X509_dup: Avoid duplicating the embedded EVP_PKEY

The EVP_PKEY will be recreated from scratch which is OK.

Fixes #16606

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16648)

diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index d14de0e77e8978d85ace4f228f851ca9a4e88ff4..010578b19a31107eba01954ada995d1a785f8a94 100644 (file)
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -104,23 +104,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
             if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq))
                 return 0;
-            if (old->cert_info.key != NULL) {
-                EVP_PKEY *pkey = X509_PUBKEY_get0(old->cert_info.key);
-
-                if (pkey != NULL) {
-                    pkey = EVP_PKEY_dup(pkey);
-                    if (pkey == NULL) {
-                        ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                    }
-                    if (!X509_PUBKEY_set(&ret->cert_info.key, pkey)) {
-                        EVP_PKEY_free(pkey);
-                        ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
-                        return 0;
-                    }
-                    EVP_PKEY_free(pkey);
-                }
-            }
         }
         break;
     case ASN1_OP_GET0_LIBCTX:
@@ -130,6 +113,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
             *libctx = ret->libctx;
         }
         break;
+
     case ASN1_OP_GET0_PROPQ:
         {
             const char **propq = exarg;
@@ -137,6 +121,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
             *propq = ret->propq;
         }
         break;
+
     default:
         break;
     }