1 files changed, 174 insertions, 0 deletions
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index 66cbc7eb82..69dd19bf2e 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -194,7 +194,49 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 #endif
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_RSA(k, x);
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_RSA(k, x);
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#endif
+#else
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+#endif
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
@@ -224,7 +266,47 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
        return pkey_get_dsa(pktmp, dsa);
 }
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_DSA(k, x);
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_DSA(k, x);
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#endif
+#else
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+#endif
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
@@ -270,8 +352,49 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_EC_KEY(k, x);
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_EC_KEY(k, x);
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#endif
+#else
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
+#endif
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
@@ -301,8 +424,59 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
 * appropriate.)
 */
+#ifdef OPENSSL_FIPS
+static const char *pkey_str(EVP_PKEY *x)
+        {
+        switch (x->type)
+                {
+                case EVP_PKEY_RSA:
+                return PEM_STRING_RSA;
+                case EVP_PKEY_DSA:
+                return PEM_STRING_DSA;
+                case EVP_PKEY_EC:
+                return PEM_STRING_ECPRIVATEKEY;
+                default:
+                return NULL;
+                }
+        }
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+                if (FIPS_mode())
+                        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                                (char *)kstr, klen, cb, u);
+                else
+                        return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+                        pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u);
+        }
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+                if (FIPS_mode())
+                        return PEM_write_PKCS8PrivateKey(fp, x, enc,
+                                                (char *)kstr, klen, cb, u);
+                else
+                        return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
+                        pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u);
+        }
+#endif
+#else
 IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
                        (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
+#endif
 IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)

diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c index 66cbc7eb82..69dd19bf2e 100644 --- a/src/lib/libcrypto/pem/pem_all.c +++ b/src/lib/libcrypto/pem/pem_all.c
@@ -194,7 +194,49 @@ RSA PEM_read_RSAPrivateKey(FILE fp, RSA *rsa, pem_password_cb cb,
194		194
195	#endif	195	#endif
196		196
		197	#ifdef OPENSSL_FIPS
		198
		199	int PEM_write_bio_RSAPrivateKey(BIO bp, RSA x, const EVP_CIPHER *enc,
		200	unsigned char *kstr, int klen,
		201	pem_password_cb cb, void u)
		202	{
		203	EVP_PKEY *k;
		204	int ret;
		205	k = EVP_PKEY_new();
		206	if (!k)
		207	return 0;
		208	EVP_PKEY_set1_RSA(k, x);
		209
		210	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
		211	EVP_PKEY_free(k);
		212	return ret;
		213	}
		214
		215	#ifndef OPENSSL_NO_FP_API
		216	int PEM_write_RSAPrivateKey(FILE fp, RSA x, const EVP_CIPHER *enc,
		217	unsigned char *kstr, int klen,
		218	pem_password_cb cb, void u)
		219	{
		220	EVP_PKEY *k;
		221	int ret;
		222	k = EVP_PKEY_new();
		223	if (!k)
		224	return 0;
		225
		226	EVP_PKEY_set1_RSA(k, x);
		227
		228	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
		229	EVP_PKEY_free(k);
		230	return ret;
		231	}
		232	#endif
		233
		234	#else
		235
197	IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)	236	IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
		237
		238	#endif
		239
198	IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)	240	IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
199	IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)	241	IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
200		242
@@ -224,7 +266,47 @@ DSA PEM_read_bio_DSAPrivateKey(BIO bp, DSA *dsa, pem_password_cb cb,
224	return pkey_get_dsa(pktmp, dsa);	266	return pkey_get_dsa(pktmp, dsa);
225	}	267	}
226		268
		269	#ifdef OPENSSL_FIPS
		270
		271	int PEM_write_bio_DSAPrivateKey(BIO bp, DSA x, const EVP_CIPHER *enc,
		272	unsigned char *kstr, int klen,
		273	pem_password_cb cb, void u)
		274	{
		275	EVP_PKEY *k;
		276	int ret;
		277	k = EVP_PKEY_new();
		278	if (!k)
		279	return 0;
		280	EVP_PKEY_set1_DSA(k, x);
		281
		282	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
		283	EVP_PKEY_free(k);
		284	return ret;
		285	}
		286
		287	#ifndef OPENSSL_NO_FP_API
		288	int PEM_write_DSAPrivateKey(FILE fp, DSA x, const EVP_CIPHER *enc,
		289	unsigned char *kstr, int klen,
		290	pem_password_cb cb, void u)
		291	{
		292	EVP_PKEY *k;
		293	int ret;
		294	k = EVP_PKEY_new();
		295	if (!k)
		296	return 0;
		297	EVP_PKEY_set1_DSA(k, x);
		298	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
		299	EVP_PKEY_free(k);
		300	return ret;
		301	}
		302	#endif
		303
		304	#else
		305
227	IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)	306	IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
		307
		308	#endif
		309
228	IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)	310	IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
229		311
230	#ifndef OPENSSL_NO_FP_API	312	#ifndef OPENSSL_NO_FP_API
@@ -270,8 +352,49 @@ EC_KEY PEM_read_bio_ECPrivateKey(BIO bp, EC_KEY *key, pem_password_cb cb,
270		352
271	IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)	353	IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
272		354
		355
		356
		357	#ifdef OPENSSL_FIPS
		358
		359	int PEM_write_bio_ECPrivateKey(BIO bp, EC_KEY x, const EVP_CIPHER *enc,
		360	unsigned char *kstr, int klen,
		361	pem_password_cb cb, void u)
		362	{
		363	EVP_PKEY *k;
		364	int ret;
		365	k = EVP_PKEY_new();
		366	if (!k)
		367	return 0;
		368	EVP_PKEY_set1_EC_KEY(k, x);
		369
		370	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
		371	EVP_PKEY_free(k);
		372	return ret;
		373	}
		374
		375	#ifndef OPENSSL_NO_FP_API
		376	int PEM_write_ECPrivateKey(FILE fp, EC_KEY x, const EVP_CIPHER *enc,
		377	unsigned char *kstr, int klen,
		378	pem_password_cb cb, void u)
		379	{
		380	EVP_PKEY *k;
		381	int ret;
		382	k = EVP_PKEY_new();
		383	if (!k)
		384	return 0;
		385	EVP_PKEY_set1_EC_KEY(k, x);
		386	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
		387	EVP_PKEY_free(k);
		388	return ret;
		389	}
		390	#endif
		391
		392	#else
		393
273	IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)	394	IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
274		395
		396	#endif
		397
275	IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)	398	IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
276		399
277	#ifndef OPENSSL_NO_FP_API	400	#ifndef OPENSSL_NO_FP_API
@@ -301,8 +424,59 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
301	* (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything	424	* (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
302	* appropriate.)	425	* appropriate.)
303	*/	426	*/
		427
		428	#ifdef OPENSSL_FIPS
		429
		430	static const char pkey_str(EVP_PKEY x)
		431	{
		432	switch (x->type)
		433	{
		434	case EVP_PKEY_RSA:
		435	return PEM_STRING_RSA;
		436
		437	case EVP_PKEY_DSA:
		438	return PEM_STRING_DSA;
		439
		440	case EVP_PKEY_EC:
		441	return PEM_STRING_ECPRIVATEKEY;
		442
		443	default:
		444	return NULL;
		445	}
		446	}
		447
		448
		449	int PEM_write_bio_PrivateKey(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
		450	unsigned char *kstr, int klen,
		451	pem_password_cb cb, void u)
		452	{
		453	if (FIPS_mode())
		454	return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
		455	(char *)kstr, klen, cb, u);
		456	else
		457	return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
		458	pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u);
		459	}
		460
		461	#ifndef OPENSSL_NO_FP_API
		462	int PEM_write_PrivateKey(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
		463	unsigned char *kstr, int klen,
		464	pem_password_cb cb, void u)
		465	{
		466	if (FIPS_mode())
		467	return PEM_write_PKCS8PrivateKey(fp, x, enc,
		468	(char *)kstr, klen, cb, u);
		469	else
		470	return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
		471	pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u);
		472	}
		473	#endif
		474
		475	#else
304	IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\	476	IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
305	(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)	477	(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
306		478
		479	#endif
		480
307	IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)	481	IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
308		482