[openssl/openssl] ad6cbe: Revert "Improved detection of engine-provided priv...

Tomáš Mráz noreply at github.com
Thu Feb 1 08:01:43 UTC 2024


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: ad6cbe4b7f57a783a66a7ae883ea0d35ef5f82b6
      https://github.com/openssl/openssl/commit/ad6cbe4b7f57a783a66a7ae883ea0d35ef5f82b6
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M crypto/engine/eng_pkey.c

  Log Message:
  -----------
  Revert "Improved detection of engine-provided private "classic" keys"

This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5.

The commit was wrong. With 3.x versions the engines must be themselves
responsible for creating their EVP_PKEYs in a way that they are treated
as legacy - either by using the respective set1 calls or by setting
non-default EVP_PKEY_METHOD.

The workaround has caused more problems than it solved.

Fixes #22945

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)

(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380)


  Commit: 41073fdc4266015bb5ed2f4e6e6bf43462632bee
      https://github.com/openssl/openssl/commit/41073fdc4266015bb5ed2f4e6e6bf43462632bee
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2024-01-31 (Wed, 31 Jan 2024)

  Changed paths:
    M doc/man7/migration_guide.pod

  Log Message:
  -----------
  Document the implications of setting engine-based low-level methods

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Neil Horman <nhorman at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)

(cherry picked from commit dbb478a51d3f695ec713e9829a2353a0d2d61a59)


Compare: https://github.com/openssl/openssl/compare/5781c0a181c9...41073fdc4266


More information about the openssl-commits mailing list