The branch master has been updated
via 1af9b646e87115e0bd4782a9326564c9bef63bda (commit)
from 1355659bb83388a6ad98c730f38e94ec4e414b6b (commit)
- Log -----------------------------------------------------------------
commit 1af9b646e87115e0bd4782a9326564c9bef63bda
Author: Pauli <pa...@openssl.org>
Date: Tue Jun 8 13:50:38 2021 +1000
keymgmt: better detect when a key manager can be reused
Fixes #14159
Reviewed-by: Tomas Mraz <to...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15652)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/keymgmt_lib.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index bbca3ddef5..f3dd876cfd 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -107,8 +107,16 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk,
EVP_KEYMGMT *keymgmt)
if (pk->keydata == NULL)
return NULL;
- /* If |keymgmt| matches the "origin" |keymgmt|, no more to do */
- if (pk->keymgmt == keymgmt)
+ /*
+ * If |keymgmt| matches the "origin" |keymgmt|, there is no more to do.
+ * The "origin" is determined by the |keymgmt| pointers being identical
+ * or when the provider and the name ID match. The latter case handles the
+ * situation where the fetch cache is flushed and a "new" key manager is
+ * created.
+ */
+ if (pk->keymgmt == keymgmt
+ || (pk->keymgmt->name_id == keymgmt->name_id
+ && pk->keymgmt->prov == keymgmt->prov))
return pk->keydata;
if (!CRYPTO_THREAD_read_lock(pk->lock))
