X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fasn1%2Fn_pkey.c;h=267ce60110d58ced956b8b28bac443e3be8af72a;hp=c9d834966a54febacca501305321329dc7103810;hb=59b4da05b4072df79e85b5f8bbf4cf049431b9b6;hpb=cf1b7d96647d55e533f779e476e3d4371f40445a diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index c9d834966a..267ce60110 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -1,329 +1,62 @@ -/* crypto/asn1/n_pkey.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#ifndef OPENSSL_NO_RSA -#include -#include "cryptlib.h" -#include -#include -#include -#include -#include -#include - - -#ifndef OPENSSL_NO_RC4 - -typedef struct netscape_pkey_st - { - long version; - X509_ALGOR *algor; - ASN1_OCTET_STRING *private_key; - } NETSCAPE_PKEY; - -typedef struct netscape_encrypted_pkey_st - { - ASN1_OCTET_STRING *os; - /* This is the same structure as DigestInfo so use it: - * although this isn't really anything to do with - * digests. - */ - X509_SIG *enckey; - } NETSCAPE_ENCRYPTED_PKEY; +#include "openssl/opensslconf.h" +#ifdef OPENSSL_NO_RSA +NON_EMPTY_TRANSLATION_UNIT +#else + +# include "internal/cryptlib.h" +# include +# include +# include +# include +# include +# include + +# ifndef OPENSSL_NO_RC4 + +typedef struct netscape_pkey_st { + long version; + X509_ALGOR *algor; + ASN1_OCTET_STRING *private_key; +} NETSCAPE_PKEY; + +typedef struct netscape_encrypted_pkey_st { + ASN1_OCTET_STRING *os; + /* + * This is the same structure as DigestInfo so use it: although this + * isn't really anything to do with digests. + */ + X509_SIG *enckey; +} NETSCAPE_ENCRYPTED_PKEY; ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) -} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY); + ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), + ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) +} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) +DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY) IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) ASN1_SEQUENCE(NETSCAPE_PKEY) = { - ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), - ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(NETSCAPE_PKEY); + ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), + ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), + ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) +} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) +DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) +DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb)(), int sgckey); - -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()) -{ - return i2d_RSA_NET(a, pp, cb, 0); -} - -int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) - { - int i, j, ret = 0; - int rsalen, pkeylen, olen; - NETSCAPE_PKEY *pkey = NULL; - NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - unsigned char buf[256],*zz; - unsigned char key[EVP_MAX_KEY_LENGTH]; - EVP_CIPHER_CTX ctx; - - if (a == NULL) return(0); - - if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err; - if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err; - pkey->version = 0; - - pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption); - if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; - pkey->algor->parameter->type=V_ASN1_NULL; - - rsalen = i2d_RSAPrivateKey(a, NULL); - - /* Fake some octet strings just for the initial length - * calculation. - */ - - pkey->private_key->length=rsalen; - - pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL); - - enckey->enckey->digest->length = pkeylen; - - enckey->os->length = 11; /* "private-key" */ - - enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4); - if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; - enckey->enckey->algor->parameter->type=V_ASN1_NULL; - - if (pp == NULL) - { - olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); - NETSCAPE_PKEY_free(pkey); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return olen; - } - - - /* Since its RC4 encrypted length is actual length */ - if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL) - { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); - goto err; - } - - pkey->private_key->data = zz; - /* Write out private key encoding */ - i2d_RSAPrivateKey(a,&zz); - - if ((zz=OPENSSL_malloc(pkeylen)) == NULL) - { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!ASN1_STRING_set(enckey->os, "private-key", -1)) - { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); - goto err; - } - enckey->enckey->digest->data = zz; - i2d_NETSCAPE_PKEY(pkey,&zz); - - /* Wipe the private key encoding */ - memset(pkey->private_key->data, 0, rsalen); - - if (cb == NULL) - cb=EVP_read_pw_string; - i=cb(buf,256,"Enter Private Key password:",1); - if (i != 0) - { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ); - goto err; - } - i = strlen((char *)buf); - /* If the key is used for SGC the algorithm is modified a little. */ - if(sgckey) { - EVP_Digest(buf, i, buf, NULL, EVP_md5()); - memcpy(buf + 16, "SGCKEYSALT", 10); - i = 26; - } - - EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); - - /* Encrypt private key in place */ - zz = enckey->enckey->digest->data; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL); - EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen); - EVP_EncryptFinal(&ctx,zz + i,&j); - EVP_CIPHER_CTX_cleanup(&ctx); - - ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); -err: - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - NETSCAPE_PKEY_free(pkey); - return(ret); - } - - -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()) -{ - return d2i_RSA_NET(a, pp, length, cb, 0); -} - -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey) - { - RSA *ret=NULL; - const unsigned char *p, *kp; - NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - - p = *pp; - - enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); - if(!enckey) { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR); - return NULL; - } - - if ((enckey->os->length != 11) || (strncmp("private-key", - (char *)enckey->os->data,11) != 0)) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return NULL; - } - if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); - goto err; - } - kp = enckey->enckey->digest->data; - if (cb == NULL) - cb=EVP_read_pw_string; - if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; - - *pp = p; - - err: - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return ret; - - } - -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb)(), int sgckey) - { - NETSCAPE_PKEY *pkey=NULL; - RSA *ret=NULL; - int i,j; - unsigned char buf[256]; - const unsigned char *zz; - unsigned char key[EVP_MAX_KEY_LENGTH]; - EVP_CIPHER_CTX ctx; - - i=cb(buf,256,"Enter Private Key password:",0); - if (i != 0) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ); - goto err; - } - - i = strlen((char *)buf); - if(sgckey){ - EVP_Digest(buf, i, buf, NULL, EVP_md5()); - memcpy(buf + 16, "SGCKEYSALT", 10); - i = 26; - } - - EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); - - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL); - EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); - EVP_DecryptFinal(&ctx,&(os->data[i]),&j); - EVP_CIPHER_CTX_cleanup(&ctx); - os->length=i+j; - - zz=os->data; - - if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); - goto err; - } - - zz=pkey->private_key->data; - if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); - goto err; - } -err: - NETSCAPE_PKEY_free(pkey); - return(ret); - } - -#endif /* OPENSSL_NO_RC4 */ - -#else /* !OPENSSL_NO_RSA */ - -# if PEDANTIC -static void *dummy=&dummy; -# endif +# endif /* OPENSSL_NO_RC4 */ #endif