Allow import of unknown keys via generic type

This allows to use SKEY even w/o a specific skey managment available,
however it bears the risk of allowing users to mispell the key type
and not see the error of their ways until they expect a specific
provider to pick this up and fail.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26753)

diff --git a/crypto/evp/s_lib.c b/crypto/evp/s_lib.c
index d805fc7e4a6750052448c0d6a4426c598d952b04..efe83adab26304f809d6fee4b7259d2a26a597ce 100644 (file)
--- a/crypto/evp/s_lib.c
+++ b/crypto/evp/s_lib.c
@@ -65,8 +65,15 @@ EVP_SKEY *EVP_SKEY_import(OSSL_LIB_CTX *libctx, const char *skeymgmtname, const
 
     skeymgmt = EVP_SKEYMGMT_fetch(libctx, skeymgmtname, propquery);
     if (skeymgmt == NULL) {
-        ERR_raise(ERR_LIB_EVP, ERR_R_FETCH_FAILED);
-        goto err;
+        /*
+         * if the specific key_type is unknown, attempt to use the generic
+         * key management
+         */
+        skeymgmt = EVP_SKEYMGMT_fetch(libctx, OSSL_SKEY_TYPE_GENERIC, propquery);
+        if (skeymgmt == NULL) {
+            ERR_raise(ERR_LIB_EVP, ERR_R_FETCH_FAILED);
+            goto err;
+        }
     }
     skey->skeymgmt = skeymgmt;
 

diff --git a/test/evp_skey_test.c b/test/evp_skey_test.c
index 618d8738c26a805aef4c3b9eb630b7249573113f..92e435471da9845e9f4039ab9ba6945ba70d593b 100644 (file)
--- a/test/evp_skey_test.c
+++ b/test/evp_skey_test.c
@@ -206,8 +206,8 @@ static int test_des_raw_skey(void)
         goto end;
 
     /* Create EVP_SKEY */
-    skey = EVP_SKEY_import_raw_key(libctx, "GENERIC-SECRET", des_key,
-                                   sizeof(des_key), NULL);
+    skey = EVP_SKEY_import_raw_key(libctx, "DES", des_key, sizeof(des_key),
+                                   NULL);
     if (!TEST_ptr(skey))
         goto end;