diff options
author | Richard Levitte <levitte@openssl.org> | 2021-10-01 14:05:02 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-10-27 12:41:13 +0200 |
commit | 839ffdd11cd48d329a1d89565d62e0be082f9d08 (patch) | |
tree | 1faaabec78c689c4e6e103bd1acfa0ef6e2a4982 /util | |
parent | ff7781462dd04ab99c159136b47672252bad7fa8 (diff) | |
download | openssl-839ffdd11cd48d329a1d89565d62e0be082f9d08.tar.gz |
EVP: Allow a fallback for operations that work with an EVP_PKEY
Functions like EVP_PKEY_sign_init() do an implicit fetch of the
operation implementation (EVP_SIGNATURE in this case), then get the
KEYMGMT from the same provider, and tries to export the key there if
necessary.
If an export of the key isn't possible (because the provider that
holds the key is an HSM and therefore can't export), we would simply
fail without looking any further.
This change modifies the behaviour a bit by trying a second fetch of
the operation implementation, but specifically from the provider of
the EVP_PKEY that's being used. This is done with the same properties
that were used with the initial operation implementation fetch, and
should therefore be safe, allowing only what those properties allow.
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
Diffstat (limited to 'util')
-rw-r--r-- | util/other.syms | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/util/other.syms b/util/other.syms index 38aaacd6cf..1ebffd1d26 100644 --- a/util/other.syms +++ b/util/other.syms @@ -51,6 +51,7 @@ EVP_PKEY_METHOD datatype EVP_PKEY_ASN1_METHOD datatype EVP_RAND datatype EVP_RAND_CTX datatype +EVP_SIGNATURE datatype GEN_SESSION_CB datatype OPENSSL_Applink external OSSL_LIB_CTX datatype |