1 files changed, 155 insertions, 191 deletions
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 5110c91bec..49f80fffd2 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -56,118 +56,134 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rsa.h"
+#include <openssl/rsa.h>
-#include "objects.h"
+#include <openssl/objects.h>
-#include "asn1_mac.h"
+#include <openssl/asn1t.h>
-#include "evp.h"
+#include <openssl/asn1_mac.h>
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 typedef struct netscape_pkey_st
        {
-        ASN1_INTEGER *version;
+        long version;
        X509_ALGOR *algor;
        ASN1_OCTET_STRING *private_key;
        } NETSCAPE_PKEY;
-/*
+typedef struct netscape_encrypted_pkey_st
- * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_LENGTH_MISMATCH);
+        {
- * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+        ASN1_OCTET_STRING *os;
- * ASN1err(ASN1_F_D2I_NETSCAPE_PKEY,ASN1_R_DECODING_ERROR);
+        /* This is the same structure as DigestInfo so use it:
- * ASN1err(ASN1_F_NETSCAPE_PKEY_NEW,ASN1_R_DECODING_ERROR);
+         * although this isn't really anything to do with
- */
+         * digests.
-#ifndef NOPROTO
+         */
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
+        X509_SIG *enckey;
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
+        } NETSCAPE_ENCRYPTED_PKEY;
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
-#else
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
-static int i2d_NETSCAPE_PKEY();
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY();
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new();
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
-static void NETSCAPE_PKEY_free();
-#endif
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+             int (*cb)(), int sgckey);
-int i2d_Netscape_RSA(a,pp,cb)
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
-RSA *a;
+{
-unsigned char **pp;
+        return i2d_RSA_NET(a, pp, cb, 0);
-int (*cb)();
+}
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
        {
-        int i,j,l[6];
+        int i, j, ret = 0;
-        NETSCAPE_PKEY *pkey;
+        int rsalen, pkeylen, olen;
+        NETSCAPE_PKEY *pkey = NULL;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
        unsigned char buf[256],*zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
-        X509_ALGOR *alg=NULL;
-        ASN1_OCTET_STRING os,os2;
-        M_ASN1_I2D_vars(a);
        if (a == NULL) return(0);
-#ifdef WIN32
-        r=r; /* shut the damn compiler up :-) */
-#endif
-        os.data=os2.data=NULL;
        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-        if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+        pkey->version = 0;
-        if (pkey->algor->algorithm != NULL)
-                ASN1_OBJECT_free(pkey->algor->algorithm);
        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
        pkey->algor->parameter->type=V_ASN1_NULL;
-        l[0]=i2d_RSAPrivateKey(a,NULL);
+        rsalen = i2d_RSAPrivateKey(a, NULL);
-        pkey->private_key->length=l[0];
+        /* Fake some octet strings just for the initial length
+         * calculation.
+         */
-        os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
+        pkey->private_key->length=rsalen;
-        l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
-        if ((alg=X509_ALGOR_new()) == NULL) goto err;
+        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
-        if (alg->algorithm != NULL)
-                ASN1_OBJECT_free(alg->algorithm);
-        alg->algorithm=OBJ_nid2obj(NID_rc4);
-        if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-        alg->parameter->type=V_ASN1_NULL;
-        l[2]=i2d_X509_ALGOR(alg,NULL);
+        enckey->enckey->digest->length = pkeylen;
-        l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
-        os.data=(unsigned char *)"private-key";
+        enckey->os->length = 11;        /* "private-key" */
-        os.length=11;
-        l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
-        l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
        if (pp == NULL)
                {
-                if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
-                if (alg != NULL) X509_ALGOR_free(alg);
+                NETSCAPE_PKEY_free(pkey);
-                return(l[5]);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+                return olen;
                }
-        if (pkey->private_key->data != NULL)
-                Free((char *)pkey->private_key->data);
+        /* Since its RC4 encrypted length is actual length */
-        if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)
+        if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
                {
                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        zz=pkey->private_key->data;
+        pkey->private_key->data = zz;
+        /* Write out private key encoding */
        i2d_RSAPrivateKey(a,&zz);
-        if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)
+        if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
                {
                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        zz=os2.data;
+        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        enckey->enckey->digest->data = zz;
        i2d_NETSCAPE_PKEY(pkey,&zz);
+        /* Wipe the private key encoding */
+        memset(pkey->private_key->data, 0, rsalen);
                
        if (cb == NULL)
                cb=EVP_read_pw_string;
@@ -177,92 +193,88 @@ int (*cb)();
                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
                goto err;
                }
-        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
+        i = strlen((char *)buf);
-                strlen((char *)buf),1,key,NULL);
+        /* If the key is used for SGC the algorithm is modified a little. */
+        if(sgckey) {
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+                memcpy(buf + 16, "SGCKEYSALT", 10);
+                i = 26;
+        }
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
        memset(buf,0,256);
+        /* Encrypt private key in place */
+        zz = enckey->enckey->digest->data;
        EVP_CIPHER_CTX_init(&ctx);
-        EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+        EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
-        EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
+        EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
-        EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+        EVP_EncryptFinal_ex(&ctx,zz + i,&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
-        p= *pp;
+        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
-        ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-        i2d_ASN1_OCTET_STRING(&os,&p);
-        ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-        i2d_X509_ALGOR(alg,&p);
-        i2d_ASN1_OCTET_STRING(&os2,&p);
-        ret=l[5];
 err:
-        if (os2.data != NULL) Free((char *)os2.data);
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        if (alg != NULL) X509_ALGOR_free(alg);
+        NETSCAPE_PKEY_free(pkey);
-        if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-        r=r;
        return(ret);
        }
-RSA *d2i_Netscape_RSA(a,pp,length,cb)
-RSA **a;
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
-unsigned char **pp;
+{
-long length;
+        return d2i_RSA_NET(a, pp, length, cb, 0);
-int (*cb)();
+}
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
        {
        RSA *ret=NULL;
-        ASN1_OCTET_STRING *os=NULL;
+        const unsigned char *p, *kp;
-        ASN1_CTX c;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+        p = *pp;
-        c.pp=pp;
+        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-        c.error=ASN1_R_DECODING_ERROR;
+        if(!enckey) {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+                return NULL;
+        }
-        M_ASN1_D2I_Init();
+        if ((enckey->os->length != 11) || (strncmp("private-key",
-        M_ASN1_D2I_start_sequence();
+                (char *)enckey->os->data,11) != 0))
-        M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-        if ((os->length != 11) || (strncmp("private-key",
-                (char *)os->data,os->length) != 0))
                {
                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-                ASN1_BIT_STRING_free(os);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-                goto err;
+                return NULL;
                }
-        ASN1_BIT_STRING_free(os);
+        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
-        c.q=c.p;
+                {
-        if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-        c.slen-=(c.p-c.q);
+                goto err;
+        }
+        kp = enckey->enckey->digest->data;
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
+        *pp = p;
+        err:
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        return ret;
-        M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
        }
-RSA *d2i_Netscape_RSA_2(a,pp,length,cb)
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-RSA **a;
+             int (*cb)(), int sgckey)
-unsigned char **pp;
-long length;
-int (*cb)();
        {
        NETSCAPE_PKEY *pkey=NULL;
        RSA *ret=NULL;
        int i,j;
-        unsigned char buf[256],*zz;
+        unsigned char buf[256];
+        const unsigned char *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
-        X509_ALGOR *alg=NULL;
-        ASN1_OCTET_STRING *os=NULL;
-        ASN1_CTX c;
-        c.error=ASN1_R_ERROR_STACK;
-        c.pp=pp;
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
-        if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
-                {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-                goto err;
-                }
-        M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-        if (cb == NULL)
-                cb=EVP_read_pw_string;
        i=cb(buf,256,"Enter Private Key password:",0);
        if (i != 0)
                {
@@ -270,14 +282,20 @@ int (*cb)();
                goto err;
                }
-        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
+        i = strlen((char *)buf);
-                strlen((char *)buf),1,key,NULL);
+        if(sgckey){
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+                memcpy(buf + 16, "SGCKEYSALT", 10);
+                i = 26;
+        }
+                
+        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
        memset(buf,0,256);
        EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+        EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
        EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-        EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+        EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
        os->length=i+j;
@@ -295,71 +313,17 @@ int (*cb)();
                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
                goto err;
                }
-        if (!asn1_Finish(&c)) goto err;
-        *pp=c.p;
 err:
-        if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+        NETSCAPE_PKEY_free(pkey);
-        if (os != NULL) ASN1_BIT_STRING_free(os);
-        if (alg != NULL) X509_ALGOR_free(alg);
        return(ret);
        }
-static int i2d_NETSCAPE_PKEY(a,pp)
+#endif /* OPENSSL_NO_RC4 */
-NETSCAPE_PKEY *a;
-unsigned char **pp;
-        {
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len(a->version,      i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->private_key,  i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(a->version,      i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->private_key,  i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_finish();
-        }
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(a,pp,length)
-NETSCAPE_PKEY **a;
-unsigned char **pp;
-long length;
-        {
-        M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
-        M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
-        }
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new()
-        {
-        NETSCAPE_PKEY *ret=NULL;
-        M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
-        M_ASN1_New(ret->version,ASN1_INTEGER_new);
-        M_ASN1_New(ret->algor,X509_ALGOR_new);
-        M_ASN1_New(ret->private_key,ASN1_OCTET_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
-        }
-static void NETSCAPE_PKEY_free(a)
+#else /* !OPENSSL_NO_RSA */
-NETSCAPE_PKEY *a;
-        {
-        if (a == NULL) return;
-        ASN1_INTEGER_free(a->version);
-        X509_ALGOR_free(a->algor);
-        ASN1_OCTET_STRING_free(a->private_key);
-        Free((char *)a);
-        }
-#endif /* NO_RC4 */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+#endif

diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c index 5110c91bec..49f80fffd2 100644 --- a/src/lib/libcrypto/asn1/n_pkey.c +++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -56,118 +56,134 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
		59	#ifndef OPENSSL_NO_RSA
59	#include <stdio.h>	60	#include <stdio.h>
60	#include "cryptlib.h"	61	#include "cryptlib.h"
61	#include "rsa.h"	62	#include <openssl/rsa.h>
62	#include "objects.h"	63	#include <openssl/objects.h>
63	#include "asn1_mac.h"	64	#include <openssl/asn1t.h>
64	#include "evp.h"	65	#include <openssl/asn1_mac.h>
65	#include "x509.h"	66	#include <openssl/evp.h>
		67	#include <openssl/x509.h>
66		68
67		69
68	#ifndef NO_RC4	70	#ifndef OPENSSL_NO_RC4
69		71
70	typedef struct netscape_pkey_st	72	typedef struct netscape_pkey_st
71	{	73	{
72	ASN1_INTEGER *version;	74	long version;
73	X509_ALGOR *algor;	75	X509_ALGOR *algor;
74	ASN1_OCTET_STRING *private_key;	76	ASN1_OCTET_STRING *private_key;
75	} NETSCAPE_PKEY;	77	} NETSCAPE_PKEY;
76		78
77	/*	79	typedef struct netscape_encrypted_pkey_st
78	* ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_LENGTH_MISMATCH);	80	{
79	* ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);	81	ASN1_OCTET_STRING *os;
80	* ASN1err(ASN1_F_D2I_NETSCAPE_PKEY,ASN1_R_DECODING_ERROR);	82	/* This is the same structure as DigestInfo so use it:
81	* ASN1err(ASN1_F_NETSCAPE_PKEY_NEW,ASN1_R_DECODING_ERROR);	83	* although this isn't really anything to do with
82	*/	84	* digests.
83	#ifndef NOPROTO	85	*/
84	static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY a, unsigned char *pp);	86	X509_SIG *enckey;
85	static NETSCAPE_PKEY d2i_NETSCAPE_PKEY(NETSCAPE_PKEY a,unsigned char *pp, long length);	87	} NETSCAPE_ENCRYPTED_PKEY;
86	static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);	88
87	static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);	89
88	#else	90	ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
89	static int i2d_NETSCAPE_PKEY();	91	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
90	static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY();	92	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
91	static NETSCAPE_PKEY *NETSCAPE_PKEY_new();	93	} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
92	static void NETSCAPE_PKEY_free();	94
93	#endif	95	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
		96
		97	ASN1_SEQUENCE(NETSCAPE_PKEY) = {
		98	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
		99	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
		100	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
		101	} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
		102
		103	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
		104
		105	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,
		106	int (*cb)(), int sgckey);
94		107
95	int i2d_Netscape_RSA(a,pp,cb)	108	int i2d_Netscape_RSA(const RSA a, unsigned char pp, int (cb)())
96	RSA *a;	109	{
97	unsigned char **pp;	110	return i2d_RSA_NET(a, pp, cb, 0);
98	int (*cb)();	111	}
		112
		113	int i2d_RSA_NET(const RSA a, unsigned char pp, int (cb)(), int sgckey)
99	{	114	{
100	int i,j,l[6];	115	int i, j, ret = 0;
101	NETSCAPE_PKEY *pkey;	116	int rsalen, pkeylen, olen;
		117	NETSCAPE_PKEY *pkey = NULL;
		118	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
102	unsigned char buf[256],*zz;	119	unsigned char buf[256],*zz;
103	unsigned char key[EVP_MAX_KEY_LENGTH];	120	unsigned char key[EVP_MAX_KEY_LENGTH];
104	EVP_CIPHER_CTX ctx;	121	EVP_CIPHER_CTX ctx;
105	X509_ALGOR *alg=NULL;
106	ASN1_OCTET_STRING os,os2;
107	M_ASN1_I2D_vars(a);
108		122
109	if (a == NULL) return(0);	123	if (a == NULL) return(0);
110		124
111	#ifdef WIN32
112	r=r; /* shut the damn compiler up :-) */
113	#endif
114
115	os.data=os2.data=NULL;
116	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;	125	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
117	if (!ASN1_INTEGER_set(pkey->version,0)) goto err;	126	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
		127	pkey->version = 0;
118		128
119	if (pkey->algor->algorithm != NULL)
120	ASN1_OBJECT_free(pkey->algor->algorithm);
121	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);	129	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
122	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;	130	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
123	pkey->algor->parameter->type=V_ASN1_NULL;	131	pkey->algor->parameter->type=V_ASN1_NULL;
124		132
125	l[0]=i2d_RSAPrivateKey(a,NULL);	133	rsalen = i2d_RSAPrivateKey(a, NULL);
126	pkey->private_key->length=l[0];	134
		135	/* Fake some octet strings just for the initial length
		136	* calculation.
		137	*/
127		138
128	os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);	139	pkey->private_key->length=rsalen;
129	l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
130		140
131	if ((alg=X509_ALGOR_new()) == NULL) goto err;	141	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
132	if (alg->algorithm != NULL)
133	ASN1_OBJECT_free(alg->algorithm);
134	alg->algorithm=OBJ_nid2obj(NID_rc4);
135	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
136	alg->parameter->type=V_ASN1_NULL;
137		142
138	l[2]=i2d_X509_ALGOR(alg,NULL);	143	enckey->enckey->digest->length = pkeylen;
139	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
140		144
141	os.data=(unsigned char *)"private-key";	145	enckey->os->length = 11; /* "private-key" */
142	os.length=11;
143	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
144		146
145	l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);	147	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
		148	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
		149	enckey->enckey->algor->parameter->type=V_ASN1_NULL;
146		150
147	if (pp == NULL)	151	if (pp == NULL)
148	{	152	{
149	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);	153	olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
150	if (alg != NULL) X509_ALGOR_free(alg);	154	NETSCAPE_PKEY_free(pkey);
151	return(l[5]);	155	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
		156	return olen;
152	}	157	}
153		158
154	if (pkey->private_key->data != NULL)	159
155	Free((char *)pkey->private_key->data);	160	/* Since its RC4 encrypted length is actual length */
156	if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)	161	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
157	{	162	{
158	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);	163	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
159	goto err;	164	goto err;
160	}	165	}
161	zz=pkey->private_key->data;	166
		167	pkey->private_key->data = zz;
		168	/* Write out private key encoding */
162	i2d_RSAPrivateKey(a,&zz);	169	i2d_RSAPrivateKey(a,&zz);
163		170
164	if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)	171	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
165	{	172	{
166	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);	173	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
167	goto err;	174	goto err;
168	}	175	}
169	zz=os2.data;	176
		177	if (!ASN1_STRING_set(enckey->os, "private-key", -1))
		178	{
		179	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
		180	goto err;
		181	}
		182	enckey->enckey->digest->data = zz;
170	i2d_NETSCAPE_PKEY(pkey,&zz);	183	i2d_NETSCAPE_PKEY(pkey,&zz);
		184
		185	/* Wipe the private key encoding */
		186	memset(pkey->private_key->data, 0, rsalen);
171		187
172	if (cb == NULL)	188	if (cb == NULL)
173	cb=EVP_read_pw_string;	189	cb=EVP_read_pw_string;
@@ -177,92 +193,88 @@ int (*cb)();
177	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);	193	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
178	goto err;	194	goto err;
179	}	195	}
180	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,	196	i = strlen((char *)buf);
181	strlen((char *)buf),1,key,NULL);	197	/* If the key is used for SGC the algorithm is modified a little. */
		198	if(sgckey) {
		199	EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
		200	memcpy(buf + 16, "SGCKEYSALT", 10);
		201	i = 26;
		202	}
		203
		204	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
182	memset(buf,0,256);	205	memset(buf,0,256);
183		206
		207	/* Encrypt private key in place */
		208	zz = enckey->enckey->digest->data;
184	EVP_CIPHER_CTX_init(&ctx);	209	EVP_CIPHER_CTX_init(&ctx);
185	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);	210	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
186	EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);	211	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
187	EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);	212	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
188	EVP_CIPHER_CTX_cleanup(&ctx);	213	EVP_CIPHER_CTX_cleanup(&ctx);
189		214
190	p= *pp;	215	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
191	ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
192	i2d_ASN1_OCTET_STRING(&os,&p);
193	ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
194	i2d_X509_ALGOR(alg,&p);
195	i2d_ASN1_OCTET_STRING(&os2,&p);
196	ret=l[5];
197	err:	216	err:
198	if (os2.data != NULL) Free((char *)os2.data);	217	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
199	if (alg != NULL) X509_ALGOR_free(alg);	218	NETSCAPE_PKEY_free(pkey);
200	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
201	r=r;
202	return(ret);	219	return(ret);
203	}	220	}
204		221
205	RSA *d2i_Netscape_RSA(a,pp,length,cb)	222
206	RSA **a;	223	RSA d2i_Netscape_RSA(RSA a, const unsigned char pp, long length, int (cb)())
207	unsigned char **pp;	224	{
208	long length;	225	return d2i_RSA_NET(a, pp, length, cb, 0);
209	int (*cb)();	226	}
		227
		228	RSA d2i_RSA_NET(RSA a, const unsigned char pp, long length, int (cb)(), int sgckey)
210	{	229	{
211	RSA *ret=NULL;	230	RSA *ret=NULL;
212	ASN1_OCTET_STRING *os=NULL;	231	const unsigned char p, kp;
213	ASN1_CTX c;	232	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
		233
		234	p = *pp;
214		235
215	c.pp=pp;	236	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
216	c.error=ASN1_R_DECODING_ERROR;	237	if(!enckey) {
		238	ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
		239	return NULL;
		240	}
217		241
218	M_ASN1_D2I_Init();	242	if ((enckey->os->length != 11) \|\| (strncmp("private-key",
219	M_ASN1_D2I_start_sequence();	243	(char *)enckey->os->data,11) != 0))
220	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
221	if ((os->length != 11) \|\| (strncmp("private-key",
222	(char *)os->data,os->length) != 0))
223	{	244	{
224	ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);	245	ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
225	ASN1_BIT_STRING_free(os);	246	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
226	goto err;	247	return NULL;
227	}	248	}
228	ASN1_BIT_STRING_free(os);	249	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
229	c.q=c.p;	250	{
230	if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;	251	ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
231	c.slen-=(c.p-c.q);	252	goto err;
		253	}
		254	kp = enckey->enckey->digest->data;
		255	if (cb == NULL)
		256	cb=EVP_read_pw_string;
		257	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
		258
		259	*pp = p;
		260
		261	err:
		262	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
		263	return ret;
232		264
233	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
234	}	265	}
235		266
236	RSA *d2i_Netscape_RSA_2(a,pp,length,cb)	267	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,
237	RSA **a;	268	int (*cb)(), int sgckey)
238	unsigned char **pp;
239	long length;
240	int (*cb)();
241	{	269	{
242	NETSCAPE_PKEY *pkey=NULL;	270	NETSCAPE_PKEY *pkey=NULL;
243	RSA *ret=NULL;	271	RSA *ret=NULL;
244	int i,j;	272	int i,j;
245	unsigned char buf[256],*zz;	273	unsigned char buf[256];
		274	const unsigned char *zz;
246	unsigned char key[EVP_MAX_KEY_LENGTH];	275	unsigned char key[EVP_MAX_KEY_LENGTH];
247	EVP_CIPHER_CTX ctx;	276	EVP_CIPHER_CTX ctx;
248	X509_ALGOR *alg=NULL;
249	ASN1_OCTET_STRING *os=NULL;
250	ASN1_CTX c;
251
252	c.error=ASN1_R_ERROR_STACK;
253	c.pp=pp;
254		277
255	M_ASN1_D2I_Init();
256	M_ASN1_D2I_start_sequence();
257	M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
258	if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
259	{
260	ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
261	goto err;
262	}
263	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
264	if (cb == NULL)
265	cb=EVP_read_pw_string;
266	i=cb(buf,256,"Enter Private Key password:",0);	278	i=cb(buf,256,"Enter Private Key password:",0);
267	if (i != 0)	279	if (i != 0)
268	{	280	{
@@ -270,14 +282,20 @@ int (*cb)();
270	goto err;	282	goto err;
271	}	283	}
272		284
273	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,	285	i = strlen((char *)buf);
274	strlen((char *)buf),1,key,NULL);	286	if(sgckey){
		287	EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
		288	memcpy(buf + 16, "SGCKEYSALT", 10);
		289	i = 26;
		290	}
		291
		292	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
275	memset(buf,0,256);	293	memset(buf,0,256);
276		294
277	EVP_CIPHER_CTX_init(&ctx);	295	EVP_CIPHER_CTX_init(&ctx);
278	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);	296	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
279	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);	297	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
280	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);	298	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
281	EVP_CIPHER_CTX_cleanup(&ctx);	299	EVP_CIPHER_CTX_cleanup(&ctx);
282	os->length=i+j;	300	os->length=i+j;
283		301
@@ -295,71 +313,17 @@ int (*cb)();
295	ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);	313	ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
296	goto err;	314	goto err;
297	}	315	}
298	if (!asn1_Finish(&c)) goto err;
299	*pp=c.p;
300	err:	316	err:
301	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);	317	NETSCAPE_PKEY_free(pkey);
302	if (os != NULL) ASN1_BIT_STRING_free(os);
303	if (alg != NULL) X509_ALGOR_free(alg);
304	return(ret);	318	return(ret);
305	}	319	}
306		320
307	static int i2d_NETSCAPE_PKEY(a,pp)	321	#endif /* OPENSSL_NO_RC4 */
308	NETSCAPE_PKEY *a;
309	unsigned char **pp;
310	{
311	M_ASN1_I2D_vars(a);
312
313
314	M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER);
315	M_ASN1_I2D_len(a->algor, i2d_X509_ALGOR);
316	M_ASN1_I2D_len(a->private_key, i2d_ASN1_OCTET_STRING);
317
318	M_ASN1_I2D_seq_total();
319
320	M_ASN1_I2D_put(a->version, i2d_ASN1_INTEGER);
321	M_ASN1_I2D_put(a->algor, i2d_X509_ALGOR);
322	M_ASN1_I2D_put(a->private_key, i2d_ASN1_OCTET_STRING);
323
324	M_ASN1_I2D_finish();
325	}
326
327	static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(a,pp,length)
328	NETSCAPE_PKEY **a;
329	unsigned char **pp;
330	long length;
331	{
332	M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
333
334	M_ASN1_D2I_Init();
335	M_ASN1_D2I_start_sequence();
336	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
337	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
338	M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
339	M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
340	}
341
342	static NETSCAPE_PKEY *NETSCAPE_PKEY_new()
343	{
344	NETSCAPE_PKEY *ret=NULL;
345
346	M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
347	M_ASN1_New(ret->version,ASN1_INTEGER_new);
348	M_ASN1_New(ret->algor,X509_ALGOR_new);
349	M_ASN1_New(ret->private_key,ASN1_OCTET_STRING_new);
350	return(ret);
351	M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
352	}
353		322
354	static void NETSCAPE_PKEY_free(a)	323	#else /* !OPENSSL_NO_RSA */
355	NETSCAPE_PKEY *a;
356	{
357	if (a == NULL) return;
358	ASN1_INTEGER_free(a->version);
359	X509_ALGOR_free(a->algor);
360	ASN1_OCTET_STRING_free(a->private_key);
361	Free((char *)a);
362	}
363		324
364	#endif /* NO_RC4 */	325	# if PEDANTIC
		326	static void *dummy=&dummy;
		327	# endif
365		328
		329	#endif