projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix typo, add prototype
[oweals/openssl.git]
/
crypto
/
asn1
/
n_pkey.c
diff --git
a/crypto/asn1/n_pkey.c
b/crypto/asn1/n_pkey.c
index 9146ee02c966191e8aab9244661609cdc3a66c09..60bc437938cfec3d07c692d48064cebc0864acc7 100644
(file)
--- a/
crypto/asn1/n_pkey.c
+++ b/
crypto/asn1/n_pkey.c
@@
-56,9
+56,9
@@
* [including the GNU Public Licence.]
*/
* [including the GNU Public Licence.]
*/
-#ifndef OPENSSL_NO_RSA
#include <stdio.h>
#include "cryptlib.h"
#include <stdio.h>
#include "cryptlib.h"
+#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/asn1t.h>
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/asn1t.h>
@@
-107,14
+107,20
@@
DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
- int (*cb)(), int sgckey);
+ int (*cb)(char *buf, int len, const char *prompt,
+ int verify),
+ int sgckey);
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+ int (*cb)(char *buf, int len, const char *prompt,
+ int verify))
{
return i2d_RSA_NET(a, pp, cb, 0);
}
{
return i2d_RSA_NET(a, pp, cb, 0);
}
-int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
+int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+ int (*cb)(char *buf, int len, const char *prompt, int verify),
+ int sgckey)
{
int i, j, ret = 0;
int rsalen, pkeylen, olen;
{
int i, j, ret = 0;
int rsalen, pkeylen, olen;
@@
-164,7
+170,7
@@
int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
/* Since its RC4 encrypted length is actual length */
if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
{
/* Since its RC4 encrypted length is actual length */
if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
{
- ASN1err(ASN1_F_I2D_
NETSCAPE_RSA
,ERR_R_MALLOC_FAILURE);
+ ASN1err(ASN1_F_I2D_
RSA_NET
,ERR_R_MALLOC_FAILURE);
goto err;
}
goto err;
}
@@
-174,27
+180,27
@@
int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
{
if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
{
- ASN1err(ASN1_F_I2D_
NETSCAPE_RSA
,ERR_R_MALLOC_FAILURE);
+ ASN1err(ASN1_F_I2D_
RSA_NET
,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_STRING_set(enckey->os, "private-key", -1))
{
goto err;
}
if (!ASN1_STRING_set(enckey->os, "private-key", -1))
{
- ASN1err(ASN1_F_I2D_
NETSCAPE_RSA
,ERR_R_MALLOC_FAILURE);
+ ASN1err(ASN1_F_I2D_
RSA_NET
,ERR_R_MALLOC_FAILURE);
goto err;
}
enckey->enckey->digest->data = zz;
i2d_NETSCAPE_PKEY(pkey,&zz);
/* Wipe the private key encoding */
goto err;
}
enckey->enckey->digest->data = zz;
i2d_NETSCAPE_PKEY(pkey,&zz);
/* Wipe the private key encoding */
-
memset(pkey->private_key->data, 0
, rsalen);
+
OPENSSL_cleanse(pkey->private_key->data
, rsalen);
if (cb == NULL)
cb=EVP_read_pw_string;
if (cb == NULL)
cb=EVP_read_pw_string;
- i=cb(buf,256,"Enter Private Key password:",1);
+ i=cb(
(char *)
buf,256,"Enter Private Key password:",1);
if (i != 0)
{
if (i != 0)
{
- ASN1err(ASN1_F_I2D_
NETSCAPE_RSA
,ASN1_R_BAD_PASSWORD_READ);
+ ASN1err(ASN1_F_I2D_
RSA_NET
,ASN1_R_BAD_PASSWORD_READ);
goto err;
}
i = strlen((char *)buf);
goto err;
}
i = strlen((char *)buf);
@@
-206,7
+212,7
@@
int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-
memset(buf,0
,256);
+
OPENSSL_cleanse(buf
,256);
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
/* Encrypt private key in place */
zz = enckey->enckey->digest->data;
@@
-224,12
+230,16
@@
err:
}
}
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+ int (*cb)(char *buf, int len, const char *prompt,
+ int verify))
{
return d2i_RSA_NET(a, pp, length, cb, 0);
}
{
return d2i_RSA_NET(a, pp, length, cb, 0);
}
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+ int (*cb)(char *buf, int len, const char *prompt, int verify),
+ int sgckey)
{
RSA *ret=NULL;
const unsigned char *p, *kp;
{
RSA *ret=NULL;
const unsigned char *p, *kp;
@@
-239,20
+249,20
@@
RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in
enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
if(!enckey) {
enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
if(!enckey) {
- ASN1err(ASN1_F_D2I_
NETSCAPE_RSA
,ASN1_R_DECODING_ERROR);
+ ASN1err(ASN1_F_D2I_
RSA_NET
,ASN1_R_DECODING_ERROR);
return NULL;
}
if ((enckey->os->length != 11) || (strncmp("private-key",
(char *)enckey->os->data,11) != 0))
{
return NULL;
}
if ((enckey->os->length != 11) || (strncmp("private-key",
(char *)enckey->os->data,11) != 0))
{
- ASN1err(ASN1_F_D2I_
NETSCAPE_RSA
,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+ ASN1err(ASN1_F_D2I_
RSA_NET
,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
NETSCAPE_ENCRYPTED_PKEY_free(enckey);
return NULL;
}
if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
{
NETSCAPE_ENCRYPTED_PKEY_free(enckey);
return NULL;
}
if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
{
- ASN1err(ASN1_F_D2I_
NETSCAPE_RSA_2
,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+ ASN1err(ASN1_F_D2I_
RSA_NET
,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
goto err;
}
kp = enckey->enckey->digest->data;
goto err;
}
kp = enckey->enckey->digest->data;
@@
-269,7
+279,8
@@
RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), in
}
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
}
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
- int (*cb)(), int sgckey)
+ int (*cb)(char *buf, int len, const char *prompt,
+ int verify), int sgckey)
{
NETSCAPE_PKEY *pkey=NULL;
RSA *ret=NULL;
{
NETSCAPE_PKEY *pkey=NULL;
RSA *ret=NULL;
@@
-279,10
+290,10
@@
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
unsigned char key[EVP_MAX_KEY_LENGTH];
EVP_CIPHER_CTX ctx;
unsigned char key[EVP_MAX_KEY_LENGTH];
EVP_CIPHER_CTX ctx;
- i=cb(buf,256,"Enter Private Key password:",0);
+ i=cb(
(char *)
buf,256,"Enter Private Key password:",0);
if (i != 0)
{
if (i != 0)
{
- ASN1err(ASN1_F_D2I_
NETSCAPE_RSA
_2,ASN1_R_BAD_PASSWORD_READ);
+ ASN1err(ASN1_F_D2I_
RSA_NET
_2,ASN1_R_BAD_PASSWORD_READ);
goto err;
}
goto err;
}
@@
-294,7
+305,7
@@
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
}
EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-
memset(buf,0
,256);
+
OPENSSL_cleanse(buf
,256);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
EVP_CIPHER_CTX_init(&ctx);
EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
@@
-307,14
+318,14
@@
static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
{
if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
{
- ASN1err(ASN1_F_D2I_
NETSCAPE_RSA
_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+ ASN1err(ASN1_F_D2I_
RSA_NET
_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
goto err;
}
zz=pkey->private_key->data;
if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
{
goto err;
}
zz=pkey->private_key->data;
if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
{
- ASN1err(ASN1_F_D2I_
NETSCAPE_RSA
_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+ ASN1err(ASN1_F_D2I_
RSA_NET
_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
goto err;
}
err:
goto err;
}
err: