root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/doc/man7
History
Richard Levitte 72d93b93ba EVP: Allow a fallback for operations that work with an EVP_PKEY 
Functions like EVP_PKEY_sign_init() do an implicit fetch of the
operation implementation (EVP_SIGNATURE in this case), then get the
KEYMGMT from the same provider, and tries to export the key there if
necessary.

If an export of the key isn't possible (because the provider that
holds the key is an HSM and therefore can't export), we would simply
fail without looking any further.

This change modifies the behaviour a bit by trying a second fetch of
the operation implementation, but specifically from the provider of
the EVP_PKEY that's being used.  This is done with the same properties
that were used with the initial operation implementation fetch, and
should therefore be safe, allowing only what those properties allow.

Fixes #16614

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)

(cherry picked from commit 839ffdd11c)
 		2021-10-27 12:46:16 +02:00
..
img doc: add PKEY life cycle documentation 2021-06-08 18:59:25 +10:00
EVP_ASYM_CIPHER-SM2.pod Document the provider side SM2 Asymmetric Cipher support 2020-09-25 11:13:54 +01:00
EVP_CIPHER-AES.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-ARIA.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-BLOWFISH.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-CAMELLIA.pod Add support for camellia cbc cts mode 2021-08-18 08:38:40 +10:00
EVP_CIPHER-CAST.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-CHACHA.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-DES.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-IDEA.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-RC2.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-RC4.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-RC5.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-SEED.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_CIPHER-SM4.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
EVP_KDF-HKDF.pod doc: reorder the string and int extract/expand param values 2021-08-05 15:44:00 +10:00
EVP_KDF-KB.pod Unify parameter types in documentation 2021-05-07 15:40:56 +02:00
EVP_KDF-KRB5KDF.pod Cleanup the missing*.txt files 2021-05-21 11:03:37 +02:00
EVP_KDF-PBKDF1.pod doc: add PBKDF1 provider documentation 2021-07-05 11:49:42 +10:00
EVP_KDF-PBKDF2.pod Revert "kdf: make function naming consistent." 2020-07-16 14:21:07 +02:00
EVP_KDF-PKCS12KDF.pod Move PKCS#12 KDF to provider. 2020-08-14 18:15:12 +10:00
EVP_KDF-SCRYPT.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_KDF-SS.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_KDF-SSHKDF.pod Fix the example SSH KDF code. 2021-09-09 16:41:42 +10:00
EVP_KDF-TLS1_PRF.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_KDF-TLS13_KDF.pod doc: add documentation for TLS13_KDF 2021-08-05 15:44:00 +10:00
EVP_KDF-X942-ASN1.pod doc: document additional argument to KDF derive calls 2021-02-28 17:25:49 +10:00
EVP_KDF-X942-CONCAT.pod Update copyright year 2021-09-07 13:29:33 +02:00
EVP_KDF-X963.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_KEM-RSA.pod Add KEM (Key encapsulation mechanism) support to providers 2020-09-19 18:08:46 +10:00
EVP_KEYEXCH-DH.pod Unify parameter types in documentation 2021-05-07 15:40:56 +02:00
EVP_KEYEXCH-ECDH.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
EVP_KEYEXCH-X25519.pod Update core_names.h fields and document most fields. 2020-05-26 13:53:07 +10:00
EVP_MAC-BLAKE2.pod doc: document the MAC block size getter 2021-05-25 17:23:50 +10:00
EVP_MAC-CMAC.pod doc: document the MAC block size getter 2021-05-25 17:23:50 +10:00
EVP_MAC-GMAC.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_MAC-HMAC.pod doc: document the MAC block size getter 2021-05-25 17:23:50 +10:00
EVP_MAC-KMAC.pod doc: document the MAC block size getter 2021-05-25 17:23:50 +10:00
EVP_MAC-Poly1305.pod mac: improve MAC documentation (Poly 1305 key reuse, nomenclature) 2021-05-14 22:24:00 +10:00
EVP_MAC-Siphash.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_MD-BLAKE2.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-MD2.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-MD4.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-MD5-SHA1.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-MD5.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-MDC2.pod Update copyright year 2021-02-18 15:05:17 +00:00
EVP_MD-RIPEMD160.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-SHA1.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-SHA2.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-SHA3.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-SHAKE.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-SM3.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-WHIRLPOOL.pod DOCS: Move implementation specific docs away from provider-digest(7) 2020-03-10 13:32:06 +01:00
EVP_MD-common.pod Update copyright year 2021-06-17 13:24:59 +01:00
EVP_PKEY-DH.pod Fix variable name mis-match in example code 2021-09-28 11:06:35 +10:00
EVP_PKEY-DSA.pod Add convenience functions and macros for asymmetric key generation 2021-05-11 12:46:42 +02:00
EVP_PKEY-EC.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
EVP_PKEY-FFC.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
EVP_PKEY-HMAC.pod Update the EVP_PKEY MAC documentation 2020-09-03 09:40:52 +01:00
EVP_PKEY-RSA.pod Update copyright year 2021-05-20 14:22:33 +01:00
EVP_PKEY-SM2.pod Documentation: SM2 keys can use only the SM2 curve 2021-06-24 11:29:58 +02:00
EVP_PKEY-X25519.pod doc: remove errant claim that these are not FIPS okay 2021-08-08 13:55:56 +10:00
EVP_RAND-CTR-DRBG.pod docs: update CTR DRBG documentation to not mention the lack of a derivation function in FIPS 2021-07-20 18:34:07 +10:00
EVP_RAND-HASH-DRBG.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_RAND-HMAC-DRBG.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_RAND-SEED-SRC.pod Update copyright year 2021-03-11 13:27:36 +00:00
EVP_RAND-TEST-RAND.pod test-rand: return failure on not enough data, allow parent 2021-10-26 20:03:37 +10:00
EVP_RAND.pod rand_drbg: remove RAND_DRBG. 2020-08-07 14:16:47 +10:00
EVP_SIGNATURE-DSA.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
EVP_SIGNATURE-ECDSA.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
EVP_SIGNATURE-ED25519.pod Update copyright year 2021-01-07 13:38:50 +00:00
EVP_SIGNATURE-HMAC.pod Update the EVP_PKEY MAC documentation 2020-09-03 09:40:52 +01:00
EVP_SIGNATURE-RSA.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
OSSL_PROVIDER-FIPS.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
OSSL_PROVIDER-base.pod Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE 2020-08-21 09:23:58 +02:00
OSSL_PROVIDER-default.pod Adjust the list of default provider's algorithms 2021-08-28 21:32:39 +02:00
OSSL_PROVIDER-legacy.pod Add Docs for EVP_CIPHER-* 2021-05-28 14:29:13 +02:00
OSSL_PROVIDER-null.pod Add a null provider which implements no algorithms. 2020-04-09 17:12:35 +10:00
RAND.pod Fix heading in random generator man7 page 2021-10-08 12:10:47 +10:00
RSA-PSS.pod
X25519.pod Update copyright year 2020-04-23 13:55:52 +01:00
bio.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
crypto.pod EVP: Allow a fallback for operations that work with an EVP_PKEY 2021-10-27 12:46:16 +02:00
ct.pod
des_modes.pod
evp.pod Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters(). 2021-04-27 09:45:53 +10:00
fips_module.pod doc: use the documented =item markers 2021-08-04 15:02:27 +10:00
life_cycle-cipher.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
life_cycle-digest.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
life_cycle-kdf.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
life_cycle-mac.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
life_cycle-pkey.pod doc: add PKEY life cycle documentation 2021-06-08 18:59:25 +10:00
life_cycle-rand.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
migration_guide.pod migration_guide: Mention ERR_GET_FUNC() and function code removal 2021-10-25 15:30:46 +02:00
openssl-core.h.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
openssl-core_dispatch.h.pod Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h> 2020-06-24 22:01:22 +02:00
openssl-core_names.h.pod DOCS: add openssl-core_names.h(7) 2020-05-29 08:26:10 +02:00
openssl-env.pod PKCS12 etc.: Add hints on using -legacy and -provider-path options 2021-04-19 16:23:46 +02:00
openssl-glossary.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
openssl-threads.pod Document openssl thread-safety 2021-01-15 10:51:51 +01:00
openssl_user_macros.pod.in Update copyright year 2021-07-29 15:41:35 +01:00
ossl_store-file.pod
ossl_store.pod
passphrase-encoding.pod Update copyright year 2021-09-07 13:29:33 +02:00
property.pod doc: document that property names are unique 2021-10-09 23:31:24 +10:00
provider-asym_cipher.pod Small fixes and cleanups of provider API documentation 2021-04-09 10:32:00 +02:00
provider-base.pod doc: OPENSSL_CORE_CTX should never be cast to OSSL_LIB_CTX 2021-10-11 10:59:11 +02:00
provider-cipher.pod doc: add references to cipher life cycle documentation 2021-06-08 18:56:53 +10:00
provider-decoder.pod DECODER: use property definitions instead of getting implementation parameters 2021-06-05 20:30:11 +10:00
provider-digest.pod doc: add references to digest life cycle documentation 2021-06-08 18:55:32 +10:00
provider-encoder.pod ENCODER: use property definitions instead of getting implementation parameters 2021-06-05 20:30:47 +10:00
provider-kdf.pod doc: add links to new KDF 2021-08-05 15:44:00 +10:00
provider-kem.pod Small fixes and cleanups of provider API documentation 2021-04-09 10:32:00 +02:00
provider-keyexch.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
provider-keymgmt.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
provider-mac.pod doc: document the MAC block size getter 2021-05-25 17:23:50 +10:00
provider-object.pod Update copyright year 2021-05-20 14:22:33 +01:00
provider-rand.pod doc: note that RAND lifecycle transitions will be enforced at some point 2021-03-26 18:21:36 +10:00
provider-signature.pod Fix the signature newctx documentation 2021-10-18 09:42:04 +02:00
provider-storemgmt.pod Unify parameter types in documentation 2021-05-07 15:40:56 +02:00
provider.pod Update documentation following updates to the provider code 2021-06-24 14:48:15 +01:00
proxy-certificates.pod doc: remove end of line whitespace 2021-09-22 16:23:31 +10:00
ssl.pod
x509.pod Update copyright year 2021-04-22 14:38:44 +01:00