Absolute File Name: | /home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/asn1/n_pkey.c |
Source code | Switch to Preprocessed file |
Line | Source | Count | ||||||
---|---|---|---|---|---|---|---|---|
1 | /* $OpenBSD: n_pkey.c,v 1.32 2018/08/05 13:35:45 bcook Exp $ */ | - | ||||||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | - | ||||||
3 | * All rights reserved. | - | ||||||
4 | * | - | ||||||
5 | * This package is an SSL implementation written | - | ||||||
6 | * by Eric Young (eay@cryptsoft.com). | - | ||||||
7 | * The implementation was written so as to conform with Netscapes SSL. | - | ||||||
8 | * | - | ||||||
9 | * This library is free for commercial and non-commercial use as long as | - | ||||||
10 | * the following conditions are aheared to. The following conditions | - | ||||||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | - | ||||||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | - | ||||||
13 | * included with this distribution is covered by the same copyright terms | - | ||||||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | - | ||||||
15 | * | - | ||||||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | - | ||||||
17 | * the code are not to be removed. | - | ||||||
18 | * If this package is used in a product, Eric Young should be given attribution | - | ||||||
19 | * as the author of the parts of the library used. | - | ||||||
20 | * This can be in the form of a textual message at program startup or | - | ||||||
21 | * in documentation (online or textual) provided with the package. | - | ||||||
22 | * | - | ||||||
23 | * Redistribution and use in source and binary forms, with or without | - | ||||||
24 | * modification, are permitted provided that the following conditions | - | ||||||
25 | * are met: | - | ||||||
26 | * 1. Redistributions of source code must retain the copyright | - | ||||||
27 | * notice, this list of conditions and the following disclaimer. | - | ||||||
28 | * 2. Redistributions in binary form must reproduce the above copyright | - | ||||||
29 | * notice, this list of conditions and the following disclaimer in the | - | ||||||
30 | * documentation and/or other materials provided with the distribution. | - | ||||||
31 | * 3. All advertising materials mentioning features or use of this software | - | ||||||
32 | * must display the following acknowledgement: | - | ||||||
33 | * "This product includes cryptographic software written by | - | ||||||
34 | * Eric Young (eay@cryptsoft.com)" | - | ||||||
35 | * The word 'cryptographic' can be left out if the rouines from the library | - | ||||||
36 | * being used are not cryptographic related :-). | - | ||||||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | - | ||||||
38 | * the apps directory (application code) you must include an acknowledgement: | - | ||||||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | - | ||||||
40 | * | - | ||||||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | - | ||||||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | - | ||||||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | - | ||||||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | - | ||||||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | - | ||||||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | - | ||||||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | - | ||||||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | - | ||||||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | - | ||||||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | - | ||||||
51 | * SUCH DAMAGE. | - | ||||||
52 | * | - | ||||||
53 | * The licence and distribution terms for any publically available version or | - | ||||||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | - | ||||||
55 | * copied and put under another distribution licence | - | ||||||
56 | * [including the GNU Public Licence.] | - | ||||||
57 | */ | - | ||||||
58 | - | |||||||
59 | #include <stdio.h> | - | ||||||
60 | #include <string.h> | - | ||||||
61 | - | |||||||
62 | #include <openssl/opensslconf.h> | - | ||||||
63 | - | |||||||
64 | #ifndef OPENSSL_NO_RSA | - | ||||||
65 | #include <openssl/asn1t.h> | - | ||||||
66 | #include <openssl/err.h> | - | ||||||
67 | #include <openssl/evp.h> | - | ||||||
68 | #include <openssl/objects.h> | - | ||||||
69 | #include <openssl/rsa.h> | - | ||||||
70 | #include <openssl/x509.h> | - | ||||||
71 | - | |||||||
72 | #ifndef OPENSSL_NO_RC4 | - | ||||||
73 | - | |||||||
74 | typedef struct netscape_pkey_st { | - | ||||||
75 | long version; | - | ||||||
76 | X509_ALGOR *algor; | - | ||||||
77 | ASN1_OCTET_STRING *private_key; | - | ||||||
78 | } NETSCAPE_PKEY; | - | ||||||
79 | - | |||||||
80 | typedef struct netscape_encrypted_pkey_st { | - | ||||||
81 | ASN1_OCTET_STRING *os; | - | ||||||
82 | /* This is the same structure as DigestInfo so use it: | - | ||||||
83 | * although this isn't really anything to do with | - | ||||||
84 | * digests. | - | ||||||
85 | */ | - | ||||||
86 | X509_SIG *enckey; | - | ||||||
87 | } NETSCAPE_ENCRYPTED_PKEY; | - | ||||||
88 | - | |||||||
89 | - | |||||||
90 | static const ASN1_AUX NETSCAPE_ENCRYPTED_PKEY_aux = { | - | ||||||
91 | .flags = ASN1_AFLG_BROKEN, | - | ||||||
92 | }; | - | ||||||
93 | static const ASN1_TEMPLATE NETSCAPE_ENCRYPTED_PKEY_seq_tt[] = { | - | ||||||
94 | { | - | ||||||
95 | .offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, os), | - | ||||||
96 | .field_name = "os", | - | ||||||
97 | .item = &ASN1_OCTET_STRING_it, | - | ||||||
98 | }, | - | ||||||
99 | { | - | ||||||
100 | .offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, enckey), | - | ||||||
101 | .field_name = "enckey", | - | ||||||
102 | .item = &X509_SIG_it, | - | ||||||
103 | }, | - | ||||||
104 | }; | - | ||||||
105 | - | |||||||
106 | const ASN1_ITEM NETSCAPE_ENCRYPTED_PKEY_it = { | - | ||||||
107 | .itype = ASN1_ITYPE_SEQUENCE, | - | ||||||
108 | .utype = V_ASN1_SEQUENCE, | - | ||||||
109 | .templates = NETSCAPE_ENCRYPTED_PKEY_seq_tt, | - | ||||||
110 | .tcount = sizeof(NETSCAPE_ENCRYPTED_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE), | - | ||||||
111 | .funcs = &NETSCAPE_ENCRYPTED_PKEY_aux, | - | ||||||
112 | .size = sizeof(NETSCAPE_ENCRYPTED_PKEY), | - | ||||||
113 | .sname = "NETSCAPE_ENCRYPTED_PKEY", | - | ||||||
114 | }; | - | ||||||
115 | - | |||||||
116 | NETSCAPE_ENCRYPTED_PKEY *NETSCAPE_ENCRYPTED_PKEY_new(void); | - | ||||||
117 | void NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a); | - | ||||||
118 | NETSCAPE_ENCRYPTED_PKEY *d2i_NETSCAPE_ENCRYPTED_PKEY(NETSCAPE_ENCRYPTED_PKEY **a, const unsigned char **in, long len); | - | ||||||
119 | int i2d_NETSCAPE_ENCRYPTED_PKEY(const NETSCAPE_ENCRYPTED_PKEY *a, unsigned char **out); | - | ||||||
120 | - | |||||||
121 | NETSCAPE_ENCRYPTED_PKEY * | - | ||||||
122 | d2i_NETSCAPE_ENCRYPTED_PKEY(NETSCAPE_ENCRYPTED_PKEY **a, const unsigned char **in, long len) | - | ||||||
123 | { | - | ||||||
124 | return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, never executed: return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &NETSCAPE_ENCRYPTED_PKEY_it); | 0 | ||||||
125 | &NETSCAPE_ENCRYPTED_PKEY_it); never executed: return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &NETSCAPE_ENCRYPTED_PKEY_it); | 0 | ||||||
126 | } | - | ||||||
127 | - | |||||||
128 | int | - | ||||||
129 | i2d_NETSCAPE_ENCRYPTED_PKEY(const NETSCAPE_ENCRYPTED_PKEY *a, unsigned char **out) | - | ||||||
130 | { | - | ||||||
131 | return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_ENCRYPTED_PKEY_it); never executed: return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_ENCRYPTED_PKEY_it); | 0 | ||||||
132 | } | - | ||||||
133 | - | |||||||
134 | NETSCAPE_ENCRYPTED_PKEY * | - | ||||||
135 | NETSCAPE_ENCRYPTED_PKEY_new(void) | - | ||||||
136 | { | - | ||||||
137 | return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_new(&NETSCAPE_ENCRYPTED_PKEY_it); never executed: return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_new(&NETSCAPE_ENCRYPTED_PKEY_it); | 0 | ||||||
138 | } | - | ||||||
139 | - | |||||||
140 | void | - | ||||||
141 | NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a) | - | ||||||
142 | { | - | ||||||
143 | ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_ENCRYPTED_PKEY_it); | - | ||||||
144 | } never executed: end of block | 0 | ||||||
145 | - | |||||||
146 | static const ASN1_TEMPLATE NETSCAPE_PKEY_seq_tt[] = { | - | ||||||
147 | { | - | ||||||
148 | .offset = offsetof(NETSCAPE_PKEY, version), | - | ||||||
149 | .field_name = "version", | - | ||||||
150 | .item = &LONG_it, | - | ||||||
151 | }, | - | ||||||
152 | { | - | ||||||
153 | .offset = offsetof(NETSCAPE_PKEY, algor), | - | ||||||
154 | .field_name = "algor", | - | ||||||
155 | .item = &X509_ALGOR_it, | - | ||||||
156 | }, | - | ||||||
157 | { | - | ||||||
158 | .offset = offsetof(NETSCAPE_PKEY, private_key), | - | ||||||
159 | .field_name = "private_key", | - | ||||||
160 | .item = &ASN1_OCTET_STRING_it, | - | ||||||
161 | }, | - | ||||||
162 | }; | - | ||||||
163 | - | |||||||
164 | const ASN1_ITEM NETSCAPE_PKEY_it = { | - | ||||||
165 | .itype = ASN1_ITYPE_SEQUENCE, | - | ||||||
166 | .utype = V_ASN1_SEQUENCE, | - | ||||||
167 | .templates = NETSCAPE_PKEY_seq_tt, | - | ||||||
168 | .tcount = sizeof(NETSCAPE_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE), | - | ||||||
169 | .size = sizeof(NETSCAPE_PKEY), | - | ||||||
170 | .sname = "NETSCAPE_PKEY", | - | ||||||
171 | }; | - | ||||||
172 | - | |||||||
173 | NETSCAPE_PKEY *NETSCAPE_PKEY_new(void); | - | ||||||
174 | void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a); | - | ||||||
175 | NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, const unsigned char **in, long len); | - | ||||||
176 | int i2d_NETSCAPE_PKEY(const NETSCAPE_PKEY *a, unsigned char **out); | - | ||||||
177 | - | |||||||
178 | NETSCAPE_PKEY * | - | ||||||
179 | d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, const unsigned char **in, long len) | - | ||||||
180 | { | - | ||||||
181 | return (NETSCAPE_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, never executed: return (NETSCAPE_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &NETSCAPE_PKEY_it); | 0 | ||||||
182 | &NETSCAPE_PKEY_it); never executed: return (NETSCAPE_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, &NETSCAPE_PKEY_it); | 0 | ||||||
183 | } | - | ||||||
184 | - | |||||||
185 | int | - | ||||||
186 | i2d_NETSCAPE_PKEY(const NETSCAPE_PKEY *a, unsigned char **out) | - | ||||||
187 | { | - | ||||||
188 | return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_PKEY_it); never executed: return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_PKEY_it); | 0 | ||||||
189 | } | - | ||||||
190 | - | |||||||
191 | NETSCAPE_PKEY * | - | ||||||
192 | NETSCAPE_PKEY_new(void) | - | ||||||
193 | { | - | ||||||
194 | return (NETSCAPE_PKEY *)ASN1_item_new(&NETSCAPE_PKEY_it); never executed: return (NETSCAPE_PKEY *)ASN1_item_new(&NETSCAPE_PKEY_it); | 0 | ||||||
195 | } | - | ||||||
196 | - | |||||||
197 | void | - | ||||||
198 | NETSCAPE_PKEY_free(NETSCAPE_PKEY *a) | - | ||||||
199 | { | - | ||||||
200 | ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_PKEY_it); | - | ||||||
201 | } never executed: end of block | 0 | ||||||
202 | - | |||||||
203 | static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | - | ||||||
204 | int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); | - | ||||||
205 | - | |||||||
206 | int | - | ||||||
207 | i2d_Netscape_RSA(const RSA *a, unsigned char **pp, | - | ||||||
208 | int (*cb)(char *buf, int len, const char *prompt, int verify)) | - | ||||||
209 | { | - | ||||||
210 | return i2d_RSA_NET(a, pp, cb, 0); never executed: return i2d_RSA_NET(a, pp, cb, 0); | 0 | ||||||
211 | } | - | ||||||
212 | - | |||||||
213 | int | - | ||||||
214 | i2d_RSA_NET(const RSA *a, unsigned char **pp, | - | ||||||
215 | int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey) | - | ||||||
216 | { | - | ||||||
217 | int i, j, ret = 0; | - | ||||||
218 | int rsalen, pkeylen, olen; | - | ||||||
219 | NETSCAPE_PKEY *pkey = NULL; | - | ||||||
220 | NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; | - | ||||||
221 | unsigned char buf[256], *zz; | - | ||||||
222 | unsigned char key[EVP_MAX_KEY_LENGTH]; | - | ||||||
223 | EVP_CIPHER_CTX ctx; | - | ||||||
224 | EVP_CIPHER_CTX_init(&ctx); | - | ||||||
225 | - | |||||||
226 | if (a == NULL)
| 0 | ||||||
227 | return (0); never executed: return (0); | 0 | ||||||
228 | - | |||||||
229 | if ((pkey = NETSCAPE_PKEY_new()) == NULL)
| 0 | ||||||
230 | goto err; never executed: goto err; | 0 | ||||||
231 | if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
| 0 | ||||||
232 | goto err; never executed: goto err; | 0 | ||||||
233 | pkey->version = 0; | - | ||||||
234 | - | |||||||
235 | pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); | - | ||||||
236 | if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
| 0 | ||||||
237 | goto err; never executed: goto err; | 0 | ||||||
238 | pkey->algor->parameter->type = V_ASN1_NULL; | - | ||||||
239 | - | |||||||
240 | rsalen = i2d_RSAPrivateKey(a, NULL); | - | ||||||
241 | - | |||||||
242 | /* Fake some octet strings just for the initial length | - | ||||||
243 | * calculation. | - | ||||||
244 | */ | - | ||||||
245 | pkey->private_key->length = rsalen; | - | ||||||
246 | pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); | - | ||||||
247 | enckey->enckey->digest->length = pkeylen; | - | ||||||
248 | enckey->os->length = 11; /* "private-key" */ | - | ||||||
249 | enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); | - | ||||||
250 | if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
| 0 | ||||||
251 | goto err; never executed: goto err; | 0 | ||||||
252 | enckey->enckey->algor->parameter->type = V_ASN1_NULL; | - | ||||||
253 | - | |||||||
254 | if (pp == NULL) {
| 0 | ||||||
255 | olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); | - | ||||||
256 | NETSCAPE_PKEY_free(pkey); | - | ||||||
257 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); | - | ||||||
258 | return olen; never executed: return olen; | 0 | ||||||
259 | } | - | ||||||
260 | - | |||||||
261 | /* Since its RC4 encrypted length is actual length */ | - | ||||||
262 | if ((zz = malloc(rsalen)) == NULL) {
| 0 | ||||||
263 | ASN1error(ERR_R_MALLOC_FAILURE); | - | ||||||
264 | goto err; never executed: goto err; | 0 | ||||||
265 | } | - | ||||||
266 | - | |||||||
267 | pkey->private_key->data = zz; | - | ||||||
268 | /* Write out private key encoding */ | - | ||||||
269 | i2d_RSAPrivateKey(a, &zz); | - | ||||||
270 | - | |||||||
271 | if ((zz = malloc(pkeylen)) == NULL) {
| 0 | ||||||
272 | ASN1error(ERR_R_MALLOC_FAILURE); | - | ||||||
273 | goto err; never executed: goto err; | 0 | ||||||
274 | } | - | ||||||
275 | - | |||||||
276 | enckey->enckey->digest->data = zz; | - | ||||||
277 | if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
| 0 | ||||||
278 | ASN1error(ERR_R_MALLOC_FAILURE); | - | ||||||
279 | goto err; never executed: goto err; | 0 | ||||||
280 | } | - | ||||||
281 | i2d_NETSCAPE_PKEY(pkey, &zz); | - | ||||||
282 | - | |||||||
283 | /* Wipe the private key encoding */ | - | ||||||
284 | explicit_bzero(pkey->private_key->data, rsalen); | - | ||||||
285 | - | |||||||
286 | if (cb == NULL)
| 0 | ||||||
287 | cb = EVP_read_pw_string; never executed: cb = EVP_read_pw_string; | 0 | ||||||
288 | i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1); | - | ||||||
289 | if (i != 0) {
| 0 | ||||||
290 | ASN1error(ASN1_R_BAD_PASSWORD_READ); | - | ||||||
291 | goto err; never executed: goto err; | 0 | ||||||
292 | } | - | ||||||
293 | i = strlen((char *)buf); | - | ||||||
294 | /* If the key is used for SGC the algorithm is modified a little. */ | - | ||||||
295 | if (sgckey) {
| 0 | ||||||
296 | if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
| 0 | ||||||
297 | goto err; never executed: goto err; | 0 | ||||||
298 | memcpy(buf + 16, "SGCKEYSALT", 10); | - | ||||||
299 | i = 26; | - | ||||||
300 | } never executed: end of block | 0 | ||||||
301 | - | |||||||
302 | if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
| 0 | ||||||
303 | goto err; never executed: goto err; | 0 | ||||||
304 | explicit_bzero(buf, sizeof(buf)); | - | ||||||
305 | - | |||||||
306 | /* Encrypt private key in place */ | - | ||||||
307 | zz = enckey->enckey->digest->data; | - | ||||||
308 | if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
| 0 | ||||||
309 | goto err; never executed: goto err; | 0 | ||||||
310 | if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
| 0 | ||||||
311 | goto err; never executed: goto err; | 0 | ||||||
312 | if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
| 0 | ||||||
313 | goto err; never executed: goto err; | 0 | ||||||
314 | - | |||||||
315 | ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); | - | ||||||
316 | err: code before this statement never executed: err: | 0 | ||||||
317 | EVP_CIPHER_CTX_cleanup(&ctx); | - | ||||||
318 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); | - | ||||||
319 | NETSCAPE_PKEY_free(pkey); | - | ||||||
320 | return (ret); never executed: return (ret); | 0 | ||||||
321 | } | - | ||||||
322 | - | |||||||
323 | - | |||||||
324 | RSA * | - | ||||||
325 | d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, | - | ||||||
326 | int (*cb)(char *buf, int len, const char *prompt, int verify)) | - | ||||||
327 | { | - | ||||||
328 | return d2i_RSA_NET(a, pp, length, cb, 0); never executed: return d2i_RSA_NET(a, pp, length, cb, 0); | 0 | ||||||
329 | } | - | ||||||
330 | - | |||||||
331 | RSA * | - | ||||||
332 | d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, | - | ||||||
333 | int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey) | - | ||||||
334 | { | - | ||||||
335 | RSA *ret = NULL; | - | ||||||
336 | const unsigned char *p; | - | ||||||
337 | NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; | - | ||||||
338 | - | |||||||
339 | p = *pp; | - | ||||||
340 | - | |||||||
341 | enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); | - | ||||||
342 | if (!enckey) {
| 0 | ||||||
343 | ASN1error(ASN1_R_DECODING_ERROR); | - | ||||||
344 | return NULL; never executed: return ((void *)0) ; | 0 | ||||||
345 | } | - | ||||||
346 | - | |||||||
347 | /* XXX 11 == strlen("private-key") */ | - | ||||||
348 | if (enckey->os->length != 11 ||
| 0 | ||||||
349 | memcmp("private-key", enckey->os->data, 11) != 0) {
| 0 | ||||||
350 | ASN1error(ASN1_R_PRIVATE_KEY_HEADER_MISSING); | - | ||||||
351 | goto err; never executed: goto err; | 0 | ||||||
352 | } | - | ||||||
353 | if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
| 0 | ||||||
354 | ASN1error(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); | - | ||||||
355 | goto err; never executed: goto err; | 0 | ||||||
356 | } | - | ||||||
357 | if (cb == NULL)
| 0 | ||||||
358 | cb = EVP_read_pw_string; never executed: cb = EVP_read_pw_string; | 0 | ||||||
359 | if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
| 0 | ||||||
360 | sgckey)) == NULL)
| 0 | ||||||
361 | goto err; never executed: goto err; | 0 | ||||||
362 | - | |||||||
363 | *pp = p; | - | ||||||
364 | - | |||||||
365 | err: code before this statement never executed: err: | 0 | ||||||
366 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); | - | ||||||
367 | return ret; never executed: return ret; | 0 | ||||||
368 | - | |||||||
369 | } | - | ||||||
370 | - | |||||||
371 | static RSA * | - | ||||||
372 | d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | - | ||||||
373 | int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey) | - | ||||||
374 | { | - | ||||||
375 | NETSCAPE_PKEY *pkey = NULL; | - | ||||||
376 | RSA *ret = NULL; | - | ||||||
377 | int i, j; | - | ||||||
378 | unsigned char buf[256]; | - | ||||||
379 | const unsigned char *zz; | - | ||||||
380 | unsigned char key[EVP_MAX_KEY_LENGTH]; | - | ||||||
381 | EVP_CIPHER_CTX ctx; | - | ||||||
382 | EVP_CIPHER_CTX_init(&ctx); | - | ||||||
383 | - | |||||||
384 | i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0); | - | ||||||
385 | if (i != 0) {
| 0 | ||||||
386 | ASN1error(ASN1_R_BAD_PASSWORD_READ); | - | ||||||
387 | goto err; never executed: goto err; | 0 | ||||||
388 | } | - | ||||||
389 | - | |||||||
390 | i = strlen((char *)buf); | - | ||||||
391 | if (sgckey){
| 0 | ||||||
392 | if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
| 0 | ||||||
393 | goto err; never executed: goto err; | 0 | ||||||
394 | memcpy(buf + 16, "SGCKEYSALT", 10); | - | ||||||
395 | i = 26; | - | ||||||
396 | } never executed: end of block | 0 | ||||||
397 | - | |||||||
398 | if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
| 0 | ||||||
399 | goto err; never executed: goto err; | 0 | ||||||
400 | explicit_bzero(buf, sizeof(buf)); | - | ||||||
401 | - | |||||||
402 | if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
| 0 | ||||||
403 | goto err; never executed: goto err; | 0 | ||||||
404 | if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
| 0 | ||||||
405 | goto err; never executed: goto err; | 0 | ||||||
406 | if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
| 0 | ||||||
407 | goto err; never executed: goto err; | 0 | ||||||
408 | os->length = i + j; | - | ||||||
409 | - | |||||||
410 | zz = os->data; | - | ||||||
411 | - | |||||||
412 | if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
| 0 | ||||||
413 | ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); | - | ||||||
414 | goto err; never executed: goto err; | 0 | ||||||
415 | } | - | ||||||
416 | - | |||||||
417 | zz = pkey->private_key->data; | - | ||||||
418 | if ((ret = d2i_RSAPrivateKey(a, &zz,
| 0 | ||||||
419 | pkey->private_key->length)) == NULL) {
| 0 | ||||||
420 | ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_KEY); | - | ||||||
421 | goto err; never executed: goto err; | 0 | ||||||
422 | } | - | ||||||
423 | - | |||||||
424 | err: code before this statement never executed: err: | 0 | ||||||
425 | EVP_CIPHER_CTX_cleanup(&ctx); | - | ||||||
426 | NETSCAPE_PKEY_free(pkey); | - | ||||||
427 | return (ret); never executed: return (ret); | 0 | ||||||
428 | } | - | ||||||
429 | - | |||||||
430 | #endif /* OPENSSL_NO_RC4 */ | - | ||||||
431 | - | |||||||
432 | #endif | - | ||||||
Source code | Switch to Preprocessed file |