From 9e2ea5efb1dadeedac839eebf98c27c1a913541e Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 15 Dec 2020 14:09:05 +0100
Subject: [PATCH] Don't set pubkey if eckey already has public key

The 'ecdsa_check()' function tries to correctly set the public key
on the eckey, but this should be skipped if the public key is
retrieved via the private key.

(cherry picked from commit 06b972415296a397d7eca7be01432e87f531fae5)
---
 lib/dns/opensslecdsa_link.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index e7cfcf2d07..814b0f6a0a 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -563,17 +563,21 @@ static isc_result_t
 ecdsa_check(EC_KEY *eckey, EC_KEY *pubeckey) {
 	const EC_POINT *pubkey;
 
-	pubkey = EC_KEY_get0_public_key(pubeckey);
-	if (pubkey == NULL) {
-		return (ISC_R_SUCCESS);
-	}
-	if (EC_KEY_set_public_key(eckey, pubkey) != 1) {
+	pubkey = EC_KEY_get0_public_key(eckey);
+	if (pubkey != NULL) {
 		return (ISC_R_SUCCESS);
+	} else if (pubeckey != NULL) {
+		pubkey = EC_KEY_get0_public_key(pubeckey);
+		if (pubkey == NULL) {
+			return (ISC_R_SUCCESS);
+		}
+		if (EC_KEY_set_public_key(eckey, pubkey) != 1) {
+			return (ISC_R_SUCCESS);
+		}
 	}
 	if (EC_KEY_check_key(eckey) == 1) {
 		return (ISC_R_SUCCESS);
 	}
-
 	return (ISC_R_FAILURE);
 }