[thirdparty/openssl.git] / crypto / pem / pem_info.c

/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>

#ifndef OPENSSL_NO_STDIO
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                        pem_password_cb *cb, void *u)
{
    BIO *b;
    STACK_OF(X509_INFO) *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
        return 0;
    }
    BIO_set_fp(b, fp, BIO_NOCLOSE);
    ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
    BIO_free(b);
    return ret;
}
#endif

STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
                                            pem_password_cb *cb, void *u)
{
    X509_INFO *xi = NULL;
    char *name = NULL, *header = NULL;
    void *pp;
    unsigned char *data = NULL;
    const unsigned char *p;
    long len, error = 0;
    int ok = 0;
    STACK_OF(X509_INFO) *ret = NULL;
    unsigned int i, raw, ptype;
    d2i_of_void *d2i = 0;

    if (sk == NULL) {
        if ((ret = sk_X509_INFO_new_null()) == NULL) {
            PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
            goto err;
        }
    } else
        ret = sk;

    if ((xi = X509_INFO_new()) == NULL)
        goto err;
    for (;;) {
        raw = 0;
        ptype = 0;
        i = PEM_read_bio(bp, &name, &header, &data, &len);
        if (i == 0) {
            error = ERR_GET_REASON(ERR_peek_last_error());
            if (error == PEM_R_NO_START_LINE) {
                ERR_clear_error();
                break;
            }
            goto err;
        }
 start:
        if ((strcmp(name, PEM_STRING_X509) == 0) ||
            (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
            d2i = (D2I_OF(void)) d2i_X509;
            if (xi->x509 != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->x509);
        } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
            d2i = (D2I_OF(void)) d2i_X509_AUX;
            if (xi->x509 != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->x509);
        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
            d2i = (D2I_OF(void)) d2i_X509_CRL;
            if (xi->crl != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->crl);
        } else
#ifndef OPENSSL_NO_RSA
        if (strcmp(name, PEM_STRING_RSA) == 0) {
            d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_RSA;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
#ifndef OPENSSL_NO_DSA
        if (strcmp(name, PEM_STRING_DSA) == 0) {
            d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_DSA;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
#ifndef OPENSSL_NO_EC
        if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
            d2i = (D2I_OF(void)) d2i_ECPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_EC;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
        {
            d2i = NULL;
            pp = NULL;
        }

        if (d2i != NULL) {
            if (!raw) {
                EVP_CIPHER_INFO cipher;

                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
                    goto err;
                if (!PEM_do_header(&cipher, data, &len, cb, u))
                    goto err;
                p = data;
                if (ptype) {
                    if (!d2i_PrivateKey(ptype, pp, &p, len)) {
                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
                        goto err;
                    }
                } else if (d2i(pp, &p, len) == NULL) {
                    PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
                    goto err;
                }
            } else {            /* encrypted RSA data */
                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
                    goto err;
                xi->enc_data = (char *)data;
                xi->enc_len = (int)len;
                data = NULL;
            }
        } else {
            /* unknown */
        }
        OPENSSL_free(name);
        name = NULL;
        OPENSSL_free(header);
        header = NULL;
        OPENSSL_free(data);
        data = NULL;
    }

    /*
     * if the last one hasn't been pushed yet and there is anything in it
     * then add it to the stack ...
     */
    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
        if (!sk_X509_INFO_push(ret, xi))
            goto err;
        xi = NULL;
    }
    ok = 1;
 err:
    X509_INFO_free(xi);
    if (!ok) {
        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
            xi = sk_X509_INFO_value(ret, i);
            X509_INFO_free(xi);
        }
        if (ret != sk)
            sk_X509_INFO_free(ret);
        ret = NULL;
    }

    OPENSSL_free(name);
    OPENSSL_free(header);
    OPENSSL_free(data);
    return ret;
}

/* A TJH addition */
int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
                            const unsigned char *kstr, int klen,
                            pem_password_cb *cb, void *u)
{
    int i, ret = 0;
    unsigned char *data = NULL;
    const char *objstr = NULL;
    char buf[PEM_BUFSIZE];
    const unsigned char *iv = NULL;

    if (enc != NULL) {
        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
        if (objstr == NULL
                   /*
                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
                    * fits into buf
                    */
                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
                   > sizeof(buf)) {
            PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
            goto err;
        }
    }

    /*
     * now for the fun part ... if we have a private key then we have to be
     * able to handle a not-yet-decrypted key being written out correctly ...
     * if it is decrypted or it is non-encrypted then we use the base code
     */
    if (xi->x_pkey != NULL) {
        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
            if (enc == NULL) {
                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
                goto err;
            }

            /* copy from weirdo names into more normal things */
            iv = xi->enc_cipher.iv;
            data = (unsigned char *)xi->enc_data;
            i = xi->enc_len;

            /*
             * we take the encryption data from the internal stuff rather
             * than what the user has passed us ... as we have to match
             * exactly for some strange reason
             */
            objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
            if (objstr == NULL) {
                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
                       PEM_R_UNSUPPORTED_CIPHER);
                goto err;
            }

            /* Create the right magic header stuff */
            buf[0] = '\0';
            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
            PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
                         (const char *)iv);

            /* use the normal code to write things out */
            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
            if (i <= 0)
                goto err;
        } else {
            /* Add DSA/DH */
#ifndef OPENSSL_NO_RSA
            /* normal optionally encrypted stuff */
            if (PEM_write_bio_RSAPrivateKey(bp,
                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
                                            enc, kstr, klen, cb, u) <= 0)
                goto err;
#endif
        }
    }

    /* if we have a certificate then write it out now */
    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
        goto err;

    /*
     * we are ignoring anything else that is loaded into the X509_INFO
     * structure for the moment ... as I don't need it so I'm not coding it
     * here and Eric can do it when this makes it into the base library --tjh
     */

    ret = 1;

 err:
    OPENSSL_cleanse(buf, PEM_BUFSIZE);
    return ret;
}
Commit	Line	Data
62867571 RS	1	/*
62867571 RS	2	* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
16742672	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
62867571 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
d02b48c6 RE	9
f41ac0ee P	10	/*
	11	* DSA low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
d02b48c6	16	#include <stdio.h>
b39fc560	17	#include "internal/cryptlib.h"
ec577822 BM	18	#include <openssl/buffer.h>
	19	#include <openssl/objects.h>
	20	#include <openssl/evp.h>
	21	#include <openssl/x509.h>
	22	#include <openssl/pem.h>
3c27208f RS	23	#include <openssl/rsa.h>
3c27208f RS	24	#include <openssl/dsa.h>
d02b48c6	25
4b618848	26	#ifndef OPENSSL_NO_STDIO
0f113f3e MC	27	STACK_OF(X509_INFO) PEM_X509_INFO_read(FILE fp, STACK_OF(X509_INFO) *sk,
	28	pem_password_cb cb, void u)
	29	{
	30	BIO *b;
	31	STACK_OF(X509_INFO) *ret;
d02b48c6	32
0f113f3e MC	33	if ((b = BIO_new(BIO_s_file())) == NULL) {
0f113f3e MC	34	PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
26a7d938	35	return 0;
0f113f3e MC	36	}
	37	BIO_set_fp(b, fp, BIO_NOCLOSE);
	38	ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
	39	BIO_free(b);
26a7d938	40	return ret;
0f113f3e	41	}
d02b48c6 RE	42	#endif
d02b48c6 RE	43
0f113f3e MC	44	STACK_OF(X509_INFO) PEM_X509_INFO_read_bio(BIO bp, STACK_OF(X509_INFO) *sk,
	45	pem_password_cb cb, void u)
	46	{
	47	X509_INFO *xi = NULL;
	48	char name = NULL, header = NULL;
	49	void *pp;
	50	unsigned char *data = NULL;
	51	const unsigned char *p;
	52	long len, error = 0;
	53	int ok = 0;
	54	STACK_OF(X509_INFO) *ret = NULL;
	55	unsigned int i, raw, ptype;
	56	d2i_of_void *d2i = 0;
d02b48c6	57
0f113f3e MC	58	if (sk == NULL) {
	59	if ((ret = sk_X509_INFO_new_null()) == NULL) {
	60	PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
	61	goto err;
	62	}
	63	} else
	64	ret = sk;
d02b48c6	65
0f113f3e MC	66	if ((xi = X509_INFO_new()) == NULL)
	67	goto err;
	68	for (;;) {
	69	raw = 0;
	70	ptype = 0;
	71	i = PEM_read_bio(bp, &name, &header, &data, &len);
	72	if (i == 0) {
	73	error = ERR_GET_REASON(ERR_peek_last_error());
	74	if (error == PEM_R_NO_START_LINE) {
	75	ERR_clear_error();
	76	break;
	77	}
	78	goto err;
	79	}
	80	start:
	81	if ((strcmp(name, PEM_STRING_X509) == 0) \|\|
	82	(strcmp(name, PEM_STRING_X509_OLD) == 0)) {
	83	d2i = (D2I_OF(void)) d2i_X509;
	84	if (xi->x509 != NULL) {
	85	if (!sk_X509_INFO_push(ret, xi))
	86	goto err;
	87	if ((xi = X509_INFO_new()) == NULL)
	88	goto err;
	89	goto start;
	90	}
	91	pp = &(xi->x509);
	92	} else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
	93	d2i = (D2I_OF(void)) d2i_X509_AUX;
	94	if (xi->x509 != NULL) {
	95	if (!sk_X509_INFO_push(ret, xi))
	96	goto err;
	97	if ((xi = X509_INFO_new()) == NULL)
	98	goto err;
	99	goto start;
	100	}
	101	pp = &(xi->x509);
	102	} else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
	103	d2i = (D2I_OF(void)) d2i_X509_CRL;
	104	if (xi->crl != NULL) {
	105	if (!sk_X509_INFO_push(ret, xi))
	106	goto err;
	107	if ((xi = X509_INFO_new()) == NULL)
	108	goto err;
	109	goto start;
	110	}
	111	pp = &(xi->crl);
	112	} else
cf1b7d96	113	#ifndef OPENSSL_NO_RSA
0f113f3e MC	114	if (strcmp(name, PEM_STRING_RSA) == 0) {
	115	d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
	116	if (xi->x_pkey != NULL) {
	117	if (!sk_X509_INFO_push(ret, xi))
	118	goto err;
	119	if ((xi = X509_INFO_new()) == NULL)
	120	goto err;
	121	goto start;
	122	}
d02b48c6	123
0f113f3e MC	124	xi->enc_data = NULL;
0f113f3e MC	125	xi->enc_len = 0;
d02b48c6	126
0f113f3e	127	xi->x_pkey = X509_PKEY_new();
90945fa3 MC	128	if (xi->x_pkey == NULL)
90945fa3 MC	129	goto err;
0f113f3e MC	130	ptype = EVP_PKEY_RSA;
	131	pp = &xi->x_pkey->dec_pkey;
	132	if ((int)strlen(header) > 10) /* assume encrypted */
	133	raw = 1;
	134	} else
d02b48c6	135	#endif
cf1b7d96	136	#ifndef OPENSSL_NO_DSA
0f113f3e MC	137	if (strcmp(name, PEM_STRING_DSA) == 0) {
	138	d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
	139	if (xi->x_pkey != NULL) {
	140	if (!sk_X509_INFO_push(ret, xi))
	141	goto err;
	142	if ((xi = X509_INFO_new()) == NULL)
	143	goto err;
	144	goto start;
	145	}
d02b48c6	146
0f113f3e MC	147	xi->enc_data = NULL;
0f113f3e MC	148	xi->enc_len = 0;
d02b48c6	149
0f113f3e	150	xi->x_pkey = X509_PKEY_new();
90945fa3 MC	151	if (xi->x_pkey == NULL)
90945fa3 MC	152	goto err;
0f113f3e MC	153	ptype = EVP_PKEY_DSA;
	154	pp = &xi->x_pkey->dec_pkey;
	155	if ((int)strlen(header) > 10) /* assume encrypted */
	156	raw = 1;
	157	} else
4d94ae00	158	#endif
14a7cfb3	159	#ifndef OPENSSL_NO_EC
0f113f3e MC	160	if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
	161	d2i = (D2I_OF(void)) d2i_ECPrivateKey;
	162	if (xi->x_pkey != NULL) {
	163	if (!sk_X509_INFO_push(ret, xi))
	164	goto err;
	165	if ((xi = X509_INFO_new()) == NULL)
	166	goto err;
	167	goto start;
	168	}
	169
	170	xi->enc_data = NULL;
	171	xi->enc_len = 0;
	172
	173	xi->x_pkey = X509_PKEY_new();
90945fa3 MC	174	if (xi->x_pkey == NULL)
90945fa3 MC	175	goto err;
0f113f3e MC	176	ptype = EVP_PKEY_EC;
	177	pp = &xi->x_pkey->dec_pkey;
	178	if ((int)strlen(header) > 10) /* assume encrypted */
	179	raw = 1;
	180	} else
d02b48c6	181	#endif
0f113f3e MC	182	{
	183	d2i = NULL;
	184	pp = NULL;
	185	}
d02b48c6	186
0f113f3e MC	187	if (d2i != NULL) {
	188	if (!raw) {
	189	EVP_CIPHER_INFO cipher;
d02b48c6	190
0f113f3e MC	191	if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
	192	goto err;
	193	if (!PEM_do_header(&cipher, data, &len, cb, u))
	194	goto err;
	195	p = data;
	196	if (ptype) {
	197	if (!d2i_PrivateKey(ptype, pp, &p, len)) {
	198	PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
	199	goto err;
	200	}
	201	} else if (d2i(pp, &p, len) == NULL) {
	202	PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
	203	goto err;
	204	}
	205	} else { /* encrypted RSA data */
	206	if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
	207	goto err;
	208	xi->enc_data = (char *)data;
	209	xi->enc_len = (int)len;
	210	data = NULL;
	211	}
	212	} else {
	213	/* unknown */
	214	}
b548a1f1	215	OPENSSL_free(name);
0f113f3e	216	name = NULL;
b548a1f1	217	OPENSSL_free(header);
0f113f3e	218	header = NULL;
b548a1f1	219	OPENSSL_free(data);
0f113f3e MC	220	data = NULL;
0f113f3e MC	221	}
d02b48c6	222
0f113f3e MC	223	/*
	224	* if the last one hasn't been pushed yet and there is anything in it
	225	* then add it to the stack ...
	226	*/
	227	if ((xi->x509 != NULL) \|\| (xi->crl != NULL) \|\|
	228	(xi->x_pkey != NULL) \|\| (xi->enc_data != NULL)) {
	229	if (!sk_X509_INFO_push(ret, xi))
	230	goto err;
	231	xi = NULL;
	232	}
	233	ok = 1;
	234	err:
222561fe	235	X509_INFO_free(xi);
0f113f3e MC	236	if (!ok) {
	237	for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
	238	xi = sk_X509_INFO_value(ret, i);
	239	X509_INFO_free(xi);
	240	}
	241	if (ret != sk)
	242	sk_X509_INFO_free(ret);
	243	ret = NULL;
	244	}
d02b48c6	245
b548a1f1 RS	246	OPENSSL_free(name);
	247	OPENSSL_free(header);
	248	OPENSSL_free(data);
26a7d938	249	return ret;
0f113f3e	250	}
d02b48c6 RE	251
d02b48c6 RE	252	/* A TJH addition */
de0799b0 RL	253	int PEM_X509_INFO_write_bio(BIO bp, const X509_INFO xi, EVP_CIPHER *enc,
de0799b0 RL	254	const unsigned char *kstr, int klen,
0f113f3e MC	255	pem_password_cb cb, void u)
0f113f3e MC	256	{
0f113f3e MC	257	int i, ret = 0;
	258	unsigned char *data = NULL;
	259	const char *objstr = NULL;
	260	char buf[PEM_BUFSIZE];
de0799b0	261	const unsigned char *iv = NULL;
0f113f3e MC	262
	263	if (enc != NULL) {
	264	objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
e40ada04 MC	265	if (objstr == NULL
	266	/*
	267	* Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
	268	* fits into buf
	269	*/
	270	\|\| (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
	271	> sizeof(buf)) {
0f113f3e MC	272	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
	273	goto err;
	274	}
	275	}
d02b48c6	276
0f113f3e MC	277	/*
	278	* now for the fun part ... if we have a private key then we have to be
	279	* able to handle a not-yet-decrypted key being written out correctly ...
	280	* if it is decrypted or it is non-encrypted then we use the base code
	281	*/
	282	if (xi->x_pkey != NULL) {
	283	if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
	284	if (enc == NULL) {
	285	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
	286	goto err;
	287	}
8bbf6ac0	288
0f113f3e MC	289	/* copy from weirdo names into more normal things */
	290	iv = xi->enc_cipher.iv;
	291	data = (unsigned char *)xi->enc_data;
	292	i = xi->enc_len;
d02b48c6	293
0f113f3e MC	294	/*
	295	* we take the encryption data from the internal stuff rather
	296	* than what the user has passed us ... as we have to match
	297	* exactly for some strange reason
	298	*/
	299	objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
	300	if (objstr == NULL) {
	301	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
	302	PEM_R_UNSUPPORTED_CIPHER);
	303	goto err;
	304	}
d02b48c6	305
df443918	306	/* Create the right magic header stuff */
0f113f3e MC	307	buf[0] = '\0';
0f113f3e MC	308	PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
6c2ff56e	309	PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
de0799b0	310	(const char *)iv);
d02b48c6	311
0f113f3e MC	312	/* use the normal code to write things out */
	313	i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
	314	if (i <= 0)
	315	goto err;
	316	} else {
	317	/* Add DSA/DH */
cf1b7d96	318	#ifndef OPENSSL_NO_RSA
0f113f3e MC	319	/* normal optionally encrypted stuff */
0f113f3e MC	320	if (PEM_write_bio_RSAPrivateKey(bp,
3aeb9348	321	EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
0f113f3e MC	322	enc, kstr, klen, cb, u) <= 0)
0f113f3e MC	323	goto err;
d02b48c6	324	#endif
0f113f3e MC	325	}
0f113f3e MC	326	}
d02b48c6	327
0f113f3e MC	328	/* if we have a certificate then write it out now */
	329	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
	330	goto err;
d02b48c6	331
0f113f3e MC	332	/*
	333	* we are ignoring anything else that is loaded into the X509_INFO
	334	* structure for the moment ... as I don't need it so I'm not coding it
	335	* here and Eric can do it when this makes it into the base library --tjh
	336	*/
d02b48c6	337
0f113f3e	338	ret = 1;
d02b48c6	339
0f113f3e	340	err:
0f113f3e	341	OPENSSL_cleanse(buf, PEM_BUFSIZE);
26a7d938	342	return ret;
0f113f3e	343	}