EC_KEY_copy() don't leave stale private keys in place

As most other objects, EC_KEYs can be as sparsely and invalidly populated
as imagination permits and the competent designers of EC_KEY_copy() chose
to just copy over what's available (yeah, what kind of copy is that?) and
leave in place what happens to be there. In particular, if the dest EC key
was used with a different group and has a private key, but the source key
doesn't, the dest private key remains intact, as invalid, incompatible and
unusable as it may be. Fix this by clearing said private key.

ok jsing

1 files changed, 3 insertions, 6 deletions

diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index 1aef634349..662a7c0f49 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.46 2024/11/08 22:10:18 tb Exp $ */
+/* $OpenBSD: ec_key.c,v 1.47 2024/11/15 08:49:07 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -150,12 +150,9 @@ EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
                 }
         }
 
-        /*
-         * XXX - if there's no priv_key on src, dest retains its probably
-         * invalid priv_key. This makes no sense. Can we change this?
-         */
+        BN_free(dest->priv_key);
+        dest->priv_key = NULL;
         if (src->priv_key != NULL) {
-                BN_free(dest->priv_key);
                 if ((dest->priv_key = BN_dup(src->priv_key)) == NULL)
                         return NULL;
         }