diff options
author | Matt Caswell <matt@openssl.org> | 2021-05-27 09:00:47 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-06-05 17:39:27 +1000 |
commit | 6282d6c28456543734defc45f653adeec1362958 (patch) | |
tree | b1d6d23e0317886150b569c45ae7f1f868d6a8b5 /crypto | |
parent | c6313780586f94b0542f55c3ffa399f5ad2c7297 (diff) |
Make sure X509_dup() also dup's any associated EVP_PKEY
Otherwise we can end up with a blank EVP_PKEY. If it is later recreated
it can end up with the wrong libctx/propq.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x_x509.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index a45b89cbeb..6666058b4c 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -104,6 +104,23 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq)) return 0; + if (old->cert_info.key != NULL) { + EVP_PKEY *pkey = X509_PUBKEY_get0(old->cert_info.key); + + if (pkey != NULL) { + pkey = EVP_PKEY_dup(pkey); + if (pkey == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!X509_PUBKEY_set(&ret->cert_info.key, pkey)) { + EVP_PKEY_free(pkey); + ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); + return 0; + } + EVP_PKEY_free(pkey); + } + } } break; default: |