You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
80 lines
2.2 KiB
80 lines
2.2 KiB
https://bugs.gentoo.org/916328
|
|
https://github.com/opendnssec/SoftHSMv2/issues/729
|
|
https://github.com/openssl/openssl/issues/22508
|
|
https://github.com/openssl/openssl/commit/ad6cbe4b7f57a783a66a7ae883ea0d35ef5f82b6
|
|
|
|
From ad6cbe4b7f57a783a66a7ae883ea0d35ef5f82b6 Mon Sep 17 00:00:00 2001
|
|
From: Tomas Mraz <tomas@openssl.org>
|
|
Date: Fri, 15 Dec 2023 13:45:50 +0100
|
|
Subject: [PATCH] Revert "Improved detection of engine-provided private
|
|
"classic" keys"
|
|
|
|
This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5.
|
|
|
|
The commit was wrong. With 3.x versions the engines must be themselves
|
|
responsible for creating their EVP_PKEYs in a way that they are treated
|
|
as legacy - either by using the respective set1 calls or by setting
|
|
non-default EVP_PKEY_METHOD.
|
|
|
|
The workaround has caused more problems than it solved.
|
|
|
|
Fixes #22945
|
|
|
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
|
(Merged from https://github.com/openssl/openssl/pull/23063)
|
|
|
|
(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380)
|
|
--- a/crypto/engine/eng_pkey.c
|
|
+++ b/crypto/engine/eng_pkey.c
|
|
@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
|
|
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
|
|
return NULL;
|
|
}
|
|
- /* We enforce check for legacy key */
|
|
- switch (EVP_PKEY_get_id(pkey)) {
|
|
- case EVP_PKEY_RSA:
|
|
- {
|
|
- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
|
|
- EVP_PKEY_set1_RSA(pkey, rsa);
|
|
- RSA_free(rsa);
|
|
- }
|
|
- break;
|
|
-# ifndef OPENSSL_NO_EC
|
|
- case EVP_PKEY_SM2:
|
|
- case EVP_PKEY_EC:
|
|
- {
|
|
- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
|
|
- EVP_PKEY_set1_EC_KEY(pkey, ec);
|
|
- EC_KEY_free(ec);
|
|
- }
|
|
- break;
|
|
-# endif
|
|
-# ifndef OPENSSL_NO_DSA
|
|
- case EVP_PKEY_DSA:
|
|
- {
|
|
- DSA *dsa = EVP_PKEY_get1_DSA(pkey);
|
|
- EVP_PKEY_set1_DSA(pkey, dsa);
|
|
- DSA_free(dsa);
|
|
- }
|
|
- break;
|
|
-#endif
|
|
-# ifndef OPENSSL_NO_DH
|
|
- case EVP_PKEY_DH:
|
|
- {
|
|
- DH *dh = EVP_PKEY_get1_DH(pkey);
|
|
- EVP_PKEY_set1_DH(pkey, dh);
|
|
- DH_free(dh);
|
|
- }
|
|
- break;
|
|
-#endif
|
|
- default:
|
|
- /*Do nothing */
|
|
- break;
|
|
- }
|
|
-
|
|
return pkey;
|
|
}
|
|
|
|
|