What is the purpose of the assignment to i here?

Must be old cruft. Removing.

Doesn't seem to have been removed.

Nope, but if you read the comment a couple of lines up, I think the reason will become clear 😉

Wouldnt if (!ossl_assert())
return 0;
be better?

Doesn't seem to have been removed.

This doesn's seem to quite make sense...why do we check provdata2 == NULL? I would have expected:

if (provdata1 != NULL && provdata2 != NULL)

Good point.

Wouldn't this up ref be better inside the if block below? That way you don't have to then down-ref it in the else block. Or alternatively place it immediately before the final assignment to->pkeys[0].keymgmt = keymgmt_to

I'll have another look. Thanks for the heads up

So iskey, cmpkey and dupkey are mandatory?

Yes.

The NULL here for the libctx parameter seems wrong

I'm quite confused by what you are trying to do here...we just seem to be trying to export the key data to "whatever", regardless of whether the key already exists in a provider?

Not "whatever". To a keymgmt that corresponds to the type of the from key, and only if it's not already exported to the keymgmt of that key.

What libctx would you pass to evp_pkey_make_provided?

I'm not sure, but this is problematic. If you're trying to copy parameters from one key to another for a key type that does not exist in the default provider (but does in some other libctx) then its not going to work.

So a copy parameters operation frees any pre-existing key data? Is that the correct semantics?

frees any pre-existing key data

Just the legacy bits, and only if from doesn't have any legacy bits... but I need to have another look at the evp_pkey_make_provided call...

Again, I'm concerned about the use of the default libctx here. What if the default libctx doesn't have a provider for this type of key loaded?

"is or contains"...I'm not sure I understand this. Please explain?

What is this file?

Oops, stray

What is this file?

Oops, stray

Do all entries in pk->pkeys[i] have the same domainparams setting?
If they do then maybe it should not be stored in the array.
If they dont then this logic is incorrect.

When I designed this cache, I did intend for it to be able to hold a mixture, but that turned out difficult / flawed. That's why you see these indicators on a per cache item basis, and you're right, it can be taken out from there. I think that's a topic for a separate PR, though...

I really dislike this being called _cmp()
cmp() to me means return 0 if equal.

The public name will not change, obviously, but feel free to suggest a better name for this function.

equals() ?

The old code checked for ameth == NULL (Maybe put that back in just in case)

maybe remove is or

if it does

Should this be ||

OR
return == 0
&& == 0

Not sure why you need these null checks : BN_cmp returns 0 if both NULL or if they are equal otherwise it returns -1 or 1 dependent on a < b.. So the cmp()==0 should be sufficient.

I hadn't looked at BN_cmp's behavior. Thanks for the heads up

If we can set keys up via setparams would it be possible to only have the private key bit?

The general assumption with openssl is that a valid key pair always has the public half. A lot will fall apart if that doesn't hold true.

hmm this is an interesting check... Are we only interested in the public key comparison here?

I basically copied the code from dh_ameth.c. Interestingly enough, the legacy function pointer is called pub_cmp, so it's a bit more explicit. I was thinking that it would be up to the provider to decide exactly how detailed the comparison should be. In this implementation, I chose to do like we did before. For some implementations where the private half is hidden (typically HSMs), this would be the only possible comparison.

With the assumption that the private half actually corresponds to the public part, this comparison is enough. I suppose that key validation will ensure this validity?

||'s

OR...
return BN_cmp() == 0
&& BN_cmp() == 0...