[openssl] OpenSSL_1_1_1-stable update
Richard Levitte
levitte at openssl.org
Fri May 22 09:30:48 UTC 2020
The branch OpenSSL_1_1_1-stable has been updated
via 2f4023e88962d3375ff30ad5011a310dacf0ad3f (commit)
from 176eb406691f14d560cf7619365830a4d033ee28 (commit)
- Log -----------------------------------------------------------------
commit 2f4023e88962d3375ff30ad5011a310dacf0ad3f
Author: Richard Levitte <levitte at openssl.org>
Date: Tue May 19 15:42:07 2020 +0200
STORE: Make try_decode_PrivateKey() ENGINE aware
This function only considered the built-in and application
EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes
through all loaded engines, using whatever table of methods they each
have.
Fixes #11861
(cherry picked from commit b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19)
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11887)
-----------------------------------------------------------------------
Summary of changes:
crypto/store/loader_file.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 8f1d20e74a..e473751539 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -429,6 +429,42 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
}
} else {
int i;
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *curengine = ENGINE_get_first();
+
+ while (curengine != NULL) {
+ ENGINE_PKEY_ASN1_METHS_PTR asn1meths =
+ ENGINE_get_pkey_asn1_meths(curengine);
+
+ if (asn1meths != NULL) {
+ const int *nids = NULL;
+ int nids_n = asn1meths(curengine, NULL, &nids, 0);
+
+ for (i = 0; i < nids_n; i++) {
+ EVP_PKEY_ASN1_METHOD *ameth2 = NULL;
+ EVP_PKEY *tmp_pkey = NULL;
+ const unsigned char *tmp_blob = blob;
+
+ if (!asn1meths(curengine, &ameth2, NULL, nids[i]))
+ continue;
+ if (ameth2 == NULL
+ || ameth2->pkey_flags & ASN1_PKEY_ALIAS)
+ continue;
+
+ tmp_pkey = d2i_PrivateKey(ameth2->pkey_id, NULL,
+ &tmp_blob, len);
+ if (tmp_pkey != NULL) {
+ if (pkey != NULL)
+ EVP_PKEY_free(tmp_pkey);
+ else
+ pkey = tmp_pkey;
+ (*matchcount)++;
+ }
+ }
+ }
+ curengine = ENGINE_get_next(curengine);
+ }
+#endif
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
EVP_PKEY *tmp_pkey = NULL;
More information about the openssl-commits
mailing list