Avoid a NULL ptr deref if group is not set

We should only copy parameters and keys if the group is set. Otherwise they don't really make any sense. Previously we copied the private key regardless of whether the group was set...but if it wasn't a NULL ptr deref could occur. It's unclear whether we could ever get into that situation, but since we were already checking it for the public key we should be consistent. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-04-29 11:44:39 +0100
committer: Matt Caswell <matt@openssl.org> 2016-04-29 16:47:41 +0100
commit: 40a8643a37ea50781872acd740020ac5b6c8f699 (patch)
tree: e30d882def5a1348579d9985f4d6a97ab3d55b20 /crypto/ec
parent: 7001571330ce2e31234660c10ef26089a07b17c1 (diff)
1 files changed, 21 insertions, 20 deletions
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 22c6535e30..31ed8a58a8 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -148,28 +148,29 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, EC_KEY *src)
             return NULL;
         if (!EC_GROUP_copy(dest->group, src->group))
             return NULL;
-    }
-    /*  copy the public key */
-    if (src->pub_key != NULL && src->group != NULL) {
-        EC_POINT_free(dest->pub_key);
-        dest->pub_key = EC_POINT_new(src->group);
-        if (dest->pub_key == NULL)
-            return NULL;
-        if (!EC_POINT_copy(dest->pub_key, src->pub_key))
-            return NULL;
-    }
-    /* copy the private key */
-    if (src->priv_key != NULL) {
-        if (dest->priv_key == NULL) {
-            dest->priv_key = BN_new();
-            if (dest->priv_key == NULL)
+
+        /*  copy the public key */
+        if (src->pub_key != NULL) {
+            EC_POINT_free(dest->pub_key);
+            dest->pub_key = EC_POINT_new(src->group);
+            if (dest->pub_key == NULL)
+                return NULL;
+            if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+                return NULL;
+        }
+        /* copy the private key */
+        if (src->priv_key != NULL) {
+            if (dest->priv_key == NULL) {
+                dest->priv_key = BN_new();
+                if (dest->priv_key == NULL)
+                    return NULL;
+            }
+            if (!BN_copy(dest->priv_key, src->priv_key))
+                return NULL;
+            if (src->group->meth->keycopy
+                && src->group->meth->keycopy(dest, src) == 0)
                 return NULL;
         }
-        if (!BN_copy(dest->priv_key, src->priv_key))
-            return NULL;
-        if (src->group->meth->keycopy
-            && src->group->meth->keycopy(dest, src) == 0)
-            return NULL;
     }
author	Matt Caswell <matt@openssl.org>	2016-04-29 11:44:39 +0100
committer	Matt Caswell <matt@openssl.org>	2016-04-29 16:47:41 +0100
commit	40a8643a37ea50781872acd740020ac5b6c8f699 (patch)
tree	e30d882def5a1348579d9985f4d6a97ab3d55b20 /crypto/ec
parent	7001571330ce2e31234660c10ef26089a07b17c1 (diff)