From 4ce1025a8ac37d255f569147116dd776f9267cce Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 27 Aug 2020 10:07:09 +0200 Subject: PEM: Make PEM_write_bio_PrivateKey_traditional() handle provider-native keys PEM_write_bio_PrivateKey_traditional() didn't handle provider-native keys very well. Originally, it would simply use the corresponding encoder, which is likely to output modern PEM (not "traditional"). PEM_write_bio_PrivateKey_traditional() is now changed to try and get a legacy copy of the input EVP_PKEY, and use that copy for traditional output, if it has such support. Internally, evp_pkey_copy_downgraded() is added, to be used when evp_pkey_downgrade() is too intrusive for what it's needed for. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12738) --- include/crypto/evp.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/crypto/evp.h b/include/crypto/evp.h index c488834511..9d9b0a7298 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -591,6 +591,7 @@ struct evp_pkey_st { # endif /* == Common attributes == */ + /* If these are modified, so must evp_pkey_downgrade() */ CRYPTO_REF_COUNT references; CRYPTO_RWLOCK *lock; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ @@ -672,6 +673,7 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OPENSSL_CTX *libctx, EVP_KEYMGMT **keymgmt, const char *propquery); #ifndef FIPS_MODULE +int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); int evp_pkey_downgrade(EVP_PKEY *pk); void evp_pkey_free_legacy(EVP_PKEY *x); #endif -- cgit v1.2.3