keymgmt: better detect when a key manager can be reused

Fixes #14159 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15652)
author: Pauli <pauli@openssl.org> 2021-06-08 13:50:38 +1000
committer: Pauli <pauli@openssl.org> 2021-06-09 17:37:44 +1000
commit: 1af9b646e87115e0bd4782a9326564c9bef63bda (patch)
tree: e4a191d46c985a5655f95f1f415b9d9d04df328e /crypto
parent: 1355659bb83388a6ad98c730f38e94ec4e414b6b (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index bbca3ddef5..f3dd876cfd 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -107,8 +107,16 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
     if (pk->keydata == NULL)
         return NULL;
 
-    /* If |keymgmt| matches the "origin" |keymgmt|, no more to do */
-    if (pk->keymgmt == keymgmt)
+    /*
+     * If |keymgmt| matches the "origin" |keymgmt|, there is no more to do.
+     * The "origin" is determined by the |keymgmt| pointers being identical
+     * or when the provider and the name ID match.  The latter case handles the
+     * situation where the fetch cache is flushed and a "new" key manager is
+     * created.
+     */
+    if (pk->keymgmt == keymgmt
+        || (pk->keymgmt->name_id == keymgmt->name_id
+            && pk->keymgmt->prov == keymgmt->prov))
         return pk->keydata;
 
     if (!CRYPTO_THREAD_read_lock(pk->lock))
author	Pauli <pauli@openssl.org>	2021-06-08 13:50:38 +1000
committer	Pauli <pauli@openssl.org>	2021-06-09 17:37:44 +1000
commit	1af9b646e87115e0bd4782a9326564c9bef63bda (patch)
tree	e4a191d46c985a5655f95f1f415b9d9d04df328e /crypto
parent	1355659bb83388a6ad98c730f38e94ec4e414b6b (diff)