From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 15 Dec 2020 13:09:05 +0000 (+0100)
Subject: Don't set pubkey if eckey already has public key
X-Git-Tag: v9.17.10~21^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06b972415296a397d7eca7be01432e87f531fae5;p=thirdparty%2Fbind9.git

Don't set pubkey if eckey already has public key

The 'ecdsa_check()' function tries to correctly set the public key
on the eckey, but this should be skipped if the public key is
retrieved via the private key.
---

diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index bcf92b6ca4b..b5d8b967961 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -561,17 +561,21 @@ static isc_result_t
 ecdsa_check(EC_KEY *eckey, EC_KEY *pubeckey) {
 	const EC_POINT *pubkey;
 
-	pubkey = EC_KEY_get0_public_key(pubeckey);
-	if (pubkey == NULL) {
-		return (ISC_R_SUCCESS);
-	}
-	if (EC_KEY_set_public_key(eckey, pubkey) != 1) {
+	pubkey = EC_KEY_get0_public_key(eckey);
+	if (pubkey != NULL) {
 		return (ISC_R_SUCCESS);
+	} else if (pubeckey != NULL) {
+		pubkey = EC_KEY_get0_public_key(pubeckey);
+		if (pubkey == NULL) {
+			return (ISC_R_SUCCESS);
+		}
+		if (EC_KEY_set_public_key(eckey, pubkey) != 1) {
+			return (ISC_R_SUCCESS);
+		}
 	}
 	if (EC_KEY_check_key(eckey) == 1) {
 		return (ISC_R_SUCCESS);
 	}
-
 	return (ISC_R_FAILURE);
 }