1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <errno.h>
30
31 #include "brssl.h"
32 #include "bearssl.h"
33
34 typedef struct {
35 int print_text;
36 int print_C;
37 const char *rawder;
38 const char *rawpem;
39 const char *pk8der;
40 const char *pk8pem;
41 } outspec;
42
43 static void
print_int_text(const char * name,const unsigned char * buf,size_t len)44 print_int_text(const char *name, const unsigned char *buf, size_t len)
45 {
46 size_t u;
47
48 printf("%s = ", name);
49 for (u = 0; u < len; u ++) {
50 printf("%02X", buf[u]);
51 }
52 printf("\n");
53 }
54
55 static void
print_int_C(const char * name,const unsigned char * buf,size_t len)56 print_int_C(const char *name, const unsigned char *buf, size_t len)
57 {
58 size_t u;
59
60 printf("\nstatic const unsigned char %s[] = {", name);
61 for (u = 0; u < len; u ++) {
62 if (u != 0) {
63 printf(",");
64 }
65 if (u % 12 == 0) {
66 printf("\n\t");
67 } else {
68 printf(" ");
69 }
70 printf("0x%02X", buf[u]);
71 }
72 printf("\n};\n");
73 }
74
75 static int
write_to_file(const char * name,const void * data,size_t len)76 write_to_file(const char *name, const void *data, size_t len)
77 {
78 FILE *f;
79
80 f = fopen(name, "wb");
81 if (f == NULL) {
82 fprintf(stderr,
83 "ERROR: cannot open file '%s' for writing\n",
84 name);
85 return 0;
86 }
87 if (fwrite(data, 1, len, f) != len) {
88 fclose(f);
89 fprintf(stderr,
90 "ERROR: cannot write to file '%s'\n",
91 name);
92 return 0;
93 }
94 fclose(f);
95 return 1;
96 }
97
98 static int
write_to_pem_file(const char * name,const void * data,size_t len,const char * banner)99 write_to_pem_file(const char *name,
100 const void *data, size_t len, const char *banner)
101 {
102 void *pem;
103 size_t pemlen;
104 int r;
105
106 pemlen = br_pem_encode(NULL, NULL, len, banner, 0);
107 pem = xmalloc(pemlen + 1);
108 br_pem_encode(pem, data, len, banner, 0);
109 r = write_to_file(name, pem, pemlen);
110 xfree(pem);
111 return r;
112 }
113
114 static int
print_rsa(const br_rsa_private_key * sk,outspec * os)115 print_rsa(const br_rsa_private_key *sk, outspec *os)
116 {
117 int ret;
118 unsigned char *n, *d, *buf;
119 uint32_t e;
120 size_t nlen, dlen, len;
121 br_rsa_compute_modulus cm;
122 br_rsa_compute_pubexp ce;
123 br_rsa_compute_privexp cd;
124 br_rsa_public_key pk;
125 unsigned char ebuf[4];
126
127 n = NULL;
128 d = NULL;
129 buf = NULL;
130 ret = 1;
131 if (os->print_text) {
132 print_int_text("p ", sk->p, sk->plen);
133 print_int_text("q ", sk->q, sk->qlen);
134 print_int_text("dp", sk->dp, sk->dplen);
135 print_int_text("dq", sk->dq, sk->dqlen);
136 print_int_text("iq", sk->iq, sk->iqlen);
137 }
138 if (os->print_C) {
139 print_int_C("RSA_P", sk->p, sk->plen);
140 print_int_C("RSA_Q", sk->q, sk->qlen);
141 print_int_C("RSA_DP", sk->dp, sk->dplen);
142 print_int_C("RSA_DQ", sk->dq, sk->dqlen);
143 print_int_C("RSA_IQ", sk->iq, sk->iqlen);
144 printf("\nstatic const br_rsa_private_key RSA = {\n");
145 printf("\t%lu,\n", (unsigned long)sk->n_bitlen);
146 printf("\t(unsigned char *)RSA_P, sizeof RSA_P,\n");
147 printf("\t(unsigned char *)RSA_Q, sizeof RSA_Q,\n");
148 printf("\t(unsigned char *)RSA_DP, sizeof RSA_DP,\n");
149 printf("\t(unsigned char *)RSA_DQ, sizeof RSA_DQ,\n");
150 printf("\t(unsigned char *)RSA_IQ, sizeof RSA_IQ\n");
151 printf("};\n");
152 }
153
154 if (os->rawder == NULL && os->rawpem == NULL
155 && os->pk8der == NULL && os->pk8pem == NULL)
156 {
157 return ret;
158 }
159
160 cm = br_rsa_compute_modulus_get_default();
161 ce = br_rsa_compute_pubexp_get_default();
162 cd = br_rsa_compute_privexp_get_default();
163 nlen = cm(NULL, sk);
164 if (nlen == 0) {
165 goto print_RSA_error;
166 }
167 n = xmalloc(nlen);
168 if (cm(n, sk) != nlen) {
169 goto print_RSA_error;
170 }
171 e = ce(sk);
172 if (e == 0) {
173 goto print_RSA_error;
174 }
175 dlen = cd(NULL, sk, e);
176 if (dlen == 0) {
177 goto print_RSA_error;
178 }
179 d = xmalloc(dlen);
180 if (cd(d, sk, e) != dlen) {
181 goto print_RSA_error;
182 }
183 ebuf[0] = e >> 24;
184 ebuf[1] = e >> 16;
185 ebuf[2] = e >> 8;
186 ebuf[3] = e;
187 pk.n = n;
188 pk.nlen = nlen;
189 pk.e = ebuf;
190 pk.elen = sizeof ebuf;
191
192 if (os->rawder != NULL || os->rawpem != NULL) {
193 len = br_encode_rsa_raw_der(NULL, sk, &pk, d, dlen);
194 if (len == 0) {
195 goto print_RSA_error;
196 }
197 buf = xmalloc(len);
198 if (br_encode_rsa_raw_der(buf, sk, &pk, d, dlen) != len) {
199 goto print_RSA_error;
200 }
201 if (os->rawder != NULL) {
202 ret &= write_to_file(os->rawder, buf, len);
203 }
204 if (os->rawpem != NULL) {
205 ret &= write_to_pem_file(os->rawpem,
206 buf, len, "RSA PRIVATE KEY");
207 }
208 xfree(buf);
209 buf = NULL;
210 }
211
212 if (os->pk8der != NULL || os->pk8pem != NULL) {
213 len = br_encode_rsa_pkcs8_der(NULL, sk, &pk, d, dlen);
214 if (len == 0) {
215 goto print_RSA_error;
216 }
217 buf = xmalloc(len);
218 if (br_encode_rsa_pkcs8_der(buf, sk, &pk, d, dlen) != len) {
219 goto print_RSA_error;
220 }
221 if (os->pk8der != NULL) {
222 ret &= write_to_file(os->pk8der, buf, len);
223 }
224 if (os->pk8pem != NULL) {
225 ret &= write_to_pem_file(os->pk8pem,
226 buf, len, "PRIVATE KEY");
227 }
228 xfree(buf);
229 buf = NULL;
230 }
231
232 print_RSA_exit:
233 xfree(n);
234 xfree(d);
235 xfree(buf);
236 return ret;
237
238 print_RSA_error:
239 fprintf(stderr, "ERROR: cannot encode RSA key\n");
240 ret = 0;
241 goto print_RSA_exit;
242 }
243
244 static int
print_ec(const br_ec_private_key * sk,outspec * os)245 print_ec(const br_ec_private_key *sk, outspec *os)
246 {
247 br_ec_public_key pk;
248 unsigned kbuf[BR_EC_KBUF_PUB_MAX_SIZE];
249 unsigned char *buf;
250 size_t len;
251 int r;
252
253 if (os->print_text) {
254 print_int_text("x", sk->x, sk->xlen);
255 }
256 if (os->print_C) {
257 print_int_C("EC_X", sk->x, sk->xlen);
258 printf("\nstatic const br_ec_private_key EC = {\n");
259 printf("\t%d,\n", sk->curve);
260 printf("\t(unsigned char *)EC_X, sizeof EC_X\n");
261 printf("};\n");
262 }
263
264 if (os->rawder == NULL && os->rawpem == NULL
265 && os->pk8der == NULL && os->pk8pem == NULL)
266 {
267 return 1;
268 }
269 if (br_ec_compute_pub(br_ec_get_default(), &pk, kbuf, sk) == 0) {
270 fprintf(stderr,
271 "ERROR: cannot re-encode (unsupported curve)\n");
272 return 0;
273 }
274
275 r = 1;
276 if (os->rawder != NULL || os->rawpem != NULL) {
277 len = br_encode_ec_raw_der(NULL, sk, &pk);
278 if (len == 0) {
279 fprintf(stderr, "ERROR: cannot re-encode"
280 " (unsupported curve)\n");
281 return 0;
282 }
283 buf = xmalloc(len);
284 if (br_encode_ec_raw_der(buf, sk, &pk) != len) {
285 fprintf(stderr, "ERROR: re-encode failure\n");
286 xfree(buf);
287 return 0;
288 }
289 if (os->rawder != NULL) {
290 r &= write_to_file(os->rawder, buf, len);
291 }
292 if (os->rawpem != NULL) {
293 r &= write_to_pem_file(os->rawpem,
294 buf, len, "EC PRIVATE KEY");
295 }
296 xfree(buf);
297 }
298 if (os->pk8der != NULL || os->pk8pem != NULL) {
299 len = br_encode_ec_pkcs8_der(NULL, sk, &pk);
300 if (len == 0) {
301 fprintf(stderr, "ERROR: cannot re-encode"
302 " (unsupported curve)\n");
303 return 0;
304 }
305 buf = xmalloc(len);
306 if (br_encode_ec_pkcs8_der(buf, sk, &pk) != len) {
307 fprintf(stderr, "ERROR: re-encode failure\n");
308 xfree(buf);
309 return 0;
310 }
311 if (os->pk8der != NULL) {
312 r &= write_to_file(os->pk8der, buf, len);
313 }
314 if (os->pk8pem != NULL) {
315 r &= write_to_pem_file(os->pk8pem,
316 buf, len, "PRIVATE KEY");
317 }
318 xfree(buf);
319 }
320 return r;
321 }
322
323 static int
parse_rsa_spec(const char * kgen_spec,unsigned * size,uint32_t * pubexp)324 parse_rsa_spec(const char *kgen_spec, unsigned *size, uint32_t *pubexp)
325 {
326 const char *p;
327 char *end;
328 unsigned long ul;
329
330 p = kgen_spec;
331 if (*p != 'r' && *p != 'R') {
332 return 0;
333 }
334 p ++;
335 if (*p != 's' && *p != 'S') {
336 return 0;
337 }
338 p ++;
339 if (*p != 'a' && *p != 'A') {
340 return 0;
341 }
342 p ++;
343 if (*p == 0) {
344 *size = 2048;
345 *pubexp = 3;
346 return 1;
347 } else if (*p != ':') {
348 return 0;
349 }
350 p ++;
351 ul = strtoul(p, &end, 10);
352 if (ul < 512 || ul > 32768) {
353 return 0;
354 }
355 *size = ul;
356 p = end;
357 if (*p == 0) {
358 *pubexp = 3;
359 return 1;
360 } else if (*p != ':') {
361 return 0;
362 }
363 p ++;
364 ul = strtoul(p, &end, 10);
365 if ((ul & 1) == 0 || ul == 1 || ((ul >> 30) >> 2) != 0) {
366 return 0;
367 }
368 *pubexp = ul;
369 if (*end != 0) {
370 return 0;
371 }
372 return 1;
373 }
374
375 static int
keygen_rsa(unsigned size,uint32_t pubexp,outspec * os)376 keygen_rsa(unsigned size, uint32_t pubexp, outspec *os)
377 {
378 br_hmac_drbg_context rng;
379 br_prng_seeder seeder;
380 br_rsa_keygen kg;
381 br_rsa_private_key sk;
382 unsigned char *kbuf_priv;
383 uint32_t r;
384
385 seeder = br_prng_seeder_system(NULL);
386 if (seeder == 0) {
387 fprintf(stderr, "ERROR: no system source of randomness\n");
388 return 0;
389 }
390 br_hmac_drbg_init(&rng, &br_sha256_vtable, NULL, 0);
391 if (!seeder(&rng.vtable)) {
392 fprintf(stderr, "ERROR: system source of randomness failed\n");
393 return 0;
394 }
395 kbuf_priv = xmalloc(BR_RSA_KBUF_PRIV_SIZE(size));
396 kg = br_rsa_keygen_get_default();
397 r = kg(&rng.vtable, &sk, kbuf_priv, NULL, NULL, size, pubexp);
398 if (!r) {
399 fprintf(stderr, "ERROR: RSA key pair generation failed\n");
400 } else {
401 r = print_rsa(&sk, os);
402 }
403 xfree(kbuf_priv);
404 return r;
405 }
406
407 static int
parse_ec_spec(const char * kgen_spec,int * curve)408 parse_ec_spec(const char *kgen_spec, int *curve)
409 {
410 const char *p;
411
412 *curve = 0;
413 p = kgen_spec;
414 if (*p != 'e' && *p != 'E') {
415 return 0;
416 }
417 p ++;
418 if (*p != 'c' && *p != 'C') {
419 return 0;
420 }
421 p ++;
422 if (*p == 0) {
423 *curve = BR_EC_secp256r1;
424 return 1;
425 }
426 if (*p != ':') {
427 return 0;
428 }
429 *curve = get_curve_by_name(p);
430 return *curve > 0;
431 }
432
433 static int
keygen_ec(int curve,outspec * os)434 keygen_ec(int curve, outspec *os)
435 {
436 br_hmac_drbg_context rng;
437 br_prng_seeder seeder;
438 const br_ec_impl *impl;
439 br_ec_private_key sk;
440 unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
441 size_t len;
442
443 seeder = br_prng_seeder_system(NULL);
444 if (seeder == 0) {
445 fprintf(stderr, "ERROR: no system source of randomness\n");
446 return 0;
447 }
448 br_hmac_drbg_init(&rng, &br_sha256_vtable, NULL, 0);
449 if (!seeder(&rng.vtable)) {
450 fprintf(stderr, "ERROR: system source of randomness failed\n");
451 return 0;
452 }
453 impl = br_ec_get_default();
454 len = br_ec_keygen(&rng.vtable, impl, &sk, kbuf_priv, curve);
455 if (len == 0) {
456 fprintf(stderr, "ERROR: curve is not supported\n");
457 return 0;
458 }
459 return print_ec(&sk, os);
460 }
461
462 static int
decode_key(const unsigned char * buf,size_t len,outspec * os)463 decode_key(const unsigned char *buf, size_t len, outspec *os)
464 {
465 br_skey_decoder_context dc;
466 int err, ret;
467
468 br_skey_decoder_init(&dc);
469 br_skey_decoder_push(&dc, buf, len);
470 err = br_skey_decoder_last_error(&dc);
471 if (err != 0) {
472 const char *errname, *errmsg;
473
474 fprintf(stderr, "ERROR (decoding): err=%d\n", err);
475 errname = find_error_name(err, &errmsg);
476 if (errname != NULL) {
477 fprintf(stderr, " %s: %s\n", errname, errmsg);
478 } else {
479 fprintf(stderr, " (unknown)\n");
480 }
481 return 0;
482 }
483 ret = 1;
484 switch (br_skey_decoder_key_type(&dc)) {
485 const br_rsa_private_key *rk;
486 const br_ec_private_key *ek;
487
488 case BR_KEYTYPE_RSA:
489 rk = br_skey_decoder_get_rsa(&dc);
490 printf("RSA key (%lu bits)\n", (unsigned long)rk->n_bitlen);
491 ret = print_rsa(rk, os);
492 break;
493
494 case BR_KEYTYPE_EC:
495 ek = br_skey_decoder_get_ec(&dc);
496 printf("EC key (curve = %d: %s)\n",
497 ek->curve, ec_curve_name(ek->curve));
498 ret = print_ec(ek, os);
499 break;
500
501 default:
502 fprintf(stderr, "Unknown key type: %d\n",
503 br_skey_decoder_key_type(&dc));
504 ret = 0;
505 break;
506 }
507
508 return ret;
509 }
510
511 static void
usage_skey(void)512 usage_skey(void)
513 {
514 fprintf(stderr,
515 "usage: brssl skey [ options ] file...\n");
516 fprintf(stderr,
517 "options:\n");
518 fprintf(stderr,
519 " -q suppress verbose messages\n");
520 fprintf(stderr,
521 " -text print private key details (human-readable)\n");
522 fprintf(stderr,
523 " -C print private key details (C code)\n");
524 fprintf(stderr,
525 " -rawder file save private key in 'file' (raw format, DER)\n");
526 fprintf(stderr,
527 " -rawpem file save private key in 'file' (raw format, PEM)\n");
528 fprintf(stderr,
529 " -pk8der file save private key in 'file' (PKCS#8 format, DER)\n");
530 fprintf(stderr,
531 " -pk8pem file save private key in 'file' (PKCS#8 format, PEM)\n");
532 fprintf(stderr,
533 " -gen spec generate a new key using the provided key specification\n");
534 fprintf(stderr,
535 " -list list known elliptic curve names\n");
536 fprintf(stderr,
537 "Key specification begins with a key type, followed by optional parameters\n");
538 fprintf(stderr,
539 "that depend on the key type, separated by colon characters:\n");
540 fprintf(stderr,
541 " rsa[:size[:pubexep]] RSA key (defaults: size = 2048, pubexp = 3)\n");
542 fprintf(stderr,
543 " ec[:curvename] EC key (default curve: secp256r1)\n");
544 }
545
546 /* see brssl.h */
547 int
do_skey(int argc,char * argv[])548 do_skey(int argc, char *argv[])
549 {
550 int retcode;
551 int verbose;
552 int i, num_files;
553 outspec os;
554 unsigned char *buf;
555 size_t len;
556 pem_object *pos;
557 const char *kgen_spec;
558
559 retcode = 0;
560 verbose = 1;
561 os.print_text = 0;
562 os.print_C = 0;
563 os.rawder = NULL;
564 os.rawpem = NULL;
565 os.pk8der = NULL;
566 os.pk8pem = NULL;
567 num_files = 0;
568 buf = NULL;
569 pos = NULL;
570 kgen_spec = NULL;
571 for (i = 0; i < argc; i ++) {
572 const char *arg;
573
574 arg = argv[i];
575 if (arg[0] != '-') {
576 num_files ++;
577 continue;
578 }
579 argv[i] = NULL;
580 if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) {
581 verbose = 1;
582 } else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) {
583 verbose = 0;
584 } else if (eqstr(arg, "-text")) {
585 os.print_text = 1;
586 } else if (eqstr(arg, "-C")) {
587 os.print_C = 1;
588 } else if (eqstr(arg, "-rawder")) {
589 if (++ i >= argc) {
590 fprintf(stderr,
591 "ERROR: no argument for '-rawder'\n");
592 usage_skey();
593 goto skey_exit_error;
594 }
595 if (os.rawder != NULL) {
596 fprintf(stderr,
597 "ERROR: multiple '-rawder' options\n");
598 usage_skey();
599 goto skey_exit_error;
600 }
601 os.rawder = argv[i];
602 argv[i] = NULL;
603 } else if (eqstr(arg, "-rawpem")) {
604 if (++ i >= argc) {
605 fprintf(stderr,
606 "ERROR: no argument for '-rawpem'\n");
607 usage_skey();
608 goto skey_exit_error;
609 }
610 if (os.rawpem != NULL) {
611 fprintf(stderr,
612 "ERROR: multiple '-rawpem' options\n");
613 usage_skey();
614 goto skey_exit_error;
615 }
616 os.rawpem = argv[i];
617 argv[i] = NULL;
618 } else if (eqstr(arg, "-pk8der")) {
619 if (++ i >= argc) {
620 fprintf(stderr,
621 "ERROR: no argument for '-pk8der'\n");
622 usage_skey();
623 goto skey_exit_error;
624 }
625 if (os.pk8der != NULL) {
626 fprintf(stderr,
627 "ERROR: multiple '-pk8der' options\n");
628 usage_skey();
629 goto skey_exit_error;
630 }
631 os.pk8der = argv[i];
632 argv[i] = NULL;
633 } else if (eqstr(arg, "-pk8pem")) {
634 if (++ i >= argc) {
635 fprintf(stderr,
636 "ERROR: no argument for '-pk8pem'\n");
637 usage_skey();
638 goto skey_exit_error;
639 }
640 if (os.pk8pem != NULL) {
641 fprintf(stderr,
642 "ERROR: multiple '-pk8pem' options\n");
643 usage_skey();
644 goto skey_exit_error;
645 }
646 os.pk8pem = argv[i];
647 argv[i] = NULL;
648 } else if (eqstr(arg, "-gen")) {
649 if (++ i >= argc) {
650 fprintf(stderr,
651 "ERROR: no argument for '-gen'\n");
652 usage_skey();
653 goto skey_exit_error;
654 }
655 if (kgen_spec != NULL) {
656 fprintf(stderr,
657 "ERROR: multiple '-gen' options\n");
658 usage_skey();
659 goto skey_exit_error;
660 }
661 kgen_spec = argv[i];
662 argv[i] = NULL;
663 } else if (eqstr(arg, "-list")) {
664 list_curves();
665 goto skey_exit;
666 } else {
667 fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
668 usage_skey();
669 goto skey_exit_error;
670 }
671 }
672 if (kgen_spec != NULL) {
673 unsigned rsa_size;
674 uint32_t rsa_pubexp;
675 int curve;
676
677 if (num_files != 0) {
678 fprintf(stderr,
679 "ERROR: key files provided while generating\n");
680 usage_skey();
681 goto skey_exit_error;
682 }
683
684 if (parse_rsa_spec(kgen_spec, &rsa_size, &rsa_pubexp)) {
685 if (!keygen_rsa(rsa_size, rsa_pubexp, &os)) {
686 goto skey_exit_error;
687 }
688 } else if (parse_ec_spec(kgen_spec, &curve)) {
689 if (!keygen_ec(curve, &os)) {
690 goto skey_exit_error;
691 }
692 } else {
693 fprintf(stderr,
694 "ERROR: unknown key specification: '%s'\n",
695 kgen_spec);
696 usage_skey();
697 goto skey_exit_error;
698 }
699 } else if (num_files == 0) {
700 fprintf(stderr, "ERROR: no private key provided\n");
701 usage_skey();
702 goto skey_exit_error;
703 }
704
705 for (i = 0; i < argc; i ++) {
706 const char *fname;
707
708 fname = argv[i];
709 if (fname == NULL) {
710 continue;
711 }
712 buf = read_file(fname, &len);
713 if (buf == NULL) {
714 goto skey_exit_error;
715 }
716 if (looks_like_DER(buf, len)) {
717 if (verbose) {
718 fprintf(stderr, "File '%s': ASN.1/DER object\n",
719 fname);
720 }
721 if (!decode_key(buf, len, &os)) {
722 goto skey_exit_error;
723 }
724 } else {
725 size_t u, num;
726
727 if (verbose) {
728 fprintf(stderr, "File '%s': decoding as PEM\n",
729 fname);
730 }
731 pos = decode_pem(buf, len, &num);
732 if (pos == NULL) {
733 goto skey_exit_error;
734 }
735 for (u = 0; pos[u].name; u ++) {
736 const char *name;
737
738 name = pos[u].name;
739 if (eqstr(name, "RSA PRIVATE KEY")
740 || eqstr(name, "EC PRIVATE KEY")
741 || eqstr(name, "PRIVATE KEY"))
742 {
743 if (!decode_key(pos[u].data,
744 pos[u].data_len, &os))
745 {
746 goto skey_exit_error;
747 }
748 } else {
749 if (verbose) {
750 fprintf(stderr,
751 "(skipping '%s')\n",
752 name);
753 }
754 }
755 }
756 for (u = 0; pos[u].name; u ++) {
757 free_pem_object_contents(&pos[u]);
758 }
759 xfree(pos);
760 pos = NULL;
761 }
762 xfree(buf);
763 buf = NULL;
764 }
765
766 /*
767 * Release allocated structures.
768 */
769 skey_exit:
770 xfree(buf);
771 if (pos != NULL) {
772 size_t u;
773
774 for (u = 0; pos[u].name; u ++) {
775 free_pem_object_contents(&pos[u]);
776 }
777 xfree(pos);
778 }
779 return retcode;
780
781 skey_exit_error:
782 retcode = -1;
783 goto skey_exit;
784 }
785