From 238a4c5555c89ac7f99694882f38115f3f61bf11 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 25 Oct 2021 13:07:01 +0100 Subject: Don't crash encoding a public key with no public key value If asked to encode an EC_KEY public key, but no public key value is present in the structure, we should fail rather than crash. Fixes the crash seen here: https://mta.openssl.org/pipermail/openssl-users/2021-October/014479.html Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16911) (cherry picked from commit 6187d9eac2738e873d23c0c91f9769333b1bb6af) --- providers/implementations/encode_decode/encode_key2any.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'providers/implementations/encode_decode') diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c index f142f2b242..9ee12a9fd4 100644 --- a/providers/implementations/encode_decode/encode_key2any.c +++ b/providers/implementations/encode_decode/encode_key2any.c @@ -701,6 +701,10 @@ static int prepare_ec_params(const void *eckey, int nid, int save, static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder) { + if (EC_KEY_get0_public_key(eckey) == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); + return 0; + } return i2o_ECPublicKey(eckey, pder); } -- cgit v1.2.3