Fix possible null pointer dereference of evp_pkey_get_legacy()

[thirdparty/openssl.git] / crypto / evp / p_dec.c

diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
index 9a6f271000859880c23c36e070527e55c8d80710..29ea3f5fbcb33e1c0fa14fb76b2bc324505341bb 100644 (file)
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,11 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-/*
- * RSA low level APIs are deprecated for public use, but still ok for
- * internal use.
- */
-#include "internal/deprecated.h"
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
@@ -19,24 +16,25 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "crypto/evp.h"
 
 int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
                          EVP_PKEY *priv)
 {
     int ret = -1;
+    RSA *rsa = NULL;
 
-#ifndef OPENSSL_NO_RSA
-    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
-#endif
-        EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef OPENSSL_NO_RSA
+    if (EVP_PKEY_get_id(priv) != EVP_PKEY_RSA) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA);
         goto err;
     }
 
+    rsa = evp_pkey_get0_RSA_int(priv);
+    if (rsa == NULL)
+        goto err;
+
     ret =
-        RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv),
-                            RSA_PKCS1_PADDING);
+        RSA_private_decrypt(ekl, ek, key, rsa, RSA_PKCS1_PADDING);
  err:
-#endif
     return ret;
 }