diff options
author | Richard Levitte <levitte@openssl.org> | 2020-07-20 10:50:04 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-07-24 16:47:20 +0200 |
commit | a57fc73063bee3fb787e583f5778433ef29d58eb (patch) | |
tree | 494db44a1c07ea517f84b0c24108b913f6b3ec85 | |
parent | e2ac846eff6856136d67c46751b2b8ca16a5b575 (diff) | |
download | openssl-a57fc73063bee3fb787e583f5778433ef29d58eb.tar.gz |
EVP: Fix key type check logic in evp_pkey_cmp_any()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12410)
-rw-r--r-- | crypto/evp/p_lib.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 1021b42dcf..65a767b4d0 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -219,23 +219,22 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b, void *keydata1 = NULL, *keydata2 = NULL, *tmp_keydata = NULL; /* If none of them are provided, this function shouldn't have been called */ - if (!ossl_assert(a->keymgmt != NULL || b->keymgmt != NULL)) + if (!ossl_assert(evp_pkey_is_provided(a) || evp_pkey_is_provided(b))) return -2; /* For purely provided keys, we just call the keymgmt utility */ - if (a->keymgmt != NULL && b->keymgmt != NULL) + if (evp_pkey_is_provided(a) && evp_pkey_is_provided(b)) return evp_keymgmt_util_match((EVP_PKEY *)a, (EVP_PKEY *)b, selection); /* * At this point, one of them is provided, the other not. This allows * us to compare types using legacy NIDs. */ - if ((a->type != EVP_PKEY_NONE - && (b->keymgmt == NULL - || !EVP_KEYMGMT_is_a(b->keymgmt, OBJ_nid2sn(a->type)))) - || (b->type != EVP_PKEY_NONE - && (a->keymgmt == NULL - || !EVP_KEYMGMT_is_a(a->keymgmt, OBJ_nid2sn(b->type))))) + if (evp_pkey_is_legacy(a) + && !EVP_KEYMGMT_is_a(b->keymgmt, OBJ_nid2sn(a->type))) + return -1; /* not the same key type */ + if (evp_pkey_is_legacy(b) + && !EVP_KEYMGMT_is_a(a->keymgmt, OBJ_nid2sn(b->type))) return -1; /* not the same key type */ /* |