aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Bottomley <James.Bottomley@HansenPartnership.com>2022-02-16 15:19:23 -0500
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2022-02-16 15:28:28 -0500
commit34a5e4f85d6a7bd9399bdbf9170999546f0df796 (patch)
tree496f0e4772b2bb0a0aed9d5e8a4203eb5c9880cf
parented675ad6d033f67fc347607d295fb0a60f47bee0 (diff)
downloadopenssl_tpm2_engine-34a5e4f85d6a7bd9399bdbf9170999546f0df796.tar.gz
Add an openssl-3 transform to legacy keys
The engine keys we produce have replaced key methods. However openssl-3 by default looks for provider methods and won't use the key methods unless the keys are "legacy". The input pkey definitely won't be legacy so we have to convert it to a legacy key buy assigning the RSA/EC key back into the pkey. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat
-rw-r--r--e_tpm2-ecc.c4
-rw-r--r--e_tpm2-rsa.c4
2 files changed, 8 insertions, 0 deletions
diff --git a/e_tpm2-ecc.c b/e_tpm2-ecc.c
index 0c9525d..bd500f8 100644
--- a/e_tpm2-ecc.c
+++ b/e_tpm2-ecc.c
@@ -103,7 +103,11 @@ void tpm2_bind_key_to_engine_ecc(EVP_PKEY *pkey, void *data)
#endif
}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+ EVP_PKEY_set1_EC_KEY(pkey, eck);
+#else
EC_KEY_free(eck);
+#endif
}
static void tpm2_ecc_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
diff --git a/e_tpm2-rsa.c b/e_tpm2-rsa.c
index 49dffd1..062a960 100644
--- a/e_tpm2-rsa.c
+++ b/e_tpm2-rsa.c
@@ -130,8 +130,12 @@ void tpm2_bind_key_to_engine_rsa(EVP_PKEY *pkey, void *data)
RSA_set_ex_data(rsa, ex_app_data, data);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+ EVP_PKEY_set1_RSA(pkey, rsa);
+#else
/* release the reference EVP_PKEY_get1_RSA obtained */
RSA_free(rsa);
+#endif
}
static void tpm2_rsa_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-16 09:21:44 +0000