Otherwise we can end up with a blank EVP_PKEY. If it is later recreated
it can end up with the wrong libctx/propq.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)
if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq))
return 0;
+ if (old->cert_info.key != NULL) {
+ EVP_PKEY *pkey = X509_PUBKEY_get0(old->cert_info.key);
+
+ if (pkey != NULL) {
+ pkey = EVP_PKEY_dup(pkey);
+ if (pkey == NULL) {
+ ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!X509_PUBKEY_set(&ret->cert_info.key, pkey)) {
+ EVP_PKEY_free(pkey);
+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ EVP_PKEY_free(pkey);
+ }
+ }
}
break;
default: