EVP_PKEY_eq() doesn't live up to its promise for provider keys #16704
Comments
levitte
added
branch: master
|
Referring to this comment and FWIW I completely agree that this text should be made more visible particularly in the context of provider keys: openssl/doc/man7/provider-keymgmt.pod Lines 203 to 208 in 398ae82 The reverse statement (private key equality means public key equality) then also permits the implementation of key matching for OQS keys so far tentatively done: If no public key is present, but |
It might be wise to check that any of |
|
This should be closed, shouldn't it? |
Yes. But it looks like I don't have permission to do so. |
No problem, I'm doing it. Now |
This was identified in another issue: #16267 (comment)
In EVP_PKEY_eq(3), the following is found:
So for all intents and purposes, was assumed that
EVP_PKEY_eq()could compare any key, no matter what...... except we decided that an
EVP_PKEYdoesn't necessarily have to hold a public key, and the assumption thatEVP_PKEY_eq()can be used to compare private keys via their public key no longer holds.Do note that for legacy EVP_PKEYs, the ever present public key is still a valid assumption (because existing implementations are built with the older assumption, and the method structure obligates it anyway), so this issue is only about EVP_PKEYs with provider backends.
The text was updated successfully, but these errors were encountered: