Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame crypto/pem/pvkfmt.c

Blob History Raw

Packit	c4476c	`/*`
Packit	c4476c	`* Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.`
Packit	c4476c	`*`
Packit	c4476c	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit	c4476c	`* this file except in compliance with the License. You can obtain a copy`
Packit	c4476c	`* in the file LICENSE in the source distribution or at`
Packit	c4476c	`* https://www.openssl.org/source/license.html`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Support for PVK format keys and related structures (such a PUBLICKEYBLOB`
Packit	c4476c	`* and PRIVATEKEYBLOB).`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`#include "internal/cryptlib.h"`
Packit	c4476c	`#include <openssl/pem.h>`
Packit	c4476c	`#include <openssl/rand.h>`
Packit	c4476c	`#include <openssl/bn.h>`
Packit	c4476c	`#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)`
Packit	c4476c	`# include <openssl/dsa.h>`
Packit	c4476c	`# include <openssl/rsa.h>`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Utility function: read a DWORD (4 byte unsigned integer) in little endian`
Packit	c4476c	`* format`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`static unsigned int read_ledword(const unsigned char **in)`
Packit	c4476c	`{`
Packit	c4476c	`const unsigned char p = in;`
Packit	c4476c	`unsigned int ret;`
Packit	c4476c	`ret = *p++;`
Packit	c4476c	`ret \|= (*p++ << 8);`
Packit	c4476c	`ret \|= (*p++ << 16);`
Packit	c4476c	`ret \|= (*p++ << 24);`
Packit	c4476c	`*in = p;`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Read a BIGNUM in little endian format. The docs say that this should take`
Packit	c4476c	`* up bitlen/8 bytes.`
Packit	c4476c	`*/`
Packit	c4476c
Packit	c4476c	`static int read_lebn(const unsigned char in, unsigned int nbyte, BIGNUM r)`
Packit	c4476c	`{`
Packit	c4476c	`r = BN_lebin2bn(in, nbyte, NULL);`
Packit	c4476c	`if (*r == NULL)`
Packit	c4476c	`return 0;`
Packit	c4476c	`*in += nbyte;`
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */`
Packit	c4476c
Packit	c4476c	`# define MS_PUBLICKEYBLOB 0x6`
Packit	c4476c	`# define MS_PRIVATEKEYBLOB 0x7`
Packit	c4476c	`# define MS_RSA1MAGIC 0x31415352L`
Packit	c4476c	`# define MS_RSA2MAGIC 0x32415352L`
Packit	c4476c	`# define MS_DSS1MAGIC 0x31535344L`
Packit	c4476c	`# define MS_DSS2MAGIC 0x32535344L`
Packit	c4476c
Packit	c4476c	`# define MS_KEYALG_RSA_KEYX 0xa400`
Packit	c4476c	`# define MS_KEYALG_DSS_SIGN 0x2200`
Packit	c4476c
Packit	c4476c	`# define MS_KEYTYPE_KEYX 0x1`
Packit	c4476c	`# define MS_KEYTYPE_SIGN 0x2`
Packit	c4476c
Packit	c4476c	`/* Maximum length of a blob after header */`
Packit	c4476c	`# define BLOB_MAX_LENGTH 102400`
Packit	c4476c
Packit	c4476c	`/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */`
Packit	c4476c	`# define MS_PVKMAGIC 0xb0b5f11eL`
Packit	c4476c	`/* Salt length for PVK files */`
Packit	c4476c	`# define PVK_SALTLEN 0x10`
Packit	c4476c	`/* Maximum length in PVK header */`
Packit	c4476c	`# define PVK_MAX_KEYLEN 102400`
Packit	c4476c	`/* Maximum salt length */`
Packit	c4476c	`# define PVK_MAX_SALTLEN 10240`
Packit	c4476c
Packit	c4476c	`static EVP_PKEY b2i_rsa(const unsigned char *in,`
Packit	c4476c	`unsigned int bitlen, int ispub);`
Packit	c4476c	`static EVP_PKEY b2i_dss(const unsigned char *in,`
Packit	c4476c	`unsigned int bitlen, int ispub);`
Packit	c4476c
Packit	c4476c	`static int do_blob_header(const unsigned char **in, unsigned int length,`
Packit	c4476c	`unsigned int pmagic, unsigned int pbitlen,`
Packit	c4476c	`int pisdss, int pispub)`
Packit	c4476c	`{`
Packit	c4476c	`const unsigned char p = in;`
Packit	c4476c	`if (length < 16)`
Packit	c4476c	`return 0;`
Packit	c4476c	`/* bType */`
Packit	c4476c	`if (*p == MS_PUBLICKEYBLOB) {`
Packit	c4476c	`if (*pispub == 0) {`
Packit	c4476c	`PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`*pispub = 1;`
Packit	c4476c	`} else if (*p == MS_PRIVATEKEYBLOB) {`
Packit	c4476c	`if (*pispub == 1) {`
Packit	c4476c	`PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`*pispub = 0;`
Packit	c4476c	`} else`
Packit	c4476c	`return 0;`
Packit	c4476c	`p++;`
Packit	c4476c	`/* Version */`
Packit	c4476c	`if (*p++ != 0x2) {`
Packit	c4476c	`PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`/* Ignore reserved, aiKeyAlg */`
Packit	c4476c	`p += 6;`
Packit	c4476c	`*pmagic = read_ledword(&p);`
Packit	c4476c	`*pbitlen = read_ledword(&p);`
Packit	c4476c	`*pisdss = 0;`
Packit	c4476c	`switch (*pmagic) {`
Packit	c4476c
Packit	c4476c	`case MS_DSS1MAGIC:`
Packit	c4476c	`*pisdss = 1;`
Packit	c4476c	`/* fall thru */`
Packit	c4476c	`case MS_RSA1MAGIC:`
Packit	c4476c	`if (*pispub == 0) {`
Packit	c4476c	`PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`break;`
Packit	c4476c
Packit	c4476c	`case MS_DSS2MAGIC:`
Packit	c4476c	`*pisdss = 1;`
Packit	c4476c	`/* fall thru */`
Packit	c4476c	`case MS_RSA2MAGIC:`
Packit	c4476c	`if (*pispub == 1) {`
Packit	c4476c	`PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`break;`
Packit	c4476c
Packit	c4476c	`default:`
Packit	c4476c	`PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);`
Packit	c4476c	`return -1;`
Packit	c4476c	`}`
Packit	c4476c	`*in = p;`
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned int nbyte, hnbyte;`
Packit	c4476c	`nbyte = (bitlen + 7) >> 3;`
Packit	c4476c	`hnbyte = (bitlen + 15) >> 4;`
Packit	c4476c	`if (isdss) {`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* Expected length: 20 for q + 3 components bitlen each + 24 for seed`
Packit	c4476c	`* structure.`
Packit	c4476c	`*/`
Packit	c4476c	`if (ispub)`
Packit	c4476c	`return 44 + 3 * nbyte;`
Packit	c4476c	`/*`
Packit	c4476c	`* Expected length: 20 for q, priv, 2 bitlen components + 24 for seed`
Packit	c4476c	`* structure.`
Packit	c4476c	`*/`
Packit	c4476c	`else`
Packit	c4476c	`return 64 + 2 * nbyte;`
Packit	c4476c	`} else {`
Packit	c4476c	`/* Expected length: 4 for 'e' + 'n' */`
Packit	c4476c	`if (ispub)`
Packit	c4476c	`return 4 + nbyte;`
Packit	c4476c	`else`
Packit	c4476c	`/*`
Packit	c4476c	`* Expected length: 4 for 'e' and 7 other components. 2`
Packit	c4476c	`* components are bitlen size, 5 are bitlen/2`
Packit	c4476c	`*/`
Packit	c4476c	`return 4 + 2 * nbyte + 5 * hnbyte;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static EVP_PKEY do_b2i(const unsigned char *in, unsigned int length,`
Packit	c4476c	`int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`const unsigned char p = in;`
Packit	c4476c	`unsigned int bitlen, magic;`
Packit	c4476c	`int isdss;`
Packit	c4476c	`if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {`
Packit	c4476c	`PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c	`length -= 16;`
Packit	c4476c	`if (length < blob_length(bitlen, isdss, ispub)) {`
Packit	c4476c	`PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c	`if (isdss)`
Packit	c4476c	`return b2i_dss(&p, bitlen, ispub);`
Packit	c4476c	`else`
Packit	c4476c	`return b2i_rsa(&p, bitlen, ispub);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static EVP_PKEY do_b2i_bio(BIO in, int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`const unsigned char *p;`
Packit	c4476c	`unsigned char hdr_buf[16], *buf = NULL;`
Packit	c4476c	`unsigned int bitlen, magic, length;`
Packit	c4476c	`int isdss;`
Packit	c4476c	`EVP_PKEY *ret = NULL;`
Packit	c4476c	`if (BIO_read(in, hdr_buf, 16) != 16) {`
Packit	c4476c	`PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c	`p = hdr_buf;`
Packit	c4476c	`if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)`
Packit	c4476c	`return NULL;`
Packit	c4476c
Packit	c4476c	`length = blob_length(bitlen, isdss, ispub);`
Packit	c4476c	`if (length > BLOB_MAX_LENGTH) {`
Packit	c4476c	`PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c	`buf = OPENSSL_malloc(length);`
Packit	c4476c	`if (buf == NULL) {`
Packit	c4476c	`PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`p = buf;`
Packit	c4476c	`if (BIO_read(in, buf, length) != (int)length) {`
Packit	c4476c	`PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`if (isdss)`
Packit	c4476c	`ret = b2i_dss(&p, bitlen, ispub);`
Packit	c4476c	`else`
Packit	c4476c	`ret = b2i_rsa(&p, bitlen, ispub);`
Packit	c4476c
Packit	c4476c	`err:`
Packit	c4476c	`OPENSSL_free(buf);`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static EVP_PKEY b2i_dss(const unsigned char *in,`
Packit	c4476c	`unsigned int bitlen, int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`const unsigned char p = in;`
Packit	c4476c	`EVP_PKEY *ret = NULL;`
Packit	c4476c	`DSA *dsa = NULL;`
Packit	c4476c	`BN_CTX *ctx = NULL;`
Packit	c4476c	`unsigned int nbyte;`
Packit	c4476c	`BIGNUM pbn = NULL, qbn = NULL, gbn = NULL, priv_key = NULL;`
Packit	c4476c	`BIGNUM *pub_key = NULL;`
Packit	c4476c
Packit	c4476c	`nbyte = (bitlen + 7) >> 3;`
Packit	c4476c
Packit	c4476c	`dsa = DSA_new();`
Packit	c4476c	`ret = EVP_PKEY_new();`
Packit	c4476c	`if (dsa == NULL \|\| ret == NULL)`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!read_lebn(&p, nbyte, &pbn))`
Packit	c4476c	`goto memerr;`
Packit	c4476c
Packit	c4476c	`if (!read_lebn(&p, 20, &qbn))`
Packit	c4476c	`goto memerr;`
Packit	c4476c
Packit	c4476c	`if (!read_lebn(&p, nbyte, &gbn))`
Packit	c4476c	`goto memerr;`
Packit	c4476c
Packit	c4476c	`if (ispub) {`
Packit	c4476c	`if (!read_lebn(&p, nbyte, &pub_key))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`} else {`
Packit	c4476c	`if (!read_lebn(&p, 20, &priv_key))`
Packit	c4476c	`goto memerr;`
Packit	c4476c
Packit	c4476c	`/* Set constant time flag before public key calculation */`
Packit	c4476c	`BN_set_flags(priv_key, BN_FLG_CONSTTIME);`
Packit	c4476c
Packit	c4476c	`/* Calculate public key */`
Packit	c4476c	`pub_key = BN_new();`
Packit	c4476c	`if (pub_key == NULL)`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if ((ctx = BN_CTX_new()) == NULL)`
Packit	c4476c	`goto memerr;`
Packit	c4476c
Packit	c4476c	`if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx))`
Packit	c4476c	`goto memerr;`
Packit	c4476c
Packit	c4476c	`BN_CTX_free(ctx);`
Packit	c4476c	`ctx = NULL;`
Packit	c4476c	`}`
Packit	c4476c	`if (!DSA_set0_pqg(dsa, pbn, qbn, gbn))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`pbn = qbn = gbn = NULL;`
Packit	c4476c	`if (!DSA_set0_key(dsa, pub_key, priv_key))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`pub_key = priv_key = NULL;`
Packit	c4476c
Packit	c4476c	`if (!EVP_PKEY_set1_DSA(ret, dsa))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`DSA_free(dsa);`
Packit	c4476c	`*in = p;`
Packit	c4476c	`return ret;`
Packit	c4476c
Packit	c4476c	`memerr:`
Packit	c4476c	`PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`DSA_free(dsa);`
Packit	c4476c	`BN_free(pbn);`
Packit	c4476c	`BN_free(qbn);`
Packit	c4476c	`BN_free(gbn);`
Packit	c4476c	`BN_free(pub_key);`
Packit	c4476c	`BN_free(priv_key);`
Packit	c4476c	`EVP_PKEY_free(ret);`
Packit	c4476c	`BN_CTX_free(ctx);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static EVP_PKEY b2i_rsa(const unsigned char *in,`
Packit	c4476c	`unsigned int bitlen, int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`const unsigned char pin = in;`
Packit	c4476c	`EVP_PKEY *ret = NULL;`
Packit	c4476c	`BIGNUM e = NULL, n = NULL, *d = NULL;`
Packit	c4476c	`BIGNUM p = NULL, q = NULL, dmp1 = NULL, dmq1 = NULL, *iqmp = NULL;`
Packit	c4476c	`RSA *rsa = NULL;`
Packit	c4476c	`unsigned int nbyte, hnbyte;`
Packit	c4476c	`nbyte = (bitlen + 7) >> 3;`
Packit	c4476c	`hnbyte = (bitlen + 15) >> 4;`
Packit	c4476c	`rsa = RSA_new();`
Packit	c4476c	`ret = EVP_PKEY_new();`
Packit	c4476c	`if (rsa == NULL \|\| ret == NULL)`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`e = BN_new();`
Packit	c4476c	`if (e == NULL)`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!BN_set_word(e, read_ledword(&pin)))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!read_lebn(&pin, nbyte, &n))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!ispub) {`
Packit	c4476c	`if (!read_lebn(&pin, hnbyte, &p))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!read_lebn(&pin, hnbyte, &q))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!read_lebn(&pin, hnbyte, &dmp1))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!read_lebn(&pin, hnbyte, &dmq1))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!read_lebn(&pin, hnbyte, &iqmp))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!read_lebn(&pin, nbyte, &d))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`if (!RSA_set0_factors(rsa, p, q))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`p = q = NULL;`
Packit	c4476c	`if (!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`dmp1 = dmq1 = iqmp = NULL;`
Packit	c4476c	`}`
Packit	c4476c	`if (!RSA_set0_key(rsa, n, e, d))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`n = e = d = NULL;`
Packit	c4476c
Packit	c4476c	`if (!EVP_PKEY_set1_RSA(ret, rsa))`
Packit	c4476c	`goto memerr;`
Packit	c4476c	`RSA_free(rsa);`
Packit	c4476c	`*in = pin;`
Packit	c4476c	`return ret;`
Packit	c4476c	`memerr:`
Packit	c4476c	`PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`BN_free(e);`
Packit	c4476c	`BN_free(n);`
Packit	c4476c	`BN_free(p);`
Packit	c4476c	`BN_free(q);`
Packit	c4476c	`BN_free(dmp1);`
Packit	c4476c	`BN_free(dmq1);`
Packit	c4476c	`BN_free(iqmp);`
Packit	c4476c	`BN_free(d);`
Packit	c4476c	`RSA_free(rsa);`
Packit	c4476c	`EVP_PKEY_free(ret);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`EVP_PKEY b2i_PrivateKey(const unsigned char *in, long length)`
Packit	c4476c	`{`
Packit	c4476c	`return do_b2i(in, length, 0);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`EVP_PKEY b2i_PublicKey(const unsigned char *in, long length)`
Packit	c4476c	`{`
Packit	c4476c	`return do_b2i(in, length, 1);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`EVP_PKEY b2i_PrivateKey_bio(BIO in)`
Packit	c4476c	`{`
Packit	c4476c	`return do_b2i_bio(in, 0);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`EVP_PKEY b2i_PublicKey_bio(BIO in)`
Packit	c4476c	`{`
Packit	c4476c	`return do_b2i_bio(in, 1);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static void write_ledword(unsigned char **out, unsigned int dw)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned char p = out;`
Packit	c4476c	`*p++ = dw & 0xff;`
Packit	c4476c	`*p++ = (dw >> 8) & 0xff;`
Packit	c4476c	`*p++ = (dw >> 16) & 0xff;`
Packit	c4476c	`*p++ = (dw >> 24) & 0xff;`
Packit	c4476c	`*out = p;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static void write_lebn(unsigned char *out, const BIGNUM bn, int len)`
Packit	c4476c	`{`
Packit	c4476c	`BN_bn2lebinpad(bn, *out, len);`
Packit	c4476c	`*out += len;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int check_bitlen_rsa(RSA rsa, int ispub, unsigned int magic);`
Packit	c4476c	`static int check_bitlen_dsa(DSA dsa, int ispub, unsigned int magic);`
Packit	c4476c
Packit	c4476c	`static void write_rsa(unsigned char *out, RSA rsa, int ispub);`
Packit	c4476c	`static void write_dsa(unsigned char *out, DSA dsa, int ispub);`
Packit	c4476c
Packit	c4476c	`static int do_i2b(unsigned char *out, EVP_PKEY pk, int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned char *p;`
Packit	c4476c	`unsigned int bitlen, magic = 0, keyalg;`
Packit	c4476c	`int outlen, noinc = 0;`
Packit	c4476c	`int pktype = EVP_PKEY_id(pk);`
Packit	c4476c	`if (pktype == EVP_PKEY_DSA) {`
Packit	c4476c	`bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);`
Packit	c4476c	`keyalg = MS_KEYALG_DSS_SIGN;`
Packit	c4476c	`} else if (pktype == EVP_PKEY_RSA) {`
Packit	c4476c	`bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic);`
Packit	c4476c	`keyalg = MS_KEYALG_RSA_KEYX;`
Packit	c4476c	`} else`
Packit	c4476c	`return -1;`
Packit	c4476c	`if (bitlen == 0)`
Packit	c4476c	`return -1;`
Packit	c4476c	`outlen = 16 + blob_length(bitlen,`
Packit	c4476c	`keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);`
Packit	c4476c	`if (out == NULL)`
Packit	c4476c	`return outlen;`
Packit	c4476c	`if (*out)`
Packit	c4476c	`p = *out;`
Packit	c4476c	`else {`
Packit	c4476c	`if ((p = OPENSSL_malloc(outlen)) == NULL) {`
Packit	c4476c	`PEMerr(PEM_F_DO_I2B, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`return -1;`
Packit	c4476c	`}`
Packit	c4476c	`*out = p;`
Packit	c4476c	`noinc = 1;`
Packit	c4476c	`}`
Packit	c4476c	`if (ispub)`
Packit	c4476c	`*p++ = MS_PUBLICKEYBLOB;`
Packit	c4476c	`else`
Packit	c4476c	`*p++ = MS_PRIVATEKEYBLOB;`
Packit	c4476c	`*p++ = 0x2;`
Packit	c4476c	`*p++ = 0;`
Packit	c4476c	`*p++ = 0;`
Packit	c4476c	`write_ledword(&p, keyalg);`
Packit	c4476c	`write_ledword(&p, magic);`
Packit	c4476c	`write_ledword(&p, bitlen);`
Packit	c4476c	`if (keyalg == MS_KEYALG_DSS_SIGN)`
Packit	c4476c	`write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);`
Packit	c4476c	`else`
Packit	c4476c	`write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub);`
Packit	c4476c	`if (!noinc)`
Packit	c4476c	`*out += outlen;`
Packit	c4476c	`return outlen;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int do_i2b_bio(BIO out, EVP_PKEY pk, int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned char *tmp = NULL;`
Packit	c4476c	`int outlen, wrlen;`
Packit	c4476c	`outlen = do_i2b(&tmp, pk, ispub);`
Packit	c4476c	`if (outlen < 0)`
Packit	c4476c	`return -1;`
Packit	c4476c	`wrlen = BIO_write(out, tmp, outlen);`
Packit	c4476c	`OPENSSL_free(tmp);`
Packit	c4476c	`if (wrlen == outlen)`
Packit	c4476c	`return outlen;`
Packit	c4476c	`return -1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int check_bitlen_dsa(DSA dsa, int ispub, unsigned int pmagic)`
Packit	c4476c	`{`
Packit	c4476c	`int bitlen;`
Packit	c4476c	`const BIGNUM p = NULL, q = NULL, *g = NULL;`
Packit	c4476c	`const BIGNUM pub_key = NULL, priv_key = NULL;`
Packit	c4476c
Packit	c4476c	`DSA_get0_pqg(dsa, &p, &q, &g);`
Packit	c4476c	`DSA_get0_key(dsa, &pub_key, &priv_key);`
Packit	c4476c	`bitlen = BN_num_bits(p);`
Packit	c4476c	`if ((bitlen & 7) \|\| (BN_num_bits(q) != 160)`
Packit	c4476c	`\|\| (BN_num_bits(g) > bitlen))`
Packit	c4476c	`goto badkey;`
Packit	c4476c	`if (ispub) {`
Packit	c4476c	`if (BN_num_bits(pub_key) > bitlen)`
Packit	c4476c	`goto badkey;`
Packit	c4476c	`*pmagic = MS_DSS1MAGIC;`
Packit	c4476c	`} else {`
Packit	c4476c	`if (BN_num_bits(priv_key) > 160)`
Packit	c4476c	`goto badkey;`
Packit	c4476c	`*pmagic = MS_DSS2MAGIC;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`return bitlen;`
Packit	c4476c	`badkey:`
Packit	c4476c	`PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int check_bitlen_rsa(RSA rsa, int ispub, unsigned int pmagic)`
Packit	c4476c	`{`
Packit	c4476c	`int nbyte, hnbyte, bitlen;`
Packit	c4476c	`const BIGNUM *e;`
Packit	c4476c
Packit	c4476c	`RSA_get0_key(rsa, NULL, &e, NULL);`
Packit	c4476c	`if (BN_num_bits(e) > 32)`
Packit	c4476c	`goto badkey;`
Packit	c4476c	`bitlen = RSA_bits(rsa);`
Packit	c4476c	`nbyte = RSA_size(rsa);`
Packit	c4476c	`hnbyte = (bitlen + 15) >> 4;`
Packit	c4476c	`if (ispub) {`
Packit	c4476c	`*pmagic = MS_RSA1MAGIC;`
Packit	c4476c	`return bitlen;`
Packit	c4476c	`} else {`
Packit	c4476c	`const BIGNUM d, p, q, iqmp, dmp1, dmq1;`
Packit	c4476c
Packit	c4476c	`*pmagic = MS_RSA2MAGIC;`
Packit	c4476c
Packit	c4476c	`/*`
Packit	c4476c	`* For private key each component must fit within nbyte or hnbyte.`
Packit	c4476c	`*/`
Packit	c4476c	`RSA_get0_key(rsa, NULL, NULL, &d);`
Packit	c4476c	`if (BN_num_bytes(d) > nbyte)`
Packit	c4476c	`goto badkey;`
Packit	c4476c	`RSA_get0_factors(rsa, &p, &q);`
Packit	c4476c	`RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);`
Packit	c4476c	`if ((BN_num_bytes(iqmp) > hnbyte)`
Packit	c4476c	`\|\| (BN_num_bytes(p) > hnbyte)`
Packit	c4476c	`\|\| (BN_num_bytes(q) > hnbyte)`
Packit	c4476c	`\|\| (BN_num_bytes(dmp1) > hnbyte)`
Packit	c4476c	`\|\| (BN_num_bytes(dmq1) > hnbyte))`
Packit	c4476c	`goto badkey;`
Packit	c4476c	`}`
Packit	c4476c	`return bitlen;`
Packit	c4476c	`badkey:`
Packit	c4476c	`PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static void write_rsa(unsigned char *out, RSA rsa, int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`int nbyte, hnbyte;`
Packit	c4476c	`const BIGNUM n, d, e, p, q, iqmp, dmp1, dmq1;`
Packit	c4476c
Packit	c4476c	`nbyte = RSA_size(rsa);`
Packit	c4476c	`hnbyte = (RSA_bits(rsa) + 15) >> 4;`
Packit	c4476c	`RSA_get0_key(rsa, &n, &e, &d);`
Packit	c4476c	`write_lebn(out, e, 4);`
Packit	c4476c	`write_lebn(out, n, nbyte);`
Packit	c4476c	`if (ispub)`
Packit	c4476c	`return;`
Packit	c4476c	`RSA_get0_factors(rsa, &p, &q);`
Packit	c4476c	`RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);`
Packit	c4476c	`write_lebn(out, p, hnbyte);`
Packit	c4476c	`write_lebn(out, q, hnbyte);`
Packit	c4476c	`write_lebn(out, dmp1, hnbyte);`
Packit	c4476c	`write_lebn(out, dmq1, hnbyte);`
Packit	c4476c	`write_lebn(out, iqmp, hnbyte);`
Packit	c4476c	`write_lebn(out, d, nbyte);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static void write_dsa(unsigned char *out, DSA dsa, int ispub)`
Packit	c4476c	`{`
Packit	c4476c	`int nbyte;`
Packit	c4476c	`const BIGNUM p = NULL, q = NULL, *g = NULL;`
Packit	c4476c	`const BIGNUM pub_key = NULL, priv_key = NULL;`
Packit	c4476c
Packit	c4476c	`DSA_get0_pqg(dsa, &p, &q, &g);`
Packit	c4476c	`DSA_get0_key(dsa, &pub_key, &priv_key);`
Packit	c4476c	`nbyte = BN_num_bytes(p);`
Packit	c4476c	`write_lebn(out, p, nbyte);`
Packit	c4476c	`write_lebn(out, q, 20);`
Packit	c4476c	`write_lebn(out, g, nbyte);`
Packit	c4476c	`if (ispub)`
Packit	c4476c	`write_lebn(out, pub_key, nbyte);`
Packit	c4476c	`else`
Packit	c4476c	`write_lebn(out, priv_key, 20);`
Packit	c4476c	`/* Set "invalid" for seed structure values */`
Packit	c4476c	`memset(*out, 0xff, 24);`
Packit	c4476c	`*out += 24;`
Packit	c4476c	`return;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int i2b_PrivateKey_bio(BIO out, EVP_PKEY pk)`
Packit	c4476c	`{`
Packit	c4476c	`return do_i2b_bio(out, pk, 0);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int i2b_PublicKey_bio(BIO out, EVP_PKEY pk)`
Packit	c4476c	`{`
Packit	c4476c	`return do_i2b_bio(out, pk, 1);`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`# ifndef OPENSSL_NO_RC4`
Packit	c4476c
Packit	c4476c	`static int do_PVK_header(const unsigned char **in, unsigned int length,`
Packit	c4476c	`int skip_magic,`
Packit	c4476c	`unsigned int psaltlen, unsigned int pkeylen)`
Packit	c4476c	`{`
Packit	c4476c	`const unsigned char p = in;`
Packit	c4476c	`unsigned int pvk_magic, is_encrypted;`
Packit	c4476c	`if (skip_magic) {`
Packit	c4476c	`if (length < 20) {`
Packit	c4476c	`PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`} else {`
Packit	c4476c	`if (length < 24) {`
Packit	c4476c	`PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`pvk_magic = read_ledword(&p);`
Packit	c4476c	`if (pvk_magic != MS_PVKMAGIC) {`
Packit	c4476c	`PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`/* Skip reserved */`
Packit	c4476c	`p += 4;`
Packit	c4476c	`/*`
Packit	c4476c	`* keytype =`
Packit	c4476c	`*/ read_ledword(&p);`
Packit	c4476c	`is_encrypted = read_ledword(&p);`
Packit	c4476c	`*psaltlen = read_ledword(&p);`
Packit	c4476c	`*pkeylen = read_ledword(&p);`
Packit	c4476c
Packit	c4476c	`if (pkeylen > PVK_MAX_KEYLEN \|\| psaltlen > PVK_MAX_SALTLEN)`
Packit	c4476c	`return 0;`
Packit	c4476c
Packit	c4476c	`if (is_encrypted && !*psaltlen) {`
Packit	c4476c	`PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`*in = p;`
Packit	c4476c	`return 1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int derive_pvk_key(unsigned char *key,`
Packit	c4476c	`const unsigned char *salt, unsigned int saltlen,`
Packit	c4476c	`const unsigned char *pass, int passlen)`
Packit	c4476c	`{`
Packit	c4476c	`EVP_MD_CTX *mctx = EVP_MD_CTX_new();`
Packit	c4476c	`int rv = 1;`
Packit	c4476c	`if (mctx == NULL`
Packit	c4476c	`\|\| !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)`
Packit	c4476c	`\|\| !EVP_DigestUpdate(mctx, salt, saltlen)`
Packit	c4476c	`\|\| !EVP_DigestUpdate(mctx, pass, passlen)`
Packit	c4476c	`\|\| !EVP_DigestFinal_ex(mctx, key, NULL))`
Packit	c4476c	`rv = 0;`
Packit	c4476c
Packit	c4476c	`EVP_MD_CTX_free(mctx);`
Packit	c4476c	`return rv;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static EVP_PKEY do_PVK_body(const unsigned char *in,`
Packit	c4476c	`unsigned int saltlen, unsigned int keylen,`
Packit	c4476c	`pem_password_cb cb, void u)`
Packit	c4476c	`{`
Packit	c4476c	`EVP_PKEY *ret = NULL;`
Packit	c4476c	`const unsigned char p = in;`
Packit	c4476c	`unsigned int magic;`
Packit	c4476c	`unsigned char enctmp = NULL, q;`
Packit	c4476c	`unsigned char keybuf[20];`
Packit	c4476c
Packit	c4476c	`EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();`
Packit	c4476c	`if (saltlen) {`
Packit	c4476c	`char psbuf[PEM_BUFSIZE];`
Packit	c4476c	`int enctmplen, inlen;`
Packit	c4476c	`if (cb)`
Packit	c4476c	`inlen = cb(psbuf, PEM_BUFSIZE, 0, u);`
Packit	c4476c	`else`
Packit	c4476c	`inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);`
Packit	c4476c	`if (inlen < 0) {`
Packit	c4476c	`PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`enctmp = OPENSSL_malloc(keylen + 8);`
Packit	c4476c	`if (enctmp == NULL) {`
Packit	c4476c	`PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`if (!derive_pvk_key(keybuf, p, saltlen,`
Packit	c4476c	`(unsigned char *)psbuf, inlen))`
Packit	c4476c	`goto err;`
Packit	c4476c	`p += saltlen;`
Packit	c4476c	`/* Copy BLOBHEADER across, decrypt rest */`
Packit	c4476c	`memcpy(enctmp, p, 8);`
Packit	c4476c	`p += 8;`
Packit	c4476c	`if (keylen < 8) {`
Packit	c4476c	`PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`inlen = keylen - 8;`
Packit	c4476c	`q = enctmp + 8;`
Packit	c4476c	`if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))`
Packit	c4476c	`goto err;`
Packit	c4476c	`if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))`
Packit	c4476c	`goto err;`
Packit	c4476c	`if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))`
Packit	c4476c	`goto err;`
Packit	c4476c	`magic = read_ledword((const unsigned char **)&q);`
Packit	c4476c	`if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {`
Packit	c4476c	`q = enctmp + 8;`
Packit	c4476c	`memset(keybuf + 5, 0, 11);`
Packit	c4476c	`if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))`
Packit	c4476c	`goto err;`
Packit	c4476c	`if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))`
Packit	c4476c	`goto err;`
Packit	c4476c	`if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))`
Packit	c4476c	`goto err;`
Packit	c4476c	`magic = read_ledword((const unsigned char **)&q);`
Packit	c4476c	`if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {`
Packit	c4476c	`PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c	`p = enctmp;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`ret = b2i_PrivateKey(&p, keylen);`
Packit	c4476c	`err:`
Packit	c4476c	`EVP_CIPHER_CTX_free(cctx);`
Packit	c4476c	`if (enctmp != NULL) {`
Packit	c4476c	`OPENSSL_cleanse(keybuf, sizeof(keybuf));`
Packit	c4476c	`OPENSSL_free(enctmp);`
Packit	c4476c	`}`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`EVP_PKEY b2i_PVK_bio(BIO in, pem_password_cb cb, void u)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned char pvk_hdr[24], *buf = NULL;`
Packit	c4476c	`const unsigned char *p;`
Packit	c4476c	`int buflen;`
Packit	c4476c	`EVP_PKEY *ret = NULL;`
Packit	c4476c	`unsigned int saltlen, keylen;`
Packit	c4476c	`if (BIO_read(in, pvk_hdr, 24) != 24) {`
Packit	c4476c	`PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);`
Packit	c4476c	`return NULL;`
Packit	c4476c	`}`
Packit	c4476c	`p = pvk_hdr;`
Packit	c4476c
Packit	c4476c	`if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))`
Packit	c4476c	`return 0;`
Packit	c4476c	`buflen = (int)keylen + saltlen;`
Packit	c4476c	`buf = OPENSSL_malloc(buflen);`
Packit	c4476c	`if (buf == NULL) {`
Packit	c4476c	`PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`return 0;`
Packit	c4476c	`}`
Packit	c4476c	`p = buf;`
Packit	c4476c	`if (BIO_read(in, buf, buflen) != buflen) {`
Packit	c4476c	`PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);`
Packit	c4476c	`goto err;`
Packit	c4476c	`}`
Packit	c4476c	`ret = do_PVK_body(&p, saltlen, keylen, cb, u);`
Packit	c4476c
Packit	c4476c	`err:`
Packit	c4476c	`OPENSSL_clear_free(buf, buflen);`
Packit	c4476c	`return ret;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`static int i2b_PVK(unsigned char *out, EVP_PKEY pk, int enclevel,`
Packit	c4476c	`pem_password_cb cb, void u)`
Packit	c4476c	`{`
Packit	c4476c	`int outlen = 24, pklen;`
Packit	c4476c	`unsigned char p = NULL, start = NULL, *salt = NULL;`
Packit	c4476c	`EVP_CIPHER_CTX *cctx = NULL;`
Packit	c4476c	`if (enclevel)`
Packit	c4476c	`outlen += PVK_SALTLEN;`
Packit	c4476c	`pklen = do_i2b(NULL, pk, 0);`
Packit	c4476c	`if (pklen < 0)`
Packit	c4476c	`return -1;`
Packit	c4476c	`outlen += pklen;`
Packit	c4476c	`if (out == NULL)`
Packit	c4476c	`return outlen;`
Packit	c4476c	`if (*out != NULL) {`
Packit	c4476c	`p = *out;`
Packit	c4476c	`} else {`
Packit	c4476c	`start = p = OPENSSL_malloc(outlen);`
Packit	c4476c	`if (p == NULL) {`
Packit	c4476c	`PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);`
Packit	c4476c	`return -1;`
Packit	c4476c	`}`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`cctx = EVP_CIPHER_CTX_new();`
Packit	c4476c	`if (cctx == NULL)`
Packit	c4476c	`goto error;`
Packit	c4476c
Packit	c4476c	`write_ledword(&p, MS_PVKMAGIC);`
Packit	c4476c	`write_ledword(&p, 0);`
Packit	c4476c	`if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)`
Packit	c4476c	`write_ledword(&p, MS_KEYTYPE_SIGN);`
Packit	c4476c	`else`
Packit	c4476c	`write_ledword(&p, MS_KEYTYPE_KEYX);`
Packit	c4476c	`write_ledword(&p, enclevel ? 1 : 0);`
Packit	c4476c	`write_ledword(&p, enclevel ? PVK_SALTLEN : 0);`
Packit	c4476c	`write_ledword(&p, pklen);`
Packit	c4476c	`if (enclevel) {`
Packit	c4476c	`if (RAND_bytes(p, PVK_SALTLEN) <= 0)`
Packit	c4476c	`goto error;`
Packit	c4476c	`salt = p;`
Packit	c4476c	`p += PVK_SALTLEN;`
Packit	c4476c	`}`
Packit	c4476c	`do_i2b(&p, pk, 0);`
Packit	c4476c	`if (enclevel != 0) {`
Packit	c4476c	`char psbuf[PEM_BUFSIZE];`
Packit	c4476c	`unsigned char keybuf[20];`
Packit	c4476c	`int enctmplen, inlen;`
Packit	c4476c	`if (cb)`
Packit	c4476c	`inlen = cb(psbuf, PEM_BUFSIZE, 1, u);`
Packit	c4476c	`else`
Packit	c4476c	`inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);`
Packit	c4476c	`if (inlen <= 0) {`
Packit	c4476c	`PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);`
Packit	c4476c	`goto error;`
Packit	c4476c	`}`
Packit	c4476c	`if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,`
Packit	c4476c	`(unsigned char *)psbuf, inlen))`
Packit	c4476c	`goto error;`
Packit	c4476c	`if (enclevel == 1)`
Packit	c4476c	`memset(keybuf + 5, 0, 11);`
Packit	c4476c	`p = salt + PVK_SALTLEN + 8;`
Packit	c4476c	`if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))`
Packit	c4476c	`goto error;`
Packit	c4476c	`OPENSSL_cleanse(keybuf, 20);`
Packit	c4476c	`if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8))`
Packit	c4476c	`goto error;`
Packit	c4476c	`if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen))`
Packit	c4476c	`goto error;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`EVP_CIPHER_CTX_free(cctx);`
Packit	c4476c
Packit	c4476c	`if (*out == NULL)`
Packit	c4476c	`*out = start;`
Packit	c4476c
Packit	c4476c	`return outlen;`
Packit	c4476c
Packit	c4476c	`error:`
Packit	c4476c	`EVP_CIPHER_CTX_free(cctx);`
Packit	c4476c	`if (*out == NULL)`
Packit	c4476c	`OPENSSL_free(start);`
Packit	c4476c	`return -1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`int i2b_PVK_bio(BIO out, EVP_PKEY pk, int enclevel,`
Packit	c4476c	`pem_password_cb cb, void u)`
Packit	c4476c	`{`
Packit	c4476c	`unsigned char *tmp = NULL;`
Packit	c4476c	`int outlen, wrlen;`
Packit	c4476c	`outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);`
Packit	c4476c	`if (outlen < 0)`
Packit	c4476c	`return -1;`
Packit	c4476c	`wrlen = BIO_write(out, tmp, outlen);`
Packit	c4476c	`OPENSSL_free(tmp);`
Packit	c4476c	`if (wrlen == outlen) {`
Packit	c4476c	`PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);`
Packit	c4476c	`return outlen;`
Packit	c4476c	`}`
Packit	c4476c	`return -1;`
Packit	c4476c	`}`
Packit	c4476c
Packit	c4476c	`# endif`
Packit	c4476c
Packit	c4476c	`#endif`

source-git / openssl

Source Code

Blame crypto/pem/pvkfmt.c