This patch doesn't fit the rest... 

Generally speaking, I am unsure about your solution. It seems like hack to fit 
a specific case where something more general could be of greater service to 
others as well. 


On November 30, 2016 4:27:49 PM GMT+01:00, James Bottomley 
<> wrote:
>Before trying to process the PEM file, hand it to each of the loaded
>engines to see if they recognise the PEM guards.  This uses the new
>bio based load key callback, so the engine must be loaded and
>implement this callback to be considered.
>Signed-off-by: James Bottomley <>
> crypto/pem/pem_pkey.c | 4 ++++
> 1 file changed, 4 insertions(+)
>diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
>index 04d6319..e3737f0 100644
>--- a/crypto/pem/pem_pkey.c
>+++ b/crypto/pem/pem_pkey.c
>@@ -85,6 +85,10 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY
>**x, pem_password_cb *cb,
>     int slen;
>     EVP_PKEY *ret = NULL;
>+    /* first check to see if an engine can load the PEM */
>+    if (ENGINE_find_engine_load_key(NULL, &ret, (const char *)bp, cb,
>u) == 1)
>+        return ret;
>if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb,
>         return NULL;
>     p = data;

openssl-dev mailing list
To unsubscribe:

Reply via email to