Skip to content

Commit

Permalink
Revert "Improved detection of engine-provided private "classic" keys"
Browse files Browse the repository at this point in the history 
This reverts commit 2b74e75.

The commit was wrong. With 3.x versions the engines must be themselves
responsible for creating their EVP_PKEYs in a way that they are treated
as legacy - either by using the respective set1 calls or by setting
non-default EVP_PKEY_METHOD.

The workaround has caused more problems than it solved.

Fixes #22945

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from #23063)
  • Loading branch information
@t8m
t8m committed Jan 31, 2024
1 parent d2e7855 commit 39ea783
Showing 1 changed file with 0 additions and 42 deletions.
42 changes: 0 additions & 42 deletions crypto/engine/eng_pkey.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
return NULL;
}
/* We enforce check for legacy key */
switch (EVP_PKEY_get_id(pkey)) {
case EVP_PKEY_RSA:
{
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_set1_RSA(pkey, rsa);
RSA_free(rsa);
}
break;
# ifndef OPENSSL_NO_EC
case EVP_PKEY_SM2:
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_set1_EC_KEY(pkey, ec);
EC_KEY_free(ec);
}
break;
# endif
# ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
{
DSA *dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_set1_DSA(pkey, dsa);
DSA_free(dsa);
}
break;
#endif
# ifndef OPENSSL_NO_DH
case EVP_PKEY_DH:
{
DH *dh = EVP_PKEY_get1_DH(pkey);
EVP_PKEY_set1_DH(pkey, dh);
DH_free(dh);
}
break;
#endif
default:
/*Do nothing */
break;
}

return pkey;
}

Expand Down

0 comments on commit 39ea783

Please sign in to comment.