diff options
author | Zhou Qingyang <zhou1615@umn.edu> | 2022-03-25 20:28:32 +0800 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-06-02 12:06:08 +0200 |
commit | b9a86d5dd8b5bd33be42390bcbb5121fe0ae71a1 (patch) | |
tree | 53c1b7060e1819d6de264e2b3e4e33e37568073e /crypto/ec | |
parent | c4ed6f6f0ee700e0473def049659061dd52fd3fc (diff) |
Fix possible null pointer dereference of evp_pkey_get_legacy()
evp_pkey_get_legacy() will return NULL on failure, however several
uses of it or its wrappers does not check the return value of
evp_pkey_get_legacy(), which could lead to NULL pointer dereference.
Fix those possible bugs by adding NULL checking.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17967)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ecx_meth.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index f43c43c9c8..6e6e55e085 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -809,6 +809,11 @@ static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (sig == NULL) { *siglen = ED25519_SIGSIZE; return 1; @@ -831,6 +836,11 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (sig == NULL) { *siglen = ED448_SIGSIZE; return 1; @@ -853,6 +863,11 @@ static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (siglen != ED25519_SIGSIZE) return 0; @@ -866,6 +881,11 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (siglen != ED448_SIGSIZE) return 0; @@ -1181,6 +1201,11 @@ static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); int rc; + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (sig == NULL) { *siglen = ED25519_SIGSIZE; return 1; @@ -1221,6 +1246,11 @@ static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx, const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); int rc; + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (sig == NULL) { *siglen = ED448_SIGSIZE; return 1; @@ -1263,6 +1293,11 @@ static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, } param; const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (siglen != ED25519_SIGSIZE) return 0; @@ -1290,6 +1325,11 @@ static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx, } param; const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (siglen != ED448_SIGSIZE) return 0; |