From 9aaa943f0a9f9cc2b6610d40619423cc5614dc38 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Wed, 29 Sep 2021 10:58:21 +0200
Subject: Fix EVP_PKEY_eq() to be possible to use with strictly private keys

EVP_PKEY_eq() assumed that an EVP_PKEY always has the public key
component if it has a private key component.  However, this assumption
no longer strictly holds true, at least for provider backed keys.
EVP_PKEY_eq() therefore needs to be modified to specify that the
private key should be checked too (at the discretion of what's
reasonable for the implementation doing the actual comparison).

Fixes #16267

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)

(cherry picked from commit f3ba62653815b2f7991103cdbea1ac155c8c916a)
---
 crypto/evp/p_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto/evp')

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 2552dd702a..27138af564 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -343,7 +343,7 @@ int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b)
 
     if (a->keymgmt != NULL || b->keymgmt != NULL)
         return evp_pkey_cmp_any(a, b, (SELECT_PARAMETERS
-                                       | OSSL_KEYMGMT_SELECT_PUBLIC_KEY));
+                                       | OSSL_KEYMGMT_SELECT_KEYPAIR));
 
     /* All legacy keys */
     if (a->type != b->type)
-- 
cgit v1.2.3