/*
* A comparison and sk_P_CACHE_ELEM_find() are avoided to not cause
* problems when we've only a read lock.
+ * A keymgmt is a match if the |keymgmt| pointers are identical or if the
+ * provider and the name ID match
*/
for (i = 0; i < end; i++) {
p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i);
- if (keymgmt == p->keymgmt && (p->selection & selection) == selection)
+ if ((p->selection & selection) == selection
+ && (keymgmt == p->keymgmt
+ || (keymgmt->name_id == p->keymgmt->name_id
+ && keymgmt->prov == p->keymgmt->prov)))
return p;
}
return NULL;
* If |tmp_keymgmt| is present in the operation cache, it means
* that export doesn't need to be redone. In that case, we take
* token copies of the cached pointers, to have token success
- * values to return.
+ * values to return. It is possible (e.g. in a no-cached-fetch
+ * build), for op->keymgmt to be a different pointer to tmp_keymgmt
+ * even though the name/provider must be the same. In other words
+ * the keymgmt instance may be different but still equivalent, i.e.
+ * same algorithm/provider instance - but we make the simplifying
+ * assumption that the keydata can be used with either keymgmt
+ * instance. Not doing so introduces significant complexity and
+ * probably requires refactoring - since we would have to ripple
+ * the change in keymgmt instance up the call chain.
*/
if (op != NULL && op->keymgmt != NULL) {
keydata = op->keydata;