kris
/
boringssl
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3990 Commitit
12 Branchit
38 MiB
 
 
 
 
 
 
Puu: 3e0b2ce12b
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '3e0b2ce12b'
${ noResults }
boringssl/crypto/pem/pem_pk8.c

258 rivejä
9.1 KiB
Raaka Blame Historia 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/pem.h>

  58. 

  59. #include <openssl/buf.h>

  60. #include <openssl/err.h>

  61. #include <openssl/evp.h>

  62. #include <openssl/mem.h>

  63. #include <openssl/obj.h>

  64. #include <openssl/pkcs8.h>

  65. #include <openssl/rand.h>

  66. #include <openssl/x509.h>

  67. 

  68. static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,

  69.                       int nid, const EVP_CIPHER *enc,

  70.                       char *kstr, int klen, pem_password_cb *cb, void *u);

  71. static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,

  72.                          int nid, const EVP_CIPHER *enc,

  73.                          char *kstr, int klen, pem_password_cb *cb, void *u);

  74. 

  75. /*

  76.  * These functions write a private key in PKCS#8 format: it is a "drop in"

  77.  * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'

  78.  * is NULL then it uses the unencrypted private key form. The 'nid' versions

  79.  * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.

  80.  */

  81. 

  82. int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,

  83.                                       char *kstr, int klen,

  84.                                       pem_password_cb *cb, void *u)

  85. {

  86.     return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);

  87. }

  88. 

  89. int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,

  90.                                   char *kstr, int klen,

  91.                                   pem_password_cb *cb, void *u)

  92. {

  93.     return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);

  94. }

  95. 

  96. int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,

  97.                             char *kstr, int klen,

  98.                             pem_password_cb *cb, void *u)

  99. {

  100.     return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);

  101. }

  102. 

  103. int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,

  104.                                 char *kstr, int klen,

  105.                                 pem_password_cb *cb, void *u)

  106. {

  107.     return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);

  108. }

  109. 

  110. static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,

  111.                       const EVP_CIPHER *enc, char *kstr, int klen,

  112.                       pem_password_cb *cb, void *u)

  113. {

  114.     X509_SIG *p8;

  115.     PKCS8_PRIV_KEY_INFO *p8inf;

  116.     char buf[PEM_BUFSIZE];

  117.     int ret;

  118.     if (!(p8inf = EVP_PKEY2PKCS8(x))) {

  119.         OPENSSL_PUT_ERROR(PEM, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);

  120.         return 0;

  121.     }

  122.     if (enc || (nid != -1)) {

  123.         if (!kstr) {

  124.             klen = 0;

  125.             if (!cb)

  126.                 cb = PEM_def_callback;

  127.             klen = cb(buf, PEM_BUFSIZE, 1, u);

  128.             if (klen <= 0) {

  129.                 OPENSSL_PUT_ERROR(PEM, PEM_R_READ_KEY);

  130.                 PKCS8_PRIV_KEY_INFO_free(p8inf);

  131.                 return 0;

  132.             }

  133. 

  134.             kstr = buf;

  135.         }

  136.         p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);

  137.         if (kstr == buf)

  138.             OPENSSL_cleanse(buf, klen);

  139.         PKCS8_PRIV_KEY_INFO_free(p8inf);

  140.         if (isder)

  141.             ret = i2d_PKCS8_bio(bp, p8);

  142.         else

  143.             ret = PEM_write_bio_PKCS8(bp, p8);

  144.         X509_SIG_free(p8);

  145.         return ret;

  146.     } else {

  147.         if (isder)

  148.             ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);

  149.         else

  150.             ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);

  151.         PKCS8_PRIV_KEY_INFO_free(p8inf);

  152.         return ret;

  153.     }

  154. }

  155. 

  156. EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,

  157.                                   void *u)

  158. {

  159.     PKCS8_PRIV_KEY_INFO *p8inf = NULL;

  160.     X509_SIG *p8 = NULL;

  161.     int klen;

  162.     EVP_PKEY *ret;

  163.     char psbuf[PEM_BUFSIZE];

  164.     p8 = d2i_PKCS8_bio(bp, NULL);

  165.     if (!p8)

  166.         return NULL;

  167. 

  168.     klen = 0;

  169.     if (!cb)

  170.         cb = PEM_def_callback;

  171.     klen = cb(psbuf, PEM_BUFSIZE, 0, u);

  172.     if (klen <= 0) {

  173.         OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);

  174.         X509_SIG_free(p8);

  175.         return NULL;

  176.     }

  177.     p8inf = PKCS8_decrypt(p8, psbuf, klen);

  178.     X509_SIG_free(p8);

  179.     if (!p8inf)

  180.         return NULL;

  181.     ret = EVP_PKCS82PKEY(p8inf);

  182.     PKCS8_PRIV_KEY_INFO_free(p8inf);

  183.     if (!ret)

  184.         return NULL;

  185.     if (x) {

  186.         if (*x)

  187.             EVP_PKEY_free(*x);

  188.         *x = ret;

  189.     }

  190.     return ret;

  191. }

  192. 

  193. #ifndef OPENSSL_NO_FP_API

  194. 

  195. int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,

  196.                            char *kstr, int klen, pem_password_cb *cb, void *u)

  197. {

  198.     return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);

  199. }

  200. 

  201. int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,

  202.                                char *kstr, int klen,

  203.                                pem_password_cb *cb, void *u)

  204. {

  205.     return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);

  206. }

  207. 

  208. int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,

  209.                                   char *kstr, int klen,

  210.                                   pem_password_cb *cb, void *u)

  211. {

  212.     return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);

  213. }

  214. 

  215. int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,

  216.                               char *kstr, int klen, pem_password_cb *cb,

  217.                               void *u)

  218. {

  219.     return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);

  220. }

  221. 

  222. static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid,

  223.                          const EVP_CIPHER *enc, char *kstr, int klen,

  224.                          pem_password_cb *cb, void *u)

  225. {

  226.     BIO *bp;

  227.     int ret;

  228.     if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {

  229.         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);

  230.         return (0);

  231.     }

  232.     ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);

  233.     BIO_free(bp);

  234.     return ret;

  235. }

  236. 

  237. EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,

  238.                                  void *u)

  239. {

  240.     BIO *bp;

  241.     EVP_PKEY *ret;

  242.     if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {

  243.         OPENSSL_PUT_ERROR(PEM, ERR_R_BUF_LIB);

  244.         return NULL;

  245.     }

  246.     ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);

  247.     BIO_free(bp);

  248.     return ret;

  249. }

  250. 

  251. #endif

  252. 

  253. IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)

  254. 

  255. 

  256. IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,

  257.              PKCS8_PRIV_KEY_INFO)