2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include "internal/cryptlib.h"
14 #include <openssl/buffer.h>
15 #include <openssl/objects.h>
16 #include <openssl/evp.h>
17 #include <openssl/rand.h>
18 #include <openssl/x509.h>
19 #include <openssl/pem.h>
20 #include <openssl/pkcs12.h>
21 #include "internal/asn1_int.h"
22 #include <openssl/des.h>
23 #include <openssl/engine.h>
27 static int load_iv(char **fromp
, unsigned char *to
, int num
);
28 static int check_pem(const char *nm
, const char *name
);
29 int pem_check_suffix(const char *pem_str
, const char *suffix
);
31 int PEM_def_callback(char *buf
, int num
, int w
, void *key
)
33 #if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
42 i
= (i
> num
) ? num
: i
;
47 #if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI)
48 PEMerr(PEM_F_PEM_DEF_CALLBACK
, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
);
51 prompt
= EVP_get_pw_prompt();
53 prompt
= "Enter PEM pass phrase:";
57 * We assume that w == 0 means decryption,
58 * while w == 1 means encryption
60 int min_len
= w
? MIN_LENGTH
: 0;
62 i
= EVP_read_pw_string_min(buf
, min_len
, num
, prompt
, w
);
64 PEMerr(PEM_F_PEM_DEF_CALLBACK
, PEM_R_PROBLEMS_GETTING_PASSWORD
);
65 memset(buf
, 0, (unsigned int)num
);
69 if (min_len
&& j
< min_len
) {
71 "phrase is too short, needs to be at least %d chars\n",
80 void PEM_proc_type(char *buf
, int type
)
84 if (type
== PEM_TYPE_ENCRYPTED
)
86 else if (type
== PEM_TYPE_MIC_CLEAR
)
88 else if (type
== PEM_TYPE_MIC_ONLY
)
93 OPENSSL_strlcat(buf
, "Proc-Type: 4,", PEM_BUFSIZE
);
94 OPENSSL_strlcat(buf
, str
, PEM_BUFSIZE
);
95 OPENSSL_strlcat(buf
, "\n", PEM_BUFSIZE
);
98 void PEM_dek_info(char *buf
, const char *type
, int len
, char *str
)
100 static const unsigned char map
[17] = "0123456789ABCDEF";
104 OPENSSL_strlcat(buf
, "DEK-Info: ", PEM_BUFSIZE
);
105 OPENSSL_strlcat(buf
, type
, PEM_BUFSIZE
);
106 OPENSSL_strlcat(buf
, ",", PEM_BUFSIZE
);
108 if (j
+ (len
* 2) + 1 > PEM_BUFSIZE
)
110 for (i
= 0; i
< len
; i
++) {
111 buf
[j
+ i
* 2] = map
[(str
[i
] >> 4) & 0x0f];
112 buf
[j
+ i
* 2 + 1] = map
[(str
[i
]) & 0x0f];
114 buf
[j
+ i
* 2] = '\n';
115 buf
[j
+ i
* 2 + 1] = '\0';
118 #ifndef OPENSSL_NO_STDIO
119 void *PEM_ASN1_read(d2i_of_void
*d2i
, const char *name
, FILE *fp
, void **x
,
120 pem_password_cb
*cb
, void *u
)
125 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
126 PEMerr(PEM_F_PEM_ASN1_READ
, ERR_R_BUF_LIB
);
129 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
130 ret
= PEM_ASN1_read_bio(d2i
, name
, b
, x
, cb
, u
);
136 static int check_pem(const char *nm
, const char *name
)
138 /* Normal matching nm and name */
139 if (strcmp(nm
, name
) == 0)
142 /* Make PEM_STRING_EVP_PKEY match any private key */
144 if (strcmp(name
, PEM_STRING_EVP_PKEY
) == 0) {
146 const EVP_PKEY_ASN1_METHOD
*ameth
;
147 if (strcmp(nm
, PEM_STRING_PKCS8
) == 0)
149 if (strcmp(nm
, PEM_STRING_PKCS8INF
) == 0)
151 slen
= pem_check_suffix(nm
, "PRIVATE KEY");
154 * NB: ENGINE implementations won't contain a deprecated old
155 * private key decode function so don't look for them.
157 ameth
= EVP_PKEY_asn1_find_str(NULL
, nm
, slen
);
158 if (ameth
&& ameth
->old_priv_decode
)
164 if (strcmp(name
, PEM_STRING_PARAMETERS
) == 0) {
166 const EVP_PKEY_ASN1_METHOD
*ameth
;
167 slen
= pem_check_suffix(nm
, "PARAMETERS");
170 ameth
= EVP_PKEY_asn1_find_str(&e
, nm
, slen
);
173 if (ameth
->param_decode
)
177 #ifndef OPENSSL_NO_ENGINE
185 /* If reading DH parameters handle X9.42 DH format too */
186 if (strcmp(nm
, PEM_STRING_DHXPARAMS
) == 0
187 && strcmp(name
, PEM_STRING_DHPARAMS
) == 0)
190 /* Permit older strings */
192 if (strcmp(nm
, PEM_STRING_X509_OLD
) == 0
193 && strcmp(name
, PEM_STRING_X509
) == 0)
196 if (strcmp(nm
, PEM_STRING_X509_REQ_OLD
) == 0
197 && strcmp(name
, PEM_STRING_X509_REQ
) == 0)
200 /* Allow normal certs to be read as trusted certs */
201 if (strcmp(nm
, PEM_STRING_X509
) == 0
202 && strcmp(name
, PEM_STRING_X509_TRUSTED
) == 0)
205 if (strcmp(nm
, PEM_STRING_X509_OLD
) == 0
206 && strcmp(name
, PEM_STRING_X509_TRUSTED
) == 0)
209 /* Some CAs use PKCS#7 with CERTIFICATE headers */
210 if (strcmp(nm
, PEM_STRING_X509
) == 0
211 && strcmp(name
, PEM_STRING_PKCS7
) == 0)
214 if (strcmp(nm
, PEM_STRING_PKCS7_SIGNED
) == 0
215 && strcmp(name
, PEM_STRING_PKCS7
) == 0)
218 #ifndef OPENSSL_NO_CMS
219 if (strcmp(nm
, PEM_STRING_X509
) == 0
220 && strcmp(name
, PEM_STRING_CMS
) == 0)
222 /* Allow CMS to be read from PKCS#7 headers */
223 if (strcmp(nm
, PEM_STRING_PKCS7
) == 0
224 && strcmp(name
, PEM_STRING_CMS
) == 0)
231 int PEM_bytes_read_bio(unsigned char **pdata
, long *plen
, char **pnm
,
232 const char *name
, BIO
*bp
, pem_password_cb
*cb
,
235 EVP_CIPHER_INFO cipher
;
236 char *nm
= NULL
, *header
= NULL
;
237 unsigned char *data
= NULL
;
242 if (!PEM_read_bio(bp
, &nm
, &header
, &data
, &len
)) {
243 if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE
)
244 ERR_add_error_data(2, "Expecting: ", name
);
247 if (check_pem(nm
, name
))
250 OPENSSL_free(header
);
253 if (!PEM_get_EVP_CIPHER_INFO(header
, &cipher
))
255 if (!PEM_do_header(&cipher
, data
, &len
, cb
, u
))
269 OPENSSL_free(header
);
275 #ifndef OPENSSL_NO_STDIO
276 int PEM_ASN1_write(i2d_of_void
*i2d
, const char *name
, FILE *fp
,
277 void *x
, const EVP_CIPHER
*enc
, unsigned char *kstr
,
278 int klen
, pem_password_cb
*callback
, void *u
)
283 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
284 PEMerr(PEM_F_PEM_ASN1_WRITE
, ERR_R_BUF_LIB
);
287 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
288 ret
= PEM_ASN1_write_bio(i2d
, name
, b
, x
, enc
, kstr
, klen
, callback
, u
);
294 int PEM_ASN1_write_bio(i2d_of_void
*i2d
, const char *name
, BIO
*bp
,
295 void *x
, const EVP_CIPHER
*enc
, unsigned char *kstr
,
296 int klen
, pem_password_cb
*callback
, void *u
)
298 EVP_CIPHER_CTX
*ctx
= NULL
;
299 int dsize
= 0, i
= 0, j
= 0, ret
= 0;
300 unsigned char *p
, *data
= NULL
;
301 const char *objstr
= NULL
;
302 char buf
[PEM_BUFSIZE
];
303 unsigned char key
[EVP_MAX_KEY_LENGTH
];
304 unsigned char iv
[EVP_MAX_IV_LENGTH
];
307 objstr
= OBJ_nid2sn(EVP_CIPHER_nid(enc
));
308 if (objstr
== NULL
|| EVP_CIPHER_iv_length(enc
) == 0) {
309 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO
, PEM_R_UNSUPPORTED_CIPHER
);
314 if ((dsize
= i2d(x
, NULL
)) < 0) {
315 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO
, ERR_R_ASN1_LIB
);
319 /* dzise + 8 bytes are needed */
320 /* actually it needs the cipher block size extra... */
321 data
= OPENSSL_malloc((unsigned int)dsize
+ 20);
323 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO
, ERR_R_MALLOC_FAILURE
);
331 if (callback
== NULL
)
332 klen
= PEM_def_callback(buf
, PEM_BUFSIZE
, 1, u
);
334 klen
= (*callback
) (buf
, PEM_BUFSIZE
, 1, u
);
336 PEMerr(PEM_F_PEM_ASN1_WRITE_BIO
, PEM_R_READ_KEY
);
339 #ifdef CHARSET_EBCDIC
340 /* Convert the pass phrase from EBCDIC */
341 ebcdic2ascii(buf
, buf
, klen
);
343 kstr
= (unsigned char *)buf
;
345 RAND_add(data
, i
, 0); /* put in the RSA key. */
346 OPENSSL_assert(EVP_CIPHER_iv_length(enc
) <= (int)sizeof(iv
));
347 if (RAND_bytes(iv
, EVP_CIPHER_iv_length(enc
)) <= 0) /* Generate a salt */
350 * The 'iv' is used as the iv and as a salt. It is NOT taken from
351 * the BytesToKey function
353 if (!EVP_BytesToKey(enc
, EVP_md5(), iv
, kstr
, klen
, 1, key
, NULL
))
356 if (kstr
== (unsigned char *)buf
)
357 OPENSSL_cleanse(buf
, PEM_BUFSIZE
);
359 OPENSSL_assert(strlen(objstr
) + 23 + 2 * EVP_CIPHER_iv_length(enc
) + 13
363 PEM_proc_type(buf
, PEM_TYPE_ENCRYPTED
);
364 PEM_dek_info(buf
, objstr
, EVP_CIPHER_iv_length(enc
), (char *)iv
);
368 if ((ctx
= EVP_CIPHER_CTX_new()) == NULL
369 || !EVP_EncryptInit_ex(ctx
, enc
, NULL
, key
, iv
)
370 || !EVP_EncryptUpdate(ctx
, data
, &j
, data
, i
)
371 || !EVP_EncryptFinal_ex(ctx
, &(data
[j
]), &i
))
380 i
= PEM_write_bio(bp
, name
, buf
, data
, i
);
384 OPENSSL_cleanse(key
, sizeof(key
));
385 OPENSSL_cleanse(iv
, sizeof(iv
));
386 EVP_CIPHER_CTX_free(ctx
);
387 OPENSSL_cleanse(buf
, PEM_BUFSIZE
);
388 OPENSSL_clear_free(data
, (unsigned int)dsize
);
392 int PEM_do_header(EVP_CIPHER_INFO
*cipher
, unsigned char *data
, long *plen
,
393 pem_password_cb
*callback
, void *u
)
398 int ilen
= (int) len
; /* EVP_DecryptUpdate etc. take int lengths */
400 unsigned char key
[EVP_MAX_KEY_LENGTH
];
401 char buf
[PEM_BUFSIZE
];
403 #if LONG_MAX > INT_MAX
404 /* Check that we did not truncate the length */
406 PEMerr(PEM_F_PEM_DO_HEADER
, PEM_R_HEADER_TOO_LONG
);
411 if (cipher
->cipher
== NULL
)
413 if (callback
== NULL
)
414 keylen
= PEM_def_callback(buf
, PEM_BUFSIZE
, 0, u
);
416 keylen
= callback(buf
, PEM_BUFSIZE
, 0, u
);
418 PEMerr(PEM_F_PEM_DO_HEADER
, PEM_R_BAD_PASSWORD_READ
);
421 #ifdef CHARSET_EBCDIC
422 /* Convert the pass phrase from EBCDIC */
423 ebcdic2ascii(buf
, buf
, keylen
);
426 if (!EVP_BytesToKey(cipher
->cipher
, EVP_md5(), &(cipher
->iv
[0]),
427 (unsigned char *)buf
, keylen
, 1, key
, NULL
))
430 ctx
= EVP_CIPHER_CTX_new();
434 ok
= EVP_DecryptInit_ex(ctx
, cipher
->cipher
, NULL
, key
, &(cipher
->iv
[0]));
436 ok
= EVP_DecryptUpdate(ctx
, data
, &ilen
, data
, ilen
);
438 /* Squirrel away the length of data decrypted so far. */
440 ok
= EVP_DecryptFinal_ex(ctx
, &(data
[ilen
]), &ilen
);
445 PEMerr(PEM_F_PEM_DO_HEADER
, PEM_R_BAD_DECRYPT
);
447 EVP_CIPHER_CTX_free(ctx
);
448 OPENSSL_cleanse((char *)buf
, sizeof(buf
));
449 OPENSSL_cleanse((char *)key
, sizeof(key
));
454 * This implements a very limited PEM header parser that does not support the
455 * full grammar of rfc1421. In particular, folded headers are not supported,
456 * nor is additional whitespace.
458 * A robust implementation would make use of a library that turns the headers
459 * into a BIO from which one folded line is read at a time, and is then split
460 * into a header label and content. We would then parse the content of the
461 * headers we care about. This is overkill for just this limited use-case, but
462 * presumably we also parse rfc822-style headers for S/MIME, so a common
463 * abstraction might well be more generally useful.
465 int PEM_get_EVP_CIPHER_INFO(char *header
, EVP_CIPHER_INFO
*cipher
)
467 static const char ProcType
[] = "Proc-Type:";
468 static const char ENCRYPTED
[] = "ENCRYPTED";
469 static const char DEKInfo
[] = "DEK-Info:";
470 const EVP_CIPHER
*enc
= NULL
;
472 char *dekinfostart
, c
;
474 cipher
->cipher
= NULL
;
475 if ((header
== NULL
) || (*header
== '\0') || (*header
== '\n'))
478 if (strncmp(header
, ProcType
, sizeof(ProcType
)-1) != 0) {
479 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO
, PEM_R_NOT_PROC_TYPE
);
482 header
+= sizeof(ProcType
)-1;
483 header
+= strspn(header
, " \t");
485 if (*header
++ != '4' || *header
++ != ',')
487 header
+= strspn(header
, " \t");
489 /* We expect "ENCRYPTED" followed by optional white-space + line break */
490 if (strncmp(header
, ENCRYPTED
, sizeof(ENCRYPTED
)-1) != 0 ||
491 strspn(header
+sizeof(ENCRYPTED
)-1, " \t\r\n") == 0) {
492 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO
, PEM_R_NOT_ENCRYPTED
);
495 header
+= sizeof(ENCRYPTED
)-1;
496 header
+= strspn(header
, " \t\r");
497 if (*header
++ != '\n') {
498 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO
, PEM_R_SHORT_HEADER
);
503 * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
504 * We expect "DEK-Info: algo[,hex-parameters]"
506 if (strncmp(header
, DEKInfo
, sizeof(DEKInfo
)-1) != 0) {
507 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO
, PEM_R_NOT_DEK_INFO
);
510 header
+= sizeof(DEKInfo
)-1;
511 header
+= strspn(header
, " \t");
514 * DEK-INFO is a comma-separated combination of algorithm name and optional
517 dekinfostart
= header
;
518 header
+= strcspn(header
, " \t,");
521 cipher
->cipher
= enc
= EVP_get_cipherbyname(dekinfostart
);
523 header
+= strspn(header
, " \t");
526 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO
, PEM_R_UNSUPPORTED_ENCRYPTION
);
529 ivlen
= EVP_CIPHER_iv_length(enc
);
530 if (ivlen
> 0 && *header
++ != ',') {
531 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO
, PEM_R_MISSING_DEK_IV
);
533 } else if (ivlen
== 0 && *header
== ',') {
534 PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO
, PEM_R_UNEXPECTED_DEK_IV
);
538 if (!load_iv(&header
, cipher
->iv
, EVP_CIPHER_iv_length(enc
)))
544 static int load_iv(char **fromp
, unsigned char *to
, int num
)
550 for (i
= 0; i
< num
; i
++)
553 for (i
= 0; i
< num
; i
++) {
554 v
= OPENSSL_hexchar2int(*from
);
556 PEMerr(PEM_F_LOAD_IV
, PEM_R_BAD_IV_CHARS
);
560 to
[i
/ 2] |= v
<< (long)((!(i
& 1)) * 4);
567 #ifndef OPENSSL_NO_STDIO
568 int PEM_write(FILE *fp
, const char *name
, const char *header
,
569 const unsigned char *data
, long len
)
574 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
575 PEMerr(PEM_F_PEM_WRITE
, ERR_R_BUF_LIB
);
578 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
579 ret
= PEM_write_bio(b
, name
, header
, data
, len
);
585 int PEM_write_bio(BIO
*bp
, const char *name
, const char *header
,
586 const unsigned char *data
, long len
)
588 int nlen
, n
, i
, j
, outl
;
589 unsigned char *buf
= NULL
;
590 EVP_ENCODE_CTX
*ctx
= EVP_ENCODE_CTX_new();
591 int reason
= ERR_R_BUF_LIB
;
594 reason
= ERR_R_MALLOC_FAILURE
;
601 if ((BIO_write(bp
, "-----BEGIN ", 11) != 11) ||
602 (BIO_write(bp
, name
, nlen
) != nlen
) ||
603 (BIO_write(bp
, "-----\n", 6) != 6))
608 if ((BIO_write(bp
, header
, i
) != i
) || (BIO_write(bp
, "\n", 1) != 1))
612 buf
= OPENSSL_malloc(PEM_BUFSIZE
* 8);
614 reason
= ERR_R_MALLOC_FAILURE
;
620 n
= (int)((len
> (PEM_BUFSIZE
* 5)) ? (PEM_BUFSIZE
* 5) : len
);
621 if (!EVP_EncodeUpdate(ctx
, buf
, &outl
, &(data
[j
]), n
))
623 if ((outl
) && (BIO_write(bp
, (char *)buf
, outl
) != outl
))
629 EVP_EncodeFinal(ctx
, buf
, &outl
);
630 if ((outl
> 0) && (BIO_write(bp
, (char *)buf
, outl
) != outl
))
632 if ((BIO_write(bp
, "-----END ", 9) != 9) ||
633 (BIO_write(bp
, name
, nlen
) != nlen
) ||
634 (BIO_write(bp
, "-----\n", 6) != 6))
636 OPENSSL_clear_free(buf
, PEM_BUFSIZE
* 8);
637 EVP_ENCODE_CTX_free(ctx
);
640 OPENSSL_clear_free(buf
, PEM_BUFSIZE
* 8);
641 EVP_ENCODE_CTX_free(ctx
);
642 PEMerr(PEM_F_PEM_WRITE_BIO
, reason
);
646 #ifndef OPENSSL_NO_STDIO
647 int PEM_read(FILE *fp
, char **name
, char **header
, unsigned char **data
,
653 if ((b
= BIO_new(BIO_s_file())) == NULL
) {
654 PEMerr(PEM_F_PEM_READ
, ERR_R_BUF_LIB
);
657 BIO_set_fp(b
, fp
, BIO_NOCLOSE
);
658 ret
= PEM_read_bio(b
, name
, header
, data
, len
);
664 int PEM_read_bio(BIO
*bp
, char **name
, char **header
, unsigned char **data
,
667 EVP_ENCODE_CTX
*ctx
= EVP_ENCODE_CTX_new();
668 int end
= 0, i
, k
, bl
= 0, hl
= 0, nohead
= 0;
672 BUF_MEM
*dataB
, *tmpB
;
675 PEMerr(PEM_F_PEM_READ_BIO
, ERR_R_MALLOC_FAILURE
);
679 nameB
= BUF_MEM_new();
680 headerB
= BUF_MEM_new();
681 dataB
= BUF_MEM_new();
682 if ((nameB
== NULL
) || (headerB
== NULL
) || (dataB
== NULL
)) {
688 i
= BIO_gets(bp
, buf
, 254);
691 PEMerr(PEM_F_PEM_READ_BIO
, PEM_R_NO_START_LINE
);
695 while ((i
>= 0) && (buf
[i
] <= ' '))
700 if (strncmp(buf
, "-----BEGIN ", 11) == 0) {
701 i
= strlen(&(buf
[11]));
703 if (strncmp(&(buf
[11 + i
- 6]), "-----\n", 6) != 0)
705 if (!BUF_MEM_grow(nameB
, i
+ 9)) {
706 PEMerr(PEM_F_PEM_READ_BIO
, ERR_R_MALLOC_FAILURE
);
709 memcpy(nameB
->data
, &(buf
[11]), i
- 6);
710 nameB
->data
[i
- 6] = '\0';
715 if (!BUF_MEM_grow(headerB
, 256)) {
716 PEMerr(PEM_F_PEM_READ_BIO
, ERR_R_MALLOC_FAILURE
);
719 headerB
->data
[0] = '\0';
721 i
= BIO_gets(bp
, buf
, 254);
725 while ((i
>= 0) && (buf
[i
] <= ' '))
732 if (!BUF_MEM_grow(headerB
, hl
+ i
+ 9)) {
733 PEMerr(PEM_F_PEM_READ_BIO
, ERR_R_MALLOC_FAILURE
);
736 if (strncmp(buf
, "-----END ", 9) == 0) {
740 memcpy(&(headerB
->data
[hl
]), buf
, i
);
741 headerB
->data
[hl
+ i
] = '\0';
746 if (!BUF_MEM_grow(dataB
, 1024)) {
747 PEMerr(PEM_F_PEM_READ_BIO
, ERR_R_MALLOC_FAILURE
);
750 dataB
->data
[0] = '\0';
753 i
= BIO_gets(bp
, buf
, 254);
757 while ((i
>= 0) && (buf
[i
] <= ' '))
764 if (strncmp(buf
, "-----END ", 9) == 0)
768 if (!BUF_MEM_grow_clean(dataB
, i
+ bl
+ 9)) {
769 PEMerr(PEM_F_PEM_READ_BIO
, ERR_R_MALLOC_FAILURE
);
772 memcpy(&(dataB
->data
[bl
]), buf
, i
);
773 dataB
->data
[bl
+ i
] = '\0';
777 i
= BIO_gets(bp
, buf
, 254);
781 while ((i
>= 0) && (buf
[i
] <= ' '))
795 i
= strlen(nameB
->data
);
796 if ((strncmp(buf
, "-----END ", 9) != 0) ||
797 (strncmp(nameB
->data
, &(buf
[9]), i
) != 0) ||
798 (strncmp(&(buf
[9 + i
]), "-----\n", 6) != 0)) {
799 PEMerr(PEM_F_PEM_READ_BIO
, PEM_R_BAD_END_LINE
);
804 i
= EVP_DecodeUpdate(ctx
,
805 (unsigned char *)dataB
->data
, &bl
,
806 (unsigned char *)dataB
->data
, bl
);
808 PEMerr(PEM_F_PEM_READ_BIO
, PEM_R_BAD_BASE64_DECODE
);
811 i
= EVP_DecodeFinal(ctx
, (unsigned char *)&(dataB
->data
[bl
]), &k
);
813 PEMerr(PEM_F_PEM_READ_BIO
, PEM_R_BAD_BASE64_DECODE
);
821 *header
= headerB
->data
;
822 *data
= (unsigned char *)dataB
->data
;
825 OPENSSL_free(headerB
);
827 EVP_ENCODE_CTX_free(ctx
);
831 BUF_MEM_free(headerB
);
833 EVP_ENCODE_CTX_free(ctx
);
838 * Check pem string and return prefix length. If for example the pem_str ==
839 * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
843 int pem_check_suffix(const char *pem_str
, const char *suffix
)
845 int pem_len
= strlen(pem_str
);
846 int suffix_len
= strlen(suffix
);
848 if (suffix_len
+ 1 >= pem_len
)
850 p
= pem_str
+ pem_len
- suffix_len
;
851 if (strcmp(p
, suffix
))