From: Shane Lontis Date: Mon, 10 Aug 2020 00:16:26 +0000 (+1000) Subject: Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer... X-Git-Tag: openssl-3.0.0-alpha7~579 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af88e64a98a6402dabd41ac2de194444dd285b49;p=thirdparty%2Fopenssl.git Fix serializer_EVP_PKEY_to_bio so that that the key is exported if the serializer provider does not match the key provider. RSA keys in the 'base' provider are different from a fips provider RSA key (since they have different object structures). To use a fips provider key in the base serializer the key needs to be exported. The fix was suggested by @levitte. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12162) --- diff --git a/crypto/serializer/serializer_pkey.c b/crypto/serializer/serializer_pkey.c index 6e24ed73f0d..d31b3cce8b3 100644 --- a/crypto/serializer/serializer_pkey.c +++ b/crypto/serializer/serializer_pkey.c @@ -150,7 +150,8 @@ static int serializer_EVP_PKEY_to_bio(OSSL_SERIALIZER_CTX *ctx, BIO *out) if (ctx->ser == NULL) return 0; - if (ctx->ser->serialize_object == NULL) { + if (ctx->ser->serialize_object == NULL + || OSSL_SERIALIZER_provider(ctx->ser) != EVP_KEYMGMT_provider(keymgmt)) { struct serializer_write_data_st write_data; write_data.ctx = ctx;