From e877c7f97901a9fa39a615aa1e44149059e58c3e Mon Sep 17 00:00:00 2001
From: Umayr Shahid <umayr.shahid@gmail.com>
Date: Thu, 6 Apr 2017 20:14:49 +0500
Subject: [PATCH] Add fips check when checking for root key encryption

Signed-off-by: Umayr Shahid <umayr.shahid@gmail.com>
---
 cryptoservice/crypto_service.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cryptoservice/crypto_service.go b/cryptoservice/crypto_service.go
index d8f42535ca..d0b0bc0ba8 100644
--- a/cryptoservice/crypto_service.go
+++ b/cryptoservice/crypto_service.go
@@ -173,6 +173,13 @@ func CheckRootKeyIsEncrypted(pemBytes []byte) error {
 		return ErrNoValidPrivateKey
 	}
 
+	if notary.FIPSEnabled {
+		if block.Type == "PRIVATE ENCRYPTED KEY" {
+			return nil
+		}
+		return ErrRootKeyNotEncrypted
+	}
+
 	if !x509.IsEncryptedPEMBlock(block) {
 		return ErrRootKeyNotEncrypted
 	}