[release/9.0-staging] Re-try loading ENGINE keys with a non-NULL UI_METHOD #109783
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #109706 to release/9.0-staging
/cc @vcsjones
Customer Impact
Reported by a customer in #109243. Customers that use certain OpenSSL engines may encounter issues when using
SafeEvpPKeyHandle.OpenPrivateKeyFromEngine
orSafeEvpPKeyHandle.OpenPublicKeyFromEngine
. These methods useENGINE_load_private_key
orENGINE_load_public_key
, respectively. One of the parameters to these methods is calledui_method
. This method is used to inform an engine how to can prompt for user input or other interactivity, if needed, when loading a key.Currently,
NULL
is passed as this parameter because we do not expect to show a user interface from this API, or any other kind of interactivity.However, at least one engine, tpm2tss, will outright reject a NULL
ui_method
and fail to load the key.This change accommodates engines that do not permit a null
ui_method
by trying again to open the key if it failed to open. Theui_method
that we pass in is a stub one that does not perform any interactivity.Customers are unable to work around this issue on their own.
Regression
Testing
This was manually validated. The issue is reproducible, and with the change, the error no longer occurs. Unit testing this is not feasible - it requires a particular native dependency set up and be installed (tpm2tss) as well as the corresponding OpenSSL engine. The machine must also have a functional TPM, which is not present in CI.
Risk
Low. This adds a fall-back mechanism. The way we were originally opening the key from an OpenSSL engine is still present. If it fails, we try again a different way to get it to load. Keys that were loading successfully already will continue to do so as the fallback path will never be taken. If the keys were failing to load, the worse case is they fail to load twice now.
IMPORTANT: If this backport is for a servicing release, please verify that:
The PR target branch is
release/X.0-staging
, notrelease/X.0
.If the change touches code that ships in a NuGet package, you have added the necessary package authoring and gotten it explicitly reviewed.