/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ #ifndef OPENSSL_HEADER_PEM_H #define OPENSSL_HEADER_PEM_H #include #include #include #include #include #include #include #include /* For compatibility with open-iscsi, which assumes that it can get * |OPENSSL_malloc| from pem.h or err.h */ #include #ifdef __cplusplus extern "C" { #endif #define PEM_BUFSIZE 1024 #define PEM_STRING_X509_OLD "X509 CERTIFICATE" #define PEM_STRING_X509 "CERTIFICATE" #define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" #define PEM_STRING_X509_CRL "X509 CRL" #define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" #define PEM_STRING_PUBLIC "PUBLIC KEY" #define PEM_STRING_RSA "RSA PRIVATE KEY" #define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" #define PEM_STRING_DSA "DSA PRIVATE KEY" #define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" #define PEM_STRING_EC "EC PRIVATE KEY" #define PEM_STRING_PKCS7 "PKCS7" #define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" #define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" #define PEM_STRING_PKCS8INF "PRIVATE KEY" #define PEM_STRING_DHPARAMS "DH PARAMETERS" #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" #define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" #define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" #define PEM_STRING_CMS "CMS" /* enc_type is one off */ #define PEM_TYPE_ENCRYPTED 10 #define PEM_TYPE_MIC_ONLY 20 #define PEM_TYPE_MIC_CLEAR 30 #define PEM_TYPE_CLEAR 40 /* These macros make the PEM_read/PEM_write functions easier to maintain and * write. Now they are all implemented with either: * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) */ #ifdef OPENSSL_NO_FP_API #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ #else #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ static void* pem_read_##name##_d2i(void** x, const unsigned char** inp, long len) \ { \ return d2i_##asn1((type**)x, inp, len); \ } \ OPENSSL_EXPORT type* PEM_read_##name(FILE* fp, type** x, pem_password_cb* cb, void* u) \ { \ return (type*)PEM_ASN1_read(pem_read_##name##_d2i, str, fp, (void**)x, cb, u); \ } #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ static int pem_write_##name##_i2d(const void* x, unsigned char** outp) \ { \ return i2d_##asn1((type*)x, outp); \ } \ OPENSSL_EXPORT int PEM_write_##name(FILE* fp, type* x) \ { \ return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ static int pem_write_##name##_i2d(const void* x, unsigned char** outp) \ { \ return i2d_##asn1((const type*)x, outp); \ } \ OPENSSL_EXPORT int PEM_write_##name(FILE* fp, const type* x) \ { \ return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, (void*)x, NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ static int pem_write_##name##_i2d(const void* x, unsigned char** outp) \ { \ return i2d_##asn1((type*)x, outp); \ } \ OPENSSL_EXPORT int PEM_write_##name(FILE* fp, type* x, const EVP_CIPHER* enc, unsigned char* kstr, int klen, \ pem_password_cb* cb, void* u) \ { \ return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, enc, kstr, klen, cb, u); \ } #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ static int pem_write_##name##_i2d(const void* x, unsigned char** outp) \ { \ return i2d_##asn1((const type*)x, outp); \ } \ OPENSSL_EXPORT int PEM_write_##name(FILE* fp, type* x, const EVP_CIPHER* enc, unsigned char* kstr, int klen, \ pem_password_cb* cb, void* u) \ { \ return PEM_ASN1_write(pem_write_##name##_i2d, str, fp, x, enc, kstr, klen, cb, u); \ } #endif #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ static void* pem_read_bio_##name##_d2i(void** x, const unsigned char** inp, long len) \ { \ return d2i_##asn1((type**)x, inp, len); \ } \ OPENSSL_EXPORT type* PEM_read_bio_##name(BIO* bp, type** x, pem_password_cb* cb, void* u) \ { \ return (type*)PEM_ASN1_read_bio(pem_read_bio_##name##_d2i, str, bp, (void**)x, cb, u); \ } #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ static int pem_write_bio_##name##_i2d(const void* x, unsigned char** outp) \ { \ return i2d_##asn1((type*)x, outp); \ } \ OPENSSL_EXPORT int PEM_write_bio_##name(BIO* bp, type* x) \ { \ return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, x, NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ static int pem_write_bio_##name##_i2d(const void* x, unsigned char** outp) \ { \ return i2d_##asn1((const type*)x, outp); \ } \ OPENSSL_EXPORT int PEM_write_bio_##name(BIO* bp, const type* x) \ { \ return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, (void*)x, NULL, NULL, 0, NULL, NULL); \ } #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ static int pem_write_bio_##name##_i2d(const void* x, unsigned char** outp) \ { \ return i2d_##asn1((type*)x, outp); \ } \ OPENSSL_EXPORT int PEM_write_bio_##name(BIO* bp, type* x, const EVP_CIPHER* enc, unsigned char* kstr, int klen, \ pem_password_cb* cb, void* u) \ { \ return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, x, enc, kstr, klen, cb, u); \ } #define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ static int pem_write_bio_##name##_i2d(const void* x, unsigned char** outp) \ { \ return i2d_##asn1((const type*)x, outp); \ } \ OPENSSL_EXPORT int PEM_write_bio_##name(BIO* bp, type* x, const EVP_CIPHER* enc, unsigned char* kstr, int klen, \ pem_password_cb* cb, void* u) \ { \ return PEM_ASN1_write_bio(pem_write_bio_##name##_i2d, str, bp, (void*)x, enc, kstr, klen, cb, u); \ } #define IMPLEMENT_PEM_write(name, type, str, asn1) \ IMPLEMENT_PEM_write_bio(name, type, str, asn1) IMPLEMENT_PEM_write_fp(name, type, str, asn1) #define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) #define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) #define IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_read_bio(name, type, str, asn1) IMPLEMENT_PEM_read_fp(name, type, str, asn1) #define IMPLEMENT_PEM_rw(name, type, str, asn1) \ IMPLEMENT_PEM_read(name, type, str, asn1) IMPLEMENT_PEM_write(name, type, str, asn1) #define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ IMPLEMENT_PEM_read(name, type, str, asn1) IMPLEMENT_PEM_write_const(name, type, str, asn1) #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ IMPLEMENT_PEM_read(name, type, str, asn1) IMPLEMENT_PEM_write_cb(name, type, str, asn1) /* These are the same except they are for the declarations */ #if defined(OPENSSL_NO_FP_API) #define DECLARE_PEM_read_fp(name, type) /**/ #define DECLARE_PEM_write_fp(name, type) /**/ #define DECLARE_PEM_write_cb_fp(name, type) /**/ #else #define DECLARE_PEM_read_fp(name, type) \ OPENSSL_EXPORT type* PEM_read_##name(FILE* fp, type** x, pem_password_cb* cb, void* u); #define DECLARE_PEM_write_fp(name, type) OPENSSL_EXPORT int PEM_write_##name(FILE* fp, type* x); #define DECLARE_PEM_write_fp_const(name, type) OPENSSL_EXPORT int PEM_write_##name(FILE* fp, const type* x); #define DECLARE_PEM_write_cb_fp(name, type) \ OPENSSL_EXPORT int PEM_write_##name(FILE* fp, type* x, const EVP_CIPHER* enc, unsigned char* kstr, int klen, \ pem_password_cb* cb, void* u); #endif #define DECLARE_PEM_read_bio(name, type) \ OPENSSL_EXPORT type* PEM_read_bio_##name(BIO* bp, type** x, pem_password_cb* cb, void* u); #define DECLARE_PEM_write_bio(name, type) OPENSSL_EXPORT int PEM_write_bio_##name(BIO* bp, type* x); #define DECLARE_PEM_write_bio_const(name, type) OPENSSL_EXPORT int PEM_write_bio_##name(BIO* bp, const type* x); #define DECLARE_PEM_write_cb_bio(name, type) \ OPENSSL_EXPORT int PEM_write_bio_##name(BIO* bp, type* x, const EVP_CIPHER* enc, unsigned char* kstr, int klen, \ pem_password_cb* cb, void* u); #define DECLARE_PEM_write(name, type) DECLARE_PEM_write_bio(name, type) DECLARE_PEM_write_fp(name, type) #define DECLARE_PEM_write_const(name, type) \ DECLARE_PEM_write_bio_const(name, type) DECLARE_PEM_write_fp_const(name, type) #define DECLARE_PEM_write_cb(name, type) DECLARE_PEM_write_cb_bio(name, type) DECLARE_PEM_write_cb_fp(name, type) #define DECLARE_PEM_read(name, type) DECLARE_PEM_read_bio(name, type) DECLARE_PEM_read_fp(name, type) #define DECLARE_PEM_rw(name, type) DECLARE_PEM_read(name, type) DECLARE_PEM_write(name, type) #define DECLARE_PEM_rw_const(name, type) DECLARE_PEM_read(name, type) DECLARE_PEM_write_const(name, type) #define DECLARE_PEM_rw_cb(name, type) DECLARE_PEM_read(name, type) DECLARE_PEM_write_cb(name, type) /* "userdata": new with OpenSSL 0.9.4 */ typedef int pem_password_cb(char* buf, int size, int rwflag, void* userdata); OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char* header, EVP_CIPHER_INFO* cipher); OPENSSL_EXPORT int PEM_do_header(EVP_CIPHER_INFO* cipher, unsigned char* data, long* len, pem_password_cb* callback, void* u); OPENSSL_EXPORT int PEM_read_bio(BIO* bp, char** name, char** header, unsigned char** data, long* len); OPENSSL_EXPORT int PEM_write_bio(BIO* bp, const char* name, const char* hdr, const unsigned char* data, long len); OPENSSL_EXPORT int PEM_bytes_read_bio(unsigned char** pdata, long* plen, char** pnm, const char* name, BIO* bp, pem_password_cb* cb, void* u); OPENSSL_EXPORT void* PEM_ASN1_read_bio(d2i_of_void* d2i, const char* name, BIO* bp, void** x, pem_password_cb* cb, void* u); OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void* i2d, const char* name, BIO* bp, void* x, const EVP_CIPHER* enc, unsigned char* kstr, int klen, pem_password_cb* cb, void* u); OPENSSL_EXPORT STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO* bp, STACK_OF(X509_INFO) * sk, pem_password_cb* cb, void* u); OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO* bp, X509_INFO* xi, EVP_CIPHER* enc, unsigned char* kstr, int klen, pem_password_cb* cd, void* u); OPENSSL_EXPORT int PEM_read(FILE* fp, char** name, char** header, unsigned char** data, long* len); OPENSSL_EXPORT int PEM_write(FILE* fp, const char* name, const char* hdr, const unsigned char* data, long len); OPENSSL_EXPORT void* PEM_ASN1_read(d2i_of_void* d2i, const char* name, FILE* fp, void** x, pem_password_cb* cb, void* u); OPENSSL_EXPORT int PEM_ASN1_write(i2d_of_void* i2d, const char* name, FILE* fp, void* x, const EVP_CIPHER* enc, unsigned char* kstr, int klen, pem_password_cb* callback, void* u); OPENSSL_EXPORT STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE* fp, STACK_OF(X509_INFO) * sk, pem_password_cb* cb, void* u); /* PEM_def_callback treats |userdata| as a string and copies it into |buf|, * assuming its |size| is sufficient. Returns the length of the string, or 0 * if there is not enough room. If either |buf| or |userdata| is NULL, 0 is * returned. Note that this is different from OpenSSL, which prompts for a * password. */ OPENSSL_EXPORT int PEM_def_callback(char* buf, int size, int rwflag, void* userdata); OPENSSL_EXPORT void PEM_proc_type(char* buf, int type); OPENSSL_EXPORT void PEM_dek_info(char* buf, const char* type, int len, char* str); DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) DECLARE_PEM_rw(PKCS7, PKCS7) DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) #ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) #endif DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) DECLARE_PEM_rw_const(DHparams, DH) DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO* bp, EVP_PKEY* x, int nid, char* kstr, int klen, pem_password_cb* cb, void* u); OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*); OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO* bp, EVP_PKEY* x, const EVP_CIPHER* enc, char* kstr, int klen, pem_password_cb* cb, void* u); OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO* bp, EVP_PKEY* x, int nid, char* kstr, int klen, pem_password_cb* cb, void* u); OPENSSL_EXPORT EVP_PKEY* d2i_PKCS8PrivateKey_bio(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* u); OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE* fp, EVP_PKEY* x, const EVP_CIPHER* enc, char* kstr, int klen, pem_password_cb* cb, void* u); OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE* fp, EVP_PKEY* x, int nid, char* kstr, int klen, pem_password_cb* cb, void* u); OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE* fp, EVP_PKEY* x, int nid, char* kstr, int klen, pem_password_cb* cb, void* u); OPENSSL_EXPORT EVP_PKEY* d2i_PKCS8PrivateKey_fp(FILE* fp, EVP_PKEY** x, pem_password_cb* cb, void* u); OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE* fp, EVP_PKEY* x, const EVP_CIPHER* enc, char* kstr, int klen, pem_password_cb* cd, void* u); #ifdef __cplusplus } #endif #define PEM_R_BAD_BASE64_DECODE 100 #define PEM_R_BAD_DECRYPT 101 #define PEM_R_BAD_END_LINE 102 #define PEM_R_BAD_IV_CHARS 103 #define PEM_R_BAD_PASSWORD_READ 104 #define PEM_R_CIPHER_IS_NULL 105 #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 106 #define PEM_R_NOT_DEK_INFO 107 #define PEM_R_NOT_ENCRYPTED 108 #define PEM_R_NOT_PROC_TYPE 109 #define PEM_R_NO_START_LINE 110 #define PEM_R_READ_KEY 111 #define PEM_R_SHORT_HEADER 112 #define PEM_R_UNSUPPORTED_CIPHER 113 #define PEM_R_UNSUPPORTED_ENCRYPTION 114 #endif /* OPENSSL_HEADER_PEM_H */