• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/pem.h>
58 
59 #include <stdio.h>
60 #include <string.h>
61 
62 #include <openssl/buf.h>
63 #include <openssl/dh.h>
64 #include <openssl/err.h>
65 #include <openssl/evp.h>
66 #include <openssl/mem.h>
67 #include <openssl/obj.h>
68 #include <openssl/pkcs8.h>
69 #include <openssl/rand.h>
70 #include <openssl/x509.h>
71 
PEM_read_bio_PrivateKey(BIO * bp,EVP_PKEY ** x,pem_password_cb * cb,void * u)72 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
73                                   void *u)
74 {
75     char *nm = NULL;
76     const unsigned char *p = NULL;
77     unsigned char *data = NULL;
78     long len;
79     EVP_PKEY *ret = NULL;
80 
81     if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
82         return NULL;
83     p = data;
84 
85     if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
86         PKCS8_PRIV_KEY_INFO *p8inf;
87         p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
88         if (!p8inf)
89             goto p8err;
90         ret = EVP_PKCS82PKEY(p8inf);
91         if (x) {
92             if (*x)
93                 EVP_PKEY_free((EVP_PKEY *)*x);
94             *x = ret;
95         }
96         PKCS8_PRIV_KEY_INFO_free(p8inf);
97     } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
98         PKCS8_PRIV_KEY_INFO *p8inf;
99         X509_SIG *p8;
100         int klen;
101         char psbuf[PEM_BUFSIZE];
102         p8 = d2i_X509_SIG(NULL, &p, len);
103         if (!p8)
104             goto p8err;
105 
106         klen = 0;
107         if (!cb)
108             cb = PEM_def_callback;
109         klen = cb(psbuf, PEM_BUFSIZE, 0, u);
110         if (klen <= 0) {
111             OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
112             X509_SIG_free(p8);
113             goto err;
114         }
115         p8inf = PKCS8_decrypt(p8, psbuf, klen);
116         X509_SIG_free(p8);
117         if (!p8inf)
118             goto p8err;
119         ret = EVP_PKCS82PKEY(p8inf);
120         if (x) {
121             if (*x)
122                 EVP_PKEY_free((EVP_PKEY *)*x);
123             *x = ret;
124         }
125         PKCS8_PRIV_KEY_INFO_free(p8inf);
126     } else if (strcmp(nm, PEM_STRING_RSA) == 0) {
127         /* TODO(davidben): d2i_PrivateKey parses PKCS#8 along with the
128          * standalone format. This and the cases below probably should not
129          * accept PKCS#8. */
130         ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len);
131     } else if (strcmp(nm, PEM_STRING_EC) == 0) {
132         ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len);
133     } else if (strcmp(nm, PEM_STRING_DSA) == 0) {
134         ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len);
135     }
136  p8err:
137     if (ret == NULL)
138         OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
139 
140  err:
141     OPENSSL_free(nm);
142     OPENSSL_cleanse(data, len);
143     OPENSSL_free(data);
144     return (ret);
145 }
146 
PEM_write_bio_PrivateKey(BIO * bp,EVP_PKEY * x,const EVP_CIPHER * enc,unsigned char * kstr,int klen,pem_password_cb * cb,void * u)147 int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
148                              unsigned char *kstr, int klen,
149                              pem_password_cb *cb, void *u)
150 {
151     return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, (char *)kstr, klen, cb, u);
152 }
153 
154 #ifndef OPENSSL_NO_FP_API
PEM_read_PrivateKey(FILE * fp,EVP_PKEY ** x,pem_password_cb * cb,void * u)155 EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
156                               void *u)
157 {
158     BIO *b;
159     EVP_PKEY *ret;
160 
161     if ((b = BIO_new(BIO_s_file())) == NULL) {
162         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);
163         return (0);
164     }
165     BIO_set_fp(b, fp, BIO_NOCLOSE);
166     ret = PEM_read_bio_PrivateKey(b, x, cb, u);
167     BIO_free(b);
168     return (ret);
169 }
170 
PEM_write_PrivateKey(FILE * fp,EVP_PKEY * x,const EVP_CIPHER * enc,unsigned char * kstr,int klen,pem_password_cb * cb,void * u)171 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
172                          unsigned char *kstr, int klen,
173                          pem_password_cb *cb, void *u)
174 {
175     BIO *b;
176     int ret;
177 
178     if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
179         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);
180         return 0;
181     }
182     ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
183     BIO_free(b);
184     return ret;
185 }
186 
187 #endif
188 
189 /* Transparently read in PKCS#3 or X9.42 DH parameters */
190 
PEM_read_bio_DHparams(BIO * bp,DH ** x,pem_password_cb * cb,void * u)191 DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
192 {
193     char *nm = NULL;
194     const unsigned char *p = NULL;
195     unsigned char *data = NULL;
196     long len;
197     DH *ret = NULL;
198 
199     if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, bp, cb, u))
200         return NULL;
201     p = data;
202 
203     ret = d2i_DHparams(x, &p, len);
204 
205     if (ret == NULL)
206         OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
207     OPENSSL_free(nm);
208     OPENSSL_free(data);
209     return ret;
210 }
211 
212 #ifndef OPENSSL_NO_FP_API
PEM_read_DHparams(FILE * fp,DH ** x,pem_password_cb * cb,void * u)213 DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
214 {
215     BIO *b;
216     DH *ret;
217 
218     if ((b = BIO_new(BIO_s_file())) == NULL) {
219         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);
220         return (0);
221     }
222     BIO_set_fp(b, fp, BIO_NOCLOSE);
223     ret = PEM_read_bio_DHparams(b, x, cb, u);
224     BIO_free(b);
225     return (ret);
226 }
227 #endif
228