[thirdparty/openssl.git] / crypto / pem / pem_info.c

/*
 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>

#ifndef OPENSSL_NO_STDIO
STACK_OF(X509_INFO)
*PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb,
                       void *u, OPENSSL_CTX *libctx, const char *propq)
{
    BIO *b;
    STACK_OF(X509_INFO) *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        PEMerr(0, ERR_R_BUF_LIB);
        return 0;
    }
    BIO_set_fp(b, fp, BIO_NOCLOSE);
    ret = PEM_X509_INFO_read_bio_ex(b, sk, cb, u, libctx, propq);
    BIO_free(b);
    return ret;
}

STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                        pem_password_cb *cb, void *u)
{
    return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL);
}
#endif

STACK_OF(X509_INFO)
*PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk,
                           pem_password_cb *cb, void *u, OPENSSL_CTX *libctx,
                           const char *propq)
{
    X509_INFO *xi = NULL;
    char *name = NULL, *header = NULL;
    void *pp;
    unsigned char *data = NULL;
    const unsigned char *p;
    long len, error = 0;
    int ok = 0;
    STACK_OF(X509_INFO) *ret = NULL;
    unsigned int i, raw, ptype;
    d2i_of_void *d2i = 0;

    if (sk == NULL) {
        if ((ret = sk_X509_INFO_new_null()) == NULL) {
            PEMerr(0, ERR_R_MALLOC_FAILURE);
            goto err;
        }
    } else
        ret = sk;

    if ((xi = X509_INFO_new()) == NULL)
        goto err;
    for (;;) {
        raw = 0;
        ptype = 0;
        i = PEM_read_bio(bp, &name, &header, &data, &len);
        if (i == 0) {
            error = ERR_GET_REASON(ERR_peek_last_error());
            if (error == PEM_R_NO_START_LINE) {
                ERR_clear_error();
                break;
            }
            goto err;
        }
 start:
        if ((strcmp(name, PEM_STRING_X509) == 0) ||
            (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
            d2i = (D2I_OF(void)) d2i_X509;
            if (xi->x509 != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            xi->x509 = X509_new_ex(libctx, propq);
            if (xi->x509 == NULL)
                goto err;
            pp = &(xi->x509);
        } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
            d2i = (D2I_OF(void)) d2i_X509_AUX;
            if (xi->x509 != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            xi->x509 = X509_new_ex(libctx, propq);
            if (xi->x509 == NULL)
                goto err;
            pp = &(xi->x509);
        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
            d2i = (D2I_OF(void)) d2i_X509_CRL;
            if (xi->crl != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->crl);
        } else
#ifndef OPENSSL_NO_RSA
        if (strcmp(name, PEM_STRING_RSA) == 0) {
            d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_RSA;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
#ifndef OPENSSL_NO_DSA
        if (strcmp(name, PEM_STRING_DSA) == 0) {
            d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_DSA;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
#ifndef OPENSSL_NO_EC
        if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
            d2i = (D2I_OF(void)) d2i_ECPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_EC;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
        {
            d2i = NULL;
            pp = NULL;
        }

        if (d2i != NULL) {
            if (!raw) {
                EVP_CIPHER_INFO cipher;

                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
                    goto err;
                if (!PEM_do_header(&cipher, data, &len, cb, u))
                    goto err;
                p = data;
                if (ptype) {
                    if (!d2i_PrivateKey(ptype, pp, &p, len)) {
                        PEMerr(0, ERR_R_ASN1_LIB);
                        goto err;
                    }
                } else if (d2i(pp, &p, len) == NULL) {
                    PEMerr(0, ERR_R_ASN1_LIB);
                    goto err;
                }
            } else {            /* encrypted RSA data */
                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
                    goto err;
                xi->enc_data = (char *)data;
                xi->enc_len = (int)len;
                data = NULL;
            }
        } else {
            /* unknown */
        }
        OPENSSL_free(name);
        name = NULL;
        OPENSSL_free(header);
        header = NULL;
        OPENSSL_free(data);
        data = NULL;
    }

    /*
     * if the last one hasn't been pushed yet and there is anything in it
     * then add it to the stack ...
     */
    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
        if (!sk_X509_INFO_push(ret, xi))
            goto err;
        xi = NULL;
    }
    ok = 1;
 err:
    X509_INFO_free(xi);
    if (!ok) {
        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
            xi = sk_X509_INFO_value(ret, i);
            X509_INFO_free(xi);
        }
        if (ret != sk)
            sk_X509_INFO_free(ret);
        ret = NULL;
    }

    OPENSSL_free(name);
    OPENSSL_free(header);
    OPENSSL_free(data);
    return ret;
}

STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
                                            pem_password_cb *cb, void *u)
{
    return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL);
}

/* A TJH addition */
int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
                            const unsigned char *kstr, int klen,
                            pem_password_cb *cb, void *u)
{
    int i, ret = 0;
    unsigned char *data = NULL;
    const char *objstr = NULL;
    char buf[PEM_BUFSIZE];
    const unsigned char *iv = NULL;

    if (enc != NULL) {
        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
        if (objstr == NULL
                   /*
                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
                    * fits into buf
                    */
                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
                   > sizeof(buf)) {
            PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
            goto err;
        }
    }

    /*
     * now for the fun part ... if we have a private key then we have to be
     * able to handle a not-yet-decrypted key being written out correctly ...
     * if it is decrypted or it is non-encrypted then we use the base code
     */
    if (xi->x_pkey != NULL) {
        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
            if (enc == NULL) {
                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
                goto err;
            }

            /* copy from weirdo names into more normal things */
            iv = xi->enc_cipher.iv;
            data = (unsigned char *)xi->enc_data;
            i = xi->enc_len;

            /*
             * we take the encryption data from the internal stuff rather
             * than what the user has passed us ... as we have to match
             * exactly for some strange reason
             */
            objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
            if (objstr == NULL) {
                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
                       PEM_R_UNSUPPORTED_CIPHER);
                goto err;
            }

            /* Create the right magic header stuff */
            buf[0] = '\0';
            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
            PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
                         (const char *)iv);

            /* use the normal code to write things out */
            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
            if (i <= 0)
                goto err;
        } else {
            /* Add DSA/DH */
#ifndef OPENSSL_NO_RSA
            /* normal optionally encrypted stuff */
            if (PEM_write_bio_RSAPrivateKey(bp,
                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
                                            enc, kstr, klen, cb, u) <= 0)
                goto err;
#endif
        }
    }

    /* if we have a certificate then write it out now */
    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
        goto err;

    /*
     * we are ignoring anything else that is loaded into the X509_INFO
     * structure for the moment ... as I don't need it so I'm not coding it
     * here and Eric can do it when this makes it into the base library --tjh
     */

    ret = 1;

 err:
    OPENSSL_cleanse(buf, PEM_BUFSIZE);
    return ret;
}
Commit	Line	Data
62867571	1	/*
33388b44	2	* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
16742672	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
62867571 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
d02b48c6 RE	9
f41ac0ee P	10	/*
	11	* DSA low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
d02b48c6	16	#include <stdio.h>
b39fc560	17	#include "internal/cryptlib.h"
ec577822 BM	18	#include <openssl/buffer.h>
	19	#include <openssl/objects.h>
	20	#include <openssl/evp.h>
	21	#include <openssl/x509.h>
	22	#include <openssl/pem.h>
3c27208f RS	23	#include <openssl/rsa.h>
3c27208f RS	24	#include <openssl/dsa.h>
d02b48c6	25
4b618848	26	#ifndef OPENSSL_NO_STDIO
6725682d	27	STACK_OF(X509_INFO)
d8652be0 MC	28	PEM_X509_INFO_read_ex(FILE fp, STACK_OF(X509_INFO) sk, pem_password_cb cb,
d8652be0 MC	29	void u, OPENSSL_CTX libctx, const char *propq)
0f113f3e MC	30	{
	31	BIO *b;
	32	STACK_OF(X509_INFO) *ret;
d02b48c6	33
0f113f3e	34	if ((b = BIO_new(BIO_s_file())) == NULL) {
6725682d	35	PEMerr(0, ERR_R_BUF_LIB);
26a7d938	36	return 0;
0f113f3e MC	37	}
0f113f3e MC	38	BIO_set_fp(b, fp, BIO_NOCLOSE);
d8652be0	39	ret = PEM_X509_INFO_read_bio_ex(b, sk, cb, u, libctx, propq);
0f113f3e	40	BIO_free(b);
26a7d938	41	return ret;
0f113f3e	42	}
6725682d SL	43
	44	STACK_OF(X509_INFO) PEM_X509_INFO_read(FILE fp, STACK_OF(X509_INFO) *sk,
	45	pem_password_cb cb, void u)
	46	{
d8652be0	47	return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL);
6725682d	48	}
d02b48c6 RE	49	#endif
d02b48c6 RE	50
6725682d	51	STACK_OF(X509_INFO)
d8652be0 MC	52	PEM_X509_INFO_read_bio_ex(BIO bp, STACK_OF(X509_INFO) *sk,
	53	pem_password_cb cb, void u, OPENSSL_CTX *libctx,
	54	const char *propq)
0f113f3e MC	55	{
	56	X509_INFO *xi = NULL;
	57	char name = NULL, header = NULL;
	58	void *pp;
	59	unsigned char *data = NULL;
	60	const unsigned char *p;
	61	long len, error = 0;
	62	int ok = 0;
	63	STACK_OF(X509_INFO) *ret = NULL;
	64	unsigned int i, raw, ptype;
	65	d2i_of_void *d2i = 0;
d02b48c6	66
0f113f3e MC	67	if (sk == NULL) {
0f113f3e MC	68	if ((ret = sk_X509_INFO_new_null()) == NULL) {
6725682d	69	PEMerr(0, ERR_R_MALLOC_FAILURE);
0f113f3e MC	70	goto err;
	71	}
	72	} else
	73	ret = sk;
d02b48c6	74
0f113f3e MC	75	if ((xi = X509_INFO_new()) == NULL)
	76	goto err;
	77	for (;;) {
	78	raw = 0;
	79	ptype = 0;
	80	i = PEM_read_bio(bp, &name, &header, &data, &len);
	81	if (i == 0) {
	82	error = ERR_GET_REASON(ERR_peek_last_error());
	83	if (error == PEM_R_NO_START_LINE) {
	84	ERR_clear_error();
	85	break;
	86	}
	87	goto err;
	88	}
	89	start:
	90	if ((strcmp(name, PEM_STRING_X509) == 0) \|\|
	91	(strcmp(name, PEM_STRING_X509_OLD) == 0)) {
	92	d2i = (D2I_OF(void)) d2i_X509;
	93	if (xi->x509 != NULL) {
	94	if (!sk_X509_INFO_push(ret, xi))
	95	goto err;
	96	if ((xi = X509_INFO_new()) == NULL)
	97	goto err;
	98	goto start;
	99	}
d8652be0	100	xi->x509 = X509_new_ex(libctx, propq);
6725682d SL	101	if (xi->x509 == NULL)
6725682d SL	102	goto err;
0f113f3e MC	103	pp = &(xi->x509);
	104	} else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
	105	d2i = (D2I_OF(void)) d2i_X509_AUX;
	106	if (xi->x509 != NULL) {
	107	if (!sk_X509_INFO_push(ret, xi))
	108	goto err;
	109	if ((xi = X509_INFO_new()) == NULL)
	110	goto err;
	111	goto start;
	112	}
d8652be0	113	xi->x509 = X509_new_ex(libctx, propq);
6725682d SL	114	if (xi->x509 == NULL)
6725682d SL	115	goto err;
0f113f3e MC	116	pp = &(xi->x509);
	117	} else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
	118	d2i = (D2I_OF(void)) d2i_X509_CRL;
	119	if (xi->crl != NULL) {
	120	if (!sk_X509_INFO_push(ret, xi))
	121	goto err;
	122	if ((xi = X509_INFO_new()) == NULL)
	123	goto err;
	124	goto start;
	125	}
	126	pp = &(xi->crl);
	127	} else
cf1b7d96	128	#ifndef OPENSSL_NO_RSA
0f113f3e MC	129	if (strcmp(name, PEM_STRING_RSA) == 0) {
	130	d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
	131	if (xi->x_pkey != NULL) {
	132	if (!sk_X509_INFO_push(ret, xi))
	133	goto err;
	134	if ((xi = X509_INFO_new()) == NULL)
	135	goto err;
	136	goto start;
	137	}
d02b48c6	138
0f113f3e MC	139	xi->enc_data = NULL;
0f113f3e MC	140	xi->enc_len = 0;
d02b48c6	141
0f113f3e	142	xi->x_pkey = X509_PKEY_new();
90945fa3 MC	143	if (xi->x_pkey == NULL)
90945fa3 MC	144	goto err;
0f113f3e MC	145	ptype = EVP_PKEY_RSA;
	146	pp = &xi->x_pkey->dec_pkey;
	147	if ((int)strlen(header) > 10) /* assume encrypted */
	148	raw = 1;
	149	} else
d02b48c6	150	#endif
cf1b7d96	151	#ifndef OPENSSL_NO_DSA
0f113f3e MC	152	if (strcmp(name, PEM_STRING_DSA) == 0) {
	153	d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
	154	if (xi->x_pkey != NULL) {
	155	if (!sk_X509_INFO_push(ret, xi))
	156	goto err;
	157	if ((xi = X509_INFO_new()) == NULL)
	158	goto err;
	159	goto start;
	160	}
d02b48c6	161
0f113f3e MC	162	xi->enc_data = NULL;
0f113f3e MC	163	xi->enc_len = 0;
d02b48c6	164
0f113f3e	165	xi->x_pkey = X509_PKEY_new();
90945fa3 MC	166	if (xi->x_pkey == NULL)
90945fa3 MC	167	goto err;
0f113f3e MC	168	ptype = EVP_PKEY_DSA;
	169	pp = &xi->x_pkey->dec_pkey;
	170	if ((int)strlen(header) > 10) /* assume encrypted */
	171	raw = 1;
	172	} else
4d94ae00	173	#endif
14a7cfb3	174	#ifndef OPENSSL_NO_EC
0f113f3e MC	175	if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
	176	d2i = (D2I_OF(void)) d2i_ECPrivateKey;
	177	if (xi->x_pkey != NULL) {
	178	if (!sk_X509_INFO_push(ret, xi))
	179	goto err;
	180	if ((xi = X509_INFO_new()) == NULL)
	181	goto err;
	182	goto start;
	183	}
	184
	185	xi->enc_data = NULL;
	186	xi->enc_len = 0;
	187
	188	xi->x_pkey = X509_PKEY_new();
90945fa3 MC	189	if (xi->x_pkey == NULL)
90945fa3 MC	190	goto err;
0f113f3e MC	191	ptype = EVP_PKEY_EC;
	192	pp = &xi->x_pkey->dec_pkey;
	193	if ((int)strlen(header) > 10) /* assume encrypted */
	194	raw = 1;
	195	} else
d02b48c6	196	#endif
0f113f3e MC	197	{
	198	d2i = NULL;
	199	pp = NULL;
	200	}
d02b48c6	201
0f113f3e MC	202	if (d2i != NULL) {
	203	if (!raw) {
	204	EVP_CIPHER_INFO cipher;
d02b48c6	205
0f113f3e MC	206	if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
	207	goto err;
	208	if (!PEM_do_header(&cipher, data, &len, cb, u))
	209	goto err;
	210	p = data;
	211	if (ptype) {
	212	if (!d2i_PrivateKey(ptype, pp, &p, len)) {
6725682d	213	PEMerr(0, ERR_R_ASN1_LIB);
0f113f3e MC	214	goto err;
	215	}
	216	} else if (d2i(pp, &p, len) == NULL) {
6725682d	217	PEMerr(0, ERR_R_ASN1_LIB);
0f113f3e MC	218	goto err;
	219	}
	220	} else { /* encrypted RSA data */
	221	if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
	222	goto err;
	223	xi->enc_data = (char *)data;
	224	xi->enc_len = (int)len;
	225	data = NULL;
	226	}
	227	} else {
	228	/* unknown */
	229	}
b548a1f1	230	OPENSSL_free(name);
0f113f3e	231	name = NULL;
b548a1f1	232	OPENSSL_free(header);
0f113f3e	233	header = NULL;
b548a1f1	234	OPENSSL_free(data);
0f113f3e MC	235	data = NULL;
0f113f3e MC	236	}
d02b48c6	237
0f113f3e MC	238	/*
	239	* if the last one hasn't been pushed yet and there is anything in it
	240	* then add it to the stack ...
	241	*/
	242	if ((xi->x509 != NULL) \|\| (xi->crl != NULL) \|\|
	243	(xi->x_pkey != NULL) \|\| (xi->enc_data != NULL)) {
	244	if (!sk_X509_INFO_push(ret, xi))
	245	goto err;
	246	xi = NULL;
	247	}
	248	ok = 1;
	249	err:
222561fe	250	X509_INFO_free(xi);
0f113f3e MC	251	if (!ok) {
	252	for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
	253	xi = sk_X509_INFO_value(ret, i);
	254	X509_INFO_free(xi);
	255	}
	256	if (ret != sk)
	257	sk_X509_INFO_free(ret);
	258	ret = NULL;
	259	}
d02b48c6	260
b548a1f1 RS	261	OPENSSL_free(name);
	262	OPENSSL_free(header);
	263	OPENSSL_free(data);
26a7d938	264	return ret;
0f113f3e	265	}
d02b48c6	266
6725682d SL	267	STACK_OF(X509_INFO) PEM_X509_INFO_read_bio(BIO bp, STACK_OF(X509_INFO) *sk,
	268	pem_password_cb cb, void u)
	269	{
d8652be0	270	return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL);
6725682d SL	271	}
6725682d SL	272
d02b48c6	273	/* A TJH addition */
de0799b0 RL	274	int PEM_X509_INFO_write_bio(BIO bp, const X509_INFO xi, EVP_CIPHER *enc,
de0799b0 RL	275	const unsigned char *kstr, int klen,
0f113f3e MC	276	pem_password_cb cb, void u)
0f113f3e MC	277	{
0f113f3e MC	278	int i, ret = 0;
	279	unsigned char *data = NULL;
	280	const char *objstr = NULL;
	281	char buf[PEM_BUFSIZE];
de0799b0	282	const unsigned char *iv = NULL;
0f113f3e MC	283
	284	if (enc != NULL) {
	285	objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
e40ada04 MC	286	if (objstr == NULL
	287	/*
	288	* Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
	289	* fits into buf
	290	*/
	291	\|\| (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
	292	> sizeof(buf)) {
0f113f3e MC	293	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
	294	goto err;
	295	}
	296	}
d02b48c6	297
0f113f3e MC	298	/*
	299	* now for the fun part ... if we have a private key then we have to be
	300	* able to handle a not-yet-decrypted key being written out correctly ...
	301	* if it is decrypted or it is non-encrypted then we use the base code
	302	*/
	303	if (xi->x_pkey != NULL) {
	304	if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
	305	if (enc == NULL) {
	306	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
	307	goto err;
	308	}
8bbf6ac0	309
0f113f3e MC	310	/* copy from weirdo names into more normal things */
	311	iv = xi->enc_cipher.iv;
	312	data = (unsigned char *)xi->enc_data;
	313	i = xi->enc_len;
d02b48c6	314
0f113f3e MC	315	/*
	316	* we take the encryption data from the internal stuff rather
	317	* than what the user has passed us ... as we have to match
	318	* exactly for some strange reason
	319	*/
	320	objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
	321	if (objstr == NULL) {
	322	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
	323	PEM_R_UNSUPPORTED_CIPHER);
	324	goto err;
	325	}
d02b48c6	326
df443918	327	/* Create the right magic header stuff */
0f113f3e MC	328	buf[0] = '\0';
0f113f3e MC	329	PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
6c2ff56e	330	PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
de0799b0	331	(const char *)iv);
d02b48c6	332
0f113f3e MC	333	/* use the normal code to write things out */
	334	i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
	335	if (i <= 0)
	336	goto err;
	337	} else {
	338	/* Add DSA/DH */
cf1b7d96	339	#ifndef OPENSSL_NO_RSA
0f113f3e MC	340	/* normal optionally encrypted stuff */
0f113f3e MC	341	if (PEM_write_bio_RSAPrivateKey(bp,
3aeb9348	342	EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
0f113f3e MC	343	enc, kstr, klen, cb, u) <= 0)
0f113f3e MC	344	goto err;
d02b48c6	345	#endif
0f113f3e MC	346	}
0f113f3e MC	347	}
d02b48c6	348
0f113f3e MC	349	/* if we have a certificate then write it out now */
	350	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
	351	goto err;
d02b48c6	352
0f113f3e MC	353	/*
	354	* we are ignoring anything else that is loaded into the X509_INFO
	355	* structure for the moment ... as I don't need it so I'm not coding it
	356	* here and Eric can do it when this makes it into the base library --tjh
	357	*/
d02b48c6	358
0f113f3e	359	ret = 1;
d02b48c6	360
0f113f3e	361	err:
0f113f3e	362	OPENSSL_cleanse(buf, PEM_BUFSIZE);
26a7d938	363	return ret;
0f113f3e	364	}