[openssl] OpenSSL_1_1_1-stable update

Richard Levitte levitte at openssl.org
Fri May 22 09:30:48 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  2f4023e88962d3375ff30ad5011a310dacf0ad3f (commit)
      from  176eb406691f14d560cf7619365830a4d033ee28 (commit)


- Log -----------------------------------------------------------------
commit 2f4023e88962d3375ff30ad5011a310dacf0ad3f
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue May 19 15:42:07 2020 +0200

    STORE: Make try_decode_PrivateKey() ENGINE aware
    
    This function only considered the built-in and application
    EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes
    through all loaded engines, using whatever table of methods they each
    have.
    
    Fixes #11861
    
    (cherry picked from commit b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19)
    
    Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11887)

-----------------------------------------------------------------------

Summary of changes:
 crypto/store/loader_file.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 8f1d20e74a..e473751539 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -429,6 +429,42 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
         }
     } else {
         int i;
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *curengine = ENGINE_get_first();
+
+        while (curengine != NULL) {
+            ENGINE_PKEY_ASN1_METHS_PTR asn1meths =
+                ENGINE_get_pkey_asn1_meths(curengine);
+
+            if (asn1meths != NULL) {
+                const int *nids = NULL;
+                int nids_n = asn1meths(curengine, NULL, &nids, 0);
+
+                for (i = 0; i < nids_n; i++) {
+                    EVP_PKEY_ASN1_METHOD *ameth2 = NULL;
+                    EVP_PKEY *tmp_pkey = NULL;
+                    const unsigned char *tmp_blob = blob;
+
+                    if (!asn1meths(curengine, &ameth2, NULL, nids[i]))
+                        continue;
+                    if (ameth2 == NULL
+                        || ameth2->pkey_flags & ASN1_PKEY_ALIAS)
+                        continue;
+
+                    tmp_pkey = d2i_PrivateKey(ameth2->pkey_id, NULL,
+                                              &tmp_blob, len);
+                    if (tmp_pkey != NULL) {
+                        if (pkey != NULL)
+                            EVP_PKEY_free(tmp_pkey);
+                        else
+                            pkey = tmp_pkey;
+                        (*matchcount)++;
+                    }
+                }
+            }
+            curengine = ENGINE_get_next(curengine);
+        }
+#endif
 
         for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
             EVP_PKEY *tmp_pkey = NULL;


More information about the openssl-commits mailing list