[openssl] master update
Richard Levitte
levitte at openssl.org
Thu Aug 20 05:47:48 UTC 2020
The branch master has been updated
via a24b510c28006cdb9ef47009298589e0ea546334 (commit)
from c7dfb2abe5655ad1de7dfbdf5a9a6b0164f429cf (commit)
- Log -----------------------------------------------------------------
commit a24b510c28006cdb9ef47009298589e0ea546334
Author: Richard Levitte <levitte at openssl.org>
Date: Fri Aug 7 18:47:04 2020 +0200
EVP: Have evp_pkey_cmp_any() detect if export wasn't possible
There are some EC keys that can't be exported to provider keymgmt,
because the keymgmt implementation doesn't support certain forms of EC
keys. This could lead to a crash caused by dereferencing a NULL
pointer, so we need to cover that case by returning an error instead.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12610)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/p_lib.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 145c5286ce..bee6337a88 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -269,6 +269,10 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b,
if (keymgmt1 != keymgmt2)
return -2;
+ /* If the keymgmt implementations are NULL, the export failed */
+ if (keymgmt1 == NULL)
+ return -2;
+
return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection);
}
More information about the openssl-commits
mailing list