When in FIPS mode write private keys in PKCS#8 and PBES2 format to

author Dr. Stephen Henson <steve@openssl.org>

Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c

index e72b7134cec204996f9c6cdd5df83deca2d84253..2e9662941795ed36dfa2dfa54d5d742522650429 100644 (file)
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -64,6 +64,7 @@
  #include <openssl/x509.h>
  #include <openssl/pkcs7.h>
  #include <openssl/pem.h>
+#include <openssl/fips.h>
  
  #ifndef OPENSSL_NO_RSA
  static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
@@ -128,7 +129,49 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
  
  #endif
  
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       EVP_PKEY *k;
+       int ret;
+       k = EVP_PKEY_new();
+       if (!k)
+               return 0;
+       EVP_PKEY_set1_RSA(k, x);
+
+       ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+       EVP_PKEY_free(k);
+       return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       EVP_PKEY *k;
+       int ret;
+       k = EVP_PKEY_new();
+       if (!k)
+               return 0;
+
+       EVP_PKEY_set1_RSA(k, x);
+
+       ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+       EVP_PKEY_free(k);
+       return ret;
+}
+#endif
+
+#else
+
  IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+#endif
+
  IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
  IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
  
@@ -158,7 +201,48 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
         return pkey_get_dsa(pktmp, dsa);
  }
  
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       EVP_PKEY *k;
+       int ret;
+       k = EVP_PKEY_new();
+       if (!k)
+               return 0;
+       EVP_PKEY_set1_DSA(k, x);
+
+       ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+       EVP_PKEY_free(k);
+       return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       EVP_PKEY *k;
+       int ret;
+       k = EVP_PKEY_new();
+       if (!k)
+               return 0;
+       EVP_PKEY_set1_DSA(k, x);
+       ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+       EVP_PKEY_free(k);
+       return ret;
+}
+#endif
+
+#else
+
  IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+#endif
+
  IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
  
  #ifndef OPENSSL_NO_FP_API
@@ -190,7 +274,42 @@ IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
   * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
   * appropriate.)
   */
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+       {
+               if (FIPS_mode)
+                       return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                               (char *)kstr, klen, cb, u);
+               else
+                       return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                        bp,(char *)x,enc,kstr,klen,cb,u);
+       }
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+       {
+               if (FIPS_mode)
+                       return PEM_write_PKCS8PrivateKey(fp, x, enc,
+                                               (char *)kstr, klen, cb, u);
+               else
+                       return PEM_ASN1_write((int (*)())i2d_PrivateKey,
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                        fp,(char *)x,enc,kstr,klen,cb,u);
+       }
+#endif
+
+#else
+
  IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
  
+#endif
+
  IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 21 Jul 2004 17:41:26 +0000 (17:41 +0000)