Re-try loading ENGINE keys with a non-NULL UI_METHOD #109706
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When loading a key from an OpenSSL engine, the
ENGINE_load_private_key
orENGINE_load_public_key
function is used, depending on the key. These functions accept a parameter calledui_method
that an ENGINE can use if loading the key requires user interaction, such as a passphrase.Currently, we pass
NULL
in to theui_method
parameter since we expect this functionality to be used from non-interactive scenarios.OpenSSL also passes this parameter as-is to the engine. It does not do a NULL check.
Some engines, like tpm2tss, do not permit a
NULL
UI_METHOD
and immediately error.This change attempts to accommodate those engines by re-trying the key load with a UI_METHOD that does nothing. This is functionally equivalent to
UI_null()
from OpenSSL.We do not try a non-NULL UI first to maintain as much compatibility as possible. .NET has always passed
NULL
to engines thus far, and an engine can do with that as they want - like falling back to their own UI, using OpenSSL's default, etc. If we unconditionally pass our UI_METHOD, that might break another engine that was happily doing the right thing withNULL
.Contributes to #109243