diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2022-02-16 15:19:23 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2022-02-16 15:28:28 -0500 |
commit | 34a5e4f85d6a7bd9399bdbf9170999546f0df796 (patch) | |
tree | 496f0e4772b2bb0a0aed9d5e8a4203eb5c9880cf | |
parent | ed675ad6d033f67fc347607d295fb0a60f47bee0 (diff) | |
download | openssl_tpm2_engine-34a5e4f85d6a7bd9399bdbf9170999546f0df796.tar.gz |
Add an openssl-3 transform to legacy keys
The engine keys we produce have replaced key methods. However
openssl-3 by default looks for provider methods and won't use the key
methods unless the keys are "legacy". The input pkey definitely won't
be legacy so we have to convert it to a legacy key buy assigning the
RSA/EC key back into the pkey.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | e_tpm2-ecc.c | 4 | ||||
-rw-r--r-- | e_tpm2-rsa.c | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/e_tpm2-ecc.c b/e_tpm2-ecc.c index 0c9525d..bd500f8 100644 --- a/e_tpm2-ecc.c +++ b/e_tpm2-ecc.c @@ -103,7 +103,11 @@ void tpm2_bind_key_to_engine_ecc(EVP_PKEY *pkey, void *data) #endif } +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + EVP_PKEY_set1_EC_KEY(pkey, eck); +#else EC_KEY_free(eck); +#endif } static void tpm2_ecc_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, diff --git a/e_tpm2-rsa.c b/e_tpm2-rsa.c index 49dffd1..062a960 100644 --- a/e_tpm2-rsa.c +++ b/e_tpm2-rsa.c @@ -130,8 +130,12 @@ void tpm2_bind_key_to_engine_rsa(EVP_PKEY *pkey, void *data) RSA_set_ex_data(rsa, ex_app_data, data); +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + EVP_PKEY_set1_RSA(pkey, rsa); +#else /* release the reference EVP_PKEY_get1_RSA obtained */ RSA_free(rsa); +#endif } static void tpm2_rsa_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |