EVP: Fix evp_keymgmt_util_copy() for to->keymgmt == NULL

evp_keymgmt_util_copy() didn't treat the case to->keymgmt correctly.
The proper change is to use from->keymgmt when to->keymgmt is NULL.

Fixes coverity #1462553

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11668)

diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c
index 3493ceb3cbb2f598a718b54cdd1d911ad66735ba..54805d741d7d16fe14cba538aeef5e9b400cc138 100644 (file)
--- a/crypto/evp/keymgmt_lib.c
+++ b/crypto/evp/keymgmt_lib.c
@@ -346,10 +346,19 @@ int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection)
     if (from == NULL || from->keydata == NULL)
         return 0;
 
+    /*
+     * If |to| is unassigned, ensure it gets the same KEYMGMT as |from|,
+     * Note that the final setting of KEYMGMT is done further down, with
+     * EVP_PKEY_set_type_by_keymgmt(); we don't want to do that prematurely.
+     */
+    if (to_keymgmt == NULL)
+        to_keymgmt = from->keymgmt;
+
     if (to_keymgmt == from->keymgmt && to_keymgmt->copy != NULL) {
         /* Make sure there's somewhere to copy to */
         if (to_keydata == NULL
-            && (to_keydata = evp_keymgmt_newdata(to_keymgmt)) == NULL) {
+            && ((to_keydata = alloc_keydata = evp_keymgmt_newdata(to_keymgmt))
+                == NULL)) {
             ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
             return 0;
         }
@@ -375,10 +384,11 @@ int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection)
         }
 
         /*
-         * In this case to_keydata was previously unallocated, try_import()
+         * In case to_keydata was previously unallocated, try_import()
          * may have created it for us.
          */
-        to_keydata = import_data.keydata;
+        if (to_keydata == NULL)
+            to_keydata = alloc_keydata = import_data.keydata;
     } else {
         ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES);
         return 0;