[thirdparty/openssl.git] / crypto / asn1 / n_pkey.c

/* crypto/asn1/n_pkey.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include "cryptlib.h"
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/asn1t.h>
#include <openssl/asn1_mac.h>
#include <openssl/evp.h>
#include <openssl/x509.h>


#ifndef OPENSSL_NO_RC4

typedef struct netscape_pkey_st
	{
	long version;
	X509_ALGOR *algor;
	ASN1_OCTET_STRING *private_key;
	} NETSCAPE_PKEY;

typedef struct netscape_encrypted_pkey_st
	{
	ASN1_OCTET_STRING *os;
	/* This is the same structure as DigestInfo so use it:
	 * although this isn't really anything to do with
	 * digests.
	 */
	X509_SIG *enckey;
	} NETSCAPE_ENCRYPTED_PKEY;


ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)

DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)

ASN1_SEQUENCE(NETSCAPE_PKEY) = {
	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(NETSCAPE_PKEY)

DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)

static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
			  int (*cb)(char *buf, int len, const char *prompt,
				    int verify),
			  int sgckey);

int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
		     int (*cb)(char *buf, int len, const char *prompt,
			       int verify))
{
	return i2d_RSA_NET(a, pp, cb, 0);
}

int i2d_RSA_NET(const RSA *a, unsigned char **pp,
		int (*cb)(char *buf, int len, const char *prompt, int verify),
		int sgckey)
	{
	int i, j, ret = 0;
	int rsalen, pkeylen, olen;
	NETSCAPE_PKEY *pkey = NULL;
	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
	unsigned char buf[256],*zz;
	unsigned char key[EVP_MAX_KEY_LENGTH];
	EVP_CIPHER_CTX ctx;

	if (a == NULL) return(0);

	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
	pkey->version = 0;

	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
	pkey->algor->parameter->type=V_ASN1_NULL;

	rsalen = i2d_RSAPrivateKey(a, NULL);

	/* Fake some octet strings just for the initial length
	 * calculation.
 	 */

	pkey->private_key->length=rsalen;

	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);

	enckey->enckey->digest->length = pkeylen;

	enckey->os->length = 11;	/* "private-key" */

	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
	enckey->enckey->algor->parameter->type=V_ASN1_NULL;

	if (pp == NULL)
		{
		olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
		NETSCAPE_PKEY_free(pkey);
		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
		return olen;
		}


	/* Since its RC4 encrypted length is actual length */
	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
		{
		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
		goto err;
		}

	pkey->private_key->data = zz;
	/* Write out private key encoding */
	i2d_RSAPrivateKey(a,&zz);

	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
		{
		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
		goto err;
		}

	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
		{
		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
		goto err;
		}
	enckey->enckey->digest->data = zz;
	i2d_NETSCAPE_PKEY(pkey,&zz);

	/* Wipe the private key encoding */
	OPENSSL_cleanse(pkey->private_key->data, rsalen);
		
	if (cb == NULL)
		cb=EVP_read_pw_string;
	i=cb((char *)buf,256,"Enter Private Key password:",1);
	if (i != 0)
		{
		ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
		goto err;
		}
	i = strlen((char *)buf);
	/* If the key is used for SGC the algorithm is modified a little. */
	if(sgckey) {
		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
		memcpy(buf + 16, "SGCKEYSALT", 10);
		i = 26;
	}

	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
	OPENSSL_cleanse(buf,256);

	/* Encrypt private key in place */
	zz = enckey->enckey->digest->data;
	EVP_CIPHER_CTX_init(&ctx);
	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
	EVP_CIPHER_CTX_cleanup(&ctx);

	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
err:
	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
	NETSCAPE_PKEY_free(pkey);
	return(ret);
	}


RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
		      int (*cb)(char *buf, int len, const char *prompt,
				int verify))
{
	return d2i_RSA_NET(a, pp, length, cb, 0);
}

RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
		 int (*cb)(char *buf, int len, const char *prompt, int verify),
		 int sgckey)
	{
	RSA *ret=NULL;
	const unsigned char *p, *kp;
	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;

	p = *pp;

	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
	if(!enckey) {
		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
		return NULL;
	}

	if ((enckey->os->length != 11) || (strncmp("private-key",
		(char *)enckey->os->data,11) != 0))
		{
		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
		return NULL;
		}
	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
		{
		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
		goto err;
	}
	kp = enckey->enckey->digest->data;
	if (cb == NULL)
		cb=EVP_read_pw_string;
	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;

	*pp = p;

	err:
	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
	return ret;

	}

static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
			  int (*cb)(char *buf, int len, const char *prompt,
				    int verify), int sgckey)
	{
	NETSCAPE_PKEY *pkey=NULL;
	RSA *ret=NULL;
	int i,j;
	unsigned char buf[256];
	const unsigned char *zz;
	unsigned char key[EVP_MAX_KEY_LENGTH];
	EVP_CIPHER_CTX ctx;

	i=cb((char *)buf,256,"Enter Private Key password:",0);
	if (i != 0)
		{
		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
		goto err;
		}

	i = strlen((char *)buf);
	if(sgckey){
		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
		memcpy(buf + 16, "SGCKEYSALT", 10);
		i = 26;
	}
		
	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
	OPENSSL_cleanse(buf,256);

	EVP_CIPHER_CTX_init(&ctx);
	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
	EVP_CIPHER_CTX_cleanup(&ctx);
	os->length=i+j;

	zz=os->data;

	if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
		{
		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
		goto err;
		}
		
	zz=pkey->private_key->data;
	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
		{
		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
		goto err;
		}
err:
	NETSCAPE_PKEY_free(pkey);
	return(ret);
	}

#endif /* OPENSSL_NO_RC4 */

#else /* !OPENSSL_NO_RSA */

# if PEDANTIC
static void *dummy=&dummy;
# endif

#endif
Commit	Line	Data
d02b48c6	1	/* crypto/asn1/n_pkey.c */
58964a49	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "cryptlib.h"
536b73e7	61	#ifndef OPENSSL_NO_RSA
ec577822 BM	62	#include <openssl/rsa.h>
ec577822 BM	63	#include <openssl/objects.h>
9d6b1ce6	64	#include <openssl/asn1t.h>
ec577822 BM	65	#include <openssl/asn1_mac.h>
	66	#include <openssl/evp.h>
	67	#include <openssl/x509.h>
d02b48c6 RE	68
d02b48c6 RE	69
cf1b7d96	70	#ifndef OPENSSL_NO_RC4
d02b48c6 RE	71
	72	typedef struct netscape_pkey_st
	73	{
9d6b1ce6	74	long version;
d02b48c6 RE	75	X509_ALGOR *algor;
	76	ASN1_OCTET_STRING *private_key;
	77	} NETSCAPE_PKEY;
	78
9d6b1ce6 DSH	79	typedef struct netscape_encrypted_pkey_st
	80	{
	81	ASN1_OCTET_STRING *os;
	82	/* This is the same structure as DigestInfo so use it:
	83	* although this isn't really anything to do with
	84	* digests.
	85	*/
	86	X509_SIG *enckey;
	87	} NETSCAPE_ENCRYPTED_PKEY;
	88
	89
	90	ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
	91	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
	92	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
d339187b	93	} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
9d6b1ce6	94
65ee74fb LJ	95	DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
65ee74fb LJ	96	DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
9d6b1ce6 DSH	97	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
	98
	99	ASN1_SEQUENCE(NETSCAPE_PKEY) = {
	100	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
	101	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
	102	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
d339187b	103	} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
9d6b1ce6	104
65ee74fb LJ	105	DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
65ee74fb LJ	106	DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
9d6b1ce6 DSH	107	IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
	108
	109	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,
41a15c4f BL	110	int (cb)(char buf, int len, const char *prompt,
	111	int verify),
	112	int sgckey);
f5d7a031	113
41a15c4f BL	114	int i2d_Netscape_RSA(const RSA a, unsigned char *pp,
	115	int (cb)(char buf, int len, const char *prompt,
	116	int verify))
d3ed8ceb DSH	117	{
	118	return i2d_RSA_NET(a, pp, cb, 0);
	119	}
	120
41a15c4f BL	121	int i2d_RSA_NET(const RSA a, unsigned char *pp,
	122	int (cb)(char buf, int len, const char *prompt, int verify),
	123	int sgckey)
d02b48c6	124	{
9d6b1ce6 DSH	125	int i, j, ret = 0;
	126	int rsalen, pkeylen, olen;
	127	NETSCAPE_PKEY *pkey = NULL;
	128	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
d02b48c6 RE	129	unsigned char buf[256],*zz;
	130	unsigned char key[EVP_MAX_KEY_LENGTH];
	131	EVP_CIPHER_CTX ctx;
d02b48c6 RE	132
	133	if (a == NULL) return(0);
	134
d02b48c6	135	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
9d6b1ce6 DSH	136	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
9d6b1ce6 DSH	137	pkey->version = 0;
d02b48c6	138
d02b48c6 RE	139	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
	140	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
	141	pkey->algor->parameter->type=V_ASN1_NULL;
	142
9d6b1ce6	143	rsalen = i2d_RSAPrivateKey(a, NULL);
d02b48c6	144
9d6b1ce6 DSH	145	/* Fake some octet strings just for the initial length
	146	* calculation.
	147	*/
d02b48c6	148
9d6b1ce6	149	pkey->private_key->length=rsalen;
d02b48c6	150
9d6b1ce6	151	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
d02b48c6	152
9d6b1ce6 DSH	153	enckey->enckey->digest->length = pkeylen;
	154
	155	enckey->os->length = 11; /* "private-key" */
d02b48c6	156
9d6b1ce6 DSH	157	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
	158	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
	159	enckey->enckey->algor->parameter->type=V_ASN1_NULL;
d02b48c6 RE	160
	161	if (pp == NULL)
	162	{
9d6b1ce6 DSH	163	olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
	164	NETSCAPE_PKEY_free(pkey);
	165	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
	166	return olen;
d02b48c6 RE	167	}
d02b48c6 RE	168
9d6b1ce6 DSH	169
	170	/* Since its RC4 encrypted length is actual length */
	171	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
d02b48c6	172	{
fbeaa3c4	173	ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
d02b48c6 RE	174	goto err;
d02b48c6 RE	175	}
9d6b1ce6 DSH	176
	177	pkey->private_key->data = zz;
	178	/* Write out private key encoding */
d02b48c6 RE	179	i2d_RSAPrivateKey(a,&zz);
d02b48c6 RE	180
9d6b1ce6 DSH	181	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
9d6b1ce6 DSH	182	{
fbeaa3c4	183	ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
9d6b1ce6 DSH	184	goto err;
	185	}
	186
	187	if (!ASN1_STRING_set(enckey->os, "private-key", -1))
d02b48c6	188	{
fbeaa3c4	189	ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
d02b48c6 RE	190	goto err;
d02b48c6 RE	191	}
9d6b1ce6	192	enckey->enckey->digest->data = zz;
d02b48c6	193	i2d_NETSCAPE_PKEY(pkey,&zz);
9d6b1ce6 DSH	194
9d6b1ce6 DSH	195	/* Wipe the private key encoding */
4579924b	196	OPENSSL_cleanse(pkey->private_key->data, rsalen);
d02b48c6 RE	197
	198	if (cb == NULL)
	199	cb=EVP_read_pw_string;
254cfe87	200	i=cb((char *)buf,256,"Enter Private Key password:",1);
d02b48c6 RE	201	if (i != 0)
d02b48c6 RE	202	{
fbeaa3c4	203	ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
d02b48c6 RE	204	goto err;
d02b48c6 RE	205	}
d3ed8ceb DSH	206	i = strlen((char *)buf);
d3ed8ceb DSH	207	/* If the key is used for SGC the algorithm is modified a little. */
9d6b1ce6	208	if(sgckey) {
20d2186c	209	EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
d3ed8ceb DSH	210	memcpy(buf + 16, "SGCKEYSALT", 10);
	211	i = 26;
	212	}
88ce56f8	213
d3ed8ceb	214	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
4579924b	215	OPENSSL_cleanse(buf,256);
58964a49	216
9d6b1ce6 DSH	217	/* Encrypt private key in place */
9d6b1ce6 DSH	218	zz = enckey->enckey->digest->data;
58964a49	219	EVP_CIPHER_CTX_init(&ctx);
581f1c84	220	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
9d6b1ce6	221	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
581f1c84	222	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
d02b48c6 RE	223	EVP_CIPHER_CTX_cleanup(&ctx);
d02b48c6 RE	224
9d6b1ce6	225	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
d02b48c6	226	err:
9d6b1ce6 DSH	227	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
9d6b1ce6 DSH	228	NETSCAPE_PKEY_free(pkey);
d02b48c6 RE	229	return(ret);
	230	}
	231
d3ed8ceb	232
41a15c4f BL	233	RSA d2i_Netscape_RSA(RSA a, const unsigned char *pp, long length,
	234	int (cb)(char buf, int len, const char *prompt,
	235	int verify))
d3ed8ceb DSH	236	{
	237	return d2i_RSA_NET(a, pp, length, cb, 0);
	238	}
	239
41a15c4f BL	240	RSA d2i_RSA_NET(RSA a, const unsigned char *pp, long length,
	241	int (cb)(char buf, int len, const char *prompt, int verify),
	242	int sgckey)
d02b48c6 RE	243	{
d02b48c6 RE	244	RSA *ret=NULL;
9d6b1ce6 DSH	245	const unsigned char p, kp;
9d6b1ce6 DSH	246	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
d02b48c6	247
9d6b1ce6 DSH	248	p = *pp;
	249
	250	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
	251	if(!enckey) {
fbeaa3c4	252	ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
9d6b1ce6 DSH	253	return NULL;
9d6b1ce6 DSH	254	}
d02b48c6	255
9d6b1ce6 DSH	256	if ((enckey->os->length != 11) \|\| (strncmp("private-key",
9d6b1ce6 DSH	257	(char *)enckey->os->data,11) != 0))
d02b48c6	258	{
fbeaa3c4	259	ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
9d6b1ce6 DSH	260	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
9d6b1ce6 DSH	261	return NULL;
d02b48c6	262	}
9d6b1ce6 DSH	263	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
9d6b1ce6 DSH	264	{
fbeaa3c4	265	ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
9d6b1ce6	266	goto err;
d02b48c6	267	}
9d6b1ce6 DSH	268	kp = enckey->enckey->digest->data;
	269	if (cb == NULL)
	270	cb=EVP_read_pw_string;
	271	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
d02b48c6	272
9d6b1ce6 DSH	273	*pp = p;
	274
	275	err:
	276	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
	277	return ret;
	278
	279	}
d3ed8ceb	280
9d6b1ce6	281	static RSA d2i_RSA_NET_2(RSA a, ASN1_OCTET_STRING os,
41a15c4f BL	282	int (cb)(char buf, int len, const char *prompt,
41a15c4f BL	283	int verify), int sgckey)
d02b48c6 RE	284	{
	285	NETSCAPE_PKEY *pkey=NULL;
	286	RSA *ret=NULL;
	287	int i,j;
9d6b1ce6 DSH	288	unsigned char buf[256];
9d6b1ce6 DSH	289	const unsigned char *zz;
d02b48c6 RE	290	unsigned char key[EVP_MAX_KEY_LENGTH];
d02b48c6 RE	291	EVP_CIPHER_CTX ctx;
d02b48c6	292
254cfe87	293	i=cb((char *)buf,256,"Enter Private Key password:",0);
d02b48c6 RE	294	if (i != 0)
d02b48c6 RE	295	{
fbeaa3c4	296	ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
d02b48c6 RE	297	goto err;
	298	}
	299
d3ed8ceb DSH	300	i = strlen((char *)buf);
d3ed8ceb DSH	301	if(sgckey){
20d2186c	302	EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
d3ed8ceb DSH	303	memcpy(buf + 16, "SGCKEYSALT", 10);
	304	i = 26;
	305	}
	306
	307	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
4579924b	308	OPENSSL_cleanse(buf,256);
58964a49 RE	309
58964a49 RE	310	EVP_CIPHER_CTX_init(&ctx);
581f1c84	311	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
d02b48c6	312	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
581f1c84	313	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
d02b48c6 RE	314	EVP_CIPHER_CTX_cleanup(&ctx);
	315	os->length=i+j;
	316
	317	zz=os->data;
	318
	319	if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
	320	{
fbeaa3c4	321	ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
d02b48c6 RE	322	goto err;
	323	}
	324
	325	zz=pkey->private_key->data;
9d6b1ce6	326	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
d02b48c6	327	{
fbeaa3c4	328	ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
d02b48c6 RE	329	goto err;
d02b48c6 RE	330	}
d02b48c6	331	err:
9d6b1ce6	332	NETSCAPE_PKEY_free(pkey);
d02b48c6	333	return(ret);
d02b48c6 RE	334	}
d02b48c6 RE	335
cf1b7d96	336	#endif /* OPENSSL_NO_RC4 */
752d706a	337
cf1b7d96	338	#else /* !OPENSSL_NO_RSA */
752d706a BL	339
	340	# if PEDANTIC
	341	static void *dummy=&dummy;
	342	# endif
	343
f5d7a031	344	#endif