Improved detection of engine-provided private "classic" keys

Resolves #17092 (?) Resolves #17286 (?) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19965)
2025-01-30 14:01:55 +08:00 · 2022-12-26 20:38:44 +01:00 · 2022-12-26 20:38:44 +01:00 · 2b74e75331
commit 2b74e75331
parent 5c20c20269
1 changed files with 42 additions and 0 deletions
--- a/crypto/engine/eng_pkey.c
+++ b/crypto/engine/eng_pkey.c
@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
        ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
        return NULL;
    }
+    /* We enforce check for legacy key */
+    switch (EVP_PKEY_get_id(pkey)) {
+    case EVP_PKEY_RSA:
+        {
+        RSA *rsa = EVP_PKEY_get1_RSA(pkey);
+        EVP_PKEY_set1_RSA(pkey, rsa);
+        RSA_free(rsa);
+        }
+        break;
+#  ifndef OPENSSL_NO_EC
+    case EVP_PKEY_SM2:
+    case EVP_PKEY_EC:
+        {
+        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
+        EVP_PKEY_set1_EC_KEY(pkey, ec);
+        EC_KEY_free(ec);
+        }
+        break;
+#  endif
+#  ifndef OPENSSL_NO_DSA
+    case EVP_PKEY_DSA:
+        {
+        DSA *dsa = EVP_PKEY_get1_DSA(pkey);
+        EVP_PKEY_set1_DSA(pkey, dsa);
+        DSA_free(dsa);
+        }
+        break;
+#endif
+#  ifndef OPENSSL_NO_DH
+    case EVP_PKEY_DH:
+        {
+        DH *dh = EVP_PKEY_get1_DH(pkey);
+        EVP_PKEY_set1_DH(pkey, dh);
+        DH_free(dh);
+        }
+        break;
+#endif
+    default:
+        /*Do nothing */
+        break;
+    }
+
    return pkey;
 }