[openssl] openssl-3.0 update

Dr. Paul Dale pauli at openssl.org
Tue Oct 26 22:58:54 UTC 2021


The branch openssl-3.0 has been updated
       via  238a4c5555c89ac7f99694882f38115f3f61bf11 (commit)
      from  d146811f6cce155eeb1a87396943c953acb08fb6 (commit)


- Log -----------------------------------------------------------------
commit 238a4c5555c89ac7f99694882f38115f3f61bf11
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Oct 25 13:07:01 2021 +0100

    Don't crash encoding a public key with no public key value
    
    If asked to encode an EC_KEY public key, but no public key value is present
    in the structure, we should fail rather than crash.
    
    Fixes the crash seen here:
    https://mta.openssl.org/pipermail/openssl-users/2021-October/014479.html
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16911)
    
    (cherry picked from commit 6187d9eac2738e873d23c0c91f9769333b1bb6af)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/encode_decode/encode_key2any.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
index f142f2b242..9ee12a9fd4 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -701,6 +701,10 @@ static int prepare_ec_params(const void *eckey, int nid, int save,
 
 static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder)
 {
+    if (EC_KEY_get0_public_key(eckey) == NULL) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
+        return 0;
+    }
     return i2o_ECPublicKey(eckey, pder);
 }
 


More information about the openssl-commits mailing list