[openssl] master update

tomas at openssl.org tomas at openssl.org
Thu May 6 15:04:16 UTC 2021 

The branch master has been updated
       via  021521aa91d7b1a47f3c3b704f1cc39f169b2e5b (commit)
      from  bfe2fcc840e92df5a5875e55c6aed79891d2612f (commit)


- Log -----------------------------------------------------------------
commit 021521aa91d7b1a47f3c3b704f1cc39f169b2e5b
Author: Petr Gotthard <petr.gotthard at centrum.cz>
Date:   Sun Apr 18 18:28:25 2021 +0200

    Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT
    
    External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT,
    so a check for NULL is needed.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14919)

-----------------------------------------------------------------------

Summary of changes:
 crypto/encode_decode/encoder_pkey.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c
index 4bfd219fe2..3bb0702e43 100644
--- a/crypto/encode_decode/encoder_pkey.c
+++ b/crypto/encode_decode/encoder_pkey.c
@@ -76,6 +76,7 @@ struct collected_encoder_st {
     const char *output_structure;
     const char *output_type;
 
+    const OSSL_PROVIDER *keymgmt_prov;
     OSSL_ENCODER_CTX *ctx;
 
     int error_occurred;
@@ -102,7 +103,9 @@ static void collect_encoder(OSSL_ENCODER *encoder, void *arg)
 
         if (!OSSL_ENCODER_is_a(encoder, name)
             || (encoder->does_selection != NULL
-                && !encoder->does_selection(provctx, data->ctx->selection)))
+                && !encoder->does_selection(provctx, data->ctx->selection))
+            || (data->keymgmt_prov != prov
+                && encoder->import_object == NULL))
             continue;
 
         /* Only add each encoder implementation once */
@@ -213,6 +216,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
                                            const char *propquery)
 {
     struct construct_data_st *data = NULL;
+    const OSSL_PROVIDER *prov = NULL;
     OSSL_LIB_CTX *libctx = NULL;
     int ok = 0;
 
@@ -222,8 +226,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
     }
 
     if (evp_pkey_is_provided(pkey)) {
-        const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt);
-
+        prov = EVP_KEYMGMT_provider(pkey->keymgmt);
         libctx = ossl_provider_libctx(prov);
     }
 
@@ -252,6 +255,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
         encoder_data.output_type = ctx->output_type;
         encoder_data.output_structure = ctx->output_structure;
         encoder_data.error_occurred = 0;
+        encoder_data.keymgmt_prov = prov;
         encoder_data.ctx = ctx;
         OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
         sk_OPENSSL_CSTRING_free(keymgmt_data.names);

More information about the openssl-commits mailing list