1 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #ifndef OPENSSL_HEADER_PEM_H 58 #define OPENSSL_HEADER_PEM_H 59 60 #include <openssl/base64.h> 61 #include <openssl/bio.h> 62 #include <openssl/cipher.h> 63 #include <openssl/digest.h> 64 #include <openssl/evp.h> 65 #include <openssl/stack.h> 66 #include <openssl/x509.h> 67 68 /* For compatibility with open-iscsi, which assumes that it can get 69 * |OPENSSL_malloc| from pem.h or err.h */ 70 #include <openssl/crypto.h> 71 72 #ifdef __cplusplus 73 extern "C" { 74 #endif 75 76 77 #define PEM_BUFSIZE 1024 78 79 #define PEM_STRING_X509_OLD "X509 CERTIFICATE" 80 #define PEM_STRING_X509 "CERTIFICATE" 81 #define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" 82 #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" 83 #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" 84 #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" 85 #define PEM_STRING_X509_CRL "X509 CRL" 86 #define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" 87 #define PEM_STRING_PUBLIC "PUBLIC KEY" 88 #define PEM_STRING_RSA "RSA PRIVATE KEY" 89 #define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" 90 #define PEM_STRING_DSA "DSA PRIVATE KEY" 91 #define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" 92 #define PEM_STRING_EC "EC PRIVATE KEY" 93 #define PEM_STRING_PKCS7 "PKCS7" 94 #define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" 95 #define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" 96 #define PEM_STRING_PKCS8INF "PRIVATE KEY" 97 #define PEM_STRING_DHPARAMS "DH PARAMETERS" 98 #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" 99 #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" 100 #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" 101 #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" 102 #define PEM_STRING_CMS "CMS" 103 104 /* enc_type is one off */ 105 #define PEM_TYPE_ENCRYPTED 10 106 #define PEM_TYPE_MIC_ONLY 20 107 #define PEM_TYPE_MIC_CLEAR 30 108 #define PEM_TYPE_CLEAR 40 109 110 /* These macros make the PEM_read/PEM_write functions easier to maintain and 111 * write. Now they are all implemented with either: 112 * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) 113 */ 114 115 #ifdef OPENSSL_NO_FP_API 116 117 #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ 118 #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ 119 #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ 120 #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ 121 #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ 122 123 #else 124 125 #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ 126 OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ 127 { \ 128 return (type *)PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ 129 } 130 131 #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ 132 OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x) \ 133 { \ 134 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ 135 } 136 137 #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ 138 OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x) \ 139 { \ 140 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ 141 } 142 143 #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ 144 OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ 145 unsigned char *kstr, int klen, pem_password_cb *cb, \ 146 void *u) \ 147 { \ 148 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ 149 } 150 151 #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ 152 OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ 153 unsigned char *kstr, int klen, pem_password_cb *cb, \ 154 void *u) \ 155 { \ 156 return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ 157 } 158 159 #endif 160 161 #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ 162 OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ 163 { \ 164 return (type *)PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ 165 } 166 167 #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ 168 OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x) \ 169 { \ 170 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ 171 } 172 173 #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ 174 OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x) \ 175 { \ 176 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ 177 } 178 179 #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ 180 OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ 181 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ 182 { \ 183 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ 184 } 185 186 #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ 187 OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ 188 unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ 189 { \ 190 return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ 191 } 192 193 #define IMPLEMENT_PEM_write(name, type, str, asn1) \ 194 IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ 195 IMPLEMENT_PEM_write_fp(name, type, str, asn1) 196 197 #define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ 198 IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ 199 IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) 200 201 #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ 202 IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ 203 IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 204 205 #define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ 206 IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ 207 IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) 208 209 #define IMPLEMENT_PEM_read(name, type, str, asn1) \ 210 IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ 211 IMPLEMENT_PEM_read_fp(name, type, str, asn1) 212 213 #define IMPLEMENT_PEM_rw(name, type, str, asn1) \ 214 IMPLEMENT_PEM_read(name, type, str, asn1) \ 215 IMPLEMENT_PEM_write(name, type, str, asn1) 216 217 #define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ 218 IMPLEMENT_PEM_read(name, type, str, asn1) \ 219 IMPLEMENT_PEM_write_const(name, type, str, asn1) 220 221 #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ 222 IMPLEMENT_PEM_read(name, type, str, asn1) \ 223 IMPLEMENT_PEM_write_cb(name, type, str, asn1) 224 225 /* These are the same except they are for the declarations */ 226 227 #if defined(OPENSSL_NO_FP_API) 228 229 #define DECLARE_PEM_read_fp(name, type) /**/ 230 #define DECLARE_PEM_write_fp(name, type) /**/ 231 #define DECLARE_PEM_write_cb_fp(name, type) /**/ 232 233 #else 234 235 #define DECLARE_PEM_read_fp(name, type) \ 236 OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); 237 238 #define DECLARE_PEM_write_fp(name, type) \ 239 OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x); 240 241 #define DECLARE_PEM_write_fp_const(name, type) \ 242 OPENSSL_EXPORT int PEM_write_##name(FILE *fp, const type *x); 243 244 #define DECLARE_PEM_write_cb_fp(name, type) \ 245 OPENSSL_EXPORT int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ 246 unsigned char *kstr, int klen, pem_password_cb *cb, void *u); 247 248 #endif 249 250 #define DECLARE_PEM_read_bio(name, type) \ 251 OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); 252 253 #define DECLARE_PEM_write_bio(name, type) \ 254 OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x); 255 256 #define DECLARE_PEM_write_bio_const(name, type) \ 257 OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, const type *x); 258 259 #define DECLARE_PEM_write_cb_bio(name, type) \ 260 OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ 261 unsigned char *kstr, int klen, pem_password_cb *cb, void *u); 262 263 264 #define DECLARE_PEM_write(name, type) \ 265 DECLARE_PEM_write_bio(name, type) \ 266 DECLARE_PEM_write_fp(name, type) 267 268 #define DECLARE_PEM_write_const(name, type) \ 269 DECLARE_PEM_write_bio_const(name, type) \ 270 DECLARE_PEM_write_fp_const(name, type) 271 272 #define DECLARE_PEM_write_cb(name, type) \ 273 DECLARE_PEM_write_cb_bio(name, type) \ 274 DECLARE_PEM_write_cb_fp(name, type) 275 276 #define DECLARE_PEM_read(name, type) \ 277 DECLARE_PEM_read_bio(name, type) \ 278 DECLARE_PEM_read_fp(name, type) 279 280 #define DECLARE_PEM_rw(name, type) \ 281 DECLARE_PEM_read(name, type) \ 282 DECLARE_PEM_write(name, type) 283 284 #define DECLARE_PEM_rw_const(name, type) \ 285 DECLARE_PEM_read(name, type) \ 286 DECLARE_PEM_write_const(name, type) 287 288 #define DECLARE_PEM_rw_cb(name, type) \ 289 DECLARE_PEM_read(name, type) \ 290 DECLARE_PEM_write_cb(name, type) 291 292 /* "userdata": new with OpenSSL 0.9.4 */ 293 typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); 294 295 OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); 296 OPENSSL_EXPORT int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, pem_password_cb *callback,void *u); 297 298 OPENSSL_EXPORT int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,long *len); 299 OPENSSL_EXPORT int PEM_write_bio(BIO *bp,const char *name, const char *hdr, const unsigned char *data, long len); 300 OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u); 301 OPENSSL_EXPORT void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, pem_password_cb *cb, void *u); 302 OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x, const EVP_CIPHER *enc,unsigned char *kstr,int klen, pem_password_cb *cb, void *u); 303 304 OPENSSL_EXPORT STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); 305 OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u); 306 307 OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,long *len); 308 OPENSSL_EXPORT int PEM_write(FILE *fp, const char *name, const char *hdr, const unsigned char *data, long len); 309 OPENSSL_EXPORT void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, pem_password_cb *cb, void *u); 310 OPENSSL_EXPORT int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, void *x,const EVP_CIPHER *enc,unsigned char *kstr, int klen,pem_password_cb *callback, void *u); 311 OPENSSL_EXPORT STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); 312 313 /* PEM_def_callback treats |userdata| as a string and copies it into |buf|, 314 * assuming its |size| is sufficient. Returns the length of the string, or 0 315 * if there is not enough room. If either |buf| or |userdata| is NULL, 0 is 316 * returned. Note that this is different from OpenSSL, which prompts for a 317 * password. */ 318 OPENSSL_EXPORT int PEM_def_callback(char *buf, int size, int rwflag, void *userdata); 319 OPENSSL_EXPORT void PEM_proc_type(char *buf, int type); 320 OPENSSL_EXPORT void PEM_dek_info(char *buf, const char *type, int len, char *str); 321 322 323 DECLARE_PEM_rw(X509, X509) 324 325 DECLARE_PEM_rw(X509_AUX, X509) 326 327 DECLARE_PEM_rw(X509_REQ, X509_REQ) 328 DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) 329 330 DECLARE_PEM_rw(X509_CRL, X509_CRL) 331 332 DECLARE_PEM_rw(PKCS8, X509_SIG) 333 334 DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) 335 336 DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) 337 338 DECLARE_PEM_rw_const(RSAPublicKey, RSA) 339 DECLARE_PEM_rw(RSA_PUBKEY, RSA) 340 341 #ifndef OPENSSL_NO_DSA 342 343 DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) 344 345 DECLARE_PEM_rw(DSA_PUBKEY, DSA) 346 347 DECLARE_PEM_rw_const(DSAparams, DSA) 348 349 #endif 350 351 DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) 352 DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) 353 354 355 DECLARE_PEM_rw_const(DHparams, DH) 356 357 358 DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) 359 360 DECLARE_PEM_rw(PUBKEY, EVP_PKEY) 361 362 OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); 363 OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, char *, int, pem_password_cb *, void *); 364 OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); 365 OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); 366 OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); 367 368 OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); 369 OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); 370 OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, char *kstr, int klen, pem_password_cb *cb, void *u); 371 372 OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); 373 374 OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, char *kstr,int klen, pem_password_cb *cd, void *u); 375 376 377 #ifdef __cplusplus 378 } 379 #endif 380 381 #define PEM_R_BAD_BASE64_DECODE 100 382 #define PEM_R_BAD_DECRYPT 101 383 #define PEM_R_BAD_END_LINE 102 384 #define PEM_R_BAD_IV_CHARS 103 385 #define PEM_R_BAD_PASSWORD_READ 104 386 #define PEM_R_CIPHER_IS_NULL 105 387 #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 106 388 #define PEM_R_NOT_DEK_INFO 107 389 #define PEM_R_NOT_ENCRYPTED 108 390 #define PEM_R_NOT_PROC_TYPE 109 391 #define PEM_R_NO_START_LINE 110 392 #define PEM_R_READ_KEY 111 393 #define PEM_R_SHORT_HEADER 112 394 #define PEM_R_UNSUPPORTED_CIPHER 113 395 #define PEM_R_UNSUPPORTED_ENCRYPTION 114 396 397 #endif /* OPENSSL_HEADER_PEM_H */ 398