataB->data,&bl, 804 (unsigned char *)dataB->data,bl); 805 if (i < 0) 806 { 807 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); 808 goto err; 809 } 810 i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); 811 if (i < 0) 812 { 813 PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); 814 goto err; 815 } 816 bl+=k; 817 818 if (bl == 0) goto err; 819 *name=nameB->data; 820 *header=headerB->data; 821 *data=(unsigned char *)dataB->data; 822 *len=bl; 823 OPENSSL_free(nameB); 824 OPENSSL_free(headerB); 825 OPENSSL_free(dataB); 826 return(1); 827 err: 828 BUF_MEM_free(nameB); 829 BUF_MEM_free(headerB); 830 BUF_MEM_free(dataB); 831 return(0); 832 } 833 834 /* Check pem string and return prefix length. 835 * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" 836 * the return value is 3 for the string "RSA". 837 */ 838 839 int pem_check_suffix(const char *pem_str, const char *suffix) 840 { 841 int pem_len = strlen(pem_str); 842 int suffix_len = strlen(suffix); 843 const char *p; 844 if (suffix_len + 1 >= pem_len) 845 return 0; 846 p = pem_str + pem_len - suffix_len; 847 if (strcmp(p, suffix)) 848 return 0; 849 p--; 850 if (*p != ' ') 851 return 0; 852 return p - pem_str; 853 } 854 855