[ipfire-3.x.git] / openssl / patches / openssl-1.0.0-fips-pkcs8.patch

diff -up openssl-1.0.0/crypto/pem/pem_all.c.pkcs8 openssl-1.0.0/crypto/pem/pem_all.c
--- openssl-1.0.0/crypto/pem/pem_all.c.pkcs8	2006-11-06 20:53:37.000000000 +0100
+++ openssl-1.0.0/crypto/pem/pem_all.c	2012-04-26 17:17:35.765317652 +0200
@@ -147,7 +147,37 @@ IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRIN
 
 IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
 					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
+#ifdef OPENSSL_FIPS
 
+static int fips_PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+	{
+		if (FIPS_mode())
+			return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+						(char *)kstr, klen, cb, u);
+		else
+                	return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+                ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY),
+                        bp,x,enc,kstr,klen,cb,u);
+	}
+
+#ifndef OPENSSL_NO_FP_API
+static int fips_PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+	{
+		if (FIPS_mode())
+			return PEM_write_PKCS8PrivateKey(fp, x, enc,
+						(char *)kstr, klen, cb, u);
+		else
+                	return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
+                ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY),
+                        fp,x,enc,kstr,klen,cb,u);
+	}
+#endif
+
+#endif
 
 #ifndef OPENSSL_NO_RSA
 
@@ -193,7 +223,49 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RS
 
 #endif
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+	EVP_PKEY *k;
+	int ret;
+	k = EVP_PKEY_new();
+	if (!k)
+		return 0;
+	EVP_PKEY_set1_RSA(k, x);
+
+	ret = fips_PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+	EVP_PKEY_free(k);
+	return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+	EVP_PKEY *k;
+	int ret;
+	k = EVP_PKEY_new();
+	if (!k)
+		return 0;
+
+	EVP_PKEY_set1_RSA(k, x);
+
+	ret = fips_PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+	EVP_PKEY_free(k);
+	return ret;
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -223,7 +295,47 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,
 	return pkey_get_dsa(pktmp, dsa);	/* will free pktmp */
 }
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+	EVP_PKEY *k;
+	int ret;
+	k = EVP_PKEY_new();
+	if (!k)
+		return 0;
+	EVP_PKEY_set1_DSA(k, x);
+
+	ret = fips_PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+	EVP_PKEY_free(k);
+	return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+	EVP_PKEY *k;
+	int ret;
+	k = EVP_PKEY_new();
+	if (!k)
+		return 0;
+	EVP_PKEY_set1_DSA(k, x);
+	ret = fips_PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+	EVP_PKEY_free(k);
+	return ret;
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -269,8 +381,49 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *b
 
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
 
+
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+	EVP_PKEY *k;
+	int ret;
+	k = EVP_PKEY_new();
+	if (!k)
+		return 0;
+	EVP_PKEY_set1_EC_KEY(k, x);
+
+	ret = fips_PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+	EVP_PKEY_free(k);
+	return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+	EVP_PKEY *k;
+	int ret;
+	k = EVP_PKEY_new();
+	if (!k)
+		return 0;
+	EVP_PKEY_set1_EC_KEY(k, x);
+	ret = fips_PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+	EVP_PKEY_free(k);
+	return ret;
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
+#endif
+
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
Commit	Line	Data
a7ff9508 MT	1	diff -up openssl-1.0.0/crypto/pem/pem_all.c.pkcs8 openssl-1.0.0/crypto/pem/pem_all.c
	2	--- openssl-1.0.0/crypto/pem/pem_all.c.pkcs8 2006-11-06 20:53:37.000000000 +0100
	3	+++ openssl-1.0.0/crypto/pem/pem_all.c 2012-04-26 17:17:35.765317652 +0200
	4	@@ -147,7 +147,37 @@ IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRIN
	5
	6	IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
	7	PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
	8	+#ifdef OPENSSL_FIPS
	9
	10	+static int fips_PEM_write_bio_PrivateKey(BIO bp, EVP_PKEY x, const EVP_CIPHER *enc,
	11	+ unsigned char *kstr, int klen,
	12	+ pem_password_cb cb, void u)
	13	+ {
	14	+ if (FIPS_mode())
	15	+ return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
	16	+ (char *)kstr, klen, cb, u);
	17	+ else
	18	+ return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
	19	+ ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY),
	20	+ bp,x,enc,kstr,klen,cb,u);
	21	+ }
	22	+
	23	+#ifndef OPENSSL_NO_FP_API
	24	+static int fips_PEM_write_PrivateKey(FILE fp, EVP_PKEY x, const EVP_CIPHER *enc,
	25	+ unsigned char *kstr, int klen,
	26	+ pem_password_cb cb, void u)
	27	+ {
	28	+ if (FIPS_mode())
	29	+ return PEM_write_PKCS8PrivateKey(fp, x, enc,
	30	+ (char *)kstr, klen, cb, u);
	31	+ else
	32	+ return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
	33	+ ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY),
	34	+ fp,x,enc,kstr,klen,cb,u);
	35	+ }
	36	+#endif
	37	+
	38	+#endif
	39
	40	#ifndef OPENSSL_NO_RSA
	41
	42	@@ -193,7 +223,49 @@ RSA PEM_read_RSAPrivateKey(FILE fp, RS
	43
	44	#endif
	45
	46	+#ifdef OPENSSL_FIPS
	47	+
	48	+int PEM_write_bio_RSAPrivateKey(BIO bp, RSA x, const EVP_CIPHER *enc,
	49	+ unsigned char *kstr, int klen,
	50	+ pem_password_cb cb, void u)
	51	+{
	52	+ EVP_PKEY *k;
	53	+ int ret;
	54	+ k = EVP_PKEY_new();
	55	+ if (!k)
	56	+ return 0;
	57	+ EVP_PKEY_set1_RSA(k, x);
	58	+
	59	+ ret = fips_PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
	60	+ EVP_PKEY_free(k);
	61	+ return ret;
	62	+}
	63	+
	64	+#ifndef OPENSSL_NO_FP_API
65	+int PEM_write_RSAPrivateKey(FILE fp, RSA x, const EVP_CIPHER *enc,
66	+ unsigned char *kstr, int klen,
67	+ pem_password_cb cb, void u)
68	+{
69	+ EVP_PKEY *k;
70	+ int ret;
71	+ k = EVP_PKEY_new();
72	+ if (!k)
73	+ return 0;
74	+
75	+ EVP_PKEY_set1_RSA(k, x);
76	+
77	+ ret = fips_PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
78	+ EVP_PKEY_free(k);
79	+ return ret;
80	+}
81	+#endif
82	+
83	+#else
84	+
85	IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
86	+
87	+#endif
88	+
89	IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
90	IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
91
92	@@ -223,7 +295,47 @@ DSA PEM_read_bio_DSAPrivateKey(BIO bp,
93	return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
94	}
95
96	+#ifdef OPENSSL_FIPS
97	+
98	+int PEM_write_bio_DSAPrivateKey(BIO bp, DSA x, const EVP_CIPHER *enc,
99	+ unsigned char *kstr, int klen,
100	+ pem_password_cb cb, void u)
101	+{
102	+ EVP_PKEY *k;
103	+ int ret;
104	+ k = EVP_PKEY_new();
105	+ if (!k)
106	+ return 0;
107	+ EVP_PKEY_set1_DSA(k, x);
108	+
109	+ ret = fips_PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
110	+ EVP_PKEY_free(k);
111	+ return ret;
112	+}
113	+
114	+#ifndef OPENSSL_NO_FP_API
115	+int PEM_write_DSAPrivateKey(FILE fp, DSA x, const EVP_CIPHER *enc,
116	+ unsigned char *kstr, int klen,
117	+ pem_password_cb cb, void u)
118	+{
119	+ EVP_PKEY *k;
120	+ int ret;
121	+ k = EVP_PKEY_new();
122	+ if (!k)
123	+ return 0;
124	+ EVP_PKEY_set1_DSA(k, x);
125	+ ret = fips_PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
126	+ EVP_PKEY_free(k);
127	+ return ret;
128	+}
129	+#endif
130	+
131	+#else
132	+
133	IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
134	+
135	+#endif
136	+
137	IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
138
139	#ifndef OPENSSL_NO_FP_API
140	@@ -269,8 +381,49 @@ EC_KEY PEM_read_bio_ECPrivateKey(BIO b
141
142	IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
143
144	+
145	+
146	+#ifdef OPENSSL_FIPS
147	+
148	+int PEM_write_bio_ECPrivateKey(BIO bp, EC_KEY x, const EVP_CIPHER *enc,
149	+ unsigned char *kstr, int klen,
150	+ pem_password_cb cb, void u)
151	+{
152	+ EVP_PKEY *k;
153	+ int ret;
154	+ k = EVP_PKEY_new();
155	+ if (!k)
156	+ return 0;
157	+ EVP_PKEY_set1_EC_KEY(k, x);
158	+
159	+ ret = fips_PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
160	+ EVP_PKEY_free(k);
161	+ return ret;
162	+}
163	+
164	+#ifndef OPENSSL_NO_FP_API
165	+int PEM_write_ECPrivateKey(FILE fp, EC_KEY x, const EVP_CIPHER *enc,
166	+ unsigned char *kstr, int klen,
167	+ pem_password_cb cb, void u)
168	+{
169	+ EVP_PKEY *k;
170	+ int ret;
171	+ k = EVP_PKEY_new();
172	+ if (!k)
173	+ return 0;
174	+ EVP_PKEY_set1_EC_KEY(k, x);
175	+ ret = fips_PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
176	+ EVP_PKEY_free(k);
177	+ return ret;
178	+}
179	+#endif
180	+
181	+#else
182	+
183	IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
184
185	+#endif
186	+
187	IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
188
189	#ifndef OPENSSL_NO_FP_API