Check whether the pubkey exists in ossl_ecx_key_dup

Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22984)

(cherry picked from commit aac531e5daa2edec5d47e702a7f115cf77fe07f9)

2 files changed, 11 insertions, 2 deletions

diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c
index 2ab7611be9..142569aba4 100644
--- a/crypto/ec/ecx_backend.c
+++ b/crypto/ec/ecx_backend.c
@@ -122,7 +122,7 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection)
     }
 
     ret->libctx = key->libctx;
-    ret->haspubkey = key->haspubkey;
+    ret->haspubkey = 0;
     ret->keylen = key->keylen;
     ret->type = key->type;
     ret->references = 1;
@@ -133,8 +133,11 @@ ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection)
             goto err;
     }
 
-    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+    if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
+        && key->haspubkey == 1) {
         memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey));
+        ret->haspubkey = 1;
+    }
 
     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
         && key->privkey != NULL) {
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index 1aabfef893..1c25ecf07a 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -1130,6 +1130,12 @@ static int test_fromdata_ecx(int tst)
                /* This should succeed because there are no parameters to copy */
             || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk)))
             goto err;
+        if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL))
+               /* This should fail because copy_pk has no pubkey */
+            || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0))
+            goto err;
+        EVP_PKEY_CTX_free(ctx2);
+        ctx2 = NULL;
         EVP_PKEY_free(copy_pk);
         copy_pk = NULL;