Fix possible null pointer dereference of evp_pkey_get_legacy()

[thirdparty/openssl.git] / crypto / evp / p_enc.c

diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
index 645f973ceacf5407474a8810fef99ef534f12986..64e67514561c08911f49873f873aff5999252e36 100644 (file)
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -1,36 +1,40 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
+/* We need to use the deprecated RSA low level calls */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/rand.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "crypto/evp.h"
 
 int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
                          int key_len, EVP_PKEY *pubk)
 {
     int ret = 0;
+    RSA *rsa = NULL;
 
-#ifndef OPENSSL_NO_RSA
-    if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) {
-#endif
-        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef OPENSSL_NO_RSA
+    if (EVP_PKEY_get_id(pubk) != EVP_PKEY_RSA) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA);
         goto err;
     }
+
+    rsa = evp_pkey_get0_RSA_int(pubk);
+    if (rsa == NULL)
+        goto err;
+
     ret =
-        RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
-                           RSA_PKCS1_PADDING);
+        RSA_public_encrypt(key_len, key, ek, rsa, RSA_PKCS1_PADDING);
  err:
-#endif
-    return (ret);
+    return ret;
 }