1 files changed, 102 insertions, 101 deletions
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 0a378759f9..0e58baf1b5 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -69,15 +69,13 @@
 #ifndef OPENSSL_NO_RC4
-typedef struct netscape_pkey_st
+typedef struct netscape_pkey_st {
-{
        long version;
        X509_ALGOR *algor;
        ASN1_OCTET_STRING *private_key;
 } NETSCAPE_PKEY;
-typedef struct netscape_encrypted_pkey_st
+typedef struct netscape_encrypted_pkey_st {
-{
        ASN1_OCTET_STRING *os;
        /* This is the same structure as DigestInfo so use it:
         * although this isn't really anything to do with
@@ -93,7 +91,7 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
 } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 ASN1_SEQUENCE(NETSCAPE_PKEY) = {
@@ -103,61 +101,59 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
 } ASN1_SEQUENCE_END(NETSCAPE_PKEY)
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY, NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb)(char *buf, int len, const char *prompt,
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
-                                    int verify),
-                          int sgckey);
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+int
-                     int (*cb)(char *buf, int len, const char *prompt,
+i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-                               int verify))
+    int (*cb)(char *buf, int len, const char *prompt, int verify))
 {
        return i2d_RSA_NET(a, pp, cb, 0);
 }
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+int
-                int (*cb)(char *buf, int len, const char *prompt, int verify),
+i2d_RSA_NET(const RSA *a, unsigned char **pp,
-                int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
        int i, j, ret = 0;
        int rsalen, pkeylen, olen;
        NETSCAPE_PKEY *pkey = NULL;
        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-        unsigned char buf[256],*zz;
+        unsigned char buf[256], *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
        EVP_CIPHER_CTX_init(&ctx);
-        if (a == NULL) return(0);
+        if (a == NULL)
+                return (0);
-        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+        if ((pkey = NETSCAPE_PKEY_new()) == NULL)
-        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+                goto err;
+        if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
+                goto err;
        pkey->version = 0;
-        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+        pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        pkey->algor->parameter->type=V_ASN1_NULL;
+                goto err;
+        pkey->algor->parameter->type = V_ASN1_NULL;
        rsalen = i2d_RSAPrivateKey(a, NULL);
        /* Fake some octet strings just for the initial length
         * calculation.
         */
+        pkey->private_key->length = rsalen;
-        pkey->private_key->length=rsalen;
+        pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
-        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
        enckey->enckey->digest->length = pkeylen;
        enckey->os->length = 11;        /* "private-key" */
+        enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
-        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                goto err;
-        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
+        enckey->enckey->algor->parameter->type = V_ASN1_NULL;
        if (pp == NULL) {
                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
@@ -166,59 +162,58 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
                return olen;
        }
        /* Since its RC4 encrypted length is actual length */
-        if ((zz=(unsigned char *)malloc(rsalen)) == NULL) {
+        if ((zz = (unsigned char *)malloc(rsalen)) == NULL) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        pkey->private_key->data = zz;
        /* Write out private key encoding */
-        i2d_RSAPrivateKey(a,&zz);
+        i2d_RSAPrivateKey(a, &zz);
-        if ((zz=malloc(pkeylen)) == NULL) {
+        if ((zz = malloc(pkeylen)) == NULL) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        enckey->enckey->digest->data = zz;
-        i2d_NETSCAPE_PKEY(pkey,&zz);
+        i2d_NETSCAPE_PKEY(pkey, &zz);
        /* Wipe the private key encoding */
        OPENSSL_cleanse(pkey->private_key->data, rsalen);
-                
        if (cb == NULL)
-                cb=EVP_read_pw_string;
+                cb = EVP_read_pw_string;
-        i=cb((char *)buf,256,"Enter Private Key password:",1);
+        i = cb((char *)buf, 256, "Enter Private Key password:", 1);
        if (i != 0) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
+                ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
                goto err;
        }
        i = strlen((char *)buf);
        /* If the key is used for SGC the algorithm is modified a little. */
-        if(sgckey) {
+        if (sgckey) {
                if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
                        goto err;
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
-}
+        }
-        if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
+        if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
                goto err;
-        OPENSSL_cleanse(buf,256);
+        OPENSSL_cleanse(buf, 256);
        /* Encrypt private key in place */
        zz = enckey->enckey->digest->data;
-        if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL))
+        if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
                goto err;
-        if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen))
+        if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
                goto err;
-        if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j))
+        if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
                goto err;
        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -226,110 +221,116 @@ err:
        EVP_CIPHER_CTX_cleanup(&ctx);
        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
        NETSCAPE_PKEY_free(pkey);
-        return(ret);
+        return (ret);
 }
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+RSA *
-                      int (*cb)(char *buf, int len, const char *prompt,
+d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-                                int verify))
+    int (*cb)(char *buf, int len, const char *prompt, int verify))
 {
        return d2i_RSA_NET(a, pp, length, cb, 0);
 }
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+RSA *
-                 int (*cb)(char *buf, int len, const char *prompt, int verify),
+d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-                 int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
-        RSA *ret=NULL;
+        RSA *ret = NULL;
        const unsigned char *p;
        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
        p = *pp;
        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-        if(!enckey) {
+        if (!enckey) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
+                ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
                return NULL;
-}
+        }
        if ((enckey->os->length != 11) || (strncmp("private-key",
-                (char *)enckey->os->data,11) != 0)) {
+        (char *)enckey->os->data, 11) != 0)) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+                ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
                return NULL;
        }
        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                ASN1err(ASN1_F_D2I_RSA_NET,
+                    ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
                goto err;
-}
+        }
        if (cb == NULL)
-                cb=EVP_read_pw_string;
+                cb = EVP_read_pw_string;
-        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
+        if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
+            sgckey)) == NULL)
+                goto err;
        *pp = p;
-        err:
+err:
        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
        return ret;
 }
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+static RSA *
-                          int (*cb)(char *buf, int len, const char *prompt,
+d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                                    int verify), int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
-        NETSCAPE_PKEY *pkey=NULL;
+        NETSCAPE_PKEY *pkey = NULL;
-        RSA *ret=NULL;
+        RSA *ret = NULL;
-        int i,j;
+        int i, j;
        unsigned char buf[256];
        const unsigned char *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
        EVP_CIPHER_CTX_init(&ctx);
-        i=cb((char *)buf,256,"Enter Private Key password:",0);
+        i=cb((char *)buf,256, "Enter Private Key password:",0);
        if (i != 0) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
+                ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
                goto err;
        }
        i = strlen((char *)buf);
-        if(sgckey){
+        if (sgckey){
                if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
                        goto err;
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
-}
+        }
-                
-        if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
+        if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
                goto err;
-        OPENSSL_cleanse(buf,256);
+        OPENSSL_cleanse(buf, 256);
-        if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL))
+        if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
                goto err;
-        if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length))
+        if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
                goto err;
-        if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j))
+        if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
                goto err;
-        os->length=i+j;
+        os->length = i + j;
-        zz=os->data;
+        zz = os->data;
-        if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) {
+        if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+                ASN1err(ASN1_F_D2I_RSA_NET_2,
+                    ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
                goto err;
        }
-                
-        zz=pkey->private_key->data;
+        zz = pkey->private_key->data;
-        if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) {
+        if ((ret = d2i_RSAPrivateKey(a, &zz,
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+            pkey->private_key->length)) == NULL) {
+                ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
                goto err;
        }
 err:
        EVP_CIPHER_CTX_cleanup(&ctx);
        NETSCAPE_PKEY_free(pkey);
-        return(ret);
+        return (ret);
 }
 #endif /* OPENSSL_NO_RC4 */
@@ -337,7 +338,7 @@ err:
 #else /* !OPENSSL_NO_RSA */
 # if PEDANTIC
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 # endif
 #endif

diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c index 0a378759f9..0e58baf1b5 100644 --- a/src/lib/libcrypto/asn1/n_pkey.c +++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -5,21 +5,21 @@
5	* This package is an SSL implementation written	5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).	6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.	7	* The implementation was written so as to conform with Netscapes SSL.
8	*	8	*
9	* This library is free for commercial and non-commercial use as long as	9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions	10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,	11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms	13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*	15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in	16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.	17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution	18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.	19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or	20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.	21	* in documentation (online or textual) provided with the package.
22	*	22	*
23	* Redistribution and use in source and binary forms, with or without	23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions	24	* modification, are permitted provided that the following conditions
25	* are met:	25	* are met:
@@ -34,10 +34,10 @@
34	* Eric Young (eay@cryptsoft.com)"	34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library	35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).	36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from	37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:	38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*	40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.	51	* SUCH DAMAGE.
52	*	52	*
53	* The licence and distribution terms for any publically available version or	53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
@@ -69,15 +69,13 @@
69		69
70	#ifndef OPENSSL_NO_RC4	70	#ifndef OPENSSL_NO_RC4
71		71
72	typedef struct netscape_pkey_st	72	typedef struct netscape_pkey_st {
73	{
74	long version;	73	long version;
75	X509_ALGOR *algor;	74	X509_ALGOR *algor;
76	ASN1_OCTET_STRING *private_key;	75	ASN1_OCTET_STRING *private_key;
77	} NETSCAPE_PKEY;	76	} NETSCAPE_PKEY;
78		77
79	typedef struct netscape_encrypted_pkey_st	78	typedef struct netscape_encrypted_pkey_st {
80	{
81	ASN1_OCTET_STRING *os;	79	ASN1_OCTET_STRING *os;
82	/* This is the same structure as DigestInfo so use it:	80	/* This is the same structure as DigestInfo so use it:
83	* although this isn't really anything to do with	81	* although this isn't really anything to do with
@@ -93,7 +91,7 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
93	} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)	91	} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
94		92
95	DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)	93	DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
96	DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)	94	DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY)
97	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)	95	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
98		96
99	ASN1_SEQUENCE(NETSCAPE_PKEY) = {	97	ASN1_SEQUENCE(NETSCAPE_PKEY) = {
@@ -103,61 +101,59 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
103	} ASN1_SEQUENCE_END(NETSCAPE_PKEY)	101	} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
104		102
105	DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)	103	DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
106	DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)	104	DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY, NETSCAPE_PKEY)
107	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)	105	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
108		106
109	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,	107	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,
110	int (cb)(char buf, int len, const char *prompt,	108	int (cb)(char buf, int len, const char *prompt, int verify), int sgckey);
111	int verify),
112	int sgckey);
113		109
114	int i2d_Netscape_RSA(const RSA a, unsigned char *pp,	110	int
115	int (cb)(char buf, int len, const char *prompt,	111	i2d_Netscape_RSA(const RSA a, unsigned char *pp,
116	int verify))	112	int (cb)(char buf, int len, const char *prompt, int verify))
117	{	113	{
118	return i2d_RSA_NET(a, pp, cb, 0);	114	return i2d_RSA_NET(a, pp, cb, 0);
119	}	115	}
120		116
121	int i2d_RSA_NET(const RSA a, unsigned char *pp,	117	int
122	int (cb)(char buf, int len, const char *prompt, int verify),	118	i2d_RSA_NET(const RSA a, unsigned char *pp,
123	int sgckey)	119	int (cb)(char buf, int len, const char *prompt, int verify), int sgckey)
124	{	120	{
125	int i, j, ret = 0;	121	int i, j, ret = 0;
126	int rsalen, pkeylen, olen;	122	int rsalen, pkeylen, olen;
127	NETSCAPE_PKEY *pkey = NULL;	123	NETSCAPE_PKEY *pkey = NULL;
128	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;	124	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
129	unsigned char buf[256],*zz;	125	unsigned char buf[256], *zz;
130	unsigned char key[EVP_MAX_KEY_LENGTH];	126	unsigned char key[EVP_MAX_KEY_LENGTH];
131	EVP_CIPHER_CTX ctx;	127	EVP_CIPHER_CTX ctx;
132	EVP_CIPHER_CTX_init(&ctx);	128	EVP_CIPHER_CTX_init(&ctx);
133		129
134	if (a == NULL) return(0);	130	if (a == NULL)
		131	return (0);
135		132
136	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;	133	if ((pkey = NETSCAPE_PKEY_new()) == NULL)
137	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;	134	goto err;
		135	if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
		136	goto err;
138	pkey->version = 0;	137	pkey->version = 0;
139		138
140	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);	139	pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
141	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;	140	if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
142	pkey->algor->parameter->type=V_ASN1_NULL;	141	goto err;
		142	pkey->algor->parameter->type = V_ASN1_NULL;
143		143
144	rsalen = i2d_RSAPrivateKey(a, NULL);	144	rsalen = i2d_RSAPrivateKey(a, NULL);
145		145
146	/* Fake some octet strings just for the initial length	146	/* Fake some octet strings just for the initial length
147	* calculation.	147	* calculation.
148	*/	148	*/
149		149	pkey->private_key->length = rsalen;
150	pkey->private_key->length=rsalen;	150	pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
151
152	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
153
154	enckey->enckey->digest->length = pkeylen;	151	enckey->enckey->digest->length = pkeylen;
155
156	enckey->os->length = 11; /* "private-key" */	152	enckey->os->length = 11; /* "private-key" */
157		153	enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
158	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);	154	if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
159	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;	155	goto err;
160	enckey->enckey->algor->parameter->type=V_ASN1_NULL;	156	enckey->enckey->algor->parameter->type = V_ASN1_NULL;
161		157
162	if (pp == NULL) {	158	if (pp == NULL) {
163	olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);	159	olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
@@ -166,59 +162,58 @@ int i2d_RSA_NET(const RSA a, unsigned char *pp,
166	return olen;	162	return olen;
167	}	163	}
168		164
169
170	/* Since its RC4 encrypted length is actual length */	165	/* Since its RC4 encrypted length is actual length */
171	if ((zz=(unsigned char *)malloc(rsalen)) == NULL) {	166	if ((zz = (unsigned char *)malloc(rsalen)) == NULL) {
172	ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);	167	ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
173	goto err;	168	goto err;
174	}	169	}
175		170
176	pkey->private_key->data = zz;	171	pkey->private_key->data = zz;
177	/* Write out private key encoding */	172	/* Write out private key encoding */
178	i2d_RSAPrivateKey(a,&zz);	173	i2d_RSAPrivateKey(a, &zz);
179		174
180	if ((zz=malloc(pkeylen)) == NULL) {	175	if ((zz = malloc(pkeylen)) == NULL) {
181	ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);	176	ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
182	goto err;	177	goto err;
183	}	178	}
184		179
185	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {	180	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
186	ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);	181	ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
187	goto err;	182	goto err;
188	}	183	}
189	enckey->enckey->digest->data = zz;	184	enckey->enckey->digest->data = zz;
190	i2d_NETSCAPE_PKEY(pkey,&zz);	185	i2d_NETSCAPE_PKEY(pkey, &zz);
191		186
192	/* Wipe the private key encoding */	187	/* Wipe the private key encoding */
193	OPENSSL_cleanse(pkey->private_key->data, rsalen);	188	OPENSSL_cleanse(pkey->private_key->data, rsalen);
194		189
195	if (cb == NULL)	190	if (cb == NULL)
196	cb=EVP_read_pw_string;	191	cb = EVP_read_pw_string;
197	i=cb((char *)buf,256,"Enter Private Key password:",1);	192	i = cb((char *)buf, 256, "Enter Private Key password:", 1);
198	if (i != 0) {	193	if (i != 0) {
199	ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);	194	ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
200	goto err;	195	goto err;
201	}	196	}
202	i = strlen((char *)buf);	197	i = strlen((char *)buf);
203	/* If the key is used for SGC the algorithm is modified a little. */	198	/* If the key is used for SGC the algorithm is modified a little. */
204	if(sgckey) {	199	if (sgckey) {
205	if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))	200	if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
206	goto err;	201	goto err;
207	memcpy(buf + 16, "SGCKEYSALT", 10);	202	memcpy(buf + 16, "SGCKEYSALT", 10);
208	i = 26;	203	i = 26;
209	}	204	}
210		205
211	if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))	206	if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
212	goto err;	207	goto err;
213	OPENSSL_cleanse(buf,256);	208	OPENSSL_cleanse(buf, 256);
214		209
215	/* Encrypt private key in place */	210	/* Encrypt private key in place */
216	zz = enckey->enckey->digest->data;	211	zz = enckey->enckey->digest->data;
217	if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL))	212	if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
218	goto err;	213	goto err;
219	if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen))	214	if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
220	goto err;	215	goto err;
221	if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j))	216	if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
222	goto err;	217	goto err;
223		218
224	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);	219	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -226,110 +221,116 @@ err:
226	EVP_CIPHER_CTX_cleanup(&ctx);	221	EVP_CIPHER_CTX_cleanup(&ctx);
227	NETSCAPE_ENCRYPTED_PKEY_free(enckey);	222	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
228	NETSCAPE_PKEY_free(pkey);	223	NETSCAPE_PKEY_free(pkey);
229	return(ret);	224	return (ret);
230	}	225	}
231		226
232		227
233	RSA d2i_Netscape_RSA(RSA a, const unsigned char *pp, long length,	228	RSA *
234	int (cb)(char buf, int len, const char *prompt,	229	d2i_Netscape_RSA(RSA a, const unsigned char pp, long length,
235	int verify))	230	int (cb)(char buf, int len, const char *prompt, int verify))
236	{	231	{
237	return d2i_RSA_NET(a, pp, length, cb, 0);	232	return d2i_RSA_NET(a, pp, length, cb, 0);
238	}	233	}
239		234
240	RSA d2i_RSA_NET(RSA a, const unsigned char *pp, long length,	235	RSA *
241	int (cb)(char buf, int len, const char *prompt, int verify),	236	d2i_RSA_NET(RSA a, const unsigned char pp, long length,
242	int sgckey)	237	int (cb)(char buf, int len, const char *prompt, int verify), int sgckey)
243	{	238	{
244	RSA *ret=NULL;	239	RSA *ret = NULL;
245	const unsigned char *p;	240	const unsigned char *p;
246	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;	241	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
247		242
248	p = *pp;	243	p = *pp;
249		244
250	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);	245	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
251	if(!enckey) {	246	if (!enckey) {
252	ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);	247	ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
253	return NULL;	248	return NULL;
254	}	249	}
255		250
256	if ((enckey->os->length != 11) \|\| (strncmp("private-key",	251	if ((enckey->os->length != 11) \|\| (strncmp("private-key",
257	(char *)enckey->os->data,11) != 0)) {	252	(char *)enckey->os->data, 11) != 0)) {
258	ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);	253	ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
259	NETSCAPE_ENCRYPTED_PKEY_free(enckey);	254	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
260	return NULL;	255	return NULL;
261	}	256	}
262	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {	257	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
263	ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);	258	ASN1err(ASN1_F_D2I_RSA_NET,
		259	ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
264	goto err;	260	goto err;
265	}	261	}
266	if (cb == NULL)	262	if (cb == NULL)
267	cb=EVP_read_pw_string;	263	cb = EVP_read_pw_string;
268	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;	264	if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
		265	sgckey)) == NULL)
		266	goto err;
269		267
270	*pp = p;	268	*pp = p;
271		269
272	err:	270	err:
273	NETSCAPE_ENCRYPTED_PKEY_free(enckey);	271	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
274	return ret;	272	return ret;
275		273
276	}	274	}
277		275
278	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,	276	static RSA *
279	int (cb)(char buf, int len, const char *prompt,	277	d2i_RSA_NET_2(RSA *a, ASN1_OCTET_STRING os,
280	int verify), int sgckey)	278	int (cb)(char buf, int len, const char *prompt, int verify), int sgckey)
281	{	279	{
282	NETSCAPE_PKEY *pkey=NULL;	280	NETSCAPE_PKEY *pkey = NULL;
283	RSA *ret=NULL;	281	RSA *ret = NULL;
284	int i,j;	282	int i, j;
285	unsigned char buf[256];	283	unsigned char buf[256];
286	const unsigned char *zz;	284	const unsigned char *zz;
287	unsigned char key[EVP_MAX_KEY_LENGTH];	285	unsigned char key[EVP_MAX_KEY_LENGTH];
288	EVP_CIPHER_CTX ctx;	286	EVP_CIPHER_CTX ctx;
289	EVP_CIPHER_CTX_init(&ctx);	287	EVP_CIPHER_CTX_init(&ctx);
290		288
291	i=cb((char *)buf,256,"Enter Private Key password:",0);	289	i=cb((char *)buf,256, "Enter Private Key password:",0);
292	if (i != 0) {	290	if (i != 0) {
293	ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);	291	ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
294	goto err;	292	goto err;
295	}	293	}
296		294
297	i = strlen((char *)buf);	295	i = strlen((char *)buf);
298	if(sgckey){	296	if (sgckey){
299	if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))	297	if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
300	goto err;	298	goto err;
301	memcpy(buf + 16, "SGCKEYSALT", 10);	299	memcpy(buf + 16, "SGCKEYSALT", 10);
302	i = 26;	300	i = 26;
303	}	301	}
304		302
305	if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))	303	if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
306	goto err;	304	goto err;
307	OPENSSL_cleanse(buf,256);	305	OPENSSL_cleanse(buf, 256);
308		306
309	if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL))	307	if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
310	goto err;	308	goto err;
311	if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length))	309	if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
312	goto err;	310	goto err;
313	if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j))	311	if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
314	goto err;	312	goto err;
315	os->length=i+j;	313	os->length = i + j;
316		314
317	zz=os->data;	315	zz = os->data;
318		316
319	if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) {	317	if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
320	ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);	318	ASN1err(ASN1_F_D2I_RSA_NET_2,
		319	ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
321	goto err;	320	goto err;
322	}	321	}
323		322
324	zz=pkey->private_key->data;	323	zz = pkey->private_key->data;
325	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) {	324	if ((ret = d2i_RSAPrivateKey(a, &zz,
326	ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);	325	pkey->private_key->length)) == NULL) {
		326	ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
327	goto err;	327	goto err;
328	}	328	}
		329
329	err:	330	err:
330	EVP_CIPHER_CTX_cleanup(&ctx);	331	EVP_CIPHER_CTX_cleanup(&ctx);
331	NETSCAPE_PKEY_free(pkey);	332	NETSCAPE_PKEY_free(pkey);
332	return(ret);	333	return (ret);
333	}	334	}
334		335
335	#endif /* OPENSSL_NO_RC4 */	336	#endif /* OPENSSL_NO_RC4 */
@@ -337,7 +338,7 @@ err:
337	#else /* !OPENSSL_NO_RSA */	338	#else /* !OPENSSL_NO_RSA */
338		339
339	# if PEDANTIC	340	# if PEDANTIC
340	static void *dummy=&dummy;	341	static void *dummy = &dummy;
341	# endif	342	# endif
342		343
343	#endif	344	#endif