1 files changed, 123 insertions, 182 deletions
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 9840193538..49f80fffd2 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -56,110 +56,134 @@
 * [including the GNU Public Licence.]
 */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
+#include <openssl/asn1t.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 typedef struct netscape_pkey_st
        {
-        ASN1_INTEGER *version;
+        long version;
        X509_ALGOR *algor;
        ASN1_OCTET_STRING *private_key;
        } NETSCAPE_PKEY;
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
+typedef struct netscape_encrypted_pkey_st
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
+        {
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
+        ASN1_OCTET_STRING *os;
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
+        /* This is the same structure as DigestInfo so use it:
+         * although this isn't really anything to do with
+         * digests.
+         */
+        X509_SIG *enckey;
+        } NETSCAPE_ENCRYPTED_PKEY;
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)())
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+             int (*cb)(), int sgckey);
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
 {
        return i2d_RSA_NET(a, pp, cb, 0);
 }
-int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
        {
-        int i,j,l[6];
+        int i, j, ret = 0;
-        NETSCAPE_PKEY *pkey;
+        int rsalen, pkeylen, olen;
+        NETSCAPE_PKEY *pkey = NULL;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
        unsigned char buf[256],*zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
-        X509_ALGOR *alg=NULL;
-        ASN1_OCTET_STRING os,os2;
-        M_ASN1_I2D_vars(a);
        if (a == NULL) return(0);
-#ifdef WIN32
-        r=r; /* shut the damn compiler up :-) */
-#endif
-        os.data=os2.data=NULL;
        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-        if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+        pkey->version = 0;
-        if (pkey->algor->algorithm != NULL)
-                ASN1_OBJECT_free(pkey->algor->algorithm);
        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
        pkey->algor->parameter->type=V_ASN1_NULL;
-        l[0]=i2d_RSAPrivateKey(a,NULL);
+        rsalen = i2d_RSAPrivateKey(a, NULL);
-        pkey->private_key->length=l[0];
-        os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
+        /* Fake some octet strings just for the initial length
-        l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
+         * calculation.
+         */
-        if ((alg=X509_ALGOR_new()) == NULL) goto err;
+        pkey->private_key->length=rsalen;
-        if (alg->algorithm != NULL)
-                ASN1_OBJECT_free(alg->algorithm);
-        alg->algorithm=OBJ_nid2obj(NID_rc4);
-        if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-        alg->parameter->type=V_ASN1_NULL;
-        l[2]=i2d_X509_ALGOR(alg,NULL);
+        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
-        l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
-#ifndef CONST_STRICT
+        enckey->enckey->digest->length = pkeylen;
-        os.data=(unsigned char *)"private-key";
-#endif
-        os.length=11;
-        l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
-        l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+        enckey->os->length = 11;        /* "private-key" */
+        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
        if (pp == NULL)
                {
-                if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
-                if (alg != NULL) X509_ALGOR_free(alg);
+                NETSCAPE_PKEY_free(pkey);
-                return(l[5]);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+                return olen;
                }
-        if (pkey->private_key->data != NULL)
-                OPENSSL_free(pkey->private_key->data);
+        /* Since its RC4 encrypted length is actual length */
-        if ((pkey->private_key->data=(unsigned char *)OPENSSL_malloc(l[0])) == NULL)
+        if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
                {
                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        zz=pkey->private_key->data;
+        pkey->private_key->data = zz;
+        /* Write out private key encoding */
        i2d_RSAPrivateKey(a,&zz);
-        if ((os2.data=(unsigned char *)OPENSSL_malloc(os2.length)) == NULL)
+        if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
                {
                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        zz=os2.data;
+        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
+                {
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        enckey->enckey->digest->data = zz;
        i2d_NETSCAPE_PKEY(pkey,&zz);
+        /* Wipe the private key encoding */
+        memset(pkey->private_key->data, 0, rsalen);
                
        if (cb == NULL)
                cb=EVP_read_pw_string;
@@ -171,109 +195,86 @@ int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
                }
        i = strlen((char *)buf);
        /* If the key is used for SGC the algorithm is modified a little. */
-        if(sgckey){
+        if(sgckey) {
-                EVP_MD_CTX mctx;
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
-                EVP_DigestInit(&mctx, EVP_md5());
-                EVP_DigestUpdate(&mctx, buf, i);
-                EVP_DigestFinal(&mctx, buf, NULL);
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
        }
-                
        EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
        memset(buf,0,256);
+        /* Encrypt private key in place */
+        zz = enckey->enckey->digest->data;
        EVP_CIPHER_CTX_init(&ctx);
-        EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+        EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
-        EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
+        EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
-        EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+        EVP_EncryptFinal_ex(&ctx,zz + i,&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
-        p= *pp;
+        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
-        ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-        i2d_ASN1_OCTET_STRING(&os,&p);
-        ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-        i2d_X509_ALGOR(alg,&p);
-        i2d_ASN1_OCTET_STRING(&os2,&p);
-        ret=l[5];
 err:
-        if (os2.data != NULL) OPENSSL_free(os2.data);
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-        if (alg != NULL) X509_ALGOR_free(alg);
+        NETSCAPE_PKEY_free(pkey);
-        if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-        r=r;
        return(ret);
        }
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)())
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
 {
        return d2i_RSA_NET(a, pp, length, cb, 0);
 }
-RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey)
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
        {
        RSA *ret=NULL;
-        ASN1_OCTET_STRING *os=NULL;
+        const unsigned char *p, *kp;
-        ASN1_CTX c;
+        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+        p = *pp;
-        c.pp=pp;
+        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-        c.error=ASN1_R_DECODING_ERROR;
+        if(!enckey) {
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+                return NULL;
+        }
-        M_ASN1_D2I_Init();
+        if ((enckey->os->length != 11) || (strncmp("private-key",
-        M_ASN1_D2I_start_sequence();
+                (char *)enckey->os->data,11) != 0))
-        M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-        if ((os->length != 11) || (strncmp("private-key",
-                (char *)os->data,os->length) != 0))
                {
                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-                M_ASN1_BIT_STRING_free(os);
+                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-                goto err;
+                return NULL;
                }
-        M_ASN1_BIT_STRING_free(os);
+        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
-        c.q=c.p;
+                {
-        if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-        /* Note: some versions of IIS key files use length values that are
+                goto err;
-         * too small for the surrounding SEQUENCEs. This following line
-         * effectively disable length checking.
-         */
-        c.slen = 0;
-        M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
        }
+        kp = enckey->enckey->digest->data;
+        if (cb == NULL)
+                cb=EVP_read_pw_string;
+        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
-RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length,
+        *pp = p;
-             int (*cb)())
-{
-        return d2i_RSA_NET_2(a, pp, length, cb, 0);
-}
-RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
+        err:
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        return ret;
+        }
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
             int (*cb)(), int sgckey)
        {
        NETSCAPE_PKEY *pkey=NULL;
        RSA *ret=NULL;
        int i,j;
-        unsigned char buf[256],*zz;
+        unsigned char buf[256];
+        const unsigned char *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
-        X509_ALGOR *alg=NULL;
-        ASN1_OCTET_STRING *os=NULL;
-        ASN1_CTX c;
-        c.error=ERR_R_NESTED_ASN1_ERROR;
-        c.pp=pp;
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
-        if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
-                {
-                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-                goto err;
-                }
-        M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-        if (cb == NULL)
-                cb=EVP_read_pw_string;
        i=cb(buf,256,"Enter Private Key password:",0);
        if (i != 0)
                {
@@ -283,10 +284,7 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
        i = strlen((char *)buf);
        if(sgckey){
-                EVP_MD_CTX mctx;
+                EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
-                EVP_DigestInit(&mctx, EVP_md5());
-                EVP_DigestUpdate(&mctx, buf, i);
-                EVP_DigestFinal(&mctx, buf, NULL);
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
        }
@@ -295,9 +293,9 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
        memset(buf,0,256);
        EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+        EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
        EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-        EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+        EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
        os->length=i+j;
@@ -315,71 +313,14 @@ RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length,
                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
                goto err;
                }
-        if (!asn1_Finish(&c)) goto err;
-        *pp=c.p;
 err:
-        if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
+        NETSCAPE_PKEY_free(pkey);
-        if (os != NULL) M_ASN1_BIT_STRING_free(os);
-        if (alg != NULL) X509_ALGOR_free(alg);
        return(ret);
        }
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp)
+#endif /* OPENSSL_NO_RC4 */
-        {
-        M_ASN1_I2D_vars(a);
-        M_ASN1_I2D_len(a->version,      i2d_ASN1_INTEGER);
-        M_ASN1_I2D_len(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_len(a->private_key,  i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_seq_total();
-        M_ASN1_I2D_put(a->version,      i2d_ASN1_INTEGER);
-        M_ASN1_I2D_put(a->algor,        i2d_X509_ALGOR);
-        M_ASN1_I2D_put(a->private_key,  i2d_ASN1_OCTET_STRING);
-        M_ASN1_I2D_finish();
-        }
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, unsigned char **pp,
-             long length)
-        {
-        M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
-        M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-        M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
-        M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
-        }
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void)
-        {
-        NETSCAPE_PKEY *ret=NULL;
-        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
-        M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
-        M_ASN1_New(ret->algor,X509_ALGOR_new);
-        M_ASN1_New(ret->private_key,M_ASN1_OCTET_STRING_new);
-        return(ret);
-        M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
-        }
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
-        {
-        if (a == NULL) return;
-        M_ASN1_INTEGER_free(a->version);
-        X509_ALGOR_free(a->algor);
-        M_ASN1_OCTET_STRING_free(a->private_key);
-        OPENSSL_free(a);
-        }
-#endif /* NO_RC4 */
-#else /* !NO_RSA */
+#else /* !OPENSSL_NO_RSA */
 # if PEDANTIC
 static void *dummy=&dummy;

diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c index 9840193538..49f80fffd2 100644 --- a/src/lib/libcrypto/asn1/n_pkey.c +++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -56,110 +56,134 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
59	#ifndef NO_RSA	59	#ifndef OPENSSL_NO_RSA
60	#include <stdio.h>	60	#include <stdio.h>
61	#include "cryptlib.h"	61	#include "cryptlib.h"
62	#include <openssl/rsa.h>	62	#include <openssl/rsa.h>
63	#include <openssl/objects.h>	63	#include <openssl/objects.h>
		64	#include <openssl/asn1t.h>
64	#include <openssl/asn1_mac.h>	65	#include <openssl/asn1_mac.h>
65	#include <openssl/evp.h>	66	#include <openssl/evp.h>
66	#include <openssl/x509.h>	67	#include <openssl/x509.h>
67		68
68		69
69	#ifndef NO_RC4	70	#ifndef OPENSSL_NO_RC4
70		71
71	typedef struct netscape_pkey_st	72	typedef struct netscape_pkey_st
72	{	73	{
73	ASN1_INTEGER *version;	74	long version;
74	X509_ALGOR *algor;	75	X509_ALGOR *algor;
75	ASN1_OCTET_STRING *private_key;	76	ASN1_OCTET_STRING *private_key;
76	} NETSCAPE_PKEY;	77	} NETSCAPE_PKEY;
77		78
78	static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY a, unsigned char *pp);	79	typedef struct netscape_encrypted_pkey_st
79	static NETSCAPE_PKEY d2i_NETSCAPE_PKEY(NETSCAPE_PKEY a,unsigned char *pp, long length);	80	{
80	static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);	81	ASN1_OCTET_STRING *os;
81	static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);	82	/* This is the same structure as DigestInfo so use it:
		83	* although this isn't really anything to do with
		84	* digests.
		85	*/
		86	X509_SIG *enckey;
		87	} NETSCAPE_ENCRYPTED_PKEY;
		88
		89
		90	ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
		91	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
		92	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
		93	} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
		94
		95	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
82		96
83	int i2d_Netscape_RSA(RSA a, unsigned char pp, int (cb)())	97	ASN1_SEQUENCE(NETSCAPE_PKEY) = {
		98	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
		99	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
		100	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
		101	} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
		102
		103	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
		104
		105	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,
		106	int (*cb)(), int sgckey);
		107
		108	int i2d_Netscape_RSA(const RSA a, unsigned char pp, int (cb)())
84	{	109	{
85	return i2d_RSA_NET(a, pp, cb, 0);	110	return i2d_RSA_NET(a, pp, cb, 0);
86	}	111	}
87		112
88	int i2d_RSA_NET(RSA a, unsigned char pp, int (cb)(), int sgckey)	113	int i2d_RSA_NET(const RSA a, unsigned char pp, int (cb)(), int sgckey)
89	{	114	{
90	int i,j,l[6];	115	int i, j, ret = 0;
91	NETSCAPE_PKEY *pkey;	116	int rsalen, pkeylen, olen;
		117	NETSCAPE_PKEY *pkey = NULL;
		118	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
92	unsigned char buf[256],*zz;	119	unsigned char buf[256],*zz;
93	unsigned char key[EVP_MAX_KEY_LENGTH];	120	unsigned char key[EVP_MAX_KEY_LENGTH];
94	EVP_CIPHER_CTX ctx;	121	EVP_CIPHER_CTX ctx;
95	X509_ALGOR *alg=NULL;
96	ASN1_OCTET_STRING os,os2;
97	M_ASN1_I2D_vars(a);
98		122
99	if (a == NULL) return(0);	123	if (a == NULL) return(0);
100		124
101	#ifdef WIN32
102	r=r; /* shut the damn compiler up :-) */
103	#endif
104
105	os.data=os2.data=NULL;
106	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;	125	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
107	if (!ASN1_INTEGER_set(pkey->version,0)) goto err;	126	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
		127	pkey->version = 0;
108		128
109	if (pkey->algor->algorithm != NULL)
110	ASN1_OBJECT_free(pkey->algor->algorithm);
111	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);	129	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
112	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;	130	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
113	pkey->algor->parameter->type=V_ASN1_NULL;	131	pkey->algor->parameter->type=V_ASN1_NULL;
114		132
115	l[0]=i2d_RSAPrivateKey(a,NULL);	133	rsalen = i2d_RSAPrivateKey(a, NULL);
116	pkey->private_key->length=l[0];
117		134
118	os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);	135	/* Fake some octet strings just for the initial length
119	l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);	136	* calculation.
		137	*/
120		138
121	if ((alg=X509_ALGOR_new()) == NULL) goto err;	139	pkey->private_key->length=rsalen;
122	if (alg->algorithm != NULL)
123	ASN1_OBJECT_free(alg->algorithm);
124	alg->algorithm=OBJ_nid2obj(NID_rc4);
125	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
126	alg->parameter->type=V_ASN1_NULL;
127		140
128	l[2]=i2d_X509_ALGOR(alg,NULL);	141	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
129	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
130		142
131	#ifndef CONST_STRICT	143	enckey->enckey->digest->length = pkeylen;
132	os.data=(unsigned char *)"private-key";
133	#endif
134	os.length=11;
135	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
136		144
137	l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);	145	enckey->os->length = 11; /* "private-key" */
		146
		147	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
		148	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
		149	enckey->enckey->algor->parameter->type=V_ASN1_NULL;
138		150
139	if (pp == NULL)	151	if (pp == NULL)
140	{	152	{
141	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);	153	olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
142	if (alg != NULL) X509_ALGOR_free(alg);	154	NETSCAPE_PKEY_free(pkey);
143	return(l[5]);	155	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
		156	return olen;
144	}	157	}
145		158
146	if (pkey->private_key->data != NULL)	159
147	OPENSSL_free(pkey->private_key->data);	160	/* Since its RC4 encrypted length is actual length */
148	if ((pkey->private_key->data=(unsigned char *)OPENSSL_malloc(l[0])) == NULL)	161	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
149	{	162	{
150	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);	163	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
151	goto err;	164	goto err;
152	}	165	}
153	zz=pkey->private_key->data;	166
		167	pkey->private_key->data = zz;
		168	/* Write out private key encoding */
154	i2d_RSAPrivateKey(a,&zz);	169	i2d_RSAPrivateKey(a,&zz);
155		170
156	if ((os2.data=(unsigned char *)OPENSSL_malloc(os2.length)) == NULL)	171	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
157	{	172	{
158	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);	173	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
159	goto err;	174	goto err;
160	}	175	}
161	zz=os2.data;	176
		177	if (!ASN1_STRING_set(enckey->os, "private-key", -1))
		178	{
		179	ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
		180	goto err;
		181	}
		182	enckey->enckey->digest->data = zz;
162	i2d_NETSCAPE_PKEY(pkey,&zz);	183	i2d_NETSCAPE_PKEY(pkey,&zz);
		184
		185	/* Wipe the private key encoding */
		186	memset(pkey->private_key->data, 0, rsalen);
163		187
164	if (cb == NULL)	188	if (cb == NULL)
165	cb=EVP_read_pw_string;	189	cb=EVP_read_pw_string;
@@ -171,109 +195,86 @@ int i2d_RSA_NET(RSA a, unsigned char pp, int (cb)(), int sgckey)
171	}	195	}
172	i = strlen((char *)buf);	196	i = strlen((char *)buf);
173	/* If the key is used for SGC the algorithm is modified a little. */	197	/* If the key is used for SGC the algorithm is modified a little. */
174	if(sgckey){	198	if(sgckey) {
175	EVP_MD_CTX mctx;	199	EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
176	EVP_DigestInit(&mctx, EVP_md5());
177	EVP_DigestUpdate(&mctx, buf, i);
178	EVP_DigestFinal(&mctx, buf, NULL);
179	memcpy(buf + 16, "SGCKEYSALT", 10);	200	memcpy(buf + 16, "SGCKEYSALT", 10);
180	i = 26;	201	i = 26;
181	}	202	}
182		203
183	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);	204	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
184	memset(buf,0,256);	205	memset(buf,0,256);
185		206
		207	/* Encrypt private key in place */
		208	zz = enckey->enckey->digest->data;
186	EVP_CIPHER_CTX_init(&ctx);	209	EVP_CIPHER_CTX_init(&ctx);
187	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);	210	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
188	EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);	211	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
189	EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);	212	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
190	EVP_CIPHER_CTX_cleanup(&ctx);	213	EVP_CIPHER_CTX_cleanup(&ctx);
191		214
192	p= *pp;	215	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
193	ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
194	i2d_ASN1_OCTET_STRING(&os,&p);
195	ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
196	i2d_X509_ALGOR(alg,&p);
197	i2d_ASN1_OCTET_STRING(&os2,&p);
198	ret=l[5];
199	err:	216	err:
200	if (os2.data != NULL) OPENSSL_free(os2.data);	217	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
201	if (alg != NULL) X509_ALGOR_free(alg);	218	NETSCAPE_PKEY_free(pkey);
202	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
203	r=r;
204	return(ret);	219	return(ret);
205	}	220	}
206		221
207		222
208	RSA d2i_Netscape_RSA(RSA a, unsigned char pp, long length, int (cb)())	223	RSA d2i_Netscape_RSA(RSA a, const unsigned char pp, long length, int (cb)())
209	{	224	{
210	return d2i_RSA_NET(a, pp, length, cb, 0);	225	return d2i_RSA_NET(a, pp, length, cb, 0);
211	}	226	}
212		227
213	RSA d2i_RSA_NET(RSA a, unsigned char pp, long length, int (cb)(), int sgckey)	228	RSA d2i_RSA_NET(RSA a, const unsigned char pp, long length, int (cb)(), int sgckey)
214	{	229	{
215	RSA *ret=NULL;	230	RSA *ret=NULL;
216	ASN1_OCTET_STRING *os=NULL;	231	const unsigned char p, kp;
217	ASN1_CTX c;	232	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
		233
		234	p = *pp;
218		235
219	c.pp=pp;	236	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
220	c.error=ASN1_R_DECODING_ERROR;	237	if(!enckey) {
		238	ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
		239	return NULL;
		240	}
221		241
222	M_ASN1_D2I_Init();	242	if ((enckey->os->length != 11) \|\| (strncmp("private-key",
223	M_ASN1_D2I_start_sequence();	243	(char *)enckey->os->data,11) != 0))
224	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
225	if ((os->length != 11) \|\| (strncmp("private-key",
226	(char *)os->data,os->length) != 0))
227	{	244	{
228	ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);	245	ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
229	M_ASN1_BIT_STRING_free(os);	246	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
230	goto err;	247	return NULL;
231	}	248	}
232	M_ASN1_BIT_STRING_free(os);	249	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
233	c.q=c.p;	250	{
234	if ((ret=d2i_RSA_NET_2(a,&c.p,c.slen,cb, sgckey)) == NULL) goto err;	251	ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
235	/* Note: some versions of IIS key files use length values that are	252	goto err;
236	* too small for the surrounding SEQUENCEs. This following line
237	* effectively disable length checking.
238	*/
239	c.slen = 0;
240
241	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
242	}	253	}
		254	kp = enckey->enckey->digest->data;
		255	if (cb == NULL)
		256	cb=EVP_read_pw_string;
		257	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
243		258
244	RSA d2i_Netscape_RSA_2(RSA a, unsigned char *pp, long length,	259	*pp = p;
245	int (*cb)())
246	{
247	return d2i_RSA_NET_2(a, pp, length, cb, 0);
248	}
249		260
250	RSA d2i_RSA_NET_2(RSA a, unsigned char *pp, long length,	261	err:
		262	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
		263	return ret;
		264
		265	}
		266
		267	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,
251	int (*cb)(), int sgckey)	268	int (*cb)(), int sgckey)
252	{	269	{
253	NETSCAPE_PKEY *pkey=NULL;	270	NETSCAPE_PKEY *pkey=NULL;
254	RSA *ret=NULL;	271	RSA *ret=NULL;
255	int i,j;	272	int i,j;
256	unsigned char buf[256],*zz;	273	unsigned char buf[256];
		274	const unsigned char *zz;
257	unsigned char key[EVP_MAX_KEY_LENGTH];	275	unsigned char key[EVP_MAX_KEY_LENGTH];
258	EVP_CIPHER_CTX ctx;	276	EVP_CIPHER_CTX ctx;
259	X509_ALGOR *alg=NULL;
260	ASN1_OCTET_STRING *os=NULL;
261	ASN1_CTX c;
262		277
263	c.error=ERR_R_NESTED_ASN1_ERROR;
264	c.pp=pp;
265
266	M_ASN1_D2I_Init();
267	M_ASN1_D2I_start_sequence();
268	M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
269	if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
270	{
271	ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
272	goto err;
273	}
274	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
275	if (cb == NULL)
276	cb=EVP_read_pw_string;
277	i=cb(buf,256,"Enter Private Key password:",0);	278	i=cb(buf,256,"Enter Private Key password:",0);
278	if (i != 0)	279	if (i != 0)
279	{	280	{
@@ -283,10 +284,7 @@ RSA d2i_RSA_NET_2(RSA a, unsigned char *pp, long length,
283		284
284	i = strlen((char *)buf);	285	i = strlen((char *)buf);
285	if(sgckey){	286	if(sgckey){
286	EVP_MD_CTX mctx;	287	EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
287	EVP_DigestInit(&mctx, EVP_md5());
288	EVP_DigestUpdate(&mctx, buf, i);
289	EVP_DigestFinal(&mctx, buf, NULL);
290	memcpy(buf + 16, "SGCKEYSALT", 10);	288	memcpy(buf + 16, "SGCKEYSALT", 10);
291	i = 26;	289	i = 26;
292	}	290	}
@@ -295,9 +293,9 @@ RSA d2i_RSA_NET_2(RSA a, unsigned char *pp, long length,
295	memset(buf,0,256);	293	memset(buf,0,256);
296		294
297	EVP_CIPHER_CTX_init(&ctx);	295	EVP_CIPHER_CTX_init(&ctx);
298	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);	296	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
299	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);	297	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
300	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);	298	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
301	EVP_CIPHER_CTX_cleanup(&ctx);	299	EVP_CIPHER_CTX_cleanup(&ctx);
302	os->length=i+j;	300	os->length=i+j;
303		301
@@ -315,71 +313,14 @@ RSA d2i_RSA_NET_2(RSA a, unsigned char *pp, long length,
315	ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);	313	ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
316	goto err;	314	goto err;
317	}	315	}
318	if (!asn1_Finish(&c)) goto err;
319	*pp=c.p;
320	err:	316	err:
321	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);	317	NETSCAPE_PKEY_free(pkey);
322	if (os != NULL) M_ASN1_BIT_STRING_free(os);
323	if (alg != NULL) X509_ALGOR_free(alg);
324	return(ret);	318	return(ret);
325	}	319	}
326		320
327	static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY a, unsigned char *pp)	321	#endif /* OPENSSL_NO_RC4 */
328	{
329	M_ASN1_I2D_vars(a);
330
331
332	M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER);
333	M_ASN1_I2D_len(a->algor, i2d_X509_ALGOR);
334	M_ASN1_I2D_len(a->private_key, i2d_ASN1_OCTET_STRING);
335
336	M_ASN1_I2D_seq_total();
337
338	M_ASN1_I2D_put(a->version, i2d_ASN1_INTEGER);
339	M_ASN1_I2D_put(a->algor, i2d_X509_ALGOR);
340	M_ASN1_I2D_put(a->private_key, i2d_ASN1_OCTET_STRING);
341
342	M_ASN1_I2D_finish();
343	}
344
345	static NETSCAPE_PKEY d2i_NETSCAPE_PKEY(NETSCAPE_PKEY a, unsigned char *pp,
346	long length)
347	{
348	M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
349
350	M_ASN1_D2I_Init();
351	M_ASN1_D2I_start_sequence();
352	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
353	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
354	M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
355	M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
356	}
357
358	static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void)
359	{
360	NETSCAPE_PKEY *ret=NULL;
361	ASN1_CTX c;
362
363	M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
364	M_ASN1_New(ret->version,M_ASN1_INTEGER_new);
365	M_ASN1_New(ret->algor,X509_ALGOR_new);
366	M_ASN1_New(ret->private_key,M_ASN1_OCTET_STRING_new);
367	return(ret);
368	M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
369	}
370
371	static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a)
372	{
373	if (a == NULL) return;
374	M_ASN1_INTEGER_free(a->version);
375	X509_ALGOR_free(a->algor);
376	M_ASN1_OCTET_STRING_free(a->private_key);
377	OPENSSL_free(a);
378	}
379
380	#endif /* NO_RC4 */
381		322
382	#else /* !NO_RSA */	323	#else /* !OPENSSL_NO_RSA */
383		324
384	# if PEDANTIC	325	# if PEDANTIC
385	static void *dummy=&dummy;	326	static void *dummy=&dummy;