mirror of
https://github.com/openssl/openssl.git
synced 2025-02-05 14:10:53 +08:00
839ffdd11c
Functions like EVP_PKEY_sign_init() do an implicit fetch of the operation implementation (EVP_SIGNATURE in this case), then get the KEYMGMT from the same provider, and tries to export the key there if necessary. If an export of the key isn't possible (because the provider that holds the key is an HSM and therefore can't export), we would simply fail without looking any further. This change modifies the behaviour a bit by trying a second fetch of the operation implementation, but specifically from the provider of the EVP_PKEY that's being used. This is done with the same properties that were used with the initial operation implementation fetch, and should therefore be safe, allowing only what those properties allow. Fixes #16614 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725) |
||
|---|---|---|
| .. | ||
| HOWTO | ||
| images | ||
| internal | ||
| life-cycles | ||
| man1 | ||
| man3 | ||
| man5 | ||
| man7 | ||
| build.info | ||
| build.info.in | ||
| dir-locals.example.el | ||
| fingerprints.txt | ||
| openssl-c-indent.el | ||
| perlvars.pm | ||
| README.md | ||
OpenSSL Documentation
README.md This file
fingerprints.txt PGP fingerprints of authorised release signers
standards.txt standards.txt Moved to the web, https://www.openssl.org/docs/standards.html
HOWTO/ A few how-to documents; not necessarily up-to-date
man1/ The openssl command-line tools; start with openssl.pod
man3/ The SSL library and the crypto library
man5/ File formats
man7/ Overviews; start with crypto.pod and ssl.pod, for example Algorithm specific EVP_PKEY documentation.
Formatted versions of the manpages (apps,ssl,crypto) can be found at https://www.openssl.org/docs/manpages.html