keymgmt: better detect when a key manager can be reused

Fixes #14159 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #15652)
openssl · Jun 9, 2021 · 1af9b64 · 1af9b64
1 parent 1355659
commit 1af9b64
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
@@ -107,8 +107,16 @@ void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
     if (pk->keydata == NULL)
         return NULL;
 
-    /* If |keymgmt| matches the "origin" |keymgmt|, no more to do */
-    if (pk->keymgmt == keymgmt)
+    /*
+     * If |keymgmt| matches the "origin" |keymgmt|, there is no more to do.
+     * The "origin" is determined by the |keymgmt| pointers being identical
+     * or when the provider and the name ID match.  The latter case handles the
+     * situation where the fetch cache is flushed and a "new" key manager is
+     * created.
+     */
+    if (pk->keymgmt == keymgmt
+        || (pk->keymgmt->name_id == keymgmt->name_id
+            && pk->keymgmt->prov == keymgmt->prov))
         return pk->keydata;
 
     if (!CRYPTO_THREAD_read_lock(pk->lock))