From 92ed7fa575a80955f3bb6efefca9bf576a953586 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 7 Sep 2016 16:53:18 +0100 Subject: [PATCH] Avoid EVP_PKEY_cmp() crash on EC keys without public component Some hardware devices don't provide the public EC_POINT data. The only way for X509_check_private_key() to validate that the key matches a given certificate is to actually perform a sign operation and then verify it using the public key in the certificate. Maybe that can come later, as discussed in issue 1532. But for now let's at least make it fail gracefully and not crash. GH: 1532 Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1547) --- crypto/ec/ec_ameth.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index a899932ee1..9792007a20 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -171,6 +171,8 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), *pb = EC_KEY_get0_public_key(b->pkey.ec); + if (group == NULL || pa == NULL || pb == NULL) + return -2; r = EC_POINT_cmp(group, pa, pb, NULL); if (r == 0) return 1; @@ -311,6 +313,8 @@ static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), *group_b = EC_KEY_get0_group(b->pkey.ec); + if (group_a == NULL || group_b == NULL) + return -2; if (EC_GROUP_cmp(group_a, group_b, NULL)) return 0; else -- 2.25.1