From: manison <manison@users.noreply.github.com>
Date: Wed, 12 Jan 2022 19:53:48 +0000 (+0100)
Subject: EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other... 
X-Git-Tag: openssl-3.2.0-alpha1~3071
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=37b850738cbab74413d41033b2a4df1d69e1fa4a;p=thirdparty%2Fopenssl.git

EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails

Fixes #17482

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17487)
---

diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index 2a73e9a2be9..05c4e979574 100644
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -370,7 +370,7 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection)
          * but also to determine if we should attempt a cross export
          * the other way.  There's no point doing it both ways.
          */
-        int ok = 1;
+        int ok = 0;
 
         /* Complex case, where the keymgmt differ */
         if (keymgmt1 != NULL