Remove obsolete key formats

This removes NETSCAPE_X509, NETSCAPE{,_ENCRYPTED}_PKEY, RSA_NET, Netscape_RSA things. Some of the nasty tentacles that could go in principle are used in some test suites, so we need to keep them... All this was removed as part of OpenSSL commit 0bc2f365. ok inoguchi jsing
author: tb <> 2022-01-14 08:12:31 +0000
committer: tb <> 2022-01-14 08:12:31 +0000
commit: c98675a805223ddb12c232cfb308c2ae2f0c1ceb (patch)
tree: 9cb61a25c449a43924de040ce7472eab7059a851 /src/lib/libcrypto/asn1/n_pkey.c
parent: 5d4d6a909f8b3bd3525af1b1ae9d89f9cb5dd883 (diff)
download: openbsd-c98675a805223ddb12c232cfb308c2ae2f0c1ceb.tar.gz
openbsd-c98675a805223ddb12c232cfb308c2ae2f0c1ceb.tar.bz2
openbsd-c98675a805223ddb12c232cfb308c2ae2f0c1ceb.zip
1 files changed, 0 insertions, 435 deletions
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
deleted file mode 100644
index 40d8fa4240..0000000000
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ /dev/null
@@ -1,435 +0,0 @@
-/* $OpenBSD: n_pkey.c,v 1.35 2021/12/25 13:17:48 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/asn1t.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#include "evp_locl.h"
-#include "x509_lcl.h"
-#ifndef OPENSSL_NO_RC4
-typedef struct netscape_pkey_st {
-        long version;
-        X509_ALGOR *algor;
-        ASN1_OCTET_STRING *private_key;
-} NETSCAPE_PKEY;
-typedef struct netscape_encrypted_pkey_st {
-        ASN1_OCTET_STRING *os;
-        /* This is the same structure as DigestInfo so use it:
-         * although this isn't really anything to do with
-         * digests.
-         */
-        X509_SIG *enckey;
-} NETSCAPE_ENCRYPTED_PKEY;
-static const ASN1_AUX NETSCAPE_ENCRYPTED_PKEY_aux = {
-        .flags = ASN1_AFLG_BROKEN,
-};
-static const ASN1_TEMPLATE NETSCAPE_ENCRYPTED_PKEY_seq_tt[] = {
-        {
-                .offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, os),
-                .field_name = "os",
-                .item = &ASN1_OCTET_STRING_it,
-        },
-        {
-                .offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, enckey),
-                .field_name = "enckey",
-                .item = &X509_SIG_it,
-        },
-};
-const ASN1_ITEM NETSCAPE_ENCRYPTED_PKEY_it = {
-        .itype = ASN1_ITYPE_SEQUENCE,
-        .utype = V_ASN1_SEQUENCE,
-        .templates = NETSCAPE_ENCRYPTED_PKEY_seq_tt,
-        .tcount = sizeof(NETSCAPE_ENCRYPTED_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
-        .funcs = &NETSCAPE_ENCRYPTED_PKEY_aux,
-        .size = sizeof(NETSCAPE_ENCRYPTED_PKEY),
-        .sname = "NETSCAPE_ENCRYPTED_PKEY",
-};
-NETSCAPE_ENCRYPTED_PKEY *NETSCAPE_ENCRYPTED_PKEY_new(void);
-void NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a);
-NETSCAPE_ENCRYPTED_PKEY *d2i_NETSCAPE_ENCRYPTED_PKEY(NETSCAPE_ENCRYPTED_PKEY **a, const unsigned char **in, long len);
-int i2d_NETSCAPE_ENCRYPTED_PKEY(const NETSCAPE_ENCRYPTED_PKEY *a, unsigned char **out);
-NETSCAPE_ENCRYPTED_PKEY *
-d2i_NETSCAPE_ENCRYPTED_PKEY(NETSCAPE_ENCRYPTED_PKEY **a, const unsigned char **in, long len)
-{
-        return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &NETSCAPE_ENCRYPTED_PKEY_it);
-}
-int
-i2d_NETSCAPE_ENCRYPTED_PKEY(const NETSCAPE_ENCRYPTED_PKEY *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_ENCRYPTED_PKEY_it);
-}
-NETSCAPE_ENCRYPTED_PKEY *
-NETSCAPE_ENCRYPTED_PKEY_new(void)
-{
-        return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_new(&NETSCAPE_ENCRYPTED_PKEY_it);
-}
-void
-NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_ENCRYPTED_PKEY_it);
-}
-static const ASN1_TEMPLATE NETSCAPE_PKEY_seq_tt[] = {
-        {
-                .offset = offsetof(NETSCAPE_PKEY, version),
-                .field_name = "version",
-                .item = &LONG_it,
-        },
-        {
-                .offset = offsetof(NETSCAPE_PKEY, algor),
-                .field_name = "algor",
-                .item = &X509_ALGOR_it,
-        },
-        {
-                .offset = offsetof(NETSCAPE_PKEY, private_key),
-                .field_name = "private_key",
-                .item = &ASN1_OCTET_STRING_it,
-        },
-};
-const ASN1_ITEM NETSCAPE_PKEY_it = {
-        .itype = ASN1_ITYPE_SEQUENCE,
-        .utype = V_ASN1_SEQUENCE,
-        .templates = NETSCAPE_PKEY_seq_tt,
-        .tcount = sizeof(NETSCAPE_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
-        .size = sizeof(NETSCAPE_PKEY),
-        .sname = "NETSCAPE_PKEY",
-};
-NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
-void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a);
-NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, const unsigned char **in, long len);
-int i2d_NETSCAPE_PKEY(const NETSCAPE_PKEY *a, unsigned char **out);
-NETSCAPE_PKEY *
-d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, const unsigned char **in, long len)
-{
-        return (NETSCAPE_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
-            &NETSCAPE_PKEY_it);
-}
-int
-i2d_NETSCAPE_PKEY(const NETSCAPE_PKEY *a, unsigned char **out)
-{
-        return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_PKEY_it);
-}
-NETSCAPE_PKEY *
-NETSCAPE_PKEY_new(void)
-{
-        return (NETSCAPE_PKEY *)ASN1_item_new(&NETSCAPE_PKEY_it);
-}
-void
-NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
-{
-        ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_PKEY_it);
-}
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
-int
-i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-    int (*cb)(char *buf, int len, const char *prompt, int verify))
-{
-        return i2d_RSA_NET(a, pp, cb, 0);
-}
-int
-i2d_RSA_NET(const RSA *a, unsigned char **pp,
-    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
-{
-        int i, j, ret = 0;
-        int rsalen, pkeylen, olen;
-        NETSCAPE_PKEY *pkey = NULL;
-        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-        unsigned char buf[256], *zz;
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        EVP_CIPHER_CTX ctx;
-        EVP_CIPHER_CTX_init(&ctx);
-        if (a == NULL)
-                return (0);
-        if ((pkey = NETSCAPE_PKEY_new()) == NULL)
-                goto err;
-        if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
-                goto err;
-        pkey->version = 0;
-        pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-        if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
-                goto err;
-        pkey->algor->parameter->type = V_ASN1_NULL;
-        rsalen = i2d_RSAPrivateKey(a, NULL);
-        /* Fake some octet strings just for the initial length
-         * calculation.
-         */
-        pkey->private_key->length = rsalen;
-        pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
-        enckey->enckey->digest->length = pkeylen;
-        enckey->os->length = 11;        /* "private-key" */
-        enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
-        if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
-                goto err;
-        enckey->enckey->algor->parameter->type = V_ASN1_NULL;
-        if (pp == NULL) {
-                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
-                NETSCAPE_PKEY_free(pkey);
-                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-                return olen;
-        }
-        /* Since its RC4 encrypted length is actual length */
-        if ((zz = malloc(rsalen)) == NULL) {
-                ASN1error(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        pkey->private_key->data = zz;
-        /* Write out private key encoding */
-        i2d_RSAPrivateKey(a, &zz);
-        if ((zz = malloc(pkeylen)) == NULL) {
-                ASN1error(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        enckey->enckey->digest->data = zz;
-        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
-                ASN1error(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        i2d_NETSCAPE_PKEY(pkey, &zz);
-        /* Wipe the private key encoding */
-        explicit_bzero(pkey->private_key->data, rsalen);
-        if (cb == NULL)
-                cb = EVP_read_pw_string;
-        i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1);
-        if (i != 0) {
-                ASN1error(ASN1_R_BAD_PASSWORD_READ);
-                goto err;
-        }
-        i = strlen((char *)buf);
-        /* If the key is used for SGC the algorithm is modified a little. */
-        if (sgckey) {
-                if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
-                        goto err;
-                memcpy(buf + 16, "SGCKEYSALT", 10);
-                i = 26;
-        }
-        if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
-                goto err;
-        explicit_bzero(buf, sizeof(buf));
-        /* Encrypt private key in place */
-        zz = enckey->enckey->digest->data;
-        if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
-                goto err;
-        if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
-                goto err;
-        if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
-                goto err;
-        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
- err:
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        NETSCAPE_PKEY_free(pkey);
-        return (ret);
-}
-RSA *
-d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-    int (*cb)(char *buf, int len, const char *prompt, int verify))
-{
-        return d2i_RSA_NET(a, pp, length, cb, 0);
-}
-RSA *
-d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
-{
-        RSA *ret = NULL;
-        const unsigned char *p;
-        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-        p = *pp;
-        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-        if (!enckey) {
-                ASN1error(ASN1_R_DECODING_ERROR);
-                return NULL;
-        }
-        /* XXX 11 == strlen("private-key") */
-        if (enckey->os->length != 11 ||
-            memcmp("private-key", enckey->os->data, 11) != 0) {
-                ASN1error(ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-                goto err;
-        }
-        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
-                ASN1error(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-                goto err;
-        }
-        if (cb == NULL)
-                cb = EVP_read_pw_string;
-        if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
-            sgckey)) == NULL)
-                goto err;
-        *pp = p;
- err:
-        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        return ret;
-}
-static RSA *
-d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
-{
-        NETSCAPE_PKEY *pkey = NULL;
-        RSA *ret = NULL;
-        int i, j;
-        unsigned char buf[256];
-        const unsigned char *zz;
-        unsigned char key[EVP_MAX_KEY_LENGTH];
-        EVP_CIPHER_CTX ctx;
-        EVP_CIPHER_CTX_init(&ctx);
-        i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0);
-        if (i != 0) {
-                ASN1error(ASN1_R_BAD_PASSWORD_READ);
-                goto err;
-        }
-        i = strlen((char *)buf);
-        if (sgckey){
-                if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
-                        goto err;
-                memcpy(buf + 16, "SGCKEYSALT", 10);
-                i = 26;
-        }
-        if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
-                goto err;
-        explicit_bzero(buf, sizeof(buf));
-        if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
-                goto err;
-        if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
-                goto err;
-        if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
-                goto err;
-        os->length = i + j;
-        zz = os->data;
-        if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
-                ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
-                goto err;
-        }
-        zz = pkey->private_key->data;
-        if ((ret = d2i_RSAPrivateKey(a, &zz,
-            pkey->private_key->length)) == NULL) {
-                ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
-                goto err;
-        }
- err:
-        EVP_CIPHER_CTX_cleanup(&ctx);
-        NETSCAPE_PKEY_free(pkey);
-        return (ret);
-}
-#endif /* OPENSSL_NO_RC4 */
-#endif
author	tb <>	2022-01-14 08:12:31 +0000
committer	tb <>	2022-01-14 08:12:31 +0000
commit	c98675a805223ddb12c232cfb308c2ae2f0c1ceb (patch)
tree	9cb61a25c449a43924de040ce7472eab7059a851 /src/lib/libcrypto/asn1/n_pkey.c
parent	5d4d6a909f8b3bd3525af1b1ae9d89f9cb5dd883 (diff)
download	openbsd-c98675a805223ddb12c232cfb308c2ae2f0c1ceb.tar.gz openbsd-c98675a805223ddb12c232cfb308c2ae2f0c1ceb.tar.bz2 openbsd-c98675a805223ddb12c232cfb308c2ae2f0c1ceb.zip

diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c deleted file mode 100644 index 40d8fa4240..0000000000 --- a/src/lib/libcrypto/asn1/n_pkey.c +++ /dev/null
@@ -1,435 +0,0 @@
1	/* $OpenBSD: n_pkey.c,v 1.35 2021/12/25 13:17:48 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include <string.h>
61
62	#include <openssl/opensslconf.h>
63
64	#ifndef OPENSSL_NO_RSA
65	#include <openssl/asn1t.h>
66	#include <openssl/err.h>
67	#include <openssl/evp.h>
68	#include <openssl/objects.h>
69	#include <openssl/rsa.h>
70	#include <openssl/x509.h>
71
72	#include "evp_locl.h"
73	#include "x509_lcl.h"
74
75	#ifndef OPENSSL_NO_RC4
76
77	typedef struct netscape_pkey_st {
78	long version;
79	X509_ALGOR *algor;
80	ASN1_OCTET_STRING *private_key;
81	} NETSCAPE_PKEY;
82
83	typedef struct netscape_encrypted_pkey_st {
84	ASN1_OCTET_STRING *os;
85	/* This is the same structure as DigestInfo so use it:
86	* although this isn't really anything to do with
87	* digests.
88	*/
89	X509_SIG *enckey;
90	} NETSCAPE_ENCRYPTED_PKEY;
91
92
93	static const ASN1_AUX NETSCAPE_ENCRYPTED_PKEY_aux = {
94	.flags = ASN1_AFLG_BROKEN,
95	};
96	static const ASN1_TEMPLATE NETSCAPE_ENCRYPTED_PKEY_seq_tt[] = {
97	{
98	.offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, os),
99	.field_name = "os",
100	.item = &ASN1_OCTET_STRING_it,
101	},
102	{
103	.offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, enckey),
104	.field_name = "enckey",
105	.item = &X509_SIG_it,
106	},
107	};
108
109	const ASN1_ITEM NETSCAPE_ENCRYPTED_PKEY_it = {
110	.itype = ASN1_ITYPE_SEQUENCE,
111	.utype = V_ASN1_SEQUENCE,
112	.templates = NETSCAPE_ENCRYPTED_PKEY_seq_tt,
113	.tcount = sizeof(NETSCAPE_ENCRYPTED_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
114	.funcs = &NETSCAPE_ENCRYPTED_PKEY_aux,
115	.size = sizeof(NETSCAPE_ENCRYPTED_PKEY),
116	.sname = "NETSCAPE_ENCRYPTED_PKEY",
117	};
118
119	NETSCAPE_ENCRYPTED_PKEY *NETSCAPE_ENCRYPTED_PKEY_new(void);
120	void NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a);
121	NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_ENCRYPTED_PKEY(NETSCAPE_ENCRYPTED_PKEY a, const unsigned char *in, long len);
122	int i2d_NETSCAPE_ENCRYPTED_PKEY(const NETSCAPE_ENCRYPTED_PKEY a, unsigned char *out);
123
124	NETSCAPE_ENCRYPTED_PKEY *
125	d2i_NETSCAPE_ENCRYPTED_PKEY(NETSCAPE_ENCRYPTED_PKEY a, const unsigned char in, long len)
126	{
127	return (NETSCAPE_ENCRYPTED_PKEY )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
128	&NETSCAPE_ENCRYPTED_PKEY_it);
129	}
130
131	int
132	i2d_NETSCAPE_ENCRYPTED_PKEY(const NETSCAPE_ENCRYPTED_PKEY a, unsigned char *out)
133	{
134	return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_ENCRYPTED_PKEY_it);
135	}
136
137	NETSCAPE_ENCRYPTED_PKEY *
138	NETSCAPE_ENCRYPTED_PKEY_new(void)
139	{
140	return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_new(&NETSCAPE_ENCRYPTED_PKEY_it);
141	}
142
143	void
144	NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a)
145	{
146	ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_ENCRYPTED_PKEY_it);
147	}
148
149	static const ASN1_TEMPLATE NETSCAPE_PKEY_seq_tt[] = {
150	{
151	.offset = offsetof(NETSCAPE_PKEY, version),
152	.field_name = "version",
153	.item = &LONG_it,
154	},
155	{
156	.offset = offsetof(NETSCAPE_PKEY, algor),
157	.field_name = "algor",
158	.item = &X509_ALGOR_it,
159	},
160	{
161	.offset = offsetof(NETSCAPE_PKEY, private_key),
162	.field_name = "private_key",
163	.item = &ASN1_OCTET_STRING_it,
164	},
165	};
166
167	const ASN1_ITEM NETSCAPE_PKEY_it = {
168	.itype = ASN1_ITYPE_SEQUENCE,
169	.utype = V_ASN1_SEQUENCE,
170	.templates = NETSCAPE_PKEY_seq_tt,
171	.tcount = sizeof(NETSCAPE_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
172	.size = sizeof(NETSCAPE_PKEY),
173	.sname = "NETSCAPE_PKEY",
174	};
175
176	NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
177	void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a);
178	NETSCAPE_PKEY d2i_NETSCAPE_PKEY(NETSCAPE_PKEY a, const unsigned char *in, long len);
179	int i2d_NETSCAPE_PKEY(const NETSCAPE_PKEY a, unsigned char *out);
180
181	NETSCAPE_PKEY *
182	d2i_NETSCAPE_PKEY(NETSCAPE_PKEY a, const unsigned char in, long len)
183	{
184	return (NETSCAPE_PKEY )ASN1_item_d2i((ASN1_VALUE *)a, in, len,
185	&NETSCAPE_PKEY_it);
186	}
187
188	int
189	i2d_NETSCAPE_PKEY(const NETSCAPE_PKEY a, unsigned char *out)
190	{
191	return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_PKEY_it);
192	}
193
194	NETSCAPE_PKEY *
195	NETSCAPE_PKEY_new(void)
196	{
197	return (NETSCAPE_PKEY *)ASN1_item_new(&NETSCAPE_PKEY_it);
198	}
199
200	void
201	NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
202	{
203	ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_PKEY_it);
204	}
205
206	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,
207	int (cb)(char buf, int len, const char *prompt, int verify), int sgckey);
208
209	int
210	i2d_Netscape_RSA(const RSA a, unsigned char *pp,
211	int (cb)(char buf, int len, const char *prompt, int verify))
212	{
213	return i2d_RSA_NET(a, pp, cb, 0);
214	}
215
216	int
217	i2d_RSA_NET(const RSA a, unsigned char *pp,
218	int (cb)(char buf, int len, const char *prompt, int verify), int sgckey)
219	{
220	int i, j, ret = 0;
221	int rsalen, pkeylen, olen;
222	NETSCAPE_PKEY *pkey = NULL;
223	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
224	unsigned char buf[256], *zz;
225	unsigned char key[EVP_MAX_KEY_LENGTH];
226	EVP_CIPHER_CTX ctx;
227	EVP_CIPHER_CTX_init(&ctx);
228
229	if (a == NULL)
230	return (0);
231
232	if ((pkey = NETSCAPE_PKEY_new()) == NULL)
233	goto err;
234	if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
235	goto err;
236	pkey->version = 0;
237
238	pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
239	if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
240	goto err;
241	pkey->algor->parameter->type = V_ASN1_NULL;
242
243	rsalen = i2d_RSAPrivateKey(a, NULL);
244
245	/* Fake some octet strings just for the initial length
246	* calculation.
247	*/
248	pkey->private_key->length = rsalen;
249	pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
250	enckey->enckey->digest->length = pkeylen;
251	enckey->os->length = 11; /* "private-key" */
252	enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
253	if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
254	goto err;
255	enckey->enckey->algor->parameter->type = V_ASN1_NULL;
256
257	if (pp == NULL) {
258	olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
259	NETSCAPE_PKEY_free(pkey);
260	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
261	return olen;
262	}
263
264	/* Since its RC4 encrypted length is actual length */
265	if ((zz = malloc(rsalen)) == NULL) {
266	ASN1error(ERR_R_MALLOC_FAILURE);
267	goto err;
268	}
269
270	pkey->private_key->data = zz;
271	/* Write out private key encoding */
272	i2d_RSAPrivateKey(a, &zz);
273
274	if ((zz = malloc(pkeylen)) == NULL) {
275	ASN1error(ERR_R_MALLOC_FAILURE);
276	goto err;
277	}
278
279	enckey->enckey->digest->data = zz;
280	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
281	ASN1error(ERR_R_MALLOC_FAILURE);
282	goto err;
283	}
284	i2d_NETSCAPE_PKEY(pkey, &zz);
285
286	/* Wipe the private key encoding */
287	explicit_bzero(pkey->private_key->data, rsalen);
288
289	if (cb == NULL)
290	cb = EVP_read_pw_string;
291	i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1);
292	if (i != 0) {
293	ASN1error(ASN1_R_BAD_PASSWORD_READ);
294	goto err;
295	}
296	i = strlen((char *)buf);
297	/* If the key is used for SGC the algorithm is modified a little. */
298	if (sgckey) {
299	if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
300	goto err;
301	memcpy(buf + 16, "SGCKEYSALT", 10);
302	i = 26;
303	}
304
305	if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
306	goto err;
307	explicit_bzero(buf, sizeof(buf));
308
309	/* Encrypt private key in place */
310	zz = enckey->enckey->digest->data;
311	if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
312	goto err;
313	if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
314	goto err;
315	if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
316	goto err;
317
318	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
319	err:
320	EVP_CIPHER_CTX_cleanup(&ctx);
321	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
322	NETSCAPE_PKEY_free(pkey);
323	return (ret);
324	}
325
326
327	RSA *
328	d2i_Netscape_RSA(RSA a, const unsigned char pp, long length,
329	int (cb)(char buf, int len, const char *prompt, int verify))
330	{
331	return d2i_RSA_NET(a, pp, length, cb, 0);
332	}
333
334	RSA *
335	d2i_RSA_NET(RSA a, const unsigned char pp, long length,
336	int (cb)(char buf, int len, const char *prompt, int verify), int sgckey)
337	{
338	RSA *ret = NULL;
339	const unsigned char *p;
340	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
341
342	p = *pp;
343
344	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
345	if (!enckey) {
346	ASN1error(ASN1_R_DECODING_ERROR);
347	return NULL;
348	}
349
350	/* XXX 11 == strlen("private-key") */
351	if (enckey->os->length != 11 \|\|
352	memcmp("private-key", enckey->os->data, 11) != 0) {
353	ASN1error(ASN1_R_PRIVATE_KEY_HEADER_MISSING);
354	goto err;
355	}
356	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
357	ASN1error(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
358	goto err;
359	}
360	if (cb == NULL)
361	cb = EVP_read_pw_string;
362	if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
363	sgckey)) == NULL)
364	goto err;
365
366	*pp = p;
367
368	err:
369	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
370	return ret;
371
372	}
373
374	static RSA *
375	d2i_RSA_NET_2(RSA *a, ASN1_OCTET_STRING os,
376	int (cb)(char buf, int len, const char *prompt, int verify), int sgckey)
377	{
378	NETSCAPE_PKEY *pkey = NULL;
379	RSA *ret = NULL;
380	int i, j;
381	unsigned char buf[256];
382	const unsigned char *zz;
383	unsigned char key[EVP_MAX_KEY_LENGTH];
384	EVP_CIPHER_CTX ctx;
385	EVP_CIPHER_CTX_init(&ctx);
386
387	i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0);
388	if (i != 0) {
389	ASN1error(ASN1_R_BAD_PASSWORD_READ);
390	goto err;
391	}
392
393	i = strlen((char *)buf);
394	if (sgckey){
395	if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
396	goto err;
397	memcpy(buf + 16, "SGCKEYSALT", 10);
398	i = 26;
399	}
400
401	if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
402	goto err;
403	explicit_bzero(buf, sizeof(buf));
404
405	if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
406	goto err;
407	if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
408	goto err;
409	if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
410	goto err;
411	os->length = i + j;
412
413	zz = os->data;
414
415	if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
416	ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
417	goto err;
418	}
419
420	zz = pkey->private_key->data;
421	if ((ret = d2i_RSAPrivateKey(a, &zz,
422	pkey->private_key->length)) == NULL) {
423	ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
424	goto err;
425	}
426
427	err:
428	EVP_CIPHER_CTX_cleanup(&ctx);
429	NETSCAPE_PKEY_free(pkey);
430	return (ret);
431	}
432
433	#endif /* OPENSSL_NO_RC4 */
434
435	#endif