diff options
| -rw-r--r-- | crypto/evp/keymgmt_lib.c | 7 | ||||
| -rw-r--r-- | crypto/evp/p_lib.c | 10 |
2 files changed, 15 insertions, 2 deletions
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 6408076b1f..7029e8a0a4 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -239,10 +239,15 @@ OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, /* * A comparison and sk_P_CACHE_ELEM_find() are avoided to not cause * problems when we've only a read lock. + * A keymgmt is a match if the |keymgmt| pointers are identical or if the + * provider and the name ID match */ for (i = 0; i < end; i++) { p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i); - if (keymgmt == p->keymgmt && (p->selection & selection) == selection) + if ((p->selection & selection) == selection + && (keymgmt == p->keymgmt + || (keymgmt->name_id == p->keymgmt->name_id + && keymgmt->prov == p->keymgmt->prov))) return p; } return NULL; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 06a127a820..f7893d453d 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1916,7 +1916,15 @@ void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, * If |tmp_keymgmt| is present in the operation cache, it means * that export doesn't need to be redone. In that case, we take * token copies of the cached pointers, to have token success - * values to return. + * values to return. It is possible (e.g. in a no-cached-fetch + * build), for op->keymgmt to be a different pointer to tmp_keymgmt + * even though the name/provider must be the same. In other words + * the keymgmt instance may be different but still equivalent, i.e. + * same algorithm/provider instance - but we make the simplifying + * assumption that the keydata can be used with either keymgmt + * instance. Not doing so introduces significant complexity and + * probably requires refactoring - since we would have to ripple + * the change in keymgmt instance up the call chain. */ if (op != NULL && op->keymgmt != NULL) { keydata = op->keydata; |