diff options
author | Richard Levitte <levitte@openssl.org> | 2020-08-27 10:07:09 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-09-08 16:45:11 +0200 |
commit | 4ce1025a8ac37d255f569147116dd776f9267cce (patch) | |
tree | b89c84f89e808f6cfd6be703bf33e323507f5587 /include | |
parent | 924663c36d47066d5307937da77fed7e872730c7 (diff) |
PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys
PEM_write_bio_PrivateKey_traditional() didn't handle provider-native
keys very well. Originally, it would simply use the corresponding
encoder, which is likely to output modern PEM (not "traditional").
PEM_write_bio_PrivateKey_traditional() is now changed to try and get a
legacy copy of the input EVP_PKEY, and use that copy for traditional
output, if it has such support.
Internally, evp_pkey_copy_downgraded() is added, to be used when
evp_pkey_downgrade() is too intrusive for what it's needed for.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12738)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/evp.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/crypto/evp.h b/include/crypto/evp.h index c488834511..9d9b0a7298 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -591,6 +591,7 @@ struct evp_pkey_st { # endif /* == Common attributes == */ + /* If these are modified, so must evp_pkey_downgrade() */ CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ @@ -672,6 +673,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, EVP_KEYMGMT **keymgmt, const char *propquery); #ifndef FIPS_MODULE +int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); int evp_pkey_downgrade(EVP_PKEY *pk); void evp_pkey_free_legacy(EVP_PKEY *x); #endif |