kris
/
boringssl
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
3578 Коміти
12 Гілки
38 MiB
Дерево: 8a55ce4954
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '8a55ce4954'
${ noResults }
boringssl/crypto/pem/pem_lib.c

pem_lib.c 22 KiB
Неформатований Звичайний вигляд Історія

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
Remove string.h from base.h. Including string.h in base.h causes any file that includes a BoringSSL header to include string.h. Generally this wouldn't be a problem, although string.h might slow down the compile if it wasn't otherwise needed. However, it also causes problems for ipsec-tools in Android because OpenSSL didn't have this behaviour. This change removes string.h from base.h and, instead, adds it to each .c file that requires it. Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37 Reviewed-on: https://boringssl-review.googlesource.com/3200 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Decouple the EVP and PEM code. EVP_PKEY_asn1_find can already be private. EVP_PKEY_asn1_find_str is used only so the PEM code can get at legacy encoders. Since this is all legacy non-PKCS8 stuff, we can just explicitly list out the three cases in the two places that need it. If this changes, we can later add a table in crypto/pem mapping string to EVP_PKEY type. With this, EVP_PKEY_ASN1_METHOD is no longer exposed in the public API and nothing outside of EVP_PKEY reaches into it. Unexport all of that. Change-Id: Iab661014247dbdbc31e5e9887364176ec5ad2a6d Reviewed-on: https://boringssl-review.googlesource.com/6871 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Reject inappropriate private key encryption ciphers. The traditional private key encryption algorithm doesn't function properly if the IV length of the cipher is zero. These ciphers (e.g. ECB mode) are not suitable for private key encryption anyway. (Imported from upstream's 4436299296cc10c6d6611b066b4b73dc0bdae1a6.) Change-Id: I218c9c1d11274ef11b7c0cfce380521efa415215 Reviewed-on: https://boringssl-review.googlesource.com/7840 Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
Implement |PEM_def_callback| and call it where appropriate. This implementation does not prompt for a password. It's just enough to ensure that the many functions that take a tuple of |pem_password_cb| and a |void *| to a password work in a reasonable way when the latter is non-NULL. Change-Id: Ic6bfc484630c67b5ede25277e14eb3b00c2024f0 Reviewed-on: https://boringssl-review.googlesource.com/4990 Reviewed-by: Adam Langley <agl@google.com>
9 роки тому
OpenSSL reformat x509/, x509v3/, pem/ and asn1/. OpenSSL upstream did a bulk reformat. We still have some files that have the old OpenSSL style and this makes applying patches to them more manual, and thus more error-prone, than it should be. This change is the result of running util/openssl-format-source -v -c . in the enumerated directories. A few files were in BoringSSL style and have not been touched. This change should be formatting only; no semantic difference. Change-Id: I75ced2970ae22b9facb930a79798350a09c5111e Reviewed-on: https://boringssl-review.googlesource.com/6904 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
8 роки тому
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778 
  1. /* crypto/pem/pem_lib.c */

  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  3.  * All rights reserved.

  4.  *

  5.  * This package is an SSL implementation written

  6.  * by Eric Young (eay@cryptsoft.com).

  7.  * The implementation was written so as to conform with Netscapes SSL.

  8.  *

  9.  * This library is free for commercial and non-commercial use as long as

  10.  * the following conditions are aheared to.  The following conditions

  11.  * apply to all code found in this distribution, be it the RC4, RSA,

  12.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  13.  * included with this distribution is covered by the same copyright terms

  14.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  15.  *

  16.  * Copyright remains Eric Young's, and as such any Copyright notices in

  17.  * the code are not to be removed.

  18.  * If this package is used in a product, Eric Young should be given attribution

  19.  * as the author of the parts of the library used.

  20.  * This can be in the form of a textual message at program startup or

  21.  * in documentation (online or textual) provided with the package.

  22.  *

  23.  * Redistribution and use in source and binary forms, with or without

  24.  * modification, are permitted provided that the following conditions

  25.  * are met:

  26.  * 1. Redistributions of source code must retain the copyright

  27.  *    notice, this list of conditions and the following disclaimer.

  28.  * 2. Redistributions in binary form must reproduce the above copyright

  29.  *    notice, this list of conditions and the following disclaimer in the

  30.  *    documentation and/or other materials provided with the distribution.

  31.  * 3. All advertising materials mentioning features or use of this software

  32.  *    must display the following acknowledgement:

  33.  *    "This product includes cryptographic software written by

  34.  *     Eric Young (eay@cryptsoft.com)"

  35.  *    The word 'cryptographic' can be left out if the rouines from the library

  36.  *    being used are not cryptographic related :-).

  37.  * 4. If you include any Windows specific code (or a derivative thereof) from

  38.  *    the apps directory (application code) you must include an acknowledgement:

  39.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  40.  *

  41.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  42.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  43.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  44.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  45.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  46.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  47.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  48.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  49.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  50.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  51.  * SUCH DAMAGE.

  52.  *

  53.  * The licence and distribution terms for any publically available version or

  54.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  55.  * copied and put under another distribution licence

  56.  * [including the GNU Public Licence.] */

  57. 

  58. #include <assert.h>

  59. #include <ctype.h>

  60. #include <stdio.h>

  61. #include <string.h>

  62. 

  63. #include <openssl/base64.h>

  64. #include <openssl/buf.h>

  65. #include <openssl/des.h>

  66. #include <openssl/err.h>

  67. #include <openssl/evp.h>

  68. #include <openssl/mem.h>

  69. #include <openssl/obj.h>

  70. #include <openssl/pem.h>

  71. #include <openssl/rand.h>

  72. #include <openssl/x509.h>

  73. 

  74. #define MIN_LENGTH      4

  75. 

  76. static int load_iv(char **fromp, unsigned char *to, int num);

  77. static int check_pem(const char *nm, const char *name);

  78. 

  79. void PEM_proc_type(char *buf, int type)

  80. {

  81.     const char *str;

  82. 

  83.     if (type == PEM_TYPE_ENCRYPTED)

  84.         str = "ENCRYPTED";

  85.     else if (type == PEM_TYPE_MIC_CLEAR)

  86.         str = "MIC-CLEAR";

  87.     else if (type == PEM_TYPE_MIC_ONLY)

  88.         str = "MIC-ONLY";

  89.     else

  90.         str = "BAD-TYPE";

  91. 

  92.     BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);

  93.     BUF_strlcat(buf, str, PEM_BUFSIZE);

  94.     BUF_strlcat(buf, "\n", PEM_BUFSIZE);

  95. }

  96. 

  97. void PEM_dek_info(char *buf, const char *type, int len, char *str)

  98. {

  99.     static const unsigned char map[17] = "0123456789ABCDEF";

  100.     long i;

  101.     int j;

  102. 

  103.     BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);

  104.     BUF_strlcat(buf, type, PEM_BUFSIZE);

  105.     BUF_strlcat(buf, ",", PEM_BUFSIZE);

  106.     j = strlen(buf);

  107.     if (j + (len * 2) + 1 > PEM_BUFSIZE)

  108.         return;

  109.     for (i = 0; i < len; i++) {

  110.         buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];

  111.         buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];

  112.     }

  113.     buf[j + i * 2] = '\n';

  114.     buf[j + i * 2 + 1] = '\0';

  115. }

  116. 

  117. #ifndef OPENSSL_NO_FP_API

  118. void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,

  119.                     pem_password_cb *cb, void *u)

  120. {

  121.     BIO *b;

  122.     void *ret;

  123. 

  124.     if ((b = BIO_new(BIO_s_file())) == NULL) {

  125.         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);

  126.         return (0);

  127.     }

  128.     BIO_set_fp(b, fp, BIO_NOCLOSE);

  129.     ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);

  130.     BIO_free(b);

  131.     return (ret);

  132. }

  133. #endif

  134. 

  135. static int check_pem(const char *nm, const char *name)

  136. {

  137.     /* Normal matching nm and name */

  138.     if (!strcmp(nm, name))

  139.         return 1;

  140. 

  141.     /* Make PEM_STRING_EVP_PKEY match any private key */

  142. 

  143.     if (!strcmp(name, PEM_STRING_EVP_PKEY)) {

  144.         return !strcmp(nm, PEM_STRING_PKCS8) ||

  145.                !strcmp(nm, PEM_STRING_PKCS8INF) ||

  146.                !strcmp(nm, PEM_STRING_RSA) ||

  147.                !strcmp(nm, PEM_STRING_EC) ||

  148.                !strcmp(nm, PEM_STRING_DSA);

  149.     }

  150. 

  151.     /* Permit older strings */

  152. 

  153.     if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509))

  154.         return 1;

  155. 

  156.     if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&

  157.         !strcmp(name, PEM_STRING_X509_REQ))

  158.         return 1;

  159. 

  160.     /* Allow normal certs to be read as trusted certs */

  161.     if (!strcmp(nm, PEM_STRING_X509) &&

  162.         !strcmp(name, PEM_STRING_X509_TRUSTED))

  163.         return 1;

  164. 

  165.     if (!strcmp(nm, PEM_STRING_X509_OLD) &&

  166.         !strcmp(name, PEM_STRING_X509_TRUSTED))

  167.         return 1;

  168. 

  169.     /* Some CAs use PKCS#7 with CERTIFICATE headers */

  170.     if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7))

  171.         return 1;

  172. 

  173.     if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&

  174.         !strcmp(name, PEM_STRING_PKCS7))

  175.         return 1;

  176. 

  177. #ifndef OPENSSL_NO_CMS

  178.     if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS))

  179.         return 1;

  180.     /* Allow CMS to be read from PKCS#7 headers */

  181.     if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS))

  182.         return 1;

  183. #endif

  184. 

  185.     return 0;

  186. }

  187. 

  188. int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,

  189.                        const char *name, BIO *bp, pem_password_cb *cb,

  190.                        void *u)

  191. {

  192.     EVP_CIPHER_INFO cipher;

  193.     char *nm = NULL, *header = NULL;

  194.     unsigned char *data = NULL;

  195.     long len;

  196.     int ret = 0;

  197. 

  198.     for (;;) {

  199.         if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {

  200.             if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)

  201.                 ERR_add_error_data(2, "Expecting: ", name);

  202.             return 0;

  203.         }

  204.         if (check_pem(nm, name))

  205.             break;

  206.         OPENSSL_free(nm);

  207.         OPENSSL_free(header);

  208.         OPENSSL_free(data);

  209.     }

  210.     if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))

  211.         goto err;

  212.     if (!PEM_do_header(&cipher, data, &len, cb, u))

  213.         goto err;

  214. 

  215.     *pdata = data;

  216.     *plen = len;

  217. 

  218.     if (pnm)

  219.         *pnm = nm;

  220. 

  221.     ret = 1;

  222. 

  223.  err:

  224.     if (!ret || !pnm)

  225.         OPENSSL_free(nm);

  226.     OPENSSL_free(header);

  227.     if (!ret)

  228.         OPENSSL_free(data);

  229.     return ret;

  230. }

  231. 

  232. #ifndef OPENSSL_NO_FP_API

  233. int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,

  234.                    void *x, const EVP_CIPHER *enc, unsigned char *kstr,

  235.                    int klen, pem_password_cb *callback, void *u)

  236. {

  237.     BIO *b;

  238.     int ret;

  239. 

  240.     if ((b = BIO_new(BIO_s_file())) == NULL) {

  241.         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);

  242.         return (0);

  243.     }

  244.     BIO_set_fp(b, fp, BIO_NOCLOSE);

  245.     ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);

  246.     BIO_free(b);

  247.     return (ret);

  248. }

  249. #endif

  250. 

  251. int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,

  252.                        void *x, const EVP_CIPHER *enc, unsigned char *kstr,

  253.                        int klen, pem_password_cb *callback, void *u)

  254. {

  255.     EVP_CIPHER_CTX ctx;

  256.     int dsize = 0, i, j, ret = 0;

  257.     unsigned char *p, *data = NULL;

  258.     const char *objstr = NULL;

  259.     char buf[PEM_BUFSIZE];

  260.     unsigned char key[EVP_MAX_KEY_LENGTH];

  261.     unsigned char iv[EVP_MAX_IV_LENGTH];

  262. 

  263.     if (enc != NULL) {

  264.         objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));

  265.         if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {

  266.             OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_CIPHER);

  267.             goto err;

  268.         }

  269.     }

  270. 

  271.     if ((dsize = i2d(x, NULL)) < 0) {

  272.         OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);

  273.         dsize = 0;

  274.         goto err;

  275.     }

  276.     /* dzise + 8 bytes are needed */

  277.     /* actually it needs the cipher block size extra... */

  278.     data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20);

  279.     if (data == NULL) {

  280.         OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);

  281.         goto err;

  282.     }

  283.     p = data;

  284.     i = i2d(x, &p);

  285. 

  286.     if (enc != NULL) {

  287.         const unsigned iv_len = EVP_CIPHER_iv_length(enc);

  288. 

  289.         if (kstr == NULL) {

  290.             klen = 0;

  291.             if (!callback)

  292.                 callback = PEM_def_callback;

  293.             klen = (*callback) (buf, PEM_BUFSIZE, 1, u);

  294.             if (klen <= 0) {

  295.                 OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);

  296.                 goto err;

  297.             }

  298.             kstr = (unsigned char *)buf;

  299.         }

  300.         assert(iv_len <= (int)sizeof(iv));

  301.         if (!RAND_bytes(iv, iv_len)) /* Generate a salt */

  302.             goto err;

  303.         /*

  304.          * The 'iv' is used as the iv and as a salt.  It is NOT taken from

  305.          * the BytesToKey function

  306.          */

  307.         if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))

  308.             goto err;

  309. 

  310.         if (kstr == (unsigned char *)buf)

  311.             OPENSSL_cleanse(buf, PEM_BUFSIZE);

  312. 

  313.         assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof buf);

  314. 

  315.         buf[0] = '\0';

  316.         PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);

  317.         PEM_dek_info(buf, objstr, iv_len, (char *)iv);

  318.         /* k=strlen(buf); */

  319. 

  320.         EVP_CIPHER_CTX_init(&ctx);

  321.         ret = 1;

  322.         if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv)

  323.             || !EVP_EncryptUpdate(&ctx, data, &j, data, i)

  324.             || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i))

  325.             ret = 0;

  326.         else

  327.             i += j;

  328.         EVP_CIPHER_CTX_cleanup(&ctx);

  329.         if (ret == 0)

  330.             goto err;

  331.     } else {

  332.         ret = 1;

  333.         buf[0] = '\0';

  334.     }

  335.     i = PEM_write_bio(bp, name, buf, data, i);

  336.     if (i <= 0)

  337.         ret = 0;

  338.  err:

  339.     OPENSSL_cleanse(key, sizeof(key));

  340.     OPENSSL_cleanse(iv, sizeof(iv));

  341.     OPENSSL_cleanse((char *)&ctx, sizeof(ctx));

  342.     OPENSSL_cleanse(buf, PEM_BUFSIZE);

  343.     if (data != NULL) {

  344.         OPENSSL_cleanse(data, (unsigned int)dsize);

  345.         OPENSSL_free(data);

  346.     }

  347.     return (ret);

  348. }

  349. 

  350. int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,

  351.                   pem_password_cb *callback, void *u)

  352. {

  353.     int i = 0, j, o, klen;

  354.     long len;

  355.     EVP_CIPHER_CTX ctx;

  356.     unsigned char key[EVP_MAX_KEY_LENGTH];

  357.     char buf[PEM_BUFSIZE];

  358. 

  359.     len = *plen;

  360. 

  361.     if (cipher->cipher == NULL)

  362.         return (1);

  363. 

  364.     klen = 0;

  365.     if (!callback)

  366.         callback = PEM_def_callback;

  367.     klen = callback(buf, PEM_BUFSIZE, 0, u);

  368.     if (klen <= 0) {

  369.         OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);

  370.         return (0);

  371.     }

  372. 

  373.     if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),

  374.                         (unsigned char *)buf, klen, 1, key, NULL))

  375.         return 0;

  376. 

  377.     j = (int)len;

  378.     EVP_CIPHER_CTX_init(&ctx);

  379.     o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));

  380.     if (o)

  381.         o = EVP_DecryptUpdate(&ctx, data, &i, data, j);

  382.     if (o)

  383.         o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);

  384.     EVP_CIPHER_CTX_cleanup(&ctx);

  385.     OPENSSL_cleanse((char *)buf, sizeof(buf));

  386.     OPENSSL_cleanse((char *)key, sizeof(key));

  387.     if (!o) {

  388.         OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_DECRYPT);

  389.         return (0);

  390.     }

  391.     j += i;

  392.     *plen = j;

  393.     return (1);

  394. }

  395. 

  396. static const EVP_CIPHER *cipher_by_name(const char *name)

  397. {

  398.     /* This is similar to the (deprecated) function |EVP_get_cipherbyname|. */

  399.     if (0 == strcmp(name, SN_rc4)) {

  400.         return EVP_rc4();

  401.     } else if (0 == strcmp(name, SN_des_cbc)) {

  402.         return EVP_des_cbc();

  403.     } else if (0 == strcmp(name, SN_des_ede3_cbc)) {

  404.         return EVP_des_ede3_cbc();

  405.     } else if (0 == strcmp(name, SN_aes_128_cbc)) {

  406.         return EVP_aes_128_cbc();

  407.     } else if (0 == strcmp(name, SN_aes_192_cbc)) {

  408.         return EVP_aes_192_cbc();

  409.     } else if (0 == strcmp(name, SN_aes_256_cbc)) {

  410.         return EVP_aes_256_cbc();

  411.     } else {

  412.         return NULL;

  413.     }

  414. }

  415. 

  416. int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)

  417. {

  418.     const EVP_CIPHER *enc = NULL;

  419.     char *p, c;

  420.     char **header_pp = &header;

  421. 

  422.     cipher->cipher = NULL;

  423.     if ((header == NULL) || (*header == '\0') || (*header == '\n'))

  424.         return (1);

  425.     if (strncmp(header, "Proc-Type: ", 11) != 0) {

  426.         OPENSSL_PUT_ERROR(PEM, PEM_R_NOT_PROC_TYPE);

  427.         return (0);

  428.     }

  429.     header += 11;

  430.     if (*header != '4')

  431.         return (0);

  432.     header++;

  433.     if (*header != ',')

  434.         return (0);

  435.     header++;

  436.     if (strncmp(header, "ENCRYPTED", 9) != 0) {

  437.         OPENSSL_PUT_ERROR(PEM, PEM_R_NOT_ENCRYPTED);

  438.         return (0);

  439.     }

  440.     for (; (*header != '\n') && (*header != '\0'); header++) ;

  441.     if (*header == '\0') {

  442.         OPENSSL_PUT_ERROR(PEM, PEM_R_SHORT_HEADER);

  443.         return (0);

  444.     }

  445.     header++;

  446.     if (strncmp(header, "DEK-Info: ", 10) != 0) {

  447.         OPENSSL_PUT_ERROR(PEM, PEM_R_NOT_DEK_INFO);

  448.         return (0);

  449.     }

  450.     header += 10;

  451. 

  452.     p = header;

  453.     for (;;) {

  454.         c = *header;

  455.         if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||

  456.               ((c >= '0') && (c <= '9'))))

  457.             break;

  458.         header++;

  459.     }

  460.     *header = '\0';

  461.     cipher->cipher = enc = cipher_by_name(p);

  462.     *header = c;

  463.     header++;

  464. 

  465.     if (enc == NULL) {

  466.         OPENSSL_PUT_ERROR(PEM, PEM_R_UNSUPPORTED_ENCRYPTION);

  467.         return (0);

  468.     }

  469.     if (!load_iv(header_pp, &(cipher->iv[0]), EVP_CIPHER_iv_length(enc)))

  470.         return (0);

  471. 

  472.     return (1);

  473. }

  474. 

  475. static int load_iv(char **fromp, unsigned char *to, int num)

  476. {

  477.     int v, i;

  478.     char *from;

  479. 

  480.     from = *fromp;

  481.     for (i = 0; i < num; i++)

  482.         to[i] = 0;

  483.     num *= 2;

  484.     for (i = 0; i < num; i++) {

  485.         if ((*from >= '0') && (*from <= '9'))

  486.             v = *from - '0';

  487.         else if ((*from >= 'A') && (*from <= 'F'))

  488.             v = *from - 'A' + 10;

  489.         else if ((*from >= 'a') && (*from <= 'f'))

  490.             v = *from - 'a' + 10;

  491.         else {

  492.             OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_IV_CHARS);

  493.             return (0);

  494.         }

  495.         from++;

  496.         to[i / 2] |= v << (long)((!(i & 1)) * 4);

  497.     }

  498. 

  499.     *fromp = from;

  500.     return (1);

  501. }

  502. 

  503. #ifndef OPENSSL_NO_FP_API

  504. int PEM_write(FILE *fp, const char *name, const char *header,

  505.               const unsigned char *data, long len)

  506. {

  507.     BIO *b;

  508.     int ret;

  509. 

  510.     if ((b = BIO_new(BIO_s_file())) == NULL) {

  511.         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);

  512.         return (0);

  513.     }

  514.     BIO_set_fp(b, fp, BIO_NOCLOSE);

  515.     ret = PEM_write_bio(b, name, header, data, len);

  516.     BIO_free(b);

  517.     return (ret);

  518. }

  519. #endif

  520. 

  521. int PEM_write_bio(BIO *bp, const char *name, const char *header,

  522.                   const unsigned char *data, long len)

  523. {

  524.     int nlen, n, i, j, outl;

  525.     unsigned char *buf = NULL;

  526.     EVP_ENCODE_CTX ctx;

  527.     int reason = ERR_R_BUF_LIB;

  528. 

  529.     EVP_EncodeInit(&ctx);

  530.     nlen = strlen(name);

  531. 

  532.     if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||

  533.         (BIO_write(bp, name, nlen) != nlen) ||

  534.         (BIO_write(bp, "-----\n", 6) != 6))

  535.         goto err;

  536. 

  537.     i = strlen(header);

  538.     if (i > 0) {

  539.         if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))

  540.             goto err;

  541.     }

  542. 

  543.     buf = OPENSSL_malloc(PEM_BUFSIZE * 8);

  544.     if (buf == NULL) {

  545.         reason = ERR_R_MALLOC_FAILURE;

  546.         goto err;

  547.     }

  548. 

  549.     i = j = 0;

  550.     while (len > 0) {

  551.         n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);

  552.         EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);

  553.         if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))

  554.             goto err;

  555.         i += outl;

  556.         len -= n;

  557.         j += n;

  558.     }

  559.     EVP_EncodeFinal(&ctx, buf, &outl);

  560.     if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))

  561.         goto err;

  562.     OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);

  563.     OPENSSL_free(buf);

  564.     buf = NULL;

  565.     if ((BIO_write(bp, "-----END ", 9) != 9) ||

  566.         (BIO_write(bp, name, nlen) != nlen) ||

  567.         (BIO_write(bp, "-----\n", 6) != 6))

  568.         goto err;

  569.     return (i + outl);

  570.  err:

  571.     if (buf) {

  572.         OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);

  573.         OPENSSL_free(buf);

  574.     }

  575.     OPENSSL_PUT_ERROR(PEM, reason);

  576.     return (0);

  577. }

  578. 

  579. #ifndef OPENSSL_NO_FP_API

  580. int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,

  581.              long *len)

  582. {

  583.     BIO *b;

  584.     int ret;

  585. 

  586.     if ((b = BIO_new(BIO_s_file())) == NULL) {

  587.         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);

  588.         return (0);

  589.     }

  590.     BIO_set_fp(b, fp, BIO_NOCLOSE);

  591.     ret = PEM_read_bio(b, name, header, data, len);

  592.     BIO_free(b);

  593.     return (ret);

  594. }

  595. #endif

  596. 

  597. int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,

  598.                  long *len)

  599. {

  600.     EVP_ENCODE_CTX ctx;

  601.     int end = 0, i, k, bl = 0, hl = 0, nohead = 0;

  602.     char buf[256];

  603.     BUF_MEM *nameB;

  604.     BUF_MEM *headerB;

  605.     BUF_MEM *dataB, *tmpB;

  606. 

  607.     nameB = BUF_MEM_new();

  608.     headerB = BUF_MEM_new();

  609.     dataB = BUF_MEM_new();

  610.     if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {

  611.         BUF_MEM_free(nameB);

  612.         BUF_MEM_free(headerB);

  613.         BUF_MEM_free(dataB);

  614.         OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);

  615.         return (0);

  616.     }

  617. 

  618.     buf[254] = '\0';

  619.     for (;;) {

  620.         i = BIO_gets(bp, buf, 254);

  621. 

  622.         if (i <= 0) {

  623.             OPENSSL_PUT_ERROR(PEM, PEM_R_NO_START_LINE);

  624.             goto err;

  625.         }

  626. 

  627.         while ((i >= 0) && (buf[i] <= ' '))

  628.             i--;

  629.         buf[++i] = '\n';

  630.         buf[++i] = '\0';

  631. 

  632.         if (strncmp(buf, "-----BEGIN ", 11) == 0) {

  633.             i = strlen(&(buf[11]));

  634. 

  635.             if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)

  636.                 continue;

  637.             if (!BUF_MEM_grow(nameB, i + 9)) {

  638.                 OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);

  639.                 goto err;

  640.             }

  641.             memcpy(nameB->data, &(buf[11]), i - 6);

  642.             nameB->data[i - 6] = '\0';

  643.             break;

  644.         }

  645.     }

  646.     hl = 0;

  647.     if (!BUF_MEM_grow(headerB, 256)) {

  648.         OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);

  649.         goto err;

  650.     }

  651.     headerB->data[0] = '\0';

  652.     for (;;) {

  653.         i = BIO_gets(bp, buf, 254);

  654.         if (i <= 0)

  655.             break;

  656. 

  657.         while ((i >= 0) && (buf[i] <= ' '))

  658.             i--;

  659.         buf[++i] = '\n';

  660.         buf[++i] = '\0';

  661. 

  662.         if (buf[0] == '\n')

  663.             break;

  664.         if (!BUF_MEM_grow(headerB, hl + i + 9)) {

  665.             OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);

  666.             goto err;

  667.         }

  668.         if (strncmp(buf, "-----END ", 9) == 0) {

  669.             nohead = 1;

  670.             break;

  671.         }

  672.         memcpy(&(headerB->data[hl]), buf, i);

  673.         headerB->data[hl + i] = '\0';

  674.         hl += i;

  675.     }

  676. 

  677.     bl = 0;

  678.     if (!BUF_MEM_grow(dataB, 1024)) {

  679.         OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);

  680.         goto err;

  681.     }

  682.     dataB->data[0] = '\0';

  683.     if (!nohead) {

  684.         for (;;) {

  685.             i = BIO_gets(bp, buf, 254);

  686.             if (i <= 0)

  687.                 break;

  688. 

  689.             while ((i >= 0) && (buf[i] <= ' '))

  690.                 i--;

  691.             buf[++i] = '\n';

  692.             buf[++i] = '\0';

  693. 

  694.             if (i != 65)

  695.                 end = 1;

  696.             if (strncmp(buf, "-----END ", 9) == 0)

  697.                 break;

  698.             if (i > 65)

  699.                 break;

  700.             if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {

  701.                 OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);

  702.                 goto err;

  703.             }

  704.             memcpy(&(dataB->data[bl]), buf, i);

  705.             dataB->data[bl + i] = '\0';

  706.             bl += i;

  707.             if (end) {

  708.                 buf[0] = '\0';

  709.                 i = BIO_gets(bp, buf, 254);

  710.                 if (i <= 0)

  711.                     break;

  712. 

  713.                 while ((i >= 0) && (buf[i] <= ' '))

  714.                     i--;

  715.                 buf[++i] = '\n';

  716.                 buf[++i] = '\0';

  717. 

  718.                 break;

  719.             }

  720.         }

  721.     } else {

  722.         tmpB = headerB;

  723.         headerB = dataB;

  724.         dataB = tmpB;

  725.         bl = hl;

  726.     }

  727.     i = strlen(nameB->data);

  728.     if ((strncmp(buf, "-----END ", 9) != 0) ||

  729.         (strncmp(nameB->data, &(buf[9]), i) != 0) ||

  730.         (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {

  731.         OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_END_LINE);

  732.         goto err;

  733.     }

  734. 

  735.     EVP_DecodeInit(&ctx);

  736.     i = EVP_DecodeUpdate(&ctx,

  737.                          (unsigned char *)dataB->data, &bl,

  738.                          (unsigned char *)dataB->data, bl);

  739.     if (i < 0) {

  740.         OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_BASE64_DECODE);

  741.         goto err;

  742.     }

  743.     i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);

  744.     if (i < 0) {

  745.         OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_BASE64_DECODE);

  746.         goto err;

  747.     }

  748.     bl += k;

  749. 

  750.     if (bl == 0)

  751.         goto err;

  752.     *name = nameB->data;

  753.     *header = headerB->data;

  754.     *data = (unsigned char *)dataB->data;

  755.     *len = bl;

  756.     OPENSSL_free(nameB);

  757.     OPENSSL_free(headerB);

  758.     OPENSSL_free(dataB);

  759.     return (1);

  760.  err:

  761.     BUF_MEM_free(nameB);

  762.     BUF_MEM_free(headerB);

  763.     BUF_MEM_free(dataB);

  764.     return (0);

  765. }

  766. 

  767. int PEM_def_callback(char *buf, int size, int rwflag, void *userdata)

  768. {

  769.     if (!buf || !userdata) {

  770.         return 0;

  771.     }

  772.     size_t len = strlen((char *)userdata);

  773.     if (len >= (size_t)size) {

  774.         return 0;

  775.     }

  776.     strcpy(buf, (char *)userdata);

  777.     return len;

  778. }