STORE: Make try_decode_PrivateKey() ENGINE aware

This function only considered the built-in and application EVP_PKEY_ASN1_METHODs, and is now amended with a loop that goes through all loaded engines, using whatever table of methods they each have. Fixes #11861 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11872)
author: Richard Levitte <levitte@openssl.org> 2020-05-19 15:42:07 +0200
committer: Richard Levitte <levitte@openssl.org> 2020-05-20 21:14:05 +0200
commit: b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19 (patch)
tree: 46074fd15d353d844b181ccd94155a628e45db60 /crypto/store
parent: rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| (diff)
download: openssl-b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19.tar.xz
openssl-b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19.zip
1 files changed, 37 insertions, 0 deletions
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 320c527a65..6b5cebc835 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -450,6 +450,43 @@ static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
         }
     } else {
         int i;
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *curengine = ENGINE_get_first();
+
+        while (curengine != NULL) {
+            ENGINE_PKEY_ASN1_METHS_PTR asn1meths =
+                ENGINE_get_pkey_asn1_meths(curengine);
+
+            if (asn1meths != NULL) {
+                const int *nids = NULL;
+                int nids_n = asn1meths(curengine, NULL, &nids, 0);
+
+                for (i = 0; i < nids_n; i++) {
+                    EVP_PKEY_ASN1_METHOD *ameth2 = NULL;
+                    EVP_PKEY *tmp_pkey = NULL;
+                    const unsigned char *tmp_blob = blob;
+
+                    if (!asn1meths(curengine, &ameth2, NULL, nids[i]))
+                        continue;
+                    if (ameth2 == NULL
+                        || ameth2->pkey_flags & ASN1_PKEY_ALIAS)
+                        continue;
+
+                    tmp_pkey =
+                        d2i_PrivateKey_ex(ameth2->pkey_id, NULL,
+                                          &tmp_blob, len, libctx, propq);
+                    if (tmp_pkey != NULL) {
+                        if (pkey != NULL)
+                            EVP_PKEY_free(tmp_pkey);
+                        else
+                            pkey = tmp_pkey;
+                        (*matchcount)++;
+                    }
+                }
+            }
+            curengine = ENGINE_get_next(curengine);
+        }
+#endif
 
         for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
             EVP_PKEY *tmp_pkey = NULL;
author	Richard Levitte <levitte@openssl.org>	2020-05-19 15:42:07 +0200
committer	Richard Levitte <levitte@openssl.org>	2020-05-20 21:14:05 +0200
commit	b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19 (patch)
tree	46074fd15d353d844b181ccd94155a628e45db60 /crypto/store
parent	rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of \|md\| (diff)
download	openssl-b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19.tar.xz openssl-b84439b06a1b9a7bfb47e230b70a6d3ee46e8a19.zip