[openssl] master update

Richard Levitte levitte at openssl.org
Thu Aug 20 05:47:48 UTC 2020

The branch master has been updated
       via  a24b510c28006cdb9ef47009298589e0ea546334 (commit)
      from  c7dfb2abe5655ad1de7dfbdf5a9a6b0164f429cf (commit)

- Log -----------------------------------------------------------------
commit a24b510c28006cdb9ef47009298589e0ea546334
Author: Richard Levitte <levitte at openssl.org>
Date:   Fri Aug 7 18:47:04 2020 +0200

    EVP: Have evp_pkey_cmp_any() detect if export wasn't possible
    There are some EC keys that can't be exported to provider keymgmt,
    because the keymgmt implementation doesn't support certain forms of EC
    keys.  This could lead to a crash caused by dereferencing a NULL
    pointer, so we need to cover that case by returning an error instead.
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/12610)


Summary of changes:
 crypto/evp/p_lib.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 145c5286ce..bee6337a88 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -269,6 +269,10 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b,
     if (keymgmt1 != keymgmt2)
         return -2;
+    /* If the keymgmt implementations are NULL, the export failed */
+    if (keymgmt1 == NULL)
+        return -2;
     return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection);

More information about the openssl-commits mailing list