Avoid EVP_PKEY_cmp() crash on EC keys without public component
authorDavid Woodhouse <David.Woodhouse@intel.com>
Wed, 7 Sep 2016 15:53:18 +0000 (16:53 +0100)
committerRich Salz <rsalz@openssl.org>
Wed, 7 Sep 2016 17:56:43 +0000 (13:56 -0400)
commit8195a8691108d89fbb0dd11599154067009d10d6
tree091af705b578ee6fdab6de3d685a78a4936357ad
parent3f1014960353af29a05a7b5dac40afd30d4f9bb3
Avoid EVP_PKEY_cmp() crash on EC keys without public component

Some hardware devices don't provide the public EC_POINT data. The only
way for X509_check_private_key() to validate that the key matches a
given certificate is to actually perform a sign operation and then
verify it using the public key in the certificate.

Maybe that can come later, as discussed in issue 1532. But for now let's
at least make it fail gracefully and not crash.

GH: 1532

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1547)
(cherry picked from commit 92ed7fa575a80955f3bb6efefca9bf576a953586)
crypto/ec/ec_ameth.c