From 2fee530c86d5e203a311e0857330fa94ab18c6e9 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Sat, 29 Oct 2022 11:48:51 +0200
Subject: pem: avoid segfault if PKEY is NULL in PEM_write_bio_PrivateKey

Make the code more robust and correctly handle EVP_PKEY set to NULL
instead of dereferencing null pointer.

Signed-off-by: Milan Broz <gmazyland@gmail.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19536)

(cherry picked from commit 373d90128042cb0409e347827d80b50a99d3965a)
---
 crypto/pem/pem_pkey.c         | 5 ++++-
 test/evp_pkey_provided_test.c | 7 ++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 53367c03db..8ffeed9d78 100644
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -311,7 +311,7 @@ PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio)
     IMPLEMENT_PEM_provided_write_body_main(pkey, bio);
 
  legacy:
-    if (x->ameth == NULL || x->ameth->priv_encode != NULL)
+    if (x != NULL && (x->ameth == NULL || x->ameth->priv_encode != NULL))
         return PEM_write_bio_PKCS8PrivateKey(out, x, enc,
                                              (const char *)kstr, klen, cb, u);
     return PEM_write_bio_PrivateKey_traditional(out, x, enc, kstr, klen, cb, u);
@@ -336,6 +336,9 @@ int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x,
     EVP_PKEY *copy = NULL;
     int ret;
 
+    if (x == NULL)
+        return 0;
+
     if (evp_pkey_is_assigned(x)
         && evp_pkey_is_provided(x)
         && evp_pkey_copy_downgraded(&copy, x))
diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c
index 8faf0838d0..d1a287e277 100644
--- a/test/evp_pkey_provided_test.c
+++ b/test/evp_pkey_provided_test.c
@@ -188,7 +188,12 @@ static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk)
         /* Unencrypted private key in PEM form */
         || !TEST_true(PEM_write_bio_PrivateKey(membio, pk,
                                                NULL, NULL, 0, NULL, NULL))
-        || !TEST_true(compare_with_file(alg, PRIV_PEM, membio)))
+        || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))
+        /* NULL key */
+        || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL,
+                                               NULL, NULL, 0, NULL, NULL))
+        || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL,
+                                               NULL, NULL, 0, NULL, NULL)))
         goto err;
 
     ret = 1;
-- 
cgit v1.2.3