1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #include <openssl/pem.h> 58 59 #include <stdio.h> 60 #include <string.h> 61 62 #include <openssl/buf.h> 63 #include <openssl/dh.h> 64 #include <openssl/err.h> 65 #include <openssl/evp.h> 66 #include <openssl/mem.h> 67 #include <openssl/obj.h> 68 #include <openssl/pkcs8.h> 69 #include <openssl/rand.h> 70 #include <openssl/x509.h> 71 72 #include "../evp/internal.h" 73 74 75 int pem_check_suffix(const char *pem_str, const char *suffix); 76 77 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) 78 { 79 char *nm=NULL; 80 const unsigned char *p=NULL; 81 unsigned char *data=NULL; 82 long len; 83 int slen; 84 EVP_PKEY *ret=NULL; 85 86 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) 87 return NULL; 88 p = data; 89 90 if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { 91 PKCS8_PRIV_KEY_INFO *p8inf; 92 p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); 93 if(!p8inf) goto p8err; 94 ret = EVP_PKCS82PKEY(p8inf); 95 if(x) { 96 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 97 *x = ret; 98 } 99 PKCS8_PRIV_KEY_INFO_free(p8inf); 100 } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { 101 PKCS8_PRIV_KEY_INFO *p8inf; 102 X509_SIG *p8; 103 int klen; 104 char psbuf[PEM_BUFSIZE]; 105 p8 = d2i_X509_SIG(NULL, &p, len); 106 if(!p8) goto p8err; 107 108 klen = 0; 109 if (!cb) cb = PEM_def_callback; 110 klen=cb(psbuf,PEM_BUFSIZE,0,u); 111 if (klen <= 0) { 112 OPENSSL_PUT_ERROR(PEM, PEM_read_bio_PrivateKey, PEM_R_BAD_PASSWORD_READ); 113 X509_SIG_free(p8); 114 goto err; 115 } 116 p8inf = PKCS8_decrypt(p8, psbuf, klen); 117 X509_SIG_free(p8); 118 if(!p8inf) goto p8err; 119 ret = EVP_PKCS82PKEY(p8inf); 120 if(x) { 121 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 122 *x = ret; 123 } 124 PKCS8_PRIV_KEY_INFO_free(p8inf); 125 } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) 126 { 127 const EVP_PKEY_ASN1_METHOD *ameth; 128 ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); 129 if (!ameth || !ameth->old_priv_decode) 130 goto p8err; 131 ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len); 132 } 133 p8err: 134 if (ret == NULL) 135 OPENSSL_PUT_ERROR(PEM, PEM_read_bio_PrivateKey, ERR_R_ASN1_LIB); 136 137 err: 138 OPENSSL_free(nm); 139 OPENSSL_cleanse(data, len); 140 OPENSSL_free(data); 141 return(ret); 142 } 143 144 int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, 145 unsigned char *kstr, int klen, 146 pem_password_cb *cb, void *u) 147 { 148 char pem_str[80]; 149 if (!x->ameth || x->ameth->priv_encode) 150 return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, 151 (char *)kstr, klen, 152 cb, u); 153 154 BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); 155 return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, 156 pem_str,bp,x,enc,kstr,klen,cb,u); 157 } 158 159 static int public_key_type_from_str(const char *name, size_t len) { 160 if (len == 3 && memcmp(name, "RSA", 3) == 0) { 161 return EVP_PKEY_RSA; 162 } else if (len == 2 && memcmp(name, "DH", 2) == 0) { 163 return EVP_PKEY_DH; 164 } else if (len == 2 && memcmp(name, "EC", 2) == 0) { 165 return EVP_PKEY_EC; 166 } 167 return NID_undef; 168 } 169 170 static int set_pkey_type_from_str(EVP_PKEY *pkey, const char *name, size_t len) { 171 int nid = public_key_type_from_str(name, len); 172 if (nid == NID_undef) { 173 return 0; 174 } 175 return EVP_PKEY_set_type(pkey, nid); 176 } 177 178 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) 179 { 180 char *nm=NULL; 181 const unsigned char *p=NULL; 182 unsigned char *data=NULL; 183 long len; 184 int slen; 185 EVP_PKEY *ret=NULL; 186 187 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS, 188 bp, 0, NULL)) 189 return NULL; 190 p = data; 191 192 if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) 193 { 194 ret = EVP_PKEY_new(); 195 if (!ret) 196 goto err; 197 if (!set_pkey_type_from_str(ret, nm, slen) 198 || !ret->ameth->param_decode 199 || !ret->ameth->param_decode(ret, &p, len)) 200 { 201 EVP_PKEY_free(ret); 202 ret = NULL; 203 goto err; 204 } 205 if(x) 206 { 207 if(*x) EVP_PKEY_free((EVP_PKEY *)*x); 208 *x = ret; 209 } 210 } 211 err: 212 if (ret == NULL) 213 OPENSSL_PUT_ERROR(PEM, PEM_read_bio_Parameters, ERR_R_ASN1_LIB); 214 OPENSSL_free(nm); 215 OPENSSL_free(data); 216 return(ret); 217 } 218 219 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) 220 { 221 char pem_str[80]; 222 if (!x->ameth || !x->ameth->param_encode) 223 return 0; 224 225 BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str); 226 return PEM_ASN1_write_bio( 227 (i2d_of_void *)x->ameth->param_encode, 228 pem_str,bp,x,NULL,NULL,0,0,NULL); 229 } 230 231 #ifndef OPENSSL_NO_FP_API 232 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) 233 { 234 BIO *b; 235 EVP_PKEY *ret; 236 237 if ((b=BIO_new(BIO_s_file())) == NULL) 238 { 239 OPENSSL_PUT_ERROR(PEM, PEM_read_PrivateKey, ERR_R_BUF_LIB); 240 return(0); 241 } 242 BIO_set_fp(b,fp,BIO_NOCLOSE); 243 ret=PEM_read_bio_PrivateKey(b,x,cb,u); 244 BIO_free(b); 245 return(ret); 246 } 247 248 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, 249 unsigned char *kstr, int klen, 250 pem_password_cb *cb, void *u) 251 { 252 BIO *b; 253 int ret; 254 255 if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) 256 { 257 OPENSSL_PUT_ERROR(PEM, PEM_write_PrivateKey, ERR_R_BUF_LIB); 258 return 0; 259 } 260 ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); 261 BIO_free(b); 262 return ret; 263 } 264 265 #endif 266 267 268 /* Transparently read in PKCS#3 or X9.42 DH parameters */ 269 270 DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) 271 { 272 char *nm=NULL; 273 const unsigned char *p=NULL; 274 unsigned char *data=NULL; 275 long len; 276 DH *ret=NULL; 277 278 if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, 279 bp, cb, u)) 280 return NULL; 281 p = data; 282 283 /* TODO(fork): remove? */ 284 /*if (!strcmp(nm, PEM_STRING_DHXPARAMS)) 285 ret = d2i_DHxparams(x, &p, len); 286 else */ 287 ret = d2i_DHparams(x, &p, len); 288 289 if (ret == NULL) 290 OPENSSL_PUT_ERROR(PEM, PEM_read_bio_DHparams, ERR_R_ASN1_LIB); 291 OPENSSL_free(nm); 292 OPENSSL_free(data); 293 return ret; 294 } 295 296 #ifndef OPENSSL_NO_FP_API 297 DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) 298 { 299 BIO *b; 300 DH *ret; 301 302 if ((b=BIO_new(BIO_s_file())) == NULL) 303 { 304 OPENSSL_PUT_ERROR(PEM, PEM_read_DHparams, ERR_R_BUF_LIB); 305 return(0); 306 } 307 BIO_set_fp(b,fp,BIO_NOCLOSE); 308 ret=PEM_read_bio_DHparams(b,x,cb,u); 309 BIO_free(b); 310 return(ret); 311 } 312 #endif 313
