libssl: Accept any key management which implements the group

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26328)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 011ddc51d931b9b5df2efbad7d873d4b8a8f24dc..8fb1470b80fe9ea52a1337efdd90647fd3ec8dea 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -242,7 +242,6 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data)
 {
     struct provider_ctx_data_st *pgd = data;
     SSL_CTX *ctx = pgd->ctx;
-    OSSL_PROVIDER *provider = pgd->provider;
     const OSSL_PARAM *p;
     TLS_GROUP_INFO *ginf = NULL;
     EVP_KEYMGMT *keymgmt;
@@ -352,23 +351,9 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data)
     ERR_set_mark();
     keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq);
     if (keymgmt != NULL) {
-        /*
-         * We have successfully fetched the algorithm - however if the provider
-         * doesn't match this one then we ignore it.
-         *
-         * Note: We're cheating a little here. Technically if the same algorithm
-         * is available from more than one provider then it is undefined which
-         * implementation you will get back. Theoretically this could be
-         * different every time...we assume here that you'll always get the
-         * same one back if you repeat the exact same fetch. Is this a reasonable
-         * assumption to make (in which case perhaps we should document this
-         * behaviour)?
-         */
-        if (EVP_KEYMGMT_get0_provider(keymgmt) == provider) {
-            /* We have a match - so we will use this group */
-            ctx->group_list_len++;
-            ginf = NULL;
-        }
+        /* We have successfully fetched the algorithm, we can use the group. */
+        ctx->group_list_len++;
+        ginf = NULL;
         EVP_KEYMGMT_free(keymgmt);
     }
     ERR_pop_to_mark();