mirror of
https://github.com/openssl/openssl.git
synced 2025-02-17 14:32:04 +08:00
Revert "Improved detection of engine-provided private "classic" keys"
This reverts commit 2b74e75331
.
The commit was wrong. With 3.x versions the engines must be themselves
responsible for creating their EVP_PKEYs in a way that they are treated
as legacy - either by using the respective set1 calls or by setting
non-default EVP_PKEY_METHOD.
The workaround has caused more problems than it solved.
Fixes #22945
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)
This commit is contained in:
parent
d2e7855f5b
commit
39ea783798
@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
|
||||
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
|
||||
return NULL;
|
||||
}
|
||||
/* We enforce check for legacy key */
|
||||
switch (EVP_PKEY_get_id(pkey)) {
|
||||
case EVP_PKEY_RSA:
|
||||
{
|
||||
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
EVP_PKEY_set1_RSA(pkey, rsa);
|
||||
RSA_free(rsa);
|
||||
}
|
||||
break;
|
||||
# ifndef OPENSSL_NO_EC
|
||||
case EVP_PKEY_SM2:
|
||||
case EVP_PKEY_EC:
|
||||
{
|
||||
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
|
||||
EVP_PKEY_set1_EC_KEY(pkey, ec);
|
||||
EC_KEY_free(ec);
|
||||
}
|
||||
break;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
case EVP_PKEY_DSA:
|
||||
{
|
||||
DSA *dsa = EVP_PKEY_get1_DSA(pkey);
|
||||
EVP_PKEY_set1_DSA(pkey, dsa);
|
||||
DSA_free(dsa);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
# ifndef OPENSSL_NO_DH
|
||||
case EVP_PKEY_DH:
|
||||
{
|
||||
DH *dh = EVP_PKEY_get1_DH(pkey);
|
||||
EVP_PKEY_set1_DH(pkey, dh);
|
||||
DH_free(dh);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
/*Do nothing */
|
||||
break;
|
||||
}
|
||||
|
||||
return pkey;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user