/src/openssl/crypto/pem/pem_info.c

Source (jump to first uncovered line)
/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/objects.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>

#ifndef OPENSSL_NO_STDIO
STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                        pem_password_cb *cb, void *u)
{
    BIO *b;
    STACK_OF(X509_INFO) *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
        return 0;
    }
    BIO_set_fp(b, fp, BIO_NOCLOSE);
    ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
    BIO_free(b);
    return ret;
}
#endif

STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
                                            pem_password_cb *cb, void *u)
{
    X509_INFO *xi = NULL;
    char *name = NULL, *header = NULL;
    void *pp;
    unsigned char *data = NULL;
    const unsigned char *p;
    long len, error = 0;
    int ok = 0;
    STACK_OF(X509_INFO) *ret = NULL;
    unsigned int i, raw, ptype;
    d2i_of_void *d2i = 0;

    if (sk == NULL) {
        if ((ret = sk_X509_INFO_new_null()) == NULL) {
            PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
            goto err;
        }
    } else
        ret = sk;

    if ((xi = X509_INFO_new()) == NULL)
        goto err;
    for (;;) {
        raw = 0;
        ptype = 0;
        i = PEM_read_bio(bp, &name, &header, &data, &len);
        if (i == 0) {
            error = ERR_GET_REASON(ERR_peek_last_error());
            if (error == PEM_R_NO_START_LINE) {
                ERR_clear_error();
                break;
            }
            goto err;
        }
 start:
        if ((strcmp(name, PEM_STRING_X509) == 0) ||
            (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
            d2i = (D2I_OF(void)) d2i_X509;
            if (xi->x509 != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->x509);
        } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
            d2i = (D2I_OF(void)) d2i_X509_AUX;
            if (xi->x509 != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->x509);
        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
            d2i = (D2I_OF(void)) d2i_X509_CRL;
            if (xi->crl != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }
            pp = &(xi->crl);
        } else
#ifndef OPENSSL_NO_RSA
        if (strcmp(name, PEM_STRING_RSA) == 0) {
            d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_RSA;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
#ifndef OPENSSL_NO_DSA
        if (strcmp(name, PEM_STRING_DSA) == 0) {
            d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_DSA;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
#ifndef OPENSSL_NO_EC
        if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
            d2i = (D2I_OF(void)) d2i_ECPrivateKey;
            if (xi->x_pkey != NULL) {
                if (!sk_X509_INFO_push(ret, xi))
                    goto err;
                if ((xi = X509_INFO_new()) == NULL)
                    goto err;
                goto start;
            }

            xi->enc_data = NULL;
            xi->enc_len = 0;

            xi->x_pkey = X509_PKEY_new();
            if (xi->x_pkey == NULL)
                goto err;
            ptype = EVP_PKEY_EC;
            pp = &xi->x_pkey->dec_pkey;
            if ((int)strlen(header) > 10) /* assume encrypted */
                raw = 1;
        } else
#endif
        {
            d2i = NULL;
            pp = NULL;
        }

        if (d2i != NULL) {
            if (!raw) {
                EVP_CIPHER_INFO cipher;

                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
                    goto err;
                if (!PEM_do_header(&cipher, data, &len, cb, u))
                    goto err;
                p = data;
                if (ptype) {
                    if (!d2i_PrivateKey(ptype, pp, &p, len)) {
                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
                        goto err;
                    }
                } else if (d2i(pp, &p, len) == NULL) {
                    PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
                    goto err;
                }
            } else {            /* encrypted RSA data */
                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
                    goto err;
                xi->enc_data = (char *)data;
                xi->enc_len = (int)len;
                data = NULL;
            }
        } else {
            /* unknown */
        }
        OPENSSL_free(name);
        name = NULL;
        OPENSSL_free(header);
        header = NULL;
        OPENSSL_free(data);
        data = NULL;
    }

    /*
     * if the last one hasn't been pushed yet and there is anything in it
     * then add it to the stack ...
     */
    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
        if (!sk_X509_INFO_push(ret, xi))
            goto err;
        xi = NULL;
    }
    ok = 1;
 err:
    X509_INFO_free(xi);
    if (!ok) {
        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
            xi = sk_X509_INFO_value(ret, i);
            X509_INFO_free(xi);
        }
        if (ret != sk)
            sk_X509_INFO_free(ret);
        ret = NULL;
    }

    OPENSSL_free(name);
    OPENSSL_free(header);
    OPENSSL_free(data);
    return ret;
}

/* A TJH addition */
int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                            unsigned char *kstr, int klen,
                            pem_password_cb *cb, void *u)
{
    int i, ret = 0;
    unsigned char *data = NULL;
    const char *objstr = NULL;
    char buf[PEM_BUFSIZE];
    unsigned char *iv = NULL;

    if (enc != NULL) {
        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
        if (objstr == NULL
                   /*
                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
                    * fits into buf
                    */
                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
                   > sizeof(buf)) {
            PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
            goto err;
        }
    }

    /*
     * now for the fun part ... if we have a private key then we have to be
     * able to handle a not-yet-decrypted key being written out correctly ...
     * if it is decrypted or it is non-encrypted then we use the base code
     */
    if (xi->x_pkey != NULL) {
        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
            if (enc == NULL) {
                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
                goto err;
            }

            /* copy from weirdo names into more normal things */
            iv = xi->enc_cipher.iv;
            data = (unsigned char *)xi->enc_data;
            i = xi->enc_len;

            /*
             * we take the encryption data from the internal stuff rather
             * than what the user has passed us ... as we have to match
             * exactly for some strange reason
             */
            objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
            if (objstr == NULL) {
                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
                       PEM_R_UNSUPPORTED_CIPHER);
                goto err;
            }

            /* Create the right magic header stuff */ 
            buf[0] = '\0';
            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
            PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
                         (char *)iv);

            /* use the normal code to write things out */
            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
            if (i <= 0)
                goto err;
        } else {
            /* Add DSA/DH */
#ifndef OPENSSL_NO_RSA
            /* normal optionally encrypted stuff */
            if (PEM_write_bio_RSAPrivateKey(bp,
                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
                                            enc, kstr, klen, cb, u) <= 0)
                goto err;
#endif
        }
    }

    /* if we have a certificate then write it out now */
    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
        goto err;

    /*
     * we are ignoring anything else that is loaded into the X509_INFO
     * structure for the moment ... as I don't need it so I'm not coding it
     * here and Eric can do it when this makes it into the base library --tjh
     */

    ret = 1;

 err:
    OPENSSL_cleanse(buf, PEM_BUFSIZE);
    return ret;
}

Coverage Report

Created: 2018-08-29 13:53

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the OpenSSL license (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include "internal/cryptlib.h"
12		#include <openssl/buffer.h>
13		#include <openssl/objects.h>
14		#include <openssl/evp.h>
15		#include <openssl/x509.h>
16		#include <openssl/pem.h>
17		#include <openssl/rsa.h>
18		#include <openssl/dsa.h>
19
20		#ifndef OPENSSL_NO_STDIO
21		STACK_OF(X509_INFO) PEM_X509_INFO_read(FILE fp, STACK_OF(X509_INFO) *sk,
22		pem_password_cb cb, void u)
23	0	{
24	0	BIO *b;
25	0	STACK_OF(X509_INFO) *ret;
26	0
27	0	if ((b = BIO_new(BIO_s_file())) == NULL) {
28	0	PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
29	0	return 0;
30	0	}
31	0	BIO_set_fp(b, fp, BIO_NOCLOSE);
32	0	ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
33	0	BIO_free(b);
34	0	return ret;
35	0	}
36		#endif
37
38		STACK_OF(X509_INFO) PEM_X509_INFO_read_bio(BIO bp, STACK_OF(X509_INFO) *sk,
39		pem_password_cb cb, void u)
40	0	{
41	0	X509_INFO *xi = NULL;
42	0	char name = NULL, header = NULL;
43	0	void *pp;
44	0	unsigned char *data = NULL;
45	0	const unsigned char *p;
46	0	long len, error = 0;
47	0	int ok = 0;
48	0	STACK_OF(X509_INFO) *ret = NULL;
49	0	unsigned int i, raw, ptype;
50	0	d2i_of_void *d2i = 0;
51	0
52	0	if (sk == NULL) {
53	0	if ((ret = sk_X509_INFO_new_null()) == NULL) {
54	0	PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
55	0	goto err;
56	0	}
57	0	} else
58	0	ret = sk;
59	0
60	0	if ((xi = X509_INFO_new()) == NULL)
61	0	goto err;
62	0	for (;;) {
63	0	raw = 0;
64	0	ptype = 0;
65	0	i = PEM_read_bio(bp, &name, &header, &data, &len);
66	0	if (i == 0) {
67	0	error = ERR_GET_REASON(ERR_peek_last_error());
68	0	if (error == PEM_R_NO_START_LINE) {
69	0	ERR_clear_error();
70	0	break;
71	0	}
72	0	goto err;
73	0	}
74	0	start:
75	0	if ((strcmp(name, PEM_STRING_X509) == 0) \|\|
76	0	(strcmp(name, PEM_STRING_X509_OLD) == 0)) {
77	0	d2i = (D2I_OF(void)) d2i_X509;
78	0	if (xi->x509 != NULL) {
79	0	if (!sk_X509_INFO_push(ret, xi))
80	0	goto err;
81	0	if ((xi = X509_INFO_new()) == NULL)
82	0	goto err;
83	0	goto start;
84	0	}
85	0	pp = &(xi->x509);
86	0	} else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
87	0	d2i = (D2I_OF(void)) d2i_X509_AUX;
88	0	if (xi->x509 != NULL) {
89	0	if (!sk_X509_INFO_push(ret, xi))
90	0	goto err;
91	0	if ((xi = X509_INFO_new()) == NULL)
92	0	goto err;
93	0	goto start;
94	0	}
95	0	pp = &(xi->x509);
96	0	} else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
97	0	d2i = (D2I_OF(void)) d2i_X509_CRL;
98	0	if (xi->crl != NULL) {
99	0	if (!sk_X509_INFO_push(ret, xi))
100	0	goto err;
101	0	if ((xi = X509_INFO_new()) == NULL)
102	0	goto err;
103	0	goto start;
104	0	}
105	0	pp = &(xi->crl);
106	0	} else
107	0	#ifndef OPENSSL_NO_RSA
108	0	if (strcmp(name, PEM_STRING_RSA) == 0) {
109	0	d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
110	0	if (xi->x_pkey != NULL) {
111	0	if (!sk_X509_INFO_push(ret, xi))
112	0	goto err;
113	0	if ((xi = X509_INFO_new()) == NULL)
114	0	goto err;
115	0	goto start;
116	0	}
117	0
118	0	xi->enc_data = NULL;
119	0	xi->enc_len = 0;
120	0
121	0	xi->x_pkey = X509_PKEY_new();
122	0	if (xi->x_pkey == NULL)
123	0	goto err;
124	0	ptype = EVP_PKEY_RSA;
125	0	pp = &xi->x_pkey->dec_pkey;
126	0	if ((int)strlen(header) > 10) /* assume encrypted */
127	0	raw = 1;
128	0	} else
129	0	#endif
130	0	#ifndef OPENSSL_NO_DSA
131	0	if (strcmp(name, PEM_STRING_DSA) == 0) {
132	0	d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
133	0	if (xi->x_pkey != NULL) {
134	0	if (!sk_X509_INFO_push(ret, xi))
135	0	goto err;
136	0	if ((xi = X509_INFO_new()) == NULL)
137	0	goto err;
138	0	goto start;
139	0	}
140	0
141	0	xi->enc_data = NULL;
142	0	xi->enc_len = 0;
143	0
144	0	xi->x_pkey = X509_PKEY_new();
145	0	if (xi->x_pkey == NULL)
146	0	goto err;
147	0	ptype = EVP_PKEY_DSA;
148	0	pp = &xi->x_pkey->dec_pkey;
149	0	if ((int)strlen(header) > 10) /* assume encrypted */
150	0	raw = 1;
151	0	} else
152	0	#endif
153	0	#ifndef OPENSSL_NO_EC
154	0	if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
155	0	d2i = (D2I_OF(void)) d2i_ECPrivateKey;
156	0	if (xi->x_pkey != NULL) {
157	0	if (!sk_X509_INFO_push(ret, xi))
158	0	goto err;
159	0	if ((xi = X509_INFO_new()) == NULL)
160	0	goto err;
161	0	goto start;
162	0	}
163	0
164	0	xi->enc_data = NULL;
165	0	xi->enc_len = 0;
166	0
167	0	xi->x_pkey = X509_PKEY_new();
168	0	if (xi->x_pkey == NULL)
169	0	goto err;
170	0	ptype = EVP_PKEY_EC;
171	0	pp = &xi->x_pkey->dec_pkey;
172	0	if ((int)strlen(header) > 10) /* assume encrypted */
173	0	raw = 1;
174	0	} else
175	0	#endif
176	0	{
177	0	d2i = NULL;
178	0	pp = NULL;
179	0	}
180	0
181	0	if (d2i != NULL) {
182	0	if (!raw) {
183	0	EVP_CIPHER_INFO cipher;
184	0
185	0	if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
186	0	goto err;
187	0	if (!PEM_do_header(&cipher, data, &len, cb, u))
188	0	goto err;
189	0	p = data;
190	0	if (ptype) {
191	0	if (!d2i_PrivateKey(ptype, pp, &p, len)) {
192	0	PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
193	0	goto err;
194	0	}
195	0	} else if (d2i(pp, &p, len) == NULL) {
196	0	PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
197	0	goto err;
198	0	}
199	0	} else { /* encrypted RSA data */
200	0	if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
201	0	goto err;
202	0	xi->enc_data = (char *)data;
203	0	xi->enc_len = (int)len;
204	0	data = NULL;
205	0	}
206	0	} else {
207	0	/* unknown */
208	0	}
209	0	OPENSSL_free(name);
210	0	name = NULL;
211	0	OPENSSL_free(header);
212	0	header = NULL;
213	0	OPENSSL_free(data);
214	0	data = NULL;
215	0	}
216	0
217	0	/*
218	0	* if the last one hasn't been pushed yet and there is anything in it
219	0	* then add it to the stack ...
220	0	*/
221	0	if ((xi->x509 != NULL) \|\| (xi->crl != NULL) \|\|
222	0	(xi->x_pkey != NULL) \|\| (xi->enc_data != NULL)) {
223	0	if (!sk_X509_INFO_push(ret, xi))
224	0	goto err;
225	0	xi = NULL;
226	0	}
227	0	ok = 1;
228	0	err:
229	0	X509_INFO_free(xi);
230	0	if (!ok) {
231	0	for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
232	0	xi = sk_X509_INFO_value(ret, i);
233	0	X509_INFO_free(xi);
234	0	}
235	0	if (ret != sk)
236	0	sk_X509_INFO_free(ret);
237	0	ret = NULL;
238	0	}
239	0
240	0	OPENSSL_free(name);
241	0	OPENSSL_free(header);
242	0	OPENSSL_free(data);
243	0	return ret;
244	0	}
245
246		/* A TJH addition */
247		int PEM_X509_INFO_write_bio(BIO bp, X509_INFO xi, EVP_CIPHER *enc,
248		unsigned char *kstr, int klen,
249		pem_password_cb cb, void u)
250	0	{
251	0	int i, ret = 0;
252	0	unsigned char *data = NULL;
253	0	const char *objstr = NULL;
254	0	char buf[PEM_BUFSIZE];
255	0	unsigned char *iv = NULL;
256	0
257	0	if (enc != NULL) {
258	0	objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
259	0	if (objstr == NULL
260	0	/*
261	0	* Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
262	0	* fits into buf
263	0	*/
264	0	\|\| (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
265	0	> sizeof(buf)) {
266	0	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
267	0	goto err;
268	0	}
269	0	}
270	0
271	0	/*
272	0	* now for the fun part ... if we have a private key then we have to be
273	0	* able to handle a not-yet-decrypted key being written out correctly ...
274	0	* if it is decrypted or it is non-encrypted then we use the base code
275	0	*/
276	0	if (xi->x_pkey != NULL) {
277	0	if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
278	0	if (enc == NULL) {
279	0	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
280	0	goto err;
281	0	}
282	0
283	0	/* copy from weirdo names into more normal things */
284	0	iv = xi->enc_cipher.iv;
285	0	data = (unsigned char *)xi->enc_data;
286	0	i = xi->enc_len;
287	0
288	0	/*
289	0	* we take the encryption data from the internal stuff rather
290	0	* than what the user has passed us ... as we have to match
291	0	* exactly for some strange reason
292	0	*/
293	0	objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
294	0	if (objstr == NULL) {
295	0	PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
296	0	PEM_R_UNSUPPORTED_CIPHER);
297	0	goto err;
298	0	}
299	0
300	0	/* Create the right magic header stuff */
301	0	buf[0] = '\0';
302	0	PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
303	0	PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
304	0	(char *)iv);
305	0
306	0	/* use the normal code to write things out */
307	0	i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
308	0	if (i <= 0)
309	0	goto err;
310	0	} else {
311	0	/* Add DSA/DH */
312	0	#ifndef OPENSSL_NO_RSA
313	0	/* normal optionally encrypted stuff */
314	0	if (PEM_write_bio_RSAPrivateKey(bp,
315	0	EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
316	0	enc, kstr, klen, cb, u) <= 0)
317	0	goto err;
318	0	#endif
319	0	}
320	0	}
321	0
322	0	/* if we have a certificate then write it out now */
323	0	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
324	0	goto err;
325	0
326	0	/*
327	0	* we are ignoring anything else that is loaded into the X509_INFO
328	0	* structure for the moment ... as I don't need it so I'm not coding it
329	0	* here and Eric can do it when this makes it into the base library --tjh
330	0	*/
331	0
332	0	ret = 1;
333	0
334	0	err:
335	0	OPENSSL_cleanse(buf, PEM_BUFSIZE);
336	0	return ret;
337	0	}