]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7c9a7cf)
Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer...
authorShane Lontis <shane.lontis@oracle.com>
Mon, 10 Aug 2020 00:16:26 +0000 (10:16 +1000)
committerShane Lontis <shane.lontis@oracle.com>
Tue, 11 Aug 2020 23:25:49 +0000 (09:25 +1000)
RSA keys in the 'base' provider are different from a fips provider RSA key (since they have different object structures).
To use a fips provider key in the base serializer the key needs to be exported.
The fix was suggested by @levitte.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12162)

crypto/serializer/serializer_pkey.c patch | blob | blame | history

diff --git a/crypto/serializer/serializer_pkey.c b/crypto/serializer/serializer_pkey.c
index 6e24ed73f0d691b751b751ddb5c785ab869188df..d31b3cce8b387747c1b58af5c285d5f2e2352726 100644 (file)
--- a/crypto/serializer/serializer_pkey.c
+++ b/crypto/serializer/serializer_pkey.c
@@ -150,7 +150,8 @@ static int serializer_EVP_PKEY_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out)
     if (ctx->ser == NULL)
         return 0;
 
-    if (ctx->ser->serialize_object == NULL) {
+    if (ctx->ser->serialize_object == NULL
+        || OSSL_SERIALIZER_provider(ctx->ser) != EVP_KEYMGMT_provider(keymgmt)) {
         struct serializer_write_data_st write_data;
 
         write_data.ctx = ctx;
Mirror of https://github.com/openssl/openssl.git