Revert "Improved detection of engine-provided private "classic" keys"
authorTomas Mraz <tomas@openssl.org>
Fri, 15 Dec 2023 12:45:50 +0000 (13:45 +0100)
committerTomas Mraz <tomas@openssl.org>
Wed, 31 Jan 2024 17:41:10 +0000 (18:41 +0100)
This reverts commit 2b74e75331a27fc89cad9c8ea6a26c70019300b5.

The commit was wrong. With 3.x versions the engines must be themselves
responsible for creating their EVP_PKEYs in a way that they are treated
as legacy - either by using the respective set1 calls or by setting
non-default EVP_PKEY_METHOD.

The workaround has caused more problems than it solved.

Fixes #22945

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23063)

(cherry picked from commit 39ea78379826fa98e8dc8c0d2b07e2c17cd68380)

crypto/engine/eng_pkey.c

index f84fcde460162987b9ecfde70e0ed12e5e257e56..075a61b5bfbf820e3bc200bc8c519e8a43e71ea5 100644 (file)
@@ -79,48 +79,6 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
         ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
         return NULL;
     }
-    /* We enforce check for legacy key */
-    switch (EVP_PKEY_get_id(pkey)) {
-    case EVP_PKEY_RSA:
-        {
-        RSA *rsa = EVP_PKEY_get1_RSA(pkey);
-        EVP_PKEY_set1_RSA(pkey, rsa);
-        RSA_free(rsa);
-        }
-        break;
-#  ifndef OPENSSL_NO_EC
-    case EVP_PKEY_SM2:
-    case EVP_PKEY_EC:
-        {
-        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
-        EVP_PKEY_set1_EC_KEY(pkey, ec);
-        EC_KEY_free(ec);
-        }
-        break;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-    case EVP_PKEY_DSA:
-        {
-        DSA *dsa = EVP_PKEY_get1_DSA(pkey);
-        EVP_PKEY_set1_DSA(pkey, dsa);
-        DSA_free(dsa);
-        }
-        break;
-#endif
-#  ifndef OPENSSL_NO_DH
-    case EVP_PKEY_DH:
-        {
-        DH *dh = EVP_PKEY_get1_DH(pkey);
-        EVP_PKEY_set1_DH(pkey, dh);
-        DH_free(dh);
-        }
-        break;
-#endif
-    default:
-        /*Do nothing */
-        break;
-    }
-
     return pkey;
 }