keymgmt: better detect when a key manager can be reused

author Pauli <pauli@openssl.org>

Tue, 8 Jun 2021 03:50:38 +0000 (13:50 +1000)

committer Pauli <pauli@openssl.org>

Wed, 9 Jun 2021 07:37:44 +0000 (17:37 +1000)
author Pauli <pauli@openssl.org>
Tue, 8 Jun 2021 03:50:38 +0000 (13:50 +1000)
committer Pauli <pauli@openssl.org>
Wed, 9 Jun 2021 07:37:44 +0000 (17:37 +1000)
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c

index bbca3ddef53af32665f2d6ac9b16fe438b7bcbed..f3dd876cfdf2cc5c06563a8d96497badf4bda83e 100644 (file)
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -107,8 +107,16 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
      if (pk->keydata == NULL)
          return NULL;
  
-    /* If |keymgmt| matches the "origin" |keymgmt|, no more to do */
-    if (pk->keymgmt == keymgmt)
+    /*
+     * If |keymgmt| matches the "origin" |keymgmt|, there is no more to do.
+     * The "origin" is determined by the |keymgmt| pointers being identical
+     * or when the provider and the name ID match.  The latter case handles the
+     * situation where the fetch cache is flushed and a "new" key manager is
+     * created.
+     */
+    if (pk->keymgmt == keymgmt
+        || (pk->keymgmt->name_id == keymgmt->name_id
+            && pk->keymgmt->prov == keymgmt->prov))
          return pk->keydata;
  
      if (!CRYPTO_THREAD_read_lock(pk->lock))
author	Pauli <pauli@openssl.org>
	Tue, 8 Jun 2021 03:50:38 +0000 (13:50 +1000)
committer	Pauli <pauli@openssl.org>
	Wed, 9 Jun 2021 07:37:44 +0000 (17:37 +1000)