kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1217 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 9f33fc63c6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9f33fc63c6'
${ noResults }
boringssl/crypto/pem/pem_pkey.c

313 lines
9.2 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/pem.h>

  58. 

  59. #include <stdio.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/buf.h>

  63. #include <openssl/dh.h>

  64. #include <openssl/err.h>

  65. #include <openssl/evp.h>

  66. #include <openssl/mem.h>

  67. #include <openssl/obj.h>

  68. #include <openssl/pkcs8.h>

  69. #include <openssl/rand.h>

  70. #include <openssl/x509.h>

  71. 

  72. #include "../evp/internal.h"

  73. 

  74. 

  75. int pem_check_suffix(const char *pem_str, const char *suffix);

  76. 

  77. EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)

  78. 	{

  79. 	char *nm=NULL;

  80. 	const unsigned char *p=NULL;

  81. 	unsigned char *data=NULL;

  82. 	long len;

  83. 	int slen;

  84. 	EVP_PKEY *ret=NULL;

  85. 

  86. 	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))

  87. 		return NULL;

  88. 	p = data;

  89. 

  90. 	if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {

  91. 		PKCS8_PRIV_KEY_INFO *p8inf;

  92. 		p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);

  93. 		if(!p8inf) goto p8err;

  94. 		ret = EVP_PKCS82PKEY(p8inf);

  95. 		if(x) {

  96. 			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);

  97. 			*x = ret;

  98. 		}

  99. 		PKCS8_PRIV_KEY_INFO_free(p8inf);

  100. 	} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {

  101. 		PKCS8_PRIV_KEY_INFO *p8inf;

  102. 		X509_SIG *p8;

  103. 		int klen;

  104. 		char psbuf[PEM_BUFSIZE];

  105. 		p8 = d2i_X509_SIG(NULL, &p, len);

  106. 		if(!p8) goto p8err;

  107. 

  108. 		klen = 0;

  109. 		if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);

  110. 		if (klen <= 0) {

  111. 			OPENSSL_PUT_ERROR(PEM, PEM_read_bio_PrivateKey, PEM_R_BAD_PASSWORD_READ);

  112. 			X509_SIG_free(p8);

  113. 			goto err;

  114. 		}

  115. 		p8inf = PKCS8_decrypt(p8, psbuf, klen);

  116. 		X509_SIG_free(p8);

  117. 		if(!p8inf) goto p8err;

  118. 		ret = EVP_PKCS82PKEY(p8inf);

  119. 		if(x) {

  120. 			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);

  121. 			*x = ret;

  122. 		}

  123. 		PKCS8_PRIV_KEY_INFO_free(p8inf);

  124. 	} else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0)

  125. 		{

  126. 		const EVP_PKEY_ASN1_METHOD *ameth;

  127. 		ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);

  128. 		if (!ameth || !ameth->old_priv_decode)

  129. 			goto p8err;

  130. 		ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len);

  131. 		}

  132. p8err:

  133. 	if (ret == NULL)

  134. 		OPENSSL_PUT_ERROR(PEM, PEM_read_bio_PrivateKey, ERR_R_ASN1_LIB);

  135. 

  136. err:

  137. 	OPENSSL_free(nm);

  138. 	OPENSSL_cleanse(data, len);

  139. 	OPENSSL_free(data);

  140. 	return(ret);

  141. 	}

  142. 

  143. int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,

  144.                                                unsigned char *kstr, int klen,

  145.                                                pem_password_cb *cb, void *u)

  146. 	{

  147. 	char pem_str[80];

  148. 	if (!x->ameth || x->ameth->priv_encode)

  149. 		return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,

  150. 							(char *)kstr, klen,

  151. 							cb, u);

  152. 

  153. 	BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);

  154. 	return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,

  155. 				pem_str,bp,x,enc,kstr,klen,cb,u);

  156. 	}

  157. 

  158. static int public_key_type_from_str(const char *name, size_t len) {

  159.   if (len == 3 && memcmp(name, "RSA", 3) == 0) {

  160.     return EVP_PKEY_RSA;

  161.   } else if (len == 2 && memcmp(name, "DH", 2) == 0) {

  162.     return EVP_PKEY_DH;

  163.   } else if (len == 2 && memcmp(name, "EC", 2) == 0) {

  164.     return EVP_PKEY_EC;

  165.   }

  166.   return NID_undef;

  167. }

  168. 

  169. static int set_pkey_type_from_str(EVP_PKEY *pkey, const char *name, size_t len) {

  170.   int nid = public_key_type_from_str(name, len);

  171.   if (nid == NID_undef) {

  172.     return 0;

  173.   }

  174.   return EVP_PKEY_set_type(pkey, nid);

  175. }

  176. 

  177. EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)

  178. 	{

  179. 	char *nm=NULL;

  180. 	const unsigned char *p=NULL;

  181. 	unsigned char *data=NULL;

  182. 	long len;

  183. 	int slen;

  184. 	EVP_PKEY *ret=NULL;

  185. 

  186. 	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,

  187. 								bp, 0, NULL))

  188. 		return NULL;

  189. 	p = data;

  190. 

  191. 	if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0)

  192. 		{

  193. 		ret = EVP_PKEY_new();

  194. 		if (!ret)

  195. 			goto err;

  196. 		if (!set_pkey_type_from_str(ret, nm, slen)

  197. 			|| !ret->ameth->param_decode

  198. 			|| !ret->ameth->param_decode(ret, &p, len))

  199. 			{

  200. 			EVP_PKEY_free(ret);

  201. 			ret = NULL;

  202. 			goto err;

  203. 			}

  204. 		if(x)

  205. 			{

  206. 			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);

  207. 			*x = ret;

  208. 			}

  209. 		}

  210. err:

  211. 	if (ret == NULL)

  212. 		OPENSSL_PUT_ERROR(PEM, PEM_read_bio_Parameters, ERR_R_ASN1_LIB);

  213. 	OPENSSL_free(nm);

  214. 	OPENSSL_free(data);

  215. 	return(ret);

  216. 	}

  217. 

  218. int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)

  219. 	{

  220. 	char pem_str[80];

  221. 	if (!x->ameth || !x->ameth->param_encode)

  222. 		return 0;

  223. 

  224. 	BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);

  225. 	return PEM_ASN1_write_bio(

  226. 		(i2d_of_void *)x->ameth->param_encode,

  227. 				pem_str,bp,x,NULL,NULL,0,0,NULL);

  228. 	}

  229. 

  230. #ifndef OPENSSL_NO_FP_API

  231. EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)

  232. 	{

  233.         BIO *b;

  234.         EVP_PKEY *ret;

  235. 

  236.         if ((b=BIO_new(BIO_s_file())) == NULL)

  237. 		{

  238. 		OPENSSL_PUT_ERROR(PEM, PEM_read_PrivateKey, ERR_R_BUF_LIB);

  239.                 return(0);

  240. 		}

  241.         BIO_set_fp(b,fp,BIO_NOCLOSE);

  242.         ret=PEM_read_bio_PrivateKey(b,x,cb,u);

  243.         BIO_free(b);

  244.         return(ret);

  245. 	}

  246. 

  247. int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,

  248.                                                unsigned char *kstr, int klen,

  249.                                                pem_password_cb *cb, void *u)

  250. 	{

  251.         BIO *b;

  252.         int ret;

  253. 

  254.         if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)

  255. 		{

  256. 		OPENSSL_PUT_ERROR(PEM, PEM_write_PrivateKey, ERR_R_BUF_LIB);

  257.                 return 0;

  258. 		}

  259.         ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);

  260.         BIO_free(b);

  261.         return ret;

  262. 	}

  263. 

  264. #endif

  265. 

  266. 

  267. /* Transparently read in PKCS#3 or X9.42 DH parameters */

  268. 

  269. DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)

  270. 	{

  271. 	char *nm=NULL;

  272. 	const unsigned char *p=NULL;

  273. 	unsigned char *data=NULL;

  274. 	long len;

  275. 	DH *ret=NULL;

  276. 

  277. 	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS,

  278. 								bp, cb, u))

  279. 		return NULL;

  280. 	p = data;

  281. 

  282.         /* TODO(fork): remove? */

  283. 	/*if (!strcmp(nm, PEM_STRING_DHXPARAMS))

  284. 		ret = d2i_DHxparams(x, &p, len);

  285. 	else */

  286. 		ret = d2i_DHparams(x, &p, len);

  287. 

  288. 	if (ret == NULL)

  289. 		OPENSSL_PUT_ERROR(PEM, PEM_read_bio_DHparams, ERR_R_ASN1_LIB);

  290. 	OPENSSL_free(nm);

  291. 	OPENSSL_free(data);

  292. 	return ret;

  293. 	}

  294. 

  295. #ifndef OPENSSL_NO_FP_API

  296. DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)

  297. 	{

  298.         BIO *b;

  299.         DH *ret;

  300. 

  301.         if ((b=BIO_new(BIO_s_file())) == NULL)

  302. 		{

  303. 		OPENSSL_PUT_ERROR(PEM, PEM_read_DHparams, ERR_R_BUF_LIB);

  304.                 return(0);

  305. 		}

  306.         BIO_set_fp(b,fp,BIO_NOCLOSE);

  307.         ret=PEM_read_bio_DHparams(b,x,cb,u);

  308.         BIO_free(b);

  309.         return(ret);

  310. 	}

  311. #endif