[thirdparty/openssl.git] / crypto / pem / pem_info.c

/*
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include "crypto/evp.h"

#ifndef OPENSSL_NO_STDIO
STACK_OF(X509_INFO)
*PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
                       void *u, OSSL_LIB_CTX *libctx, const char *propq)
{
    BIO *b;
    STACK_OF(X509_INFO) *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
        return 0;
    }
    BIO_set_fp(b, fp, BIO_NOCLOSE);
    ret = PEM_X509_INFO_read_bio_ex(b, sk, cb, u, libctx, propq);
    BIO_free(b);
    return ret;
}

STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                        pem_password_cb *cb, void *u)
{
    return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL);
}
#endif

STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk,
                                               pem_password_cb *cb, void *u,
                                               OSSL_LIB_CTX *libctx,
                                               const char *propq)
{
    X509_INFO *xi = NULL;
    char *name = NULL, *header = NULL, *str;
    void *pp;
    unsigned char *data = NULL;
    const unsigned char *p;
    long len, error = 0;
    int ok = 0;
    STACK_OF(X509_INFO) *ret = NULL;
    unsigned int i, raw, ptype;
    d2i_of_void *d2i = 0;

    if (sk == NULL) {
        if ((ret = sk_X509_INFO_new_null()) == NULL) {
            ERR_raise(ERR_LIB_PEM, ERR_R_CRYPTO_LIB);
            goto err;
        }
    } else
        ret = sk;

    if ((xi = X509_INFO_new()) == NULL)
        goto err;
    for (;;) {
        raw = 0;
        ptype = 0;
        ERR_set_mark();
        i = PEM_read_bio(bp, &name, &header, &data, &len);
        if (i == 0) {
            error = ERR_GET_REASON(ERR_peek_last_error());
            if (error == PEM_R_NO_START_LINE) {
                ERR_pop_to_mark();
                break;
            }
            ERR_clear_last_mark();
            goto err;
        }
        ERR_clear_last_mark();
 start:
        if (strcmp(name, PEM_STRING_X509) == 0
                || strcmp(name, PEM_STRING_X509_OLD) == 0
                || strcmp(name, PEM_STRING_X509_TRUSTED) == 0) {
            if (xi->x509 != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0))
                d2i = (D2I_OF(void)) d2i_X509_AUX;
            else
                d2i = (D2I_OF(void)) d2i_X509;
            xi->x509 = X509_new_ex(libctx, propq);
            if (xi->x509 == NULL)
                goto err;
            pp = &(xi->x509);
        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
            d2i = (D2I_OF(void)) d2i_X509_CRL;
            if (xi->crl != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->crl);
        } else if ((str = strstr(name, PEM_STRING_PKCS8INF)) != NULL) {
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            if (str == name || strcmp(name, PEM_STRING_PKCS8) == 0) {
                ptype = EVP_PKEY_NONE;
            } else {
                /* chop " PRIVATE KEY" */
                *--str = '\0';
                ptype = evp_pkey_name2type(name);
            }
            xi->enc_data = NULL;
            xi->enc_len = 0;

            d2i = (D2I_OF(void)) d2i_AutoPrivateKey;
            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10 /* assume encrypted */
                   || strcmp(name, PEM_STRING_PKCS8) == 0)
                raw = 1;
        } else { /* unknown */
            d2i = NULL;
            pp = NULL;
        }

        if (d2i != NULL) {
            if (!raw) {
                EVP_CIPHER_INFO cipher;

                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
                    goto err;
                if (!PEM_do_header(&cipher, data, &len, cb, u))
                    goto err;
                p = data;
                if (ptype) {
                    if (d2i_PrivateKey_ex(ptype, pp, &p, len,
                                          libctx, propq) == NULL) {
                        ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
                        goto err;
                    }
                } else if (d2i(pp, &p, len) == NULL) {
                    ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
                    goto err;
                }
            } else {            /* encrypted key data */
                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
                    goto err;
                xi->enc_data = (char *)data;
                xi->enc_len = (int)len;
                data = NULL;
            }
        }
        OPENSSL_free(name);
        name = NULL;
        OPENSSL_free(header);
        header = NULL;
        OPENSSL_free(data);
        data = NULL;
    }

    /*
     * if the last one hasn't been pushed yet and there is anything in it
     * then add it to the stack ...
     */
    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
        if (!sk_X509_INFO_push(ret, xi))
            goto err;
        xi = NULL;
    }
    ok = 1;
 err:
    X509_INFO_free(xi);
    if (!ok) {
        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
            xi = sk_X509_INFO_value(ret, i);
            X509_INFO_free(xi);
        }
        if (ret != sk)
            sk_X509_INFO_free(ret);
        ret = NULL;
    }

    OPENSSL_free(name);
    OPENSSL_free(header);
    OPENSSL_free(data);
    return ret;
}

STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
                                            pem_password_cb *cb, void *u)
{
    return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL);
}

/* A TJH addition */
int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
                            const unsigned char *kstr, int klen,
                            pem_password_cb *cb, void *u)
{
    int i, ret = 0;
    unsigned char *data = NULL;
    const char *objstr = NULL;
    char buf[PEM_BUFSIZE];
    const unsigned char *iv = NULL;

    if (enc != NULL) {
        objstr = EVP_CIPHER_get0_name(enc);
        if (objstr == NULL
               /*
                * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
                * fits into buf
                */
            || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13
               > sizeof(buf)) {
            ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
            goto err;
        }
    }

    /*
     * now for the fun part ... if we have a private key then we have to be
     * able to handle a not-yet-decrypted key being written out correctly ...
     * if it is decrypted or it is non-encrypted then we use the base code
     */
    if (xi->x_pkey != NULL) {
        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
            if (enc == NULL) {
                ERR_raise(ERR_LIB_PEM, PEM_R_CIPHER_IS_NULL);
                goto err;
            }

            /* copy from weirdo names into more normal things */
            iv = xi->enc_cipher.iv;
            data = (unsigned char *)xi->enc_data;
            i = xi->enc_len;

            /*
             * we take the encryption data from the internal stuff rather
             * than what the user has passed us ... as we have to match
             * exactly for some strange reason
             */
            objstr = EVP_CIPHER_get0_name(xi->enc_cipher.cipher);
            if (objstr == NULL) {
                ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
                goto err;
            }

            /* Create the right magic header stuff */
            buf[0] = '\0';
            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
            PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc),
                         (const char *)iv);

            /* use the normal code to write things out */
            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
            if (i <= 0)
                goto err;
        } else {
            /* Add DSA/DH */
            /* normal optionally encrypted stuff */
            if (PEM_write_bio_RSAPrivateKey(bp,
                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
                                            enc, kstr, klen, cb, u) <= 0)
                goto err;
        }
    }

    /* if we have a certificate then write it out now */
    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
        goto err;

    /*
     * we are ignoring anything else that is loaded into the X509_INFO
     * structure for the moment ... as I don't need it so I'm not coding it
     * here and Eric can do it when this makes it into the base library --tjh
     */

    ret = 1;

 err:
    OPENSSL_cleanse(buf, PEM_BUFSIZE);
    return ret;
}
Commit	Line	Data
62867571	1	/*
4333b89f	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
16742672	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
62867571 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
d02b48c6 RE	9
f41ac0ee P	10	/*
	11	* DSA low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
d02b48c6	16	#include <stdio.h>
b39fc560	17	#include "internal/cryptlib.h"
ec577822 BM	18	#include <openssl/buffer.h>
	19	#include <openssl/objects.h>
	20	#include <openssl/evp.h>
	21	#include <openssl/x509.h>
	22	#include <openssl/pem.h>
3c27208f RS	23	#include <openssl/rsa.h>
3c27208f RS	24	#include <openssl/dsa.h>
4957d952	25	#include "crypto/evp.h"
d02b48c6	26
4b618848	27	#ifndef OPENSSL_NO_STDIO
6725682d	28	STACK_OF(X509_INFO)
d8652be0	29	PEM_X509_INFO_read_ex(FILE fp, STACK_OF(X509_INFO) sk, pem_password_cb cb,
b4250010	30	void u, OSSL_LIB_CTX libctx, const char *propq)
0f113f3e MC	31	{
	32	BIO *b;
	33	STACK_OF(X509_INFO) *ret;
d02b48c6	34
0f113f3e	35	if ((b = BIO_new(BIO_s_file())) == NULL) {
9311d0c4	36	ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB);
26a7d938	37	return 0;
0f113f3e MC	38	}
0f113f3e MC	39	BIO_set_fp(b, fp, BIO_NOCLOSE);
d8652be0	40	ret = PEM_X509_INFO_read_bio_ex(b, sk, cb, u, libctx, propq);
0f113f3e	41	BIO_free(b);
26a7d938	42	return ret;
0f113f3e	43	}
6725682d SL	44
	45	STACK_OF(X509_INFO) PEM_X509_INFO_read(FILE fp, STACK_OF(X509_INFO) *sk,
	46	pem_password_cb cb, void u)
	47	{
d8652be0	48	return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL);
6725682d	49	}
d02b48c6 RE	50	#endif
d02b48c6 RE	51
0cbb3602 DDO	52	STACK_OF(X509_INFO) PEM_X509_INFO_read_bio_ex(BIO bp, STACK_OF(X509_INFO) *sk,
	53	pem_password_cb cb, void u,
	54	OSSL_LIB_CTX *libctx,
	55	const char *propq)
0f113f3e MC	56	{
0f113f3e MC	57	X509_INFO *xi = NULL;
4957d952	58	char name = NULL, header = NULL, *str;
0f113f3e MC	59	void *pp;
	60	unsigned char *data = NULL;
	61	const unsigned char *p;
	62	long len, error = 0;
	63	int ok = 0;
	64	STACK_OF(X509_INFO) *ret = NULL;
	65	unsigned int i, raw, ptype;
	66	d2i_of_void *d2i = 0;
d02b48c6	67
0f113f3e MC	68	if (sk == NULL) {
0f113f3e MC	69	if ((ret = sk_X509_INFO_new_null()) == NULL) {
e077455e	70	ERR_raise(ERR_LIB_PEM, ERR_R_CRYPTO_LIB);
0f113f3e MC	71	goto err;
	72	}
	73	} else
	74	ret = sk;
d02b48c6	75
0f113f3e MC	76	if ((xi = X509_INFO_new()) == NULL)
	77	goto err;
	78	for (;;) {
	79	raw = 0;
	80	ptype = 0;
0cbb3602	81	ERR_set_mark();
0f113f3e MC	82	i = PEM_read_bio(bp, &name, &header, &data, &len);
	83	if (i == 0) {
	84	error = ERR_GET_REASON(ERR_peek_last_error());
	85	if (error == PEM_R_NO_START_LINE) {
0cbb3602	86	ERR_pop_to_mark();
0f113f3e MC	87	break;
0f113f3e MC	88	}
0cbb3602	89	ERR_clear_last_mark();
0f113f3e MC	90	goto err;
0f113f3e MC	91	}
0cbb3602	92	ERR_clear_last_mark();
0f113f3e	93	start:
4957d952 DDO	94	if (strcmp(name, PEM_STRING_X509) == 0
	95	\|\| strcmp(name, PEM_STRING_X509_OLD) == 0
	96	\|\| strcmp(name, PEM_STRING_X509_TRUSTED) == 0) {
0f113f3e MC	97	if (xi->x509 != NULL) {
	98	if (!sk_X509_INFO_push(ret, xi))
	99	goto err;
	100	if ((xi = X509_INFO_new()) == NULL)
	101	goto err;
	102	goto start;
	103	}
4957d952 DDO	104	if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0))
	105	d2i = (D2I_OF(void)) d2i_X509_AUX;
	106	else
	107	d2i = (D2I_OF(void)) d2i_X509;
d8652be0	108	xi->x509 = X509_new_ex(libctx, propq);
6725682d SL	109	if (xi->x509 == NULL)
6725682d SL	110	goto err;
0f113f3e MC	111	pp = &(xi->x509);
	112	} else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
	113	d2i = (D2I_OF(void)) d2i_X509_CRL;
	114	if (xi->crl != NULL) {
	115	if (!sk_X509_INFO_push(ret, xi))
	116	goto err;
	117	if ((xi = X509_INFO_new()) == NULL)
	118	goto err;
	119	goto start;
	120	}
	121	pp = &(xi->crl);
4957d952	122	} else if ((str = strstr(name, PEM_STRING_PKCS8INF)) != NULL) {
0f113f3e MC	123	if (xi->x_pkey != NULL) {
	124	if (!sk_X509_INFO_push(ret, xi))
	125	goto err;
	126	if ((xi = X509_INFO_new()) == NULL)
	127	goto err;
	128	goto start;
	129	}
4957d952 DDO	130	if (str == name \|\| strcmp(name, PEM_STRING_PKCS8) == 0) {
	131	ptype = EVP_PKEY_NONE;
	132	} else {
	133	/* chop " PRIVATE KEY" */
	134	*--str = '\0';
	135	ptype = evp_pkey_name2type(name);
0f113f3e	136	}
0f113f3e MC	137	xi->enc_data = NULL;
	138	xi->enc_len = 0;
	139
4957d952	140	d2i = (D2I_OF(void)) d2i_AutoPrivateKey;
0f113f3e	141	xi->x_pkey = X509_PKEY_new();
90945fa3 MC	142	if (xi->x_pkey == NULL)
90945fa3 MC	143	goto err;
0f113f3e	144	pp = &xi->x_pkey->dec_pkey;
4957d952 DDO	145	if ((int)strlen(header) > 10 /* assume encrypted */
4957d952 DDO	146	\|\| strcmp(name, PEM_STRING_PKCS8) == 0)
0f113f3e	147	raw = 1;
4957d952	148	} else { /* unknown */
0f113f3e MC	149	d2i = NULL;
	150	pp = NULL;
	151	}
d02b48c6	152
0f113f3e MC	153	if (d2i != NULL) {
	154	if (!raw) {
	155	EVP_CIPHER_INFO cipher;
d02b48c6	156
0f113f3e MC	157	if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
	158	goto err;
	159	if (!PEM_do_header(&cipher, data, &len, cb, u))
	160	goto err;
	161	p = data;
	162	if (ptype) {
c1fd7102 DDO	163	if (d2i_PrivateKey_ex(ptype, pp, &p, len,
c1fd7102 DDO	164	libctx, propq) == NULL) {
9311d0c4	165	ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
0f113f3e MC	166	goto err;
	167	}
	168	} else if (d2i(pp, &p, len) == NULL) {
9311d0c4	169	ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB);
0f113f3e MC	170	goto err;
0f113f3e MC	171	}
c1fd7102	172	} else { /* encrypted key data */
0f113f3e MC	173	if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
	174	goto err;
	175	xi->enc_data = (char *)data;
	176	xi->enc_len = (int)len;
	177	data = NULL;
	178	}
0f113f3e	179	}
b548a1f1	180	OPENSSL_free(name);
0f113f3e	181	name = NULL;
b548a1f1	182	OPENSSL_free(header);
0f113f3e	183	header = NULL;
b548a1f1	184	OPENSSL_free(data);
0f113f3e MC	185	data = NULL;
0f113f3e MC	186	}
d02b48c6	187
0f113f3e MC	188	/*
	189	* if the last one hasn't been pushed yet and there is anything in it
	190	* then add it to the stack ...
	191	*/
	192	if ((xi->x509 != NULL) \|\| (xi->crl != NULL) \|\|
	193	(xi->x_pkey != NULL) \|\| (xi->enc_data != NULL)) {
	194	if (!sk_X509_INFO_push(ret, xi))
	195	goto err;
	196	xi = NULL;
	197	}
	198	ok = 1;
	199	err:
222561fe	200	X509_INFO_free(xi);
0f113f3e MC	201	if (!ok) {
	202	for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
	203	xi = sk_X509_INFO_value(ret, i);
	204	X509_INFO_free(xi);
	205	}
	206	if (ret != sk)
	207	sk_X509_INFO_free(ret);
	208	ret = NULL;
	209	}
d02b48c6	210
b548a1f1 RS	211	OPENSSL_free(name);
	212	OPENSSL_free(header);
	213	OPENSSL_free(data);
26a7d938	214	return ret;
0f113f3e	215	}
d02b48c6	216
6725682d SL	217	STACK_OF(X509_INFO) PEM_X509_INFO_read_bio(BIO bp, STACK_OF(X509_INFO) *sk,
	218	pem_password_cb cb, void u)
	219	{
d8652be0	220	return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL);
6725682d SL	221	}
6725682d SL	222
d02b48c6	223	/* A TJH addition */
de0799b0 RL	224	int PEM_X509_INFO_write_bio(BIO bp, const X509_INFO xi, EVP_CIPHER *enc,
de0799b0 RL	225	const unsigned char *kstr, int klen,
0f113f3e MC	226	pem_password_cb cb, void u)
0f113f3e MC	227	{
0f113f3e MC	228	int i, ret = 0;
	229	unsigned char *data = NULL;
	230	const char *objstr = NULL;
	231	char buf[PEM_BUFSIZE];
de0799b0	232	const unsigned char *iv = NULL;
0f113f3e MC	233
0f113f3e MC	234	if (enc != NULL) {
ed576acd	235	objstr = EVP_CIPHER_get0_name(enc);
e40ada04	236	if (objstr == NULL
ed576acd TM	237	/*
	238	* Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
	239	* fits into buf
	240	*/
	241	\|\| strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13
	242	> sizeof(buf)) {
9311d0c4	243	ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
0f113f3e MC	244	goto err;
	245	}
	246	}
d02b48c6	247
0f113f3e MC	248	/*
	249	* now for the fun part ... if we have a private key then we have to be
	250	* able to handle a not-yet-decrypted key being written out correctly ...
	251	* if it is decrypted or it is non-encrypted then we use the base code
	252	*/
	253	if (xi->x_pkey != NULL) {
	254	if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
	255	if (enc == NULL) {
9311d0c4	256	ERR_raise(ERR_LIB_PEM, PEM_R_CIPHER_IS_NULL);
0f113f3e MC	257	goto err;
0f113f3e MC	258	}
8bbf6ac0	259
0f113f3e MC	260	/* copy from weirdo names into more normal things */
	261	iv = xi->enc_cipher.iv;
	262	data = (unsigned char *)xi->enc_data;
	263	i = xi->enc_len;
d02b48c6	264
0f113f3e MC	265	/*
	266	* we take the encryption data from the internal stuff rather
	267	* than what the user has passed us ... as we have to match
	268	* exactly for some strange reason
	269	*/
ed576acd	270	objstr = EVP_CIPHER_get0_name(xi->enc_cipher.cipher);
0f113f3e	271	if (objstr == NULL) {
9311d0c4	272	ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER);
0f113f3e MC	273	goto err;
0f113f3e MC	274	}
d02b48c6	275
df443918	276	/* Create the right magic header stuff */
0f113f3e MC	277	buf[0] = '\0';
0f113f3e MC	278	PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
ed576acd	279	PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc),
de0799b0	280	(const char *)iv);
d02b48c6	281
0f113f3e MC	282	/* use the normal code to write things out */
	283	i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
	284	if (i <= 0)
	285	goto err;
	286	} else {
	287	/* Add DSA/DH */
0f113f3e MC	288	/* normal optionally encrypted stuff */
0f113f3e MC	289	if (PEM_write_bio_RSAPrivateKey(bp,
3aeb9348	290	EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
0f113f3e MC	291	enc, kstr, klen, cb, u) <= 0)
0f113f3e MC	292	goto err;
0f113f3e MC	293	}
0f113f3e MC	294	}
d02b48c6	295
0f113f3e MC	296	/* if we have a certificate then write it out now */
	297	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
	298	goto err;
d02b48c6	299
0f113f3e MC	300	/*
	301	* we are ignoring anything else that is loaded into the X509_INFO
	302	* structure for the moment ... as I don't need it so I'm not coding it
	303	* here and Eric can do it when this makes it into the base library --tjh
	304	*/
d02b48c6	305
0f113f3e	306	ret = 1;
d02b48c6	307
0f113f3e	308	err:
0f113f3e	309	OPENSSL_cleanse(buf, PEM_BUFSIZE);
26a7d938	310	return ret;
0f113f3e	311	}