diff options
| author | Zhou Qingyang <zhou1615@umn.edu> | 2022-03-25 20:28:32 +0800 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-06-02 12:06:40 +0200 |
| commit | b375e158cb910b253d4bb68c2fd5c30a2da60670 (patch) | |
| tree | 6c831eade342d08d1dc334b8bb44c0bd02b8b4d8 /crypto/ec | |
| parent | 13bc9889cb2a19613397fd5f26ee60f2b031432b (diff) | |
Fix possible null pointer dereference of evp_pkey_get_legacy()
evp_pkey_get_legacy() will return NULL on failure, however several
uses of it or its wrappers does not check the return value of
evp_pkey_get_legacy(), which could lead to NULL pointer dereference.
Fix those possible bugs by adding NULL checking.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17967)
(cherry picked from commit b9a86d5dd8b5bd33be42390bcbb5121fe0ae71a1)
Diffstat (limited to 'crypto/ec')
| -rw-r--r-- | crypto/ec/ecx_meth.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 9098decf2f..f88731a0e2 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -808,6 +808,11 @@ static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (sig == NULL) { *siglen = ED25519_SIGSIZE; return 1; @@ -830,6 +835,11 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (sig == NULL) { *siglen = ED448_SIGSIZE; return 1; @@ -852,6 +862,11 @@ static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (siglen != ED25519_SIGSIZE) return 0; @@ -865,6 +880,11 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, { const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (siglen != ED448_SIGSIZE) return 0; @@ -1180,6 +1200,11 @@ static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); int rc; + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (sig == NULL) { *siglen = ED25519_SIGSIZE; return 1; @@ -1220,6 +1245,11 @@ static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx, const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); int rc; + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (sig == NULL) { *siglen = ED448_SIGSIZE; return 1; @@ -1262,6 +1292,11 @@ static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, } param; const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (siglen != ED25519_SIGSIZE) return 0; @@ -1289,6 +1324,11 @@ static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx, } param; const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); + if (edkey == NULL) { + ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); + return 0; + } + if (siglen != ED448_SIGSIZE) return 0; |