diff options
author | Pauli <pauli@openssl.org> | 2021-06-08 13:50:38 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-06-09 17:37:44 +1000 |
commit | 1af9b646e87115e0bd4782a9326564c9bef63bda (patch) | |
tree | e4a191d46c985a5655f95f1f415b9d9d04df328e /crypto | |
parent | 1355659bb83388a6ad98c730f38e94ec4e414b6b (diff) |
keymgmt: better detect when a key manager can be reused
Fixes #14159
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15652)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/keymgmt_lib.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index bbca3ddef5..f3dd876cfd 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -107,8 +107,16 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) if (pk->keydata == NULL) return NULL; - /* If |keymgmt| matches the "origin" |keymgmt|, no more to do */ - if (pk->keymgmt == keymgmt) + /* + * If |keymgmt| matches the "origin" |keymgmt|, there is no more to do. + * The "origin" is determined by the |keymgmt| pointers being identical + * or when the provider and the name ID match. The latter case handles the + * situation where the fetch cache is flushed and a "new" key manager is + * created. + */ + if (pk->keymgmt == keymgmt + || (pk->keymgmt->name_id == keymgmt->name_id + && pk->keymgmt->prov == keymgmt->prov)) return pk->keydata; if (!CRYPTO_THREAD_read_lock(pk->lock)) |