2 * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Support for PVK format keys and related structures (such a PUBLICKEYBLOB
12 * and PRIVATEKEYBLOB).
16 * DSA low level APIs are deprecated for public use, but still ok for
19 #include "internal/deprecated.h"
21 #include "internal/cryptlib.h"
22 #include <openssl/pem.h>
23 #include "internal/pem_int.h"
24 #include <openssl/rand.h>
25 #include <openssl/bn.h>
26 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
27 # include <openssl/dsa.h>
28 # include <openssl/rsa.h>
31 * Utility function: read a DWORD (4 byte unsigned integer) in little endian
35 static unsigned int read_ledword(const unsigned char **in
)
37 const unsigned char *p
= *in
;
39 ret
= (unsigned int)*p
++;
40 ret
|= (unsigned int)*p
++ << 8;
41 ret
|= (unsigned int)*p
++ << 16;
42 ret
|= (unsigned int)*p
++ << 24;
48 * Read a BIGNUM in little endian format. The docs say that this should take
52 static int read_lebn(const unsigned char **in
, unsigned int nbyte
, BIGNUM
**r
)
54 *r
= BN_lebin2bn(*in
, nbyte
, NULL
);
61 /* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
63 # define MS_PUBLICKEYBLOB 0x6
64 # define MS_PRIVATEKEYBLOB 0x7
65 # define MS_RSA1MAGIC 0x31415352L
66 # define MS_RSA2MAGIC 0x32415352L
67 # define MS_DSS1MAGIC 0x31535344L
68 # define MS_DSS2MAGIC 0x32535344L
70 # define MS_KEYALG_RSA_KEYX 0xa400
71 # define MS_KEYALG_DSS_SIGN 0x2200
73 # define MS_KEYTYPE_KEYX 0x1
74 # define MS_KEYTYPE_SIGN 0x2
76 /* Maximum length of a blob after header */
77 # define BLOB_MAX_LENGTH 102400
79 /* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
80 # define MS_PVKMAGIC 0xb0b5f11eL
81 /* Salt length for PVK files */
82 # define PVK_SALTLEN 0x10
83 /* Maximum length in PVK header */
84 # define PVK_MAX_KEYLEN 102400
85 /* Maximum salt length */
86 # define PVK_MAX_SALTLEN 10240
88 static EVP_PKEY
*b2i_rsa(const unsigned char **in
,
89 unsigned int bitlen
, int ispub
);
90 static EVP_PKEY
*b2i_dss(const unsigned char **in
,
91 unsigned int bitlen
, int ispub
);
93 int ossl_do_blob_header(const unsigned char **in
, unsigned int length
,
94 unsigned int *pmagic
, unsigned int *pbitlen
,
95 int *pisdss
, int *pispub
)
97 const unsigned char *p
= *in
;
101 if (*p
== MS_PUBLICKEYBLOB
) {
103 PEMerr(PEM_F_OSSL_DO_BLOB_HEADER
, PEM_R_EXPECTING_PRIVATE_KEY_BLOB
);
107 } else if (*p
== MS_PRIVATEKEYBLOB
) {
109 PEMerr(PEM_F_OSSL_DO_BLOB_HEADER
, PEM_R_EXPECTING_PUBLIC_KEY_BLOB
);
118 PEMerr(PEM_F_OSSL_DO_BLOB_HEADER
, PEM_R_BAD_VERSION_NUMBER
);
121 /* Ignore reserved, aiKeyAlg */
123 *pmagic
= read_ledword(&p
);
124 *pbitlen
= read_ledword(&p
);
133 PEMerr(PEM_F_OSSL_DO_BLOB_HEADER
, PEM_R_EXPECTING_PRIVATE_KEY_BLOB
);
143 PEMerr(PEM_F_OSSL_DO_BLOB_HEADER
, PEM_R_EXPECTING_PUBLIC_KEY_BLOB
);
149 PEMerr(PEM_F_OSSL_DO_BLOB_HEADER
, PEM_R_BAD_MAGIC_NUMBER
);
156 static unsigned int blob_length(unsigned bitlen
, int isdss
, int ispub
)
158 unsigned int nbyte
, hnbyte
;
159 nbyte
= (bitlen
+ 7) >> 3;
160 hnbyte
= (bitlen
+ 15) >> 4;
164 * Expected length: 20 for q + 3 components bitlen each + 24 for seed
168 return 44 + 3 * nbyte
;
170 * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed
174 return 64 + 2 * nbyte
;
176 /* Expected length: 4 for 'e' + 'n' */
181 * Expected length: 4 for 'e' and 7 other components. 2
182 * components are bitlen size, 5 are bitlen/2
184 return 4 + 2 * nbyte
+ 5 * hnbyte
;
189 static EVP_PKEY
*do_b2i(const unsigned char **in
, unsigned int length
,
192 const unsigned char *p
= *in
;
193 unsigned int bitlen
, magic
;
195 if (ossl_do_blob_header(&p
, length
, &magic
, &bitlen
, &isdss
, &ispub
) <= 0) {
196 PEMerr(PEM_F_DO_B2I
, PEM_R_KEYBLOB_HEADER_PARSE_ERROR
);
200 if (length
< blob_length(bitlen
, isdss
, ispub
)) {
201 PEMerr(PEM_F_DO_B2I
, PEM_R_KEYBLOB_TOO_SHORT
);
205 return b2i_dss(&p
, bitlen
, ispub
);
207 return b2i_rsa(&p
, bitlen
, ispub
);
210 static EVP_PKEY
*do_b2i_bio(BIO
*in
, int ispub
)
212 const unsigned char *p
;
213 unsigned char hdr_buf
[16], *buf
= NULL
;
214 unsigned int bitlen
, magic
, length
;
216 EVP_PKEY
*ret
= NULL
;
217 if (BIO_read(in
, hdr_buf
, 16) != 16) {
218 PEMerr(PEM_F_DO_B2I_BIO
, PEM_R_KEYBLOB_TOO_SHORT
);
222 if (ossl_do_blob_header(&p
, 16, &magic
, &bitlen
, &isdss
, &ispub
) <= 0)
225 length
= blob_length(bitlen
, isdss
, ispub
);
226 if (length
> BLOB_MAX_LENGTH
) {
227 PEMerr(PEM_F_DO_B2I_BIO
, PEM_R_HEADER_TOO_LONG
);
230 buf
= OPENSSL_malloc(length
);
232 PEMerr(PEM_F_DO_B2I_BIO
, ERR_R_MALLOC_FAILURE
);
236 if (BIO_read(in
, buf
, length
) != (int)length
) {
237 PEMerr(PEM_F_DO_B2I_BIO
, PEM_R_KEYBLOB_TOO_SHORT
);
242 ret
= b2i_dss(&p
, bitlen
, ispub
);
244 ret
= b2i_rsa(&p
, bitlen
, ispub
);
251 static EVP_PKEY
*b2i_dss(const unsigned char **in
,
252 unsigned int bitlen
, int ispub
)
254 const unsigned char *p
= *in
;
255 EVP_PKEY
*ret
= NULL
;
259 BIGNUM
*pbn
= NULL
, *qbn
= NULL
, *gbn
= NULL
, *priv_key
= NULL
;
260 BIGNUM
*pub_key
= NULL
;
262 nbyte
= (bitlen
+ 7) >> 3;
265 ret
= EVP_PKEY_new();
266 if (dsa
== NULL
|| ret
== NULL
)
268 if (!read_lebn(&p
, nbyte
, &pbn
))
271 if (!read_lebn(&p
, 20, &qbn
))
274 if (!read_lebn(&p
, nbyte
, &gbn
))
278 if (!read_lebn(&p
, nbyte
, &pub_key
))
281 if (!read_lebn(&p
, 20, &priv_key
))
284 /* Set constant time flag before public key calculation */
285 BN_set_flags(priv_key
, BN_FLG_CONSTTIME
);
287 /* Calculate public key */
291 if ((ctx
= BN_CTX_new()) == NULL
)
294 if (!BN_mod_exp(pub_key
, gbn
, priv_key
, pbn
, ctx
))
300 if (!DSA_set0_pqg(dsa
, pbn
, qbn
, gbn
))
302 pbn
= qbn
= gbn
= NULL
;
303 if (!DSA_set0_key(dsa
, pub_key
, priv_key
))
305 pub_key
= priv_key
= NULL
;
307 if (!EVP_PKEY_set1_DSA(ret
, dsa
))
314 PEMerr(PEM_F_B2I_DSS
, ERR_R_MALLOC_FAILURE
);
326 static EVP_PKEY
*b2i_rsa(const unsigned char **in
,
327 unsigned int bitlen
, int ispub
)
329 const unsigned char *pin
= *in
;
330 EVP_PKEY
*ret
= NULL
;
331 BIGNUM
*e
= NULL
, *n
= NULL
, *d
= NULL
;
332 BIGNUM
*p
= NULL
, *q
= NULL
, *dmp1
= NULL
, *dmq1
= NULL
, *iqmp
= NULL
;
334 unsigned int nbyte
, hnbyte
;
335 nbyte
= (bitlen
+ 7) >> 3;
336 hnbyte
= (bitlen
+ 15) >> 4;
338 ret
= EVP_PKEY_new();
339 if (rsa
== NULL
|| ret
== NULL
)
344 if (!BN_set_word(e
, read_ledword(&pin
)))
346 if (!read_lebn(&pin
, nbyte
, &n
))
349 if (!read_lebn(&pin
, hnbyte
, &p
))
351 if (!read_lebn(&pin
, hnbyte
, &q
))
353 if (!read_lebn(&pin
, hnbyte
, &dmp1
))
355 if (!read_lebn(&pin
, hnbyte
, &dmq1
))
357 if (!read_lebn(&pin
, hnbyte
, &iqmp
))
359 if (!read_lebn(&pin
, nbyte
, &d
))
361 if (!RSA_set0_factors(rsa
, p
, q
))
364 if (!RSA_set0_crt_params(rsa
, dmp1
, dmq1
, iqmp
))
366 dmp1
= dmq1
= iqmp
= NULL
;
368 if (!RSA_set0_key(rsa
, n
, e
, d
))
372 if (!EVP_PKEY_set1_RSA(ret
, rsa
))
378 PEMerr(PEM_F_B2I_RSA
, ERR_R_MALLOC_FAILURE
);
392 EVP_PKEY
*b2i_PrivateKey(const unsigned char **in
, long length
)
394 return do_b2i(in
, length
, 0);
397 EVP_PKEY
*b2i_PublicKey(const unsigned char **in
, long length
)
399 return do_b2i(in
, length
, 1);
402 EVP_PKEY
*b2i_PrivateKey_bio(BIO
*in
)
404 return do_b2i_bio(in
, 0);
407 EVP_PKEY
*b2i_PublicKey_bio(BIO
*in
)
409 return do_b2i_bio(in
, 1);
412 static void write_ledword(unsigned char **out
, unsigned int dw
)
414 unsigned char *p
= *out
;
416 *p
++ = (dw
>> 8) & 0xff;
417 *p
++ = (dw
>> 16) & 0xff;
418 *p
++ = (dw
>> 24) & 0xff;
422 static void write_lebn(unsigned char **out
, const BIGNUM
*bn
, int len
)
424 BN_bn2lebinpad(bn
, *out
, len
);
428 static int check_bitlen_rsa(RSA
*rsa
, int ispub
, unsigned int *magic
);
429 static int check_bitlen_dsa(DSA
*dsa
, int ispub
, unsigned int *magic
);
431 static void write_rsa(unsigned char **out
, RSA
*rsa
, int ispub
);
432 static void write_dsa(unsigned char **out
, DSA
*dsa
, int ispub
);
434 static int do_i2b(unsigned char **out
, const EVP_PKEY
*pk
, int ispub
)
437 unsigned int bitlen
, magic
= 0, keyalg
;
438 int outlen
, noinc
= 0;
439 int pktype
= EVP_PKEY_id(pk
);
440 if (pktype
== EVP_PKEY_DSA
) {
441 bitlen
= check_bitlen_dsa(EVP_PKEY_get0_DSA(pk
), ispub
, &magic
);
442 keyalg
= MS_KEYALG_DSS_SIGN
;
443 } else if (pktype
== EVP_PKEY_RSA
) {
444 bitlen
= check_bitlen_rsa(EVP_PKEY_get0_RSA(pk
), ispub
, &magic
);
445 keyalg
= MS_KEYALG_RSA_KEYX
;
450 outlen
= 16 + blob_length(bitlen
,
451 keyalg
== MS_KEYALG_DSS_SIGN
? 1 : 0, ispub
);
457 if ((p
= OPENSSL_malloc(outlen
)) == NULL
) {
458 PEMerr(PEM_F_DO_I2B
, ERR_R_MALLOC_FAILURE
);
465 *p
++ = MS_PUBLICKEYBLOB
;
467 *p
++ = MS_PRIVATEKEYBLOB
;
471 write_ledword(&p
, keyalg
);
472 write_ledword(&p
, magic
);
473 write_ledword(&p
, bitlen
);
474 if (keyalg
== MS_KEYALG_DSS_SIGN
)
475 write_dsa(&p
, EVP_PKEY_get0_DSA(pk
), ispub
);
477 write_rsa(&p
, EVP_PKEY_get0_RSA(pk
), ispub
);
483 static int do_i2b_bio(BIO
*out
, const EVP_PKEY
*pk
, int ispub
)
485 unsigned char *tmp
= NULL
;
487 outlen
= do_i2b(&tmp
, pk
, ispub
);
490 wrlen
= BIO_write(out
, tmp
, outlen
);
497 static int check_bitlen_dsa(DSA
*dsa
, int ispub
, unsigned int *pmagic
)
500 const BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
501 const BIGNUM
*pub_key
= NULL
, *priv_key
= NULL
;
503 DSA_get0_pqg(dsa
, &p
, &q
, &g
);
504 DSA_get0_key(dsa
, &pub_key
, &priv_key
);
505 bitlen
= BN_num_bits(p
);
506 if ((bitlen
& 7) || (BN_num_bits(q
) != 160)
507 || (BN_num_bits(g
) > bitlen
))
510 if (BN_num_bits(pub_key
) > bitlen
)
512 *pmagic
= MS_DSS1MAGIC
;
514 if (BN_num_bits(priv_key
) > 160)
516 *pmagic
= MS_DSS2MAGIC
;
521 PEMerr(PEM_F_CHECK_BITLEN_DSA
, PEM_R_UNSUPPORTED_KEY_COMPONENTS
);
525 static int check_bitlen_rsa(RSA
*rsa
, int ispub
, unsigned int *pmagic
)
527 int nbyte
, hnbyte
, bitlen
;
530 RSA_get0_key(rsa
, NULL
, &e
, NULL
);
531 if (BN_num_bits(e
) > 32)
533 bitlen
= RSA_bits(rsa
);
534 nbyte
= RSA_size(rsa
);
535 hnbyte
= (bitlen
+ 15) >> 4;
537 *pmagic
= MS_RSA1MAGIC
;
540 const BIGNUM
*d
, *p
, *q
, *iqmp
, *dmp1
, *dmq1
;
542 *pmagic
= MS_RSA2MAGIC
;
545 * For private key each component must fit within nbyte or hnbyte.
547 RSA_get0_key(rsa
, NULL
, NULL
, &d
);
548 if (BN_num_bytes(d
) > nbyte
)
550 RSA_get0_factors(rsa
, &p
, &q
);
551 RSA_get0_crt_params(rsa
, &dmp1
, &dmq1
, &iqmp
);
552 if ((BN_num_bytes(iqmp
) > hnbyte
)
553 || (BN_num_bytes(p
) > hnbyte
)
554 || (BN_num_bytes(q
) > hnbyte
)
555 || (BN_num_bytes(dmp1
) > hnbyte
)
556 || (BN_num_bytes(dmq1
) > hnbyte
))
561 PEMerr(PEM_F_CHECK_BITLEN_RSA
, PEM_R_UNSUPPORTED_KEY_COMPONENTS
);
565 static void write_rsa(unsigned char **out
, RSA
*rsa
, int ispub
)
568 const BIGNUM
*n
, *d
, *e
, *p
, *q
, *iqmp
, *dmp1
, *dmq1
;
570 nbyte
= RSA_size(rsa
);
571 hnbyte
= (RSA_bits(rsa
) + 15) >> 4;
572 RSA_get0_key(rsa
, &n
, &e
, &d
);
573 write_lebn(out
, e
, 4);
574 write_lebn(out
, n
, nbyte
);
577 RSA_get0_factors(rsa
, &p
, &q
);
578 RSA_get0_crt_params(rsa
, &dmp1
, &dmq1
, &iqmp
);
579 write_lebn(out
, p
, hnbyte
);
580 write_lebn(out
, q
, hnbyte
);
581 write_lebn(out
, dmp1
, hnbyte
);
582 write_lebn(out
, dmq1
, hnbyte
);
583 write_lebn(out
, iqmp
, hnbyte
);
584 write_lebn(out
, d
, nbyte
);
587 static void write_dsa(unsigned char **out
, DSA
*dsa
, int ispub
)
590 const BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
591 const BIGNUM
*pub_key
= NULL
, *priv_key
= NULL
;
593 DSA_get0_pqg(dsa
, &p
, &q
, &g
);
594 DSA_get0_key(dsa
, &pub_key
, &priv_key
);
595 nbyte
= BN_num_bytes(p
);
596 write_lebn(out
, p
, nbyte
);
597 write_lebn(out
, q
, 20);
598 write_lebn(out
, g
, nbyte
);
600 write_lebn(out
, pub_key
, nbyte
);
602 write_lebn(out
, priv_key
, 20);
603 /* Set "invalid" for seed structure values */
604 memset(*out
, 0xff, 24);
609 int i2b_PrivateKey_bio(BIO
*out
, const EVP_PKEY
*pk
)
611 return do_i2b_bio(out
, pk
, 0);
614 int i2b_PublicKey_bio(BIO
*out
, const EVP_PKEY
*pk
)
616 return do_i2b_bio(out
, pk
, 1);
619 # ifndef OPENSSL_NO_RC4
621 int ossl_do_PVK_header(const unsigned char **in
, unsigned int length
,
623 unsigned int *psaltlen
, unsigned int *pkeylen
)
625 const unsigned char *p
= *in
;
626 unsigned int pvk_magic
, is_encrypted
;
630 PEMerr(PEM_F_OSSL_DO_PVK_HEADER
, PEM_R_PVK_TOO_SHORT
);
635 PEMerr(PEM_F_OSSL_DO_PVK_HEADER
, PEM_R_PVK_TOO_SHORT
);
638 pvk_magic
= read_ledword(&p
);
639 if (pvk_magic
!= MS_PVKMAGIC
) {
640 PEMerr(PEM_F_OSSL_DO_PVK_HEADER
, PEM_R_BAD_MAGIC_NUMBER
);
649 is_encrypted
= read_ledword(&p
);
650 *psaltlen
= read_ledword(&p
);
651 *pkeylen
= read_ledword(&p
);
653 if (*pkeylen
> PVK_MAX_KEYLEN
|| *psaltlen
> PVK_MAX_SALTLEN
)
656 if (is_encrypted
&& *psaltlen
== 0) {
657 PEMerr(PEM_F_OSSL_DO_PVK_HEADER
, PEM_R_INCONSISTENT_HEADER
);
665 static int derive_pvk_key(unsigned char *key
,
666 const unsigned char *salt
, unsigned int saltlen
,
667 const unsigned char *pass
, int passlen
)
669 EVP_MD_CTX
*mctx
= EVP_MD_CTX_new();
672 || !EVP_DigestInit_ex(mctx
, EVP_sha1(), NULL
)
673 || !EVP_DigestUpdate(mctx
, salt
, saltlen
)
674 || !EVP_DigestUpdate(mctx
, pass
, passlen
)
675 || !EVP_DigestFinal_ex(mctx
, key
, NULL
))
678 EVP_MD_CTX_free(mctx
);
682 static EVP_PKEY
*do_PVK_body(const unsigned char **in
,
683 unsigned int saltlen
, unsigned int keylen
,
684 pem_password_cb
*cb
, void *u
)
686 EVP_PKEY
*ret
= NULL
;
687 const unsigned char *p
= *in
;
689 unsigned char *enctmp
= NULL
, *q
;
690 unsigned char keybuf
[20];
692 EVP_CIPHER_CTX
*cctx
= EVP_CIPHER_CTX_new();
694 char psbuf
[PEM_BUFSIZE
];
695 int enctmplen
, inlen
;
697 inlen
= cb(psbuf
, PEM_BUFSIZE
, 0, u
);
699 inlen
= PEM_def_callback(psbuf
, PEM_BUFSIZE
, 0, u
);
701 PEMerr(PEM_F_DO_PVK_BODY
, PEM_R_BAD_PASSWORD_READ
);
704 enctmp
= OPENSSL_malloc(keylen
+ 8);
705 if (enctmp
== NULL
) {
706 PEMerr(PEM_F_DO_PVK_BODY
, ERR_R_MALLOC_FAILURE
);
709 if (!derive_pvk_key(keybuf
, p
, saltlen
,
710 (unsigned char *)psbuf
, inlen
))
713 /* Copy BLOBHEADER across, decrypt rest */
714 memcpy(enctmp
, p
, 8);
717 PEMerr(PEM_F_DO_PVK_BODY
, PEM_R_PVK_TOO_SHORT
);
722 if (!EVP_DecryptInit_ex(cctx
, EVP_rc4(), NULL
, keybuf
, NULL
))
724 if (!EVP_DecryptUpdate(cctx
, q
, &enctmplen
, p
, inlen
))
726 if (!EVP_DecryptFinal_ex(cctx
, q
+ enctmplen
, &enctmplen
))
728 magic
= read_ledword((const unsigned char **)&q
);
729 if (magic
!= MS_RSA2MAGIC
&& magic
!= MS_DSS2MAGIC
) {
731 memset(keybuf
+ 5, 0, 11);
732 if (!EVP_DecryptInit_ex(cctx
, EVP_rc4(), NULL
, keybuf
, NULL
))
734 if (!EVP_DecryptUpdate(cctx
, q
, &enctmplen
, p
, inlen
))
736 if (!EVP_DecryptFinal_ex(cctx
, q
+ enctmplen
, &enctmplen
))
738 magic
= read_ledword((const unsigned char **)&q
);
739 if (magic
!= MS_RSA2MAGIC
&& magic
!= MS_DSS2MAGIC
) {
740 PEMerr(PEM_F_DO_PVK_BODY
, PEM_R_BAD_DECRYPT
);
747 ret
= b2i_PrivateKey(&p
, keylen
);
749 EVP_CIPHER_CTX_free(cctx
);
750 if (enctmp
!= NULL
) {
751 OPENSSL_cleanse(keybuf
, sizeof(keybuf
));
752 OPENSSL_free(enctmp
);
757 EVP_PKEY
*b2i_PVK_bio(BIO
*in
, pem_password_cb
*cb
, void *u
)
759 unsigned char pvk_hdr
[24], *buf
= NULL
;
760 const unsigned char *p
;
762 EVP_PKEY
*ret
= NULL
;
763 unsigned int saltlen
, keylen
;
764 if (BIO_read(in
, pvk_hdr
, 24) != 24) {
765 PEMerr(PEM_F_B2I_PVK_BIO
, PEM_R_PVK_DATA_TOO_SHORT
);
770 if (!ossl_do_PVK_header(&p
, 24, 0, &saltlen
, &keylen
))
772 buflen
= (int)keylen
+ saltlen
;
773 buf
= OPENSSL_malloc(buflen
);
775 PEMerr(PEM_F_B2I_PVK_BIO
, ERR_R_MALLOC_FAILURE
);
779 if (BIO_read(in
, buf
, buflen
) != buflen
) {
780 PEMerr(PEM_F_B2I_PVK_BIO
, PEM_R_PVK_DATA_TOO_SHORT
);
783 ret
= do_PVK_body(&p
, saltlen
, keylen
, cb
, u
);
786 OPENSSL_clear_free(buf
, buflen
);
790 static int i2b_PVK(unsigned char **out
, const EVP_PKEY
*pk
, int enclevel
,
791 pem_password_cb
*cb
, void *u
)
793 int outlen
= 24, pklen
;
794 unsigned char *p
= NULL
, *start
= NULL
, *salt
= NULL
;
795 EVP_CIPHER_CTX
*cctx
= NULL
;
797 outlen
+= PVK_SALTLEN
;
798 pklen
= do_i2b(NULL
, pk
, 0);
807 start
= p
= OPENSSL_malloc(outlen
);
809 PEMerr(PEM_F_I2B_PVK
, ERR_R_MALLOC_FAILURE
);
814 cctx
= EVP_CIPHER_CTX_new();
818 write_ledword(&p
, MS_PVKMAGIC
);
819 write_ledword(&p
, 0);
820 if (EVP_PKEY_id(pk
) == EVP_PKEY_DSA
)
821 write_ledword(&p
, MS_KEYTYPE_SIGN
);
823 write_ledword(&p
, MS_KEYTYPE_KEYX
);
824 write_ledword(&p
, enclevel
? 1 : 0);
825 write_ledword(&p
, enclevel
? PVK_SALTLEN
: 0);
826 write_ledword(&p
, pklen
);
828 if (RAND_bytes(p
, PVK_SALTLEN
) <= 0)
835 char psbuf
[PEM_BUFSIZE
];
836 unsigned char keybuf
[20];
837 int enctmplen
, inlen
;
839 inlen
= cb(psbuf
, PEM_BUFSIZE
, 1, u
);
841 inlen
= PEM_def_callback(psbuf
, PEM_BUFSIZE
, 1, u
);
843 PEMerr(PEM_F_I2B_PVK
, PEM_R_BAD_PASSWORD_READ
);
846 if (!derive_pvk_key(keybuf
, salt
, PVK_SALTLEN
,
847 (unsigned char *)psbuf
, inlen
))
850 memset(keybuf
+ 5, 0, 11);
851 p
= salt
+ PVK_SALTLEN
+ 8;
852 if (!EVP_EncryptInit_ex(cctx
, EVP_rc4(), NULL
, keybuf
, NULL
))
854 OPENSSL_cleanse(keybuf
, 20);
855 if (!EVP_DecryptUpdate(cctx
, p
, &enctmplen
, p
, pklen
- 8))
857 if (!EVP_DecryptFinal_ex(cctx
, p
+ enctmplen
, &enctmplen
))
861 EVP_CIPHER_CTX_free(cctx
);
869 EVP_CIPHER_CTX_free(cctx
);
875 int i2b_PVK_bio(BIO
*out
, const EVP_PKEY
*pk
, int enclevel
,
876 pem_password_cb
*cb
, void *u
)
878 unsigned char *tmp
= NULL
;
880 outlen
= i2b_PVK(&tmp
, pk
, enclevel
, cb
, u
);
883 wrlen
= BIO_write(out
, tmp
, outlen
);
885 if (wrlen
== outlen
) {
888 PEMerr(PEM_F_I2B_PVK_BIO
, PEM_R_BIO_WRITE_FAILURE
);