pki: Rework handling of EVP_PKEYs in OpenSSL backend

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2026-02-07 02:39:48 +09:00 · 2022-08-24 16:24:44 +02:00
parent 0800618f32
commit a81e78aff4
5 changed files with 88 additions and 87 deletions
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -78,7 +78,9 @@ struct ssh_key_struct {
 # else
    void *ecdsa;
 # endif /* HAVE_OPENSSL_EC_H */
-    EVP_PKEY *key; /* Saving the OpenSSL context here to save time while converting*/
+    /* This holds either ENGINE key for PKCS#11 support or just key in
+     * high-level format required by OpenSSL 3.0 */
+    EVP_PKEY *key;
 #endif /* HAVE_LIBGCRYPT */
 #if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
    uint8_t *ed25519_pubkey;