summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2014-04-19 06:15:56 +0000
committerjsing <>2014-04-19 06:15:56 +0000
commit2a0636b8bd35ee08c20816fa56e6c24a9f924bab (patch)
treeb8cc0bcb9a34f43a0d37d61cbfba21c5645c3c95
parentf15b58ab9c9f635ba829753251c22b3da4683b00 (diff)
downloadopenbsd-2a0636b8bd35ee08c20816fa56e6c24a9f924bab.tar.gz
openbsd-2a0636b8bd35ee08c20816fa56e6c24a9f924bab.tar.bz2
openbsd-2a0636b8bd35ee08c20816fa56e6c24a9f924bab.zip
More KNF.
Diffstat
-rw-r--r--src/lib/libcrypto/asn1/i2d_pr.c24
-rw-r--r--src/lib/libcrypto/asn1/i2d_pu.c26
-rw-r--r--src/lib/libcrypto/asn1/n_pkey.c203
-rw-r--r--src/lib/libcrypto/asn1/nsseq.c8
-rw-r--r--src/lib/libcrypto/asn1/p5_pbe.c31
-rw-r--r--src/lib/libcrypto/asn1/p5_pbev2.c83
-rw-r--r--src/lib/libcrypto/asn1/p8_pkey.c35
-rw-r--r--src/lib/libssl/src/crypto/asn1/i2d_pr.c24
-rw-r--r--src/lib/libssl/src/crypto/asn1/i2d_pu.c26
-rw-r--r--src/lib/libssl/src/crypto/asn1/n_pkey.c203
-rw-r--r--src/lib/libssl/src/crypto/asn1/nsseq.c8
-rw-r--r--src/lib/libssl/src/crypto/asn1/p5_pbe.c31
-rw-r--r--src/lib/libssl/src/crypto/asn1/p5_pbev2.c83
-rw-r--r--src/lib/libssl/src/crypto/asn1/p8_pkey.c35
14 files changed, 414 insertions, 406 deletions
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
index 7175748601..3340e6ce39 100644
--- a/src/lib/libcrypto/asn1/i2d_pr.c
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,18 +62,18 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include "asn1_locl.h" 63#include "asn1_locl.h"
64 64
65int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) 65int
66i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
66{ 67{
67 if (a->ameth && a->ameth->old_priv_encode) { 68 if (a->ameth && a->ameth->old_priv_encode) {
68 return a->ameth->old_priv_encode(a, pp); 69 return a->ameth->old_priv_encode(a, pp);
69 } 70 }
70 if (a->ameth && a->ameth->priv_encode) { 71 if (a->ameth && a->ameth->priv_encode) {
71 PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); 72 PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
72 int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp); 73 int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
73 PKCS8_PRIV_KEY_INFO_free(p8); 74 PKCS8_PRIV_KEY_INFO_free(p8);
74 return ret; 75 return ret;
75} 76 }
76 ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 77 ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
77 return(-1); 78 return (-1);
78} 79}
79
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c
index 08b438115d..8ac271e056 100644
--- a/src/lib/libcrypto/asn1/i2d_pu.c
+++ b/src/lib/libcrypto/asn1/i2d_pu.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -71,24 +71,24 @@
71#include <openssl/ec.h> 71#include <openssl/ec.h>
72#endif 72#endif
73 73
74int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) 74int
75i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
75{ 76{
76 switch (a->type) { 77 switch (a->type) {
77#ifndef OPENSSL_NO_RSA 78#ifndef OPENSSL_NO_RSA
78 case EVP_PKEY_RSA: 79 case EVP_PKEY_RSA:
79 return(i2d_RSAPublicKey(a->pkey.rsa,pp)); 80 return (i2d_RSAPublicKey(a->pkey.rsa, pp));
80#endif 81#endif
81#ifndef OPENSSL_NO_DSA 82#ifndef OPENSSL_NO_DSA
82 case EVP_PKEY_DSA: 83 case EVP_PKEY_DSA:
83 return(i2d_DSAPublicKey(a->pkey.dsa,pp)); 84 return (i2d_DSAPublicKey(a->pkey.dsa, pp));
84#endif 85#endif
85#ifndef OPENSSL_NO_EC 86#ifndef OPENSSL_NO_EC
86 case EVP_PKEY_EC: 87 case EVP_PKEY_EC:
87 return(i2o_ECPublicKey(a->pkey.ec, pp)); 88 return (i2o_ECPublicKey(a->pkey.ec, pp));
88#endif 89#endif
89 default: 90 default:
90 ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 91 ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
91 return(-1); 92 return (-1);
92 } 93 }
93} 94}
94
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 0a378759f9..0e58baf1b5 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -69,15 +69,13 @@
69 69
70#ifndef OPENSSL_NO_RC4 70#ifndef OPENSSL_NO_RC4
71 71
72typedef struct netscape_pkey_st 72typedef struct netscape_pkey_st {
73{
74 long version; 73 long version;
75 X509_ALGOR *algor; 74 X509_ALGOR *algor;
76 ASN1_OCTET_STRING *private_key; 75 ASN1_OCTET_STRING *private_key;
77} NETSCAPE_PKEY; 76} NETSCAPE_PKEY;
78 77
79typedef struct netscape_encrypted_pkey_st 78typedef struct netscape_encrypted_pkey_st {
80{
81 ASN1_OCTET_STRING *os; 79 ASN1_OCTET_STRING *os;
82 /* This is the same structure as DigestInfo so use it: 80 /* This is the same structure as DigestInfo so use it:
83 * although this isn't really anything to do with 81 * although this isn't really anything to do with
@@ -93,7 +91,7 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
93} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) 91} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
94 92
95DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) 93DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
96DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY) 94DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY)
97IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) 95IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
98 96
99ASN1_SEQUENCE(NETSCAPE_PKEY) = { 97ASN1_SEQUENCE(NETSCAPE_PKEY) = {
@@ -103,61 +101,59 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
103} ASN1_SEQUENCE_END(NETSCAPE_PKEY) 101} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
104 102
105DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) 103DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
106DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) 104DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY, NETSCAPE_PKEY)
107IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) 105IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
108 106
109static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, 107static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
110 int (*cb)(char *buf, int len, const char *prompt, 108 int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
111 int verify),
112 int sgckey);
113 109
114int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, 110int
115 int (*cb)(char *buf, int len, const char *prompt, 111i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
116 int verify)) 112 int (*cb)(char *buf, int len, const char *prompt, int verify))
117{ 113{
118 return i2d_RSA_NET(a, pp, cb, 0); 114 return i2d_RSA_NET(a, pp, cb, 0);
119} 115}
120 116
121int i2d_RSA_NET(const RSA *a, unsigned char **pp, 117int
122 int (*cb)(char *buf, int len, const char *prompt, int verify), 118i2d_RSA_NET(const RSA *a, unsigned char **pp,
123 int sgckey) 119 int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
124{ 120{
125 int i, j, ret = 0; 121 int i, j, ret = 0;
126 int rsalen, pkeylen, olen; 122 int rsalen, pkeylen, olen;
127 NETSCAPE_PKEY *pkey = NULL; 123 NETSCAPE_PKEY *pkey = NULL;
128 NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; 124 NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
129 unsigned char buf[256],*zz; 125 unsigned char buf[256], *zz;
130 unsigned char key[EVP_MAX_KEY_LENGTH]; 126 unsigned char key[EVP_MAX_KEY_LENGTH];
131 EVP_CIPHER_CTX ctx; 127 EVP_CIPHER_CTX ctx;
132 EVP_CIPHER_CTX_init(&ctx); 128 EVP_CIPHER_CTX_init(&ctx);
133 129
134 if (a == NULL) return(0); 130 if (a == NULL)
131 return (0);
135 132
136 if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err; 133 if ((pkey = NETSCAPE_PKEY_new()) == NULL)
137 if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err; 134 goto err;
135 if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
136 goto err;
138 pkey->version = 0; 137 pkey->version = 0;
139 138
140 pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption); 139 pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
141 if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; 140 if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
142 pkey->algor->parameter->type=V_ASN1_NULL; 141 goto err;
142 pkey->algor->parameter->type = V_ASN1_NULL;
143 143
144 rsalen = i2d_RSAPrivateKey(a, NULL); 144 rsalen = i2d_RSAPrivateKey(a, NULL);
145 145
146 /* Fake some octet strings just for the initial length 146 /* Fake some octet strings just for the initial length
147 * calculation. 147 * calculation.
148 */ 148 */
149 149 pkey->private_key->length = rsalen;
150 pkey->private_key->length=rsalen; 150 pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
151
152 pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
153
154 enckey->enckey->digest->length = pkeylen; 151 enckey->enckey->digest->length = pkeylen;
155
156 enckey->os->length = 11; /* "private-key" */ 152 enckey->os->length = 11; /* "private-key" */
157 153 enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
158 enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4); 154 if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
159 if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; 155 goto err;
160 enckey->enckey->algor->parameter->type=V_ASN1_NULL; 156 enckey->enckey->algor->parameter->type = V_ASN1_NULL;
161 157
162 if (pp == NULL) { 158 if (pp == NULL) {
163 olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); 159 olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
@@ -166,59 +162,58 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
166 return olen; 162 return olen;
167 } 163 }
168 164
169
170 /* Since its RC4 encrypted length is actual length */ 165 /* Since its RC4 encrypted length is actual length */
171 if ((zz=(unsigned char *)malloc(rsalen)) == NULL) { 166 if ((zz = (unsigned char *)malloc(rsalen)) == NULL) {
172 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); 167 ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
173 goto err; 168 goto err;
174 } 169 }
175 170
176 pkey->private_key->data = zz; 171 pkey->private_key->data = zz;
177 /* Write out private key encoding */ 172 /* Write out private key encoding */
178 i2d_RSAPrivateKey(a,&zz); 173 i2d_RSAPrivateKey(a, &zz);
179 174
180 if ((zz=malloc(pkeylen)) == NULL) { 175 if ((zz = malloc(pkeylen)) == NULL) {
181 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); 176 ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
182 goto err; 177 goto err;
183 } 178 }
184 179
185 if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { 180 if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
186 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); 181 ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
187 goto err; 182 goto err;
188 } 183 }
189 enckey->enckey->digest->data = zz; 184 enckey->enckey->digest->data = zz;
190 i2d_NETSCAPE_PKEY(pkey,&zz); 185 i2d_NETSCAPE_PKEY(pkey, &zz);
191 186
192 /* Wipe the private key encoding */ 187 /* Wipe the private key encoding */
193 OPENSSL_cleanse(pkey->private_key->data, rsalen); 188 OPENSSL_cleanse(pkey->private_key->data, rsalen);
194 189
195 if (cb == NULL) 190 if (cb == NULL)
196 cb=EVP_read_pw_string; 191 cb = EVP_read_pw_string;
197 i=cb((char *)buf,256,"Enter Private Key password:",1); 192 i = cb((char *)buf, 256, "Enter Private Key password:", 1);
198 if (i != 0) { 193 if (i != 0) {
199 ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ); 194 ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
200 goto err; 195 goto err;
201 } 196 }
202 i = strlen((char *)buf); 197 i = strlen((char *)buf);
203 /* If the key is used for SGC the algorithm is modified a little. */ 198 /* If the key is used for SGC the algorithm is modified a little. */
204 if(sgckey) { 199 if (sgckey) {
205 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) 200 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
206 goto err; 201 goto err;
207 memcpy(buf + 16, "SGCKEYSALT", 10); 202 memcpy(buf + 16, "SGCKEYSALT", 10);
208 i = 26; 203 i = 26;
209} 204 }
210 205
211 if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL)) 206 if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
212 goto err; 207 goto err;
213 OPENSSL_cleanse(buf,256); 208 OPENSSL_cleanse(buf, 256);
214 209
215 /* Encrypt private key in place */ 210 /* Encrypt private key in place */
216 zz = enckey->enckey->digest->data; 211 zz = enckey->enckey->digest->data;
217 if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL)) 212 if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
218 goto err; 213 goto err;
219 if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen)) 214 if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
220 goto err; 215 goto err;
221 if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j)) 216 if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
222 goto err; 217 goto err;
223 218
224 ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); 219 ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -226,110 +221,116 @@ err:
226 EVP_CIPHER_CTX_cleanup(&ctx); 221 EVP_CIPHER_CTX_cleanup(&ctx);
227 NETSCAPE_ENCRYPTED_PKEY_free(enckey); 222 NETSCAPE_ENCRYPTED_PKEY_free(enckey);
228 NETSCAPE_PKEY_free(pkey); 223 NETSCAPE_PKEY_free(pkey);
229 return(ret); 224 return (ret);
230} 225}
231 226
232 227
233RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, 228RSA *
234 int (*cb)(char *buf, int len, const char *prompt, 229d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
235 int verify)) 230 int (*cb)(char *buf, int len, const char *prompt, int verify))
236{ 231{
237 return d2i_RSA_NET(a, pp, length, cb, 0); 232 return d2i_RSA_NET(a, pp, length, cb, 0);
238} 233}
239 234
240RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, 235RSA *
241 int (*cb)(char *buf, int len, const char *prompt, int verify), 236d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
242 int sgckey) 237 int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
243{ 238{
244 RSA *ret=NULL; 239 RSA *ret = NULL;
245 const unsigned char *p; 240 const unsigned char *p;
246 NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; 241 NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
247 242
248 p = *pp; 243 p = *pp;
249 244
250 enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); 245 enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
251 if(!enckey) { 246 if (!enckey) {
252 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR); 247 ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
253 return NULL; 248 return NULL;
254} 249 }
255 250
256 if ((enckey->os->length != 11) || (strncmp("private-key", 251 if ((enckey->os->length != 11) || (strncmp("private-key",
257 (char *)enckey->os->data,11) != 0)) { 252 (char *)enckey->os->data, 11) != 0)) {
258 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING); 253 ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
259 NETSCAPE_ENCRYPTED_PKEY_free(enckey); 254 NETSCAPE_ENCRYPTED_PKEY_free(enckey);
260 return NULL; 255 return NULL;
261 } 256 }
262 if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { 257 if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
263 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); 258 ASN1err(ASN1_F_D2I_RSA_NET,
259 ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
264 goto err; 260 goto err;
265} 261 }
266 if (cb == NULL) 262 if (cb == NULL)
267 cb=EVP_read_pw_string; 263 cb = EVP_read_pw_string;
268 if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; 264 if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
265 sgckey)) == NULL)
266 goto err;
269 267
270 *pp = p; 268 *pp = p;
271 269
272 err: 270err:
273 NETSCAPE_ENCRYPTED_PKEY_free(enckey); 271 NETSCAPE_ENCRYPTED_PKEY_free(enckey);
274 return ret; 272 return ret;
275 273
276} 274}
277 275
278static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, 276static RSA *
279 int (*cb)(char *buf, int len, const char *prompt, 277d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
280 int verify), int sgckey) 278 int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
281{ 279{
282 NETSCAPE_PKEY *pkey=NULL; 280 NETSCAPE_PKEY *pkey = NULL;
283 RSA *ret=NULL; 281 RSA *ret = NULL;
284 int i,j; 282 int i, j;
285 unsigned char buf[256]; 283 unsigned char buf[256];
286 const unsigned char *zz; 284 const unsigned char *zz;
287 unsigned char key[EVP_MAX_KEY_LENGTH]; 285 unsigned char key[EVP_MAX_KEY_LENGTH];
288 EVP_CIPHER_CTX ctx; 286 EVP_CIPHER_CTX ctx;
289 EVP_CIPHER_CTX_init(&ctx); 287 EVP_CIPHER_CTX_init(&ctx);
290 288
291 i=cb((char *)buf,256,"Enter Private Key password:",0); 289 i=cb((char *)buf,256, "Enter Private Key password:",0);
292 if (i != 0) { 290 if (i != 0) {
293 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ); 291 ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
294 goto err; 292 goto err;
295 } 293 }
296 294
297 i = strlen((char *)buf); 295 i = strlen((char *)buf);
298 if(sgckey){ 296 if (sgckey){
299 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) 297 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
300 goto err; 298 goto err;
301 memcpy(buf + 16, "SGCKEYSALT", 10); 299 memcpy(buf + 16, "SGCKEYSALT", 10);
302 i = 26; 300 i = 26;
303} 301 }
304 302
305 if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL)) 303 if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
306 goto err; 304 goto err;
307 OPENSSL_cleanse(buf,256); 305 OPENSSL_cleanse(buf, 256);
308 306
309 if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL)) 307 if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
310 goto err; 308 goto err;
311 if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length)) 309 if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
312 goto err; 310 goto err;
313 if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j)) 311 if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
314 goto err; 312 goto err;
315 os->length=i+j; 313 os->length = i + j;
316 314
317 zz=os->data; 315 zz = os->data;
318 316
319 if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) { 317 if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
320 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); 318 ASN1err(ASN1_F_D2I_RSA_NET_2,
319 ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
321 goto err; 320 goto err;
322 } 321 }
323 322
324 zz=pkey->private_key->data; 323 zz = pkey->private_key->data;
325 if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) { 324 if ((ret = d2i_RSAPrivateKey(a, &zz,
326 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); 325 pkey->private_key->length)) == NULL) {
326 ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
327 goto err; 327 goto err;
328 } 328 }
329
329err: 330err:
330 EVP_CIPHER_CTX_cleanup(&ctx); 331 EVP_CIPHER_CTX_cleanup(&ctx);
331 NETSCAPE_PKEY_free(pkey); 332 NETSCAPE_PKEY_free(pkey);
332 return(ret); 333 return (ret);
333} 334}
334 335
335#endif /* OPENSSL_NO_RC4 */ 336#endif /* OPENSSL_NO_RC4 */
@@ -337,7 +338,7 @@ err:
337#else /* !OPENSSL_NO_RSA */ 338#else /* !OPENSSL_NO_RSA */
338 339
339# if PEDANTIC 340# if PEDANTIC
340static void *dummy=&dummy; 341static void *dummy = &dummy;
341# endif 342# endif
342 343
343#endif 344#endif
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c
index b8c4202230..3e7c73cb91 100644
--- a/src/lib/libcrypto/asn1/nsseq.c
+++ b/src/lib/libcrypto/asn1/nsseq.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,10 +62,10 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64 64
65static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 65static int
66 void *exarg) 66nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
67{ 67{
68 if(operation == ASN1_OP_NEW_POST) { 68 if (operation == ASN1_OP_NEW_POST) {
69 NETSCAPE_CERT_SEQUENCE *nsseq; 69 NETSCAPE_CERT_SEQUENCE *nsseq;
70 nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; 70 nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
71 nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); 71 nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index 390305ad38..28caebd5c2 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -74,28 +74,29 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
74 74
75/* Set an algorithm identifier for a PKCS#5 PBE algorithm */ 75/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
76 76
77int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, 77int
78 const unsigned char *salt, int saltlen) 78PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
79 const unsigned char *salt, int saltlen)
79{ 80{
80 PBEPARAM *pbe=NULL; 81 PBEPARAM *pbe = NULL;
81 ASN1_STRING *pbe_str=NULL; 82 ASN1_STRING *pbe_str = NULL;
82 unsigned char *sstr; 83 unsigned char *sstr;
83 84
84 pbe = PBEPARAM_new(); 85 pbe = PBEPARAM_new();
85 if (!pbe) { 86 if (!pbe) {
86 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); 87 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
87 goto err; 88 goto err;
88 } 89 }
89 if(iter <= 0) 90 if (iter <= 0)
90 iter = PKCS5_DEFAULT_ITER; 91 iter = PKCS5_DEFAULT_ITER;
91 if (!ASN1_INTEGER_set(pbe->iter, iter)) { 92 if (!ASN1_INTEGER_set(pbe->iter, iter)) {
92 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); 93 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
93 goto err; 94 goto err;
94 } 95 }
95 if (!saltlen) 96 if (!saltlen)
96 saltlen = PKCS5_SALT_LEN; 97 saltlen = PKCS5_SALT_LEN;
97 if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { 98 if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
98 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); 99 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
99 goto err; 100 goto err;
100 } 101 }
101 sstr = ASN1_STRING_data(pbe->salt); 102 sstr = ASN1_STRING_data(pbe->salt);
@@ -104,8 +105,8 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
104 else if (RAND_pseudo_bytes(sstr, saltlen) < 0) 105 else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
105 goto err; 106 goto err;
106 107
107 if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { 108 if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
108 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); 109 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
109 goto err; 110 goto err;
110 } 111 }
111 112
@@ -125,17 +126,17 @@ err:
125 126
126/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ 127/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
127 128
128X509_ALGOR *PKCS5_pbe_set(int alg, int iter, 129X509_ALGOR *
129 const unsigned char *salt, int saltlen) 130PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
130{ 131{
131 X509_ALGOR *ret; 132 X509_ALGOR *ret;
132 ret = X509_ALGOR_new(); 133 ret = X509_ALGOR_new();
133 if (!ret) { 134 if (!ret) {
134 ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); 135 ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
135 return NULL; 136 return NULL;
136 } 137 }
137 138
138 if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 139 if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
139 return ret; 140 return ret;
140 141
141 X509_ALGOR_free(ret); 142 X509_ALGOR_free(ret);
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 01563a68fd..8917cc4ccf 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -86,9 +86,9 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
86 * Extended version to allow application supplied PRF NID and IV. 86 * Extended version to allow application supplied PRF NID and IV.
87 */ 87 */
88 88
89X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, 89X509_ALGOR *
90 unsigned char *salt, int saltlen, 90PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
91 unsigned char *aiv, int prf_nid) 91 int saltlen, unsigned char *aiv, int prf_nid)
92{ 92{
93 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; 93 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
94 int alg_nid, keylen; 94 int alg_nid, keylen;
@@ -98,27 +98,30 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
98 ASN1_OBJECT *obj; 98 ASN1_OBJECT *obj;
99 99
100 alg_nid = EVP_CIPHER_type(cipher); 100 alg_nid = EVP_CIPHER_type(cipher);
101 if(alg_nid == NID_undef) { 101 if (alg_nid == NID_undef) {
102 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, 102 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
103 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 103 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
104 goto err; 104 goto err;
105 } 105 }
106 obj = OBJ_nid2obj(alg_nid); 106 obj = OBJ_nid2obj(alg_nid);
107 107
108 if(!(pbe2 = PBE2PARAM_new())) goto merr; 108 if (!(pbe2 = PBE2PARAM_new()))
109 goto merr;
109 110
110 /* Setup the AlgorithmIdentifier for the encryption scheme */ 111 /* Setup the AlgorithmIdentifier for the encryption scheme */
111 scheme = pbe2->encryption; 112 scheme = pbe2->encryption;
112 113
113 scheme->algorithm = obj; 114 scheme->algorithm = obj;
114 if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; 115 if (!(scheme->parameter = ASN1_TYPE_new()))
116 goto merr;
115 117
116 /* Create random IV */ 118 /* Create random IV */
117 if (EVP_CIPHER_iv_length(cipher)) { 119 if (EVP_CIPHER_iv_length(cipher)) {
118 if (aiv) 120 if (aiv)
119 memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); 121 memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
120 else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) 122 else if (RAND_pseudo_bytes(iv,
121 goto err; 123 EVP_CIPHER_iv_length(cipher)) < 0)
124 goto err;
122 } 125 }
123 126
124 EVP_CIPHER_CTX_init(&ctx); 127 EVP_CIPHER_CTX_init(&ctx);
@@ -126,16 +129,16 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
126 /* Dummy cipherinit to just setup the IV, and PRF */ 129 /* Dummy cipherinit to just setup the IV, and PRF */
127 if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) 130 if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
128 goto err; 131 goto err;
129 if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { 132 if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
130 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, 133 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
131 ASN1_R_ERROR_SETTING_CIPHER_PARAMS); 134 ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
132 EVP_CIPHER_CTX_cleanup(&ctx); 135 EVP_CIPHER_CTX_cleanup(&ctx);
133 goto err; 136 goto err;
134 } 137 }
135 /* If prf NID unspecified see if cipher has a preference. 138 /* If prf NID unspecified see if cipher has a preference.
136 * An error is OK here: just means use default PRF. 139 * An error is OK here: just means use default PRF.
137 */ 140 */
138 if ((prf_nid == -1) && 141 if ((prf_nid == -1) &&
139 EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { 142 EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
140 ERR_clear_error(); 143 ERR_clear_error();
141 prf_nid = NID_hmacWithSHA1; 144 prf_nid = NID_hmacWithSHA1;
@@ -144,7 +147,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
144 147
145 /* If its RC2 then we'd better setup the key length */ 148 /* If its RC2 then we'd better setup the key length */
146 149
147 if(alg_nid == NID_rc2_cbc) 150 if (alg_nid == NID_rc2_cbc)
148 keylen = EVP_CIPHER_key_length(cipher); 151 keylen = EVP_CIPHER_key_length(cipher);
149 else 152 else
150 keylen = -1; 153 keylen = -1;
@@ -160,15 +163,17 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
160 163
161 /* Now set up top level AlgorithmIdentifier */ 164 /* Now set up top level AlgorithmIdentifier */
162 165
163 if(!(ret = X509_ALGOR_new())) goto merr; 166 if (!(ret = X509_ALGOR_new()))
164 if(!(ret->parameter = ASN1_TYPE_new())) goto merr; 167 goto merr;
168 if (!(ret->parameter = ASN1_TYPE_new()))
169 goto merr;
165 170
166 ret->algorithm = OBJ_nid2obj(NID_pbes2); 171 ret->algorithm = OBJ_nid2obj(NID_pbes2);
167 172
168 /* Encode PBE2PARAM into parameter */ 173 /* Encode PBE2PARAM into parameter */
169 174
170 if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM), 175 if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
171 &ret->parameter->value.sequence)) goto merr; 176 &ret->parameter->value.sequence)) goto merr;
172 ret->parameter->type = V_ASN1_SEQUENCE; 177 ret->parameter->type = V_ASN1_SEQUENCE;
173 178
174 PBE2PARAM_free(pbe2); 179 PBE2PARAM_free(pbe2);
@@ -177,34 +182,35 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
177 return ret; 182 return ret;
178 183
179merr: 184merr:
180 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE); 185 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
181 186
182 err: 187err:
183 PBE2PARAM_free(pbe2); 188 PBE2PARAM_free(pbe2);
184 /* Note 'scheme' is freed as part of pbe2 */ 189 /* Note 'scheme' is freed as part of pbe2 */
185 X509_ALGOR_free(kalg); 190 X509_ALGOR_free(kalg);
186 X509_ALGOR_free(ret); 191 X509_ALGOR_free(ret);
187 192
188 return NULL; 193 return NULL;
189
190} 194}
191 195
192X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, 196X509_ALGOR *
193 unsigned char *salt, int saltlen) 197PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
198 int saltlen)
194{ 199{
195 return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); 200 return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
196} 201}
197 202
198X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, 203X509_ALGOR *
199 int prf_nid, int keylen) 204PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
205 int keylen)
200{ 206{
201 X509_ALGOR *keyfunc = NULL; 207 X509_ALGOR *keyfunc = NULL;
202 PBKDF2PARAM *kdf = NULL; 208 PBKDF2PARAM *kdf = NULL;
203 ASN1_OCTET_STRING *osalt = NULL; 209 ASN1_OCTET_STRING *osalt = NULL;
204 210
205 if(!(kdf = PBKDF2PARAM_new())) 211 if (!(kdf = PBKDF2PARAM_new()))
206 goto merr; 212 goto merr;
207 if(!(osalt = M_ASN1_OCTET_STRING_new())) 213 if (!(osalt = M_ASN1_OCTET_STRING_new()))
208 goto merr; 214 goto merr;
209 215
210 kdf->salt->value.octet_string = osalt; 216 kdf->salt->value.octet_string = osalt;
@@ -222,20 +228,20 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
222 else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) 228 else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
223 goto merr; 229 goto merr;
224 230
225 if(iter <= 0) 231 if (iter <= 0)
226 iter = PKCS5_DEFAULT_ITER; 232 iter = PKCS5_DEFAULT_ITER;
227 233
228 if(!ASN1_INTEGER_set(kdf->iter, iter)) 234 if (!ASN1_INTEGER_set(kdf->iter, iter))
229 goto merr; 235 goto merr;
230 236
231 /* If have a key len set it up */ 237 /* If have a key len set it up */
232 238
233 if(keylen > 0) { 239 if (keylen > 0) {
234 if(!(kdf->keylength = M_ASN1_INTEGER_new())) 240 if (!(kdf->keylength = M_ASN1_INTEGER_new()))
235 goto merr; 241 goto merr;
236 if(!ASN1_INTEGER_set (kdf->keylength, keylen)) 242 if (!ASN1_INTEGER_set (kdf->keylength, keylen))
237 goto merr; 243 goto merr;
238 } 244 }
239 245
240 /* prf can stay NULL if we are using hmacWithSHA1 */ 246 /* prf can stay NULL if we are using hmacWithSHA1 */
241 if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { 247 if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
@@ -243,7 +249,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
243 if (!kdf->prf) 249 if (!kdf->prf)
244 goto merr; 250 goto merr;
245 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), 251 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
246 V_ASN1_NULL, NULL); 252 V_ASN1_NULL, NULL);
247 } 253 }
248 254
249 /* Finally setup the keyfunc structure */ 255 /* Finally setup the keyfunc structure */
@@ -256,11 +262,11 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
256 262
257 /* Encode PBKDF2PARAM into parameter of pbe2 */ 263 /* Encode PBKDF2PARAM into parameter of pbe2 */
258 264
259 if(!(keyfunc->parameter = ASN1_TYPE_new())) 265 if (!(keyfunc->parameter = ASN1_TYPE_new()))
260 goto merr; 266 goto merr;
261 267
262 if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), 268 if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
263 &keyfunc->parameter->value.sequence)) 269 &keyfunc->parameter->value.sequence))
264 goto merr; 270 goto merr;
265 keyfunc->parameter->type = V_ASN1_SEQUENCE; 271 keyfunc->parameter->type = V_ASN1_SEQUENCE;
266 272
@@ -268,9 +274,8 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
268 return keyfunc; 274 return keyfunc;
269 275
270merr: 276merr:
271 ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE); 277 ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
272 PBKDF2PARAM_free(kdf); 278 PBKDF2PARAM_free(kdf);
273 X509_ALGOR_free(keyfunc); 279 X509_ALGOR_free(keyfunc);
274 return NULL; 280 return NULL;
275} 281}
276
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
index c95d7e55a0..6c5577ee1e 100644
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,16 +62,16 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63 63
64/* Minor tweak to operation: zero private key data */ 64/* Minor tweak to operation: zero private key data */
65static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 65static int
66 void *exarg) 66pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
67{ 67{
68 /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ 68 /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
69 if(operation == ASN1_OP_FREE_PRE) { 69 if (operation == ASN1_OP_FREE_PRE) {
70 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; 70 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
71 if (key->pkey->value.octet_string) 71 if (key->pkey->value.octet_string)
72 OPENSSL_cleanse(key->pkey->value.octet_string->data, 72 OPENSSL_cleanse(key->pkey->value.octet_string->data,
73 key->pkey->value.octet_string->length); 73 key->pkey->value.octet_string->length);
74} 74 }
75 return 1; 75 return 1;
76} 76}
77 77
@@ -84,12 +84,12 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
84 84
85IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) 85IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
86 86
87int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, 87int
88 int version, 88PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
89 int ptype, void *pval, 89 int ptype, void *pval, unsigned char *penc, int penclen)
90 unsigned char *penc, int penclen)
91{ 90{
92 unsigned char **ppenc = NULL; 91 unsigned char **ppenc = NULL;
92
93 if (version >= 0) { 93 if (version >= 0) {
94 if (!ASN1_INTEGER_set(priv->version, version)) 94 if (!ASN1_INTEGER_set(priv->version, version))
95 return 0; 95 return 0;
@@ -118,14 +118,13 @@ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
118 return 1; 118 return 1;
119} 119}
120 120
121int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, 121int
122 const unsigned char **pk, int *ppklen, 122PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen,
123 X509_ALGOR **pa, 123 X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8)
124 PKCS8_PRIV_KEY_INFO *p8)
125{ 124{
126 if (ppkalg) 125 if (ppkalg)
127 *ppkalg = p8->pkeyalg->algorithm; 126 *ppkalg = p8->pkeyalg->algorithm;
128 if(p8->pkey->type == V_ASN1_OCTET_STRING) { 127 if (p8->pkey->type == V_ASN1_OCTET_STRING) {
129 p8->broken = PKCS8_OK; 128 p8->broken = PKCS8_OK;
130 if (pk) { 129 if (pk) {
131 *pk = p8->pkey->value.octet_string->data; 130 *pk = p8->pkey->value.octet_string->data;
@@ -137,11 +136,9 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
137 *pk = p8->pkey->value.sequence->data; 136 *pk = p8->pkey->value.sequence->data;
138 *ppklen = p8->pkey->value.sequence->length; 137 *ppklen = p8->pkey->value.sequence->length;
139 } 138 }
140 } 139 } else
141 else
142 return 0; 140 return 0;
143 if (pa) 141 if (pa)
144 *pa = p8->pkeyalg; 142 *pa = p8->pkeyalg;
145 return 1; 143 return 1;
146} 144}
147
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pr.c b/src/lib/libssl/src/crypto/asn1/i2d_pr.c
index 7175748601..3340e6ce39 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_pr.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_pr.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -62,18 +62,18 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include "asn1_locl.h" 63#include "asn1_locl.h"
64 64
65int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) 65int
66i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
66{ 67{
67 if (a->ameth && a->ameth->old_priv_encode) { 68 if (a->ameth && a->ameth->old_priv_encode) {
68 return a->ameth->old_priv_encode(a, pp); 69 return a->ameth->old_priv_encode(a, pp);
69 } 70 }
70 if (a->ameth && a->ameth->priv_encode) { 71 if (a->ameth && a->ameth->priv_encode) {
71 PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); 72 PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
72 int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp); 73 int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
73 PKCS8_PRIV_KEY_INFO_free(p8); 74 PKCS8_PRIV_KEY_INFO_free(p8);
74 return ret; 75 return ret;
75} 76 }
76 ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 77 ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
77 return(-1); 78 return (-1);
78} 79}
79
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pu.c b/src/lib/libssl/src/crypto/asn1/i2d_pu.c
index 08b438115d..8ac271e056 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_pu.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_pu.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -71,24 +71,24 @@
71#include <openssl/ec.h> 71#include <openssl/ec.h>
72#endif 72#endif
73 73
74int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) 74int
75i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
75{ 76{
76 switch (a->type) { 77 switch (a->type) {
77#ifndef OPENSSL_NO_RSA 78#ifndef OPENSSL_NO_RSA
78 case EVP_PKEY_RSA: 79 case EVP_PKEY_RSA:
79 return(i2d_RSAPublicKey(a->pkey.rsa,pp)); 80 return (i2d_RSAPublicKey(a->pkey.rsa, pp));
80#endif 81#endif
81#ifndef OPENSSL_NO_DSA 82#ifndef OPENSSL_NO_DSA
82 case EVP_PKEY_DSA: 83 case EVP_PKEY_DSA:
83 return(i2d_DSAPublicKey(a->pkey.dsa,pp)); 84 return (i2d_DSAPublicKey(a->pkey.dsa, pp));
84#endif 85#endif
85#ifndef OPENSSL_NO_EC 86#ifndef OPENSSL_NO_EC
86 case EVP_PKEY_EC: 87 case EVP_PKEY_EC:
87 return(i2o_ECPublicKey(a->pkey.ec, pp)); 88 return (i2o_ECPublicKey(a->pkey.ec, pp));
88#endif 89#endif
89 default: 90 default:
90 ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); 91 ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
91 return(-1); 92 return (-1);
92 } 93 }
93} 94}
94
diff --git a/src/lib/libssl/src/crypto/asn1/n_pkey.c b/src/lib/libssl/src/crypto/asn1/n_pkey.c
index 0a378759f9..0e58baf1b5 100644
--- a/src/lib/libssl/src/crypto/asn1/n_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/n_pkey.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -69,15 +69,13 @@
69 69
70#ifndef OPENSSL_NO_RC4 70#ifndef OPENSSL_NO_RC4
71 71
72typedef struct netscape_pkey_st 72typedef struct netscape_pkey_st {
73{
74 long version; 73 long version;
75 X509_ALGOR *algor; 74 X509_ALGOR *algor;
76 ASN1_OCTET_STRING *private_key; 75 ASN1_OCTET_STRING *private_key;
77} NETSCAPE_PKEY; 76} NETSCAPE_PKEY;
78 77
79typedef struct netscape_encrypted_pkey_st 78typedef struct netscape_encrypted_pkey_st {
80{
81 ASN1_OCTET_STRING *os; 79 ASN1_OCTET_STRING *os;
82 /* This is the same structure as DigestInfo so use it: 80 /* This is the same structure as DigestInfo so use it:
83 * although this isn't really anything to do with 81 * although this isn't really anything to do with
@@ -93,7 +91,7 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
93} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) 91} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
94 92
95DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) 93DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
96DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY) 94DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY)
97IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) 95IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
98 96
99ASN1_SEQUENCE(NETSCAPE_PKEY) = { 97ASN1_SEQUENCE(NETSCAPE_PKEY) = {
@@ -103,61 +101,59 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
103} ASN1_SEQUENCE_END(NETSCAPE_PKEY) 101} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
104 102
105DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) 103DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
106DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) 104DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY, NETSCAPE_PKEY)
107IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) 105IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
108 106
109static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, 107static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
110 int (*cb)(char *buf, int len, const char *prompt, 108 int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
111 int verify),
112 int sgckey);
113 109
114int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, 110int
115 int (*cb)(char *buf, int len, const char *prompt, 111i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
116 int verify)) 112 int (*cb)(char *buf, int len, const char *prompt, int verify))
117{ 113{
118 return i2d_RSA_NET(a, pp, cb, 0); 114 return i2d_RSA_NET(a, pp, cb, 0);
119} 115}
120 116
121int i2d_RSA_NET(const RSA *a, unsigned char **pp, 117int
122 int (*cb)(char *buf, int len, const char *prompt, int verify), 118i2d_RSA_NET(const RSA *a, unsigned char **pp,
123 int sgckey) 119 int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
124{ 120{
125 int i, j, ret = 0; 121 int i, j, ret = 0;
126 int rsalen, pkeylen, olen; 122 int rsalen, pkeylen, olen;
127 NETSCAPE_PKEY *pkey = NULL; 123 NETSCAPE_PKEY *pkey = NULL;
128 NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; 124 NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
129 unsigned char buf[256],*zz; 125 unsigned char buf[256], *zz;
130 unsigned char key[EVP_MAX_KEY_LENGTH]; 126 unsigned char key[EVP_MAX_KEY_LENGTH];
131 EVP_CIPHER_CTX ctx; 127 EVP_CIPHER_CTX ctx;
132 EVP_CIPHER_CTX_init(&ctx); 128 EVP_CIPHER_CTX_init(&ctx);
133 129
134 if (a == NULL) return(0); 130 if (a == NULL)
131 return (0);
135 132
136 if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err; 133 if ((pkey = NETSCAPE_PKEY_new()) == NULL)
137 if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err; 134 goto err;
135 if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
136 goto err;
138 pkey->version = 0; 137 pkey->version = 0;
139 138
140 pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption); 139 pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
141 if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; 140 if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
142 pkey->algor->parameter->type=V_ASN1_NULL; 141 goto err;
142 pkey->algor->parameter->type = V_ASN1_NULL;
143 143
144 rsalen = i2d_RSAPrivateKey(a, NULL); 144 rsalen = i2d_RSAPrivateKey(a, NULL);
145 145
146 /* Fake some octet strings just for the initial length 146 /* Fake some octet strings just for the initial length
147 * calculation. 147 * calculation.
148 */ 148 */
149 149 pkey->private_key->length = rsalen;
150 pkey->private_key->length=rsalen; 150 pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
151
152 pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
153
154 enckey->enckey->digest->length = pkeylen; 151 enckey->enckey->digest->length = pkeylen;
155
156 enckey->os->length = 11; /* "private-key" */ 152 enckey->os->length = 11; /* "private-key" */
157 153 enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
158 enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4); 154 if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
159 if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; 155 goto err;
160 enckey->enckey->algor->parameter->type=V_ASN1_NULL; 156 enckey->enckey->algor->parameter->type = V_ASN1_NULL;
161 157
162 if (pp == NULL) { 158 if (pp == NULL) {
163 olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); 159 olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
@@ -166,59 +162,58 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
166 return olen; 162 return olen;
167 } 163 }
168 164
169
170 /* Since its RC4 encrypted length is actual length */ 165 /* Since its RC4 encrypted length is actual length */
171 if ((zz=(unsigned char *)malloc(rsalen)) == NULL) { 166 if ((zz = (unsigned char *)malloc(rsalen)) == NULL) {
172 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); 167 ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
173 goto err; 168 goto err;
174 } 169 }
175 170
176 pkey->private_key->data = zz; 171 pkey->private_key->data = zz;
177 /* Write out private key encoding */ 172 /* Write out private key encoding */
178 i2d_RSAPrivateKey(a,&zz); 173 i2d_RSAPrivateKey(a, &zz);
179 174
180 if ((zz=malloc(pkeylen)) == NULL) { 175 if ((zz = malloc(pkeylen)) == NULL) {
181 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); 176 ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
182 goto err; 177 goto err;
183 } 178 }
184 179
185 if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { 180 if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
186 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); 181 ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
187 goto err; 182 goto err;
188 } 183 }
189 enckey->enckey->digest->data = zz; 184 enckey->enckey->digest->data = zz;
190 i2d_NETSCAPE_PKEY(pkey,&zz); 185 i2d_NETSCAPE_PKEY(pkey, &zz);
191 186
192 /* Wipe the private key encoding */ 187 /* Wipe the private key encoding */
193 OPENSSL_cleanse(pkey->private_key->data, rsalen); 188 OPENSSL_cleanse(pkey->private_key->data, rsalen);
194 189
195 if (cb == NULL) 190 if (cb == NULL)
196 cb=EVP_read_pw_string; 191 cb = EVP_read_pw_string;
197 i=cb((char *)buf,256,"Enter Private Key password:",1); 192 i = cb((char *)buf, 256, "Enter Private Key password:", 1);
198 if (i != 0) { 193 if (i != 0) {
199 ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ); 194 ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
200 goto err; 195 goto err;
201 } 196 }
202 i = strlen((char *)buf); 197 i = strlen((char *)buf);
203 /* If the key is used for SGC the algorithm is modified a little. */ 198 /* If the key is used for SGC the algorithm is modified a little. */
204 if(sgckey) { 199 if (sgckey) {
205 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) 200 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
206 goto err; 201 goto err;
207 memcpy(buf + 16, "SGCKEYSALT", 10); 202 memcpy(buf + 16, "SGCKEYSALT", 10);
208 i = 26; 203 i = 26;
209} 204 }
210 205
211 if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL)) 206 if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
212 goto err; 207 goto err;
213 OPENSSL_cleanse(buf,256); 208 OPENSSL_cleanse(buf, 256);
214 209
215 /* Encrypt private key in place */ 210 /* Encrypt private key in place */
216 zz = enckey->enckey->digest->data; 211 zz = enckey->enckey->digest->data;
217 if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL)) 212 if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
218 goto err; 213 goto err;
219 if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen)) 214 if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
220 goto err; 215 goto err;
221 if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j)) 216 if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
222 goto err; 217 goto err;
223 218
224 ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); 219 ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -226,110 +221,116 @@ err:
226 EVP_CIPHER_CTX_cleanup(&ctx); 221 EVP_CIPHER_CTX_cleanup(&ctx);
227 NETSCAPE_ENCRYPTED_PKEY_free(enckey); 222 NETSCAPE_ENCRYPTED_PKEY_free(enckey);
228 NETSCAPE_PKEY_free(pkey); 223 NETSCAPE_PKEY_free(pkey);
229 return(ret); 224 return (ret);
230} 225}
231 226
232 227
233RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, 228RSA *
234 int (*cb)(char *buf, int len, const char *prompt, 229d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
235 int verify)) 230 int (*cb)(char *buf, int len, const char *prompt, int verify))
236{ 231{
237 return d2i_RSA_NET(a, pp, length, cb, 0); 232 return d2i_RSA_NET(a, pp, length, cb, 0);
238} 233}
239 234
240RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, 235RSA *
241 int (*cb)(char *buf, int len, const char *prompt, int verify), 236d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
242 int sgckey) 237 int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
243{ 238{
244 RSA *ret=NULL; 239 RSA *ret = NULL;
245 const unsigned char *p; 240 const unsigned char *p;
246 NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; 241 NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
247 242
248 p = *pp; 243 p = *pp;
249 244
250 enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); 245 enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
251 if(!enckey) { 246 if (!enckey) {
252 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR); 247 ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
253 return NULL; 248 return NULL;
254} 249 }
255 250
256 if ((enckey->os->length != 11) || (strncmp("private-key", 251 if ((enckey->os->length != 11) || (strncmp("private-key",
257 (char *)enckey->os->data,11) != 0)) { 252 (char *)enckey->os->data, 11) != 0)) {
258 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING); 253 ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
259 NETSCAPE_ENCRYPTED_PKEY_free(enckey); 254 NETSCAPE_ENCRYPTED_PKEY_free(enckey);
260 return NULL; 255 return NULL;
261 } 256 }
262 if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { 257 if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
263 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); 258 ASN1err(ASN1_F_D2I_RSA_NET,
259 ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
264 goto err; 260 goto err;
265} 261 }
266 if (cb == NULL) 262 if (cb == NULL)
267 cb=EVP_read_pw_string; 263 cb = EVP_read_pw_string;
268 if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; 264 if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
265 sgckey)) == NULL)
266 goto err;
269 267
270 *pp = p; 268 *pp = p;
271 269
272 err: 270err:
273 NETSCAPE_ENCRYPTED_PKEY_free(enckey); 271 NETSCAPE_ENCRYPTED_PKEY_free(enckey);
274 return ret; 272 return ret;
275 273
276} 274}
277 275
278static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, 276static RSA *
279 int (*cb)(char *buf, int len, const char *prompt, 277d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
280 int verify), int sgckey) 278 int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
281{ 279{
282 NETSCAPE_PKEY *pkey=NULL; 280 NETSCAPE_PKEY *pkey = NULL;
283 RSA *ret=NULL; 281 RSA *ret = NULL;
284 int i,j; 282 int i, j;
285 unsigned char buf[256]; 283 unsigned char buf[256];
286 const unsigned char *zz; 284 const unsigned char *zz;
287 unsigned char key[EVP_MAX_KEY_LENGTH]; 285 unsigned char key[EVP_MAX_KEY_LENGTH];
288 EVP_CIPHER_CTX ctx; 286 EVP_CIPHER_CTX ctx;
289 EVP_CIPHER_CTX_init(&ctx); 287 EVP_CIPHER_CTX_init(&ctx);
290 288
291 i=cb((char *)buf,256,"Enter Private Key password:",0); 289 i=cb((char *)buf,256, "Enter Private Key password:",0);
292 if (i != 0) { 290 if (i != 0) {
293 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ); 291 ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
294 goto err; 292 goto err;
295 } 293 }
296 294
297 i = strlen((char *)buf); 295 i = strlen((char *)buf);
298 if(sgckey){ 296 if (sgckey){
299 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) 297 if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
300 goto err; 298 goto err;
301 memcpy(buf + 16, "SGCKEYSALT", 10); 299 memcpy(buf + 16, "SGCKEYSALT", 10);
302 i = 26; 300 i = 26;
303} 301 }
304 302
305 if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL)) 303 if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
306 goto err; 304 goto err;
307 OPENSSL_cleanse(buf,256); 305 OPENSSL_cleanse(buf, 256);
308 306
309 if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL)) 307 if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
310 goto err; 308 goto err;
311 if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length)) 309 if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
312 goto err; 310 goto err;
313 if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j)) 311 if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
314 goto err; 312 goto err;
315 os->length=i+j; 313 os->length = i + j;
316 314
317 zz=os->data; 315 zz = os->data;
318 316
319 if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) { 317 if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
320 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); 318 ASN1err(ASN1_F_D2I_RSA_NET_2,
319 ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
321 goto err; 320 goto err;
322 } 321 }
323 322
324 zz=pkey->private_key->data; 323 zz = pkey->private_key->data;
325 if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) { 324 if ((ret = d2i_RSAPrivateKey(a, &zz,
326 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); 325 pkey->private_key->length)) == NULL) {
326 ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
327 goto err; 327 goto err;
328 } 328 }
329
329err: 330err:
330 EVP_CIPHER_CTX_cleanup(&ctx); 331 EVP_CIPHER_CTX_cleanup(&ctx);
331 NETSCAPE_PKEY_free(pkey); 332 NETSCAPE_PKEY_free(pkey);
332 return(ret); 333 return (ret);
333} 334}
334 335
335#endif /* OPENSSL_NO_RC4 */ 336#endif /* OPENSSL_NO_RC4 */
@@ -337,7 +338,7 @@ err:
337#else /* !OPENSSL_NO_RSA */ 338#else /* !OPENSSL_NO_RSA */
338 339
339# if PEDANTIC 340# if PEDANTIC
340static void *dummy=&dummy; 341static void *dummy = &dummy;
341# endif 342# endif
342 343
343#endif 344#endif
diff --git a/src/lib/libssl/src/crypto/asn1/nsseq.c b/src/lib/libssl/src/crypto/asn1/nsseq.c
index b8c4202230..3e7c73cb91 100644
--- a/src/lib/libssl/src/crypto/asn1/nsseq.c
+++ b/src/lib/libssl/src/crypto/asn1/nsseq.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,10 +62,10 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64 64
65static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 65static int
66 void *exarg) 66nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
67{ 67{
68 if(operation == ASN1_OP_NEW_POST) { 68 if (operation == ASN1_OP_NEW_POST) {
69 NETSCAPE_CERT_SEQUENCE *nsseq; 69 NETSCAPE_CERT_SEQUENCE *nsseq;
70 nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; 70 nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
71 nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); 71 nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbe.c b/src/lib/libssl/src/crypto/asn1/p5_pbe.c
index 390305ad38..28caebd5c2 100644
--- a/src/lib/libssl/src/crypto/asn1/p5_pbe.c
+++ b/src/lib/libssl/src/crypto/asn1/p5_pbe.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -74,28 +74,29 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
74 74
75/* Set an algorithm identifier for a PKCS#5 PBE algorithm */ 75/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
76 76
77int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, 77int
78 const unsigned char *salt, int saltlen) 78PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
79 const unsigned char *salt, int saltlen)
79{ 80{
80 PBEPARAM *pbe=NULL; 81 PBEPARAM *pbe = NULL;
81 ASN1_STRING *pbe_str=NULL; 82 ASN1_STRING *pbe_str = NULL;
82 unsigned char *sstr; 83 unsigned char *sstr;
83 84
84 pbe = PBEPARAM_new(); 85 pbe = PBEPARAM_new();
85 if (!pbe) { 86 if (!pbe) {
86 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); 87 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
87 goto err; 88 goto err;
88 } 89 }
89 if(iter <= 0) 90 if (iter <= 0)
90 iter = PKCS5_DEFAULT_ITER; 91 iter = PKCS5_DEFAULT_ITER;
91 if (!ASN1_INTEGER_set(pbe->iter, iter)) { 92 if (!ASN1_INTEGER_set(pbe->iter, iter)) {
92 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); 93 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
93 goto err; 94 goto err;
94 } 95 }
95 if (!saltlen) 96 if (!saltlen)
96 saltlen = PKCS5_SALT_LEN; 97 saltlen = PKCS5_SALT_LEN;
97 if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { 98 if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
98 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); 99 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
99 goto err; 100 goto err;
100 } 101 }
101 sstr = ASN1_STRING_data(pbe->salt); 102 sstr = ASN1_STRING_data(pbe->salt);
@@ -104,8 +105,8 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
104 else if (RAND_pseudo_bytes(sstr, saltlen) < 0) 105 else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
105 goto err; 106 goto err;
106 107
107 if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { 108 if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
108 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE); 109 ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
109 goto err; 110 goto err;
110 } 111 }
111 112
@@ -125,17 +126,17 @@ err:
125 126
126/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ 127/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
127 128
128X509_ALGOR *PKCS5_pbe_set(int alg, int iter, 129X509_ALGOR *
129 const unsigned char *salt, int saltlen) 130PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
130{ 131{
131 X509_ALGOR *ret; 132 X509_ALGOR *ret;
132 ret = X509_ALGOR_new(); 133 ret = X509_ALGOR_new();
133 if (!ret) { 134 if (!ret) {
134 ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); 135 ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
135 return NULL; 136 return NULL;
136 } 137 }
137 138
138 if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 139 if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
139 return ret; 140 return ret;
140 141
141 X509_ALGOR_free(ret); 142 X509_ALGOR_free(ret);
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
index 01563a68fd..8917cc4ccf 100644
--- a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
+++ b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -86,9 +86,9 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
86 * Extended version to allow application supplied PRF NID and IV. 86 * Extended version to allow application supplied PRF NID and IV.
87 */ 87 */
88 88
89X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, 89X509_ALGOR *
90 unsigned char *salt, int saltlen, 90PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
91 unsigned char *aiv, int prf_nid) 91 int saltlen, unsigned char *aiv, int prf_nid)
92{ 92{
93 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; 93 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
94 int alg_nid, keylen; 94 int alg_nid, keylen;
@@ -98,27 +98,30 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
98 ASN1_OBJECT *obj; 98 ASN1_OBJECT *obj;
99 99
100 alg_nid = EVP_CIPHER_type(cipher); 100 alg_nid = EVP_CIPHER_type(cipher);
101 if(alg_nid == NID_undef) { 101 if (alg_nid == NID_undef) {
102 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, 102 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
103 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); 103 ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
104 goto err; 104 goto err;
105 } 105 }
106 obj = OBJ_nid2obj(alg_nid); 106 obj = OBJ_nid2obj(alg_nid);
107 107
108 if(!(pbe2 = PBE2PARAM_new())) goto merr; 108 if (!(pbe2 = PBE2PARAM_new()))
109 goto merr;
109 110
110 /* Setup the AlgorithmIdentifier for the encryption scheme */ 111 /* Setup the AlgorithmIdentifier for the encryption scheme */
111 scheme = pbe2->encryption; 112 scheme = pbe2->encryption;
112 113
113 scheme->algorithm = obj; 114 scheme->algorithm = obj;
114 if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; 115 if (!(scheme->parameter = ASN1_TYPE_new()))
116 goto merr;
115 117
116 /* Create random IV */ 118 /* Create random IV */
117 if (EVP_CIPHER_iv_length(cipher)) { 119 if (EVP_CIPHER_iv_length(cipher)) {
118 if (aiv) 120 if (aiv)
119 memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); 121 memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
120 else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) 122 else if (RAND_pseudo_bytes(iv,
121 goto err; 123 EVP_CIPHER_iv_length(cipher)) < 0)
124 goto err;
122 } 125 }
123 126
124 EVP_CIPHER_CTX_init(&ctx); 127 EVP_CIPHER_CTX_init(&ctx);
@@ -126,16 +129,16 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
126 /* Dummy cipherinit to just setup the IV, and PRF */ 129 /* Dummy cipherinit to just setup the IV, and PRF */
127 if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) 130 if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
128 goto err; 131 goto err;
129 if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { 132 if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
130 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, 133 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
131 ASN1_R_ERROR_SETTING_CIPHER_PARAMS); 134 ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
132 EVP_CIPHER_CTX_cleanup(&ctx); 135 EVP_CIPHER_CTX_cleanup(&ctx);
133 goto err; 136 goto err;
134 } 137 }
135 /* If prf NID unspecified see if cipher has a preference. 138 /* If prf NID unspecified see if cipher has a preference.
136 * An error is OK here: just means use default PRF. 139 * An error is OK here: just means use default PRF.
137 */ 140 */
138 if ((prf_nid == -1) && 141 if ((prf_nid == -1) &&
139 EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { 142 EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
140 ERR_clear_error(); 143 ERR_clear_error();
141 prf_nid = NID_hmacWithSHA1; 144 prf_nid = NID_hmacWithSHA1;
@@ -144,7 +147,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
144 147
145 /* If its RC2 then we'd better setup the key length */ 148 /* If its RC2 then we'd better setup the key length */
146 149
147 if(alg_nid == NID_rc2_cbc) 150 if (alg_nid == NID_rc2_cbc)
148 keylen = EVP_CIPHER_key_length(cipher); 151 keylen = EVP_CIPHER_key_length(cipher);
149 else 152 else
150 keylen = -1; 153 keylen = -1;
@@ -160,15 +163,17 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
160 163
161 /* Now set up top level AlgorithmIdentifier */ 164 /* Now set up top level AlgorithmIdentifier */
162 165
163 if(!(ret = X509_ALGOR_new())) goto merr; 166 if (!(ret = X509_ALGOR_new()))
164 if(!(ret->parameter = ASN1_TYPE_new())) goto merr; 167 goto merr;
168 if (!(ret->parameter = ASN1_TYPE_new()))
169 goto merr;
165 170
166 ret->algorithm = OBJ_nid2obj(NID_pbes2); 171 ret->algorithm = OBJ_nid2obj(NID_pbes2);
167 172
168 /* Encode PBE2PARAM into parameter */ 173 /* Encode PBE2PARAM into parameter */
169 174
170 if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM), 175 if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
171 &ret->parameter->value.sequence)) goto merr; 176 &ret->parameter->value.sequence)) goto merr;
172 ret->parameter->type = V_ASN1_SEQUENCE; 177 ret->parameter->type = V_ASN1_SEQUENCE;
173 178
174 PBE2PARAM_free(pbe2); 179 PBE2PARAM_free(pbe2);
@@ -177,34 +182,35 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
177 return ret; 182 return ret;
178 183
179merr: 184merr:
180 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE); 185 ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
181 186
182 err: 187err:
183 PBE2PARAM_free(pbe2); 188 PBE2PARAM_free(pbe2);
184 /* Note 'scheme' is freed as part of pbe2 */ 189 /* Note 'scheme' is freed as part of pbe2 */
185 X509_ALGOR_free(kalg); 190 X509_ALGOR_free(kalg);
186 X509_ALGOR_free(ret); 191 X509_ALGOR_free(ret);
187 192
188 return NULL; 193 return NULL;
189
190} 194}
191 195
192X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, 196X509_ALGOR *
193 unsigned char *salt, int saltlen) 197PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
198 int saltlen)
194{ 199{
195 return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); 200 return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
196} 201}
197 202
198X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, 203X509_ALGOR *
199 int prf_nid, int keylen) 204PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
205 int keylen)
200{ 206{
201 X509_ALGOR *keyfunc = NULL; 207 X509_ALGOR *keyfunc = NULL;
202 PBKDF2PARAM *kdf = NULL; 208 PBKDF2PARAM *kdf = NULL;
203 ASN1_OCTET_STRING *osalt = NULL; 209 ASN1_OCTET_STRING *osalt = NULL;
204 210
205 if(!(kdf = PBKDF2PARAM_new())) 211 if (!(kdf = PBKDF2PARAM_new()))
206 goto merr; 212 goto merr;
207 if(!(osalt = M_ASN1_OCTET_STRING_new())) 213 if (!(osalt = M_ASN1_OCTET_STRING_new()))
208 goto merr; 214 goto merr;
209 215
210 kdf->salt->value.octet_string = osalt; 216 kdf->salt->value.octet_string = osalt;
@@ -222,20 +228,20 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
222 else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) 228 else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
223 goto merr; 229 goto merr;
224 230
225 if(iter <= 0) 231 if (iter <= 0)
226 iter = PKCS5_DEFAULT_ITER; 232 iter = PKCS5_DEFAULT_ITER;
227 233
228 if(!ASN1_INTEGER_set(kdf->iter, iter)) 234 if (!ASN1_INTEGER_set(kdf->iter, iter))
229 goto merr; 235 goto merr;
230 236
231 /* If have a key len set it up */ 237 /* If have a key len set it up */
232 238
233 if(keylen > 0) { 239 if (keylen > 0) {
234 if(!(kdf->keylength = M_ASN1_INTEGER_new())) 240 if (!(kdf->keylength = M_ASN1_INTEGER_new()))
235 goto merr; 241 goto merr;
236 if(!ASN1_INTEGER_set (kdf->keylength, keylen)) 242 if (!ASN1_INTEGER_set (kdf->keylength, keylen))
237 goto merr; 243 goto merr;
238 } 244 }
239 245
240 /* prf can stay NULL if we are using hmacWithSHA1 */ 246 /* prf can stay NULL if we are using hmacWithSHA1 */
241 if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { 247 if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
@@ -243,7 +249,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
243 if (!kdf->prf) 249 if (!kdf->prf)
244 goto merr; 250 goto merr;
245 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), 251 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
246 V_ASN1_NULL, NULL); 252 V_ASN1_NULL, NULL);
247 } 253 }
248 254
249 /* Finally setup the keyfunc structure */ 255 /* Finally setup the keyfunc structure */
@@ -256,11 +262,11 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
256 262
257 /* Encode PBKDF2PARAM into parameter of pbe2 */ 263 /* Encode PBKDF2PARAM into parameter of pbe2 */
258 264
259 if(!(keyfunc->parameter = ASN1_TYPE_new())) 265 if (!(keyfunc->parameter = ASN1_TYPE_new()))
260 goto merr; 266 goto merr;
261 267
262 if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), 268 if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
263 &keyfunc->parameter->value.sequence)) 269 &keyfunc->parameter->value.sequence))
264 goto merr; 270 goto merr;
265 keyfunc->parameter->type = V_ASN1_SEQUENCE; 271 keyfunc->parameter->type = V_ASN1_SEQUENCE;
266 272
@@ -268,9 +274,8 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
268 return keyfunc; 274 return keyfunc;
269 275
270merr: 276merr:
271 ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE); 277 ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
272 PBKDF2PARAM_free(kdf); 278 PBKDF2PARAM_free(kdf);
273 X509_ALGOR_free(keyfunc); 279 X509_ALGOR_free(keyfunc);
274 return NULL; 280 return NULL;
275} 281}
276
diff --git a/src/lib/libssl/src/crypto/asn1/p8_pkey.c b/src/lib/libssl/src/crypto/asn1/p8_pkey.c
index c95d7e55a0..6c5577ee1e 100644
--- a/src/lib/libssl/src/crypto/asn1/p8_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/p8_pkey.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -62,16 +62,16 @@
62#include <openssl/x509.h> 62#include <openssl/x509.h>
63 63
64/* Minor tweak to operation: zero private key data */ 64/* Minor tweak to operation: zero private key data */
65static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 65static int
66 void *exarg) 66pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
67{ 67{
68 /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ 68 /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
69 if(operation == ASN1_OP_FREE_PRE) { 69 if (operation == ASN1_OP_FREE_PRE) {
70 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; 70 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
71 if (key->pkey->value.octet_string) 71 if (key->pkey->value.octet_string)
72 OPENSSL_cleanse(key->pkey->value.octet_string->data, 72 OPENSSL_cleanse(key->pkey->value.octet_string->data,
73 key->pkey->value.octet_string->length); 73 key->pkey->value.octet_string->length);
74} 74 }
75 return 1; 75 return 1;
76} 76}
77 77
@@ -84,12 +84,12 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
84 84
85IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) 85IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
86 86
87int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, 87int
88 int version, 88PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
89 int ptype, void *pval, 89 int ptype, void *pval, unsigned char *penc, int penclen)
90 unsigned char *penc, int penclen)
91{ 90{
92 unsigned char **ppenc = NULL; 91 unsigned char **ppenc = NULL;
92
93 if (version >= 0) { 93 if (version >= 0) {
94 if (!ASN1_INTEGER_set(priv->version, version)) 94 if (!ASN1_INTEGER_set(priv->version, version))
95 return 0; 95 return 0;
@@ -118,14 +118,13 @@ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
118 return 1; 118 return 1;
119} 119}
120 120
121int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, 121int
122 const unsigned char **pk, int *ppklen, 122PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen,
123 X509_ALGOR **pa, 123 X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8)
124 PKCS8_PRIV_KEY_INFO *p8)
125{ 124{
126 if (ppkalg) 125 if (ppkalg)
127 *ppkalg = p8->pkeyalg->algorithm; 126 *ppkalg = p8->pkeyalg->algorithm;
128 if(p8->pkey->type == V_ASN1_OCTET_STRING) { 127 if (p8->pkey->type == V_ASN1_OCTET_STRING) {
129 p8->broken = PKCS8_OK; 128 p8->broken = PKCS8_OK;
130 if (pk) { 129 if (pk) {
131 *pk = p8->pkey->value.octet_string->data; 130 *pk = p8->pkey->value.octet_string->data;
@@ -137,11 +136,9 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
137 *pk = p8->pkey->value.sequence->data; 136 *pk = p8->pkey->value.sequence->data;
138 *ppklen = p8->pkey->value.sequence->length; 137 *ppklen = p8->pkey->value.sequence->length;
139 } 138 }
140 } 139 } else
141 else
142 return 0; 140 return 0;
143 if (pa) 141 if (pa)
144 *pa = p8->pkeyalg; 142 *pa = p8->pkeyalg;
145 return 1; 143 return 1;
146} 144}
147
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 06:46:10 +0000