10Sstevel@tonic-gate /* crypto/asn1/n_pkey.c */
20Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
30Sstevel@tonic-gate * All rights reserved.
40Sstevel@tonic-gate *
50Sstevel@tonic-gate * This package is an SSL implementation written
60Sstevel@tonic-gate * by Eric Young (eay@cryptsoft.com).
70Sstevel@tonic-gate * The implementation was written so as to conform with Netscapes SSL.
80Sstevel@tonic-gate *
90Sstevel@tonic-gate * This library is free for commercial and non-commercial use as long as
100Sstevel@tonic-gate * the following conditions are aheared to. The following conditions
110Sstevel@tonic-gate * apply to all code found in this distribution, be it the RC4, RSA,
120Sstevel@tonic-gate * lhash, DES, etc., code; not just the SSL code. The SSL documentation
130Sstevel@tonic-gate * included with this distribution is covered by the same copyright terms
140Sstevel@tonic-gate * except that the holder is Tim Hudson (tjh@cryptsoft.com).
150Sstevel@tonic-gate *
160Sstevel@tonic-gate * Copyright remains Eric Young's, and as such any Copyright notices in
170Sstevel@tonic-gate * the code are not to be removed.
180Sstevel@tonic-gate * If this package is used in a product, Eric Young should be given attribution
190Sstevel@tonic-gate * as the author of the parts of the library used.
200Sstevel@tonic-gate * This can be in the form of a textual message at program startup or
210Sstevel@tonic-gate * in documentation (online or textual) provided with the package.
220Sstevel@tonic-gate *
230Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
240Sstevel@tonic-gate * modification, are permitted provided that the following conditions
250Sstevel@tonic-gate * are met:
260Sstevel@tonic-gate * 1. Redistributions of source code must retain the copyright
270Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
280Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
290Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the
300Sstevel@tonic-gate * documentation and/or other materials provided with the distribution.
310Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software
320Sstevel@tonic-gate * must display the following acknowledgement:
330Sstevel@tonic-gate * "This product includes cryptographic software written by
340Sstevel@tonic-gate * Eric Young (eay@cryptsoft.com)"
350Sstevel@tonic-gate * The word 'cryptographic' can be left out if the rouines from the library
360Sstevel@tonic-gate * being used are not cryptographic related :-).
370Sstevel@tonic-gate * 4. If you include any Windows specific code (or a derivative thereof) from
380Sstevel@tonic-gate * the apps directory (application code) you must include an acknowledgement:
390Sstevel@tonic-gate * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
400Sstevel@tonic-gate *
410Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
420Sstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
430Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
440Sstevel@tonic-gate * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
450Sstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
460Sstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
470Sstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
480Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
490Sstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
500Sstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
510Sstevel@tonic-gate * SUCH DAMAGE.
520Sstevel@tonic-gate *
530Sstevel@tonic-gate * The licence and distribution terms for any publically available version or
540Sstevel@tonic-gate * derivative of this code cannot be changed. i.e. this code cannot simply be
550Sstevel@tonic-gate * copied and put under another distribution licence
560Sstevel@tonic-gate * [including the GNU Public Licence.]
570Sstevel@tonic-gate */
580Sstevel@tonic-gate
590Sstevel@tonic-gate #include <stdio.h>
600Sstevel@tonic-gate #include "cryptlib.h"
61*2139Sjp161948 #ifndef OPENSSL_NO_RSA
620Sstevel@tonic-gate #include <openssl/rsa.h>
630Sstevel@tonic-gate #include <openssl/objects.h>
640Sstevel@tonic-gate #include <openssl/asn1t.h>
650Sstevel@tonic-gate #include <openssl/asn1_mac.h>
660Sstevel@tonic-gate #include <openssl/evp.h>
670Sstevel@tonic-gate #include <openssl/x509.h>
680Sstevel@tonic-gate
690Sstevel@tonic-gate
700Sstevel@tonic-gate #ifndef OPENSSL_NO_RC4
710Sstevel@tonic-gate
720Sstevel@tonic-gate typedef struct netscape_pkey_st
730Sstevel@tonic-gate {
740Sstevel@tonic-gate long version;
750Sstevel@tonic-gate X509_ALGOR *algor;
760Sstevel@tonic-gate ASN1_OCTET_STRING *private_key;
770Sstevel@tonic-gate } NETSCAPE_PKEY;
780Sstevel@tonic-gate
790Sstevel@tonic-gate typedef struct netscape_encrypted_pkey_st
800Sstevel@tonic-gate {
810Sstevel@tonic-gate ASN1_OCTET_STRING *os;
820Sstevel@tonic-gate /* This is the same structure as DigestInfo so use it:
830Sstevel@tonic-gate * although this isn't really anything to do with
840Sstevel@tonic-gate * digests.
850Sstevel@tonic-gate */
860Sstevel@tonic-gate X509_SIG *enckey;
870Sstevel@tonic-gate } NETSCAPE_ENCRYPTED_PKEY;
880Sstevel@tonic-gate
890Sstevel@tonic-gate
900Sstevel@tonic-gate ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
910Sstevel@tonic-gate ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
920Sstevel@tonic-gate ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
930Sstevel@tonic-gate } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
940Sstevel@tonic-gate
950Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
960Sstevel@tonic-gate DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
970Sstevel@tonic-gate IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
980Sstevel@tonic-gate
990Sstevel@tonic-gate ASN1_SEQUENCE(NETSCAPE_PKEY) = {
1000Sstevel@tonic-gate ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
1010Sstevel@tonic-gate ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
1020Sstevel@tonic-gate ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
1030Sstevel@tonic-gate } ASN1_SEQUENCE_END(NETSCAPE_PKEY)
1040Sstevel@tonic-gate
1050Sstevel@tonic-gate DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
1060Sstevel@tonic-gate DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
1070Sstevel@tonic-gate IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
1080Sstevel@tonic-gate
1090Sstevel@tonic-gate static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
110*2139Sjp161948 int (*cb)(char *buf, int len, const char *prompt,
111*2139Sjp161948 int verify),
112*2139Sjp161948 int sgckey);
1130Sstevel@tonic-gate
i2d_Netscape_RSA(const RSA * a,unsigned char ** pp,int (* cb)(char * buf,int len,const char * prompt,int verify))114*2139Sjp161948 int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
115*2139Sjp161948 int (*cb)(char *buf, int len, const char *prompt,
116*2139Sjp161948 int verify))
1170Sstevel@tonic-gate {
1180Sstevel@tonic-gate return i2d_RSA_NET(a, pp, cb, 0);
1190Sstevel@tonic-gate }
1200Sstevel@tonic-gate
i2d_RSA_NET(const RSA * a,unsigned char ** pp,int (* cb)(char * buf,int len,const char * prompt,int verify),int sgckey)121*2139Sjp161948 int i2d_RSA_NET(const RSA *a, unsigned char **pp,
122*2139Sjp161948 int (*cb)(char *buf, int len, const char *prompt, int verify),
123*2139Sjp161948 int sgckey)
1240Sstevel@tonic-gate {
1250Sstevel@tonic-gate int i, j, ret = 0;
1260Sstevel@tonic-gate int rsalen, pkeylen, olen;
1270Sstevel@tonic-gate NETSCAPE_PKEY *pkey = NULL;
1280Sstevel@tonic-gate NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
1290Sstevel@tonic-gate unsigned char buf[256],*zz;
1300Sstevel@tonic-gate unsigned char key[EVP_MAX_KEY_LENGTH];
1310Sstevel@tonic-gate EVP_CIPHER_CTX ctx;
1320Sstevel@tonic-gate
1330Sstevel@tonic-gate if (a == NULL) return(0);
1340Sstevel@tonic-gate
1350Sstevel@tonic-gate if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
1360Sstevel@tonic-gate if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
1370Sstevel@tonic-gate pkey->version = 0;
1380Sstevel@tonic-gate
1390Sstevel@tonic-gate pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
1400Sstevel@tonic-gate if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
1410Sstevel@tonic-gate pkey->algor->parameter->type=V_ASN1_NULL;
1420Sstevel@tonic-gate
1430Sstevel@tonic-gate rsalen = i2d_RSAPrivateKey(a, NULL);
1440Sstevel@tonic-gate
1450Sstevel@tonic-gate /* Fake some octet strings just for the initial length
1460Sstevel@tonic-gate * calculation.
1470Sstevel@tonic-gate */
1480Sstevel@tonic-gate
1490Sstevel@tonic-gate pkey->private_key->length=rsalen;
1500Sstevel@tonic-gate
1510Sstevel@tonic-gate pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
1520Sstevel@tonic-gate
1530Sstevel@tonic-gate enckey->enckey->digest->length = pkeylen;
1540Sstevel@tonic-gate
1550Sstevel@tonic-gate enckey->os->length = 11; /* "private-key" */
1560Sstevel@tonic-gate
1570Sstevel@tonic-gate enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
1580Sstevel@tonic-gate if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
1590Sstevel@tonic-gate enckey->enckey->algor->parameter->type=V_ASN1_NULL;
1600Sstevel@tonic-gate
1610Sstevel@tonic-gate if (pp == NULL)
1620Sstevel@tonic-gate {
1630Sstevel@tonic-gate olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
1640Sstevel@tonic-gate NETSCAPE_PKEY_free(pkey);
1650Sstevel@tonic-gate NETSCAPE_ENCRYPTED_PKEY_free(enckey);
1660Sstevel@tonic-gate return olen;
1670Sstevel@tonic-gate }
1680Sstevel@tonic-gate
1690Sstevel@tonic-gate
1700Sstevel@tonic-gate /* Since its RC4 encrypted length is actual length */
1710Sstevel@tonic-gate if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
1720Sstevel@tonic-gate {
173*2139Sjp161948 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
1740Sstevel@tonic-gate goto err;
1750Sstevel@tonic-gate }
1760Sstevel@tonic-gate
1770Sstevel@tonic-gate pkey->private_key->data = zz;
1780Sstevel@tonic-gate /* Write out private key encoding */
1790Sstevel@tonic-gate i2d_RSAPrivateKey(a,&zz);
1800Sstevel@tonic-gate
1810Sstevel@tonic-gate if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
1820Sstevel@tonic-gate {
183*2139Sjp161948 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
1840Sstevel@tonic-gate goto err;
1850Sstevel@tonic-gate }
1860Sstevel@tonic-gate
1870Sstevel@tonic-gate if (!ASN1_STRING_set(enckey->os, "private-key", -1))
1880Sstevel@tonic-gate {
189*2139Sjp161948 ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
1900Sstevel@tonic-gate goto err;
1910Sstevel@tonic-gate }
1920Sstevel@tonic-gate enckey->enckey->digest->data = zz;
1930Sstevel@tonic-gate i2d_NETSCAPE_PKEY(pkey,&zz);
1940Sstevel@tonic-gate
1950Sstevel@tonic-gate /* Wipe the private key encoding */
1960Sstevel@tonic-gate OPENSSL_cleanse(pkey->private_key->data, rsalen);
1970Sstevel@tonic-gate
1980Sstevel@tonic-gate if (cb == NULL)
1990Sstevel@tonic-gate cb=EVP_read_pw_string;
200*2139Sjp161948 i=cb((char *)buf,256,"Enter Private Key password:",1);
2010Sstevel@tonic-gate if (i != 0)
2020Sstevel@tonic-gate {
203*2139Sjp161948 ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
2040Sstevel@tonic-gate goto err;
2050Sstevel@tonic-gate }
2060Sstevel@tonic-gate i = strlen((char *)buf);
2070Sstevel@tonic-gate /* If the key is used for SGC the algorithm is modified a little. */
2080Sstevel@tonic-gate if(sgckey) {
2090Sstevel@tonic-gate EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
2100Sstevel@tonic-gate memcpy(buf + 16, "SGCKEYSALT", 10);
2110Sstevel@tonic-gate i = 26;
2120Sstevel@tonic-gate }
2130Sstevel@tonic-gate
2140Sstevel@tonic-gate EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
2150Sstevel@tonic-gate OPENSSL_cleanse(buf,256);
2160Sstevel@tonic-gate
2170Sstevel@tonic-gate /* Encrypt private key in place */
2180Sstevel@tonic-gate zz = enckey->enckey->digest->data;
2190Sstevel@tonic-gate EVP_CIPHER_CTX_init(&ctx);
2200Sstevel@tonic-gate EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
2210Sstevel@tonic-gate EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
2220Sstevel@tonic-gate EVP_EncryptFinal_ex(&ctx,zz + i,&j);
2230Sstevel@tonic-gate EVP_CIPHER_CTX_cleanup(&ctx);
2240Sstevel@tonic-gate
2250Sstevel@tonic-gate ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
2260Sstevel@tonic-gate err:
2270Sstevel@tonic-gate NETSCAPE_ENCRYPTED_PKEY_free(enckey);
2280Sstevel@tonic-gate NETSCAPE_PKEY_free(pkey);
2290Sstevel@tonic-gate return(ret);
2300Sstevel@tonic-gate }
2310Sstevel@tonic-gate
2320Sstevel@tonic-gate
d2i_Netscape_RSA(RSA ** a,const unsigned char ** pp,long length,int (* cb)(char * buf,int len,const char * prompt,int verify))233*2139Sjp161948 RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
234*2139Sjp161948 int (*cb)(char *buf, int len, const char *prompt,
235*2139Sjp161948 int verify))
2360Sstevel@tonic-gate {
2370Sstevel@tonic-gate return d2i_RSA_NET(a, pp, length, cb, 0);
2380Sstevel@tonic-gate }
2390Sstevel@tonic-gate
d2i_RSA_NET(RSA ** a,const unsigned char ** pp,long length,int (* cb)(char * buf,int len,const char * prompt,int verify),int sgckey)240*2139Sjp161948 RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
241*2139Sjp161948 int (*cb)(char *buf, int len, const char *prompt, int verify),
242*2139Sjp161948 int sgckey)
2430Sstevel@tonic-gate {
2440Sstevel@tonic-gate RSA *ret=NULL;
2450Sstevel@tonic-gate const unsigned char *p, *kp;
2460Sstevel@tonic-gate NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
2470Sstevel@tonic-gate
2480Sstevel@tonic-gate p = *pp;
2490Sstevel@tonic-gate
2500Sstevel@tonic-gate enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
2510Sstevel@tonic-gate if(!enckey) {
252*2139Sjp161948 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
2530Sstevel@tonic-gate return NULL;
2540Sstevel@tonic-gate }
2550Sstevel@tonic-gate
2560Sstevel@tonic-gate if ((enckey->os->length != 11) || (strncmp("private-key",
2570Sstevel@tonic-gate (char *)enckey->os->data,11) != 0))
2580Sstevel@tonic-gate {
259*2139Sjp161948 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
2600Sstevel@tonic-gate NETSCAPE_ENCRYPTED_PKEY_free(enckey);
2610Sstevel@tonic-gate return NULL;
2620Sstevel@tonic-gate }
2630Sstevel@tonic-gate if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
2640Sstevel@tonic-gate {
265*2139Sjp161948 ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
2660Sstevel@tonic-gate goto err;
2670Sstevel@tonic-gate }
2680Sstevel@tonic-gate kp = enckey->enckey->digest->data;
2690Sstevel@tonic-gate if (cb == NULL)
2700Sstevel@tonic-gate cb=EVP_read_pw_string;
2710Sstevel@tonic-gate if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
2720Sstevel@tonic-gate
2730Sstevel@tonic-gate *pp = p;
2740Sstevel@tonic-gate
2750Sstevel@tonic-gate err:
2760Sstevel@tonic-gate NETSCAPE_ENCRYPTED_PKEY_free(enckey);
2770Sstevel@tonic-gate return ret;
2780Sstevel@tonic-gate
2790Sstevel@tonic-gate }
2800Sstevel@tonic-gate
d2i_RSA_NET_2(RSA ** a,ASN1_OCTET_STRING * os,int (* cb)(char * buf,int len,const char * prompt,int verify),int sgckey)2810Sstevel@tonic-gate static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
282*2139Sjp161948 int (*cb)(char *buf, int len, const char *prompt,
283*2139Sjp161948 int verify), int sgckey)
2840Sstevel@tonic-gate {
2850Sstevel@tonic-gate NETSCAPE_PKEY *pkey=NULL;
2860Sstevel@tonic-gate RSA *ret=NULL;
2870Sstevel@tonic-gate int i,j;
2880Sstevel@tonic-gate unsigned char buf[256];
2890Sstevel@tonic-gate const unsigned char *zz;
2900Sstevel@tonic-gate unsigned char key[EVP_MAX_KEY_LENGTH];
2910Sstevel@tonic-gate EVP_CIPHER_CTX ctx;
2920Sstevel@tonic-gate
293*2139Sjp161948 i=cb((char *)buf,256,"Enter Private Key password:",0);
2940Sstevel@tonic-gate if (i != 0)
2950Sstevel@tonic-gate {
296*2139Sjp161948 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
2970Sstevel@tonic-gate goto err;
2980Sstevel@tonic-gate }
2990Sstevel@tonic-gate
3000Sstevel@tonic-gate i = strlen((char *)buf);
3010Sstevel@tonic-gate if(sgckey){
3020Sstevel@tonic-gate EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
3030Sstevel@tonic-gate memcpy(buf + 16, "SGCKEYSALT", 10);
3040Sstevel@tonic-gate i = 26;
3050Sstevel@tonic-gate }
3060Sstevel@tonic-gate
3070Sstevel@tonic-gate EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
3080Sstevel@tonic-gate OPENSSL_cleanse(buf,256);
3090Sstevel@tonic-gate
3100Sstevel@tonic-gate EVP_CIPHER_CTX_init(&ctx);
3110Sstevel@tonic-gate EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
3120Sstevel@tonic-gate EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
3130Sstevel@tonic-gate EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
3140Sstevel@tonic-gate EVP_CIPHER_CTX_cleanup(&ctx);
3150Sstevel@tonic-gate os->length=i+j;
3160Sstevel@tonic-gate
3170Sstevel@tonic-gate zz=os->data;
3180Sstevel@tonic-gate
3190Sstevel@tonic-gate if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
3200Sstevel@tonic-gate {
321*2139Sjp161948 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
3220Sstevel@tonic-gate goto err;
3230Sstevel@tonic-gate }
3240Sstevel@tonic-gate
3250Sstevel@tonic-gate zz=pkey->private_key->data;
3260Sstevel@tonic-gate if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
3270Sstevel@tonic-gate {
328*2139Sjp161948 ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
3290Sstevel@tonic-gate goto err;
3300Sstevel@tonic-gate }
3310Sstevel@tonic-gate err:
3320Sstevel@tonic-gate NETSCAPE_PKEY_free(pkey);
3330Sstevel@tonic-gate return(ret);
3340Sstevel@tonic-gate }
3350Sstevel@tonic-gate
3360Sstevel@tonic-gate #endif /* OPENSSL_NO_RC4 */
3370Sstevel@tonic-gate
3380Sstevel@tonic-gate #else /* !OPENSSL_NO_RSA */
3390Sstevel@tonic-gate
3400Sstevel@tonic-gate # if PEDANTIC
3410Sstevel@tonic-gate static void *dummy=&dummy;
3420Sstevel@tonic-gate # endif
3430Sstevel@tonic-gate
3440Sstevel@tonic-gate #endif
345