From: AntonMoryakov Date: Mon, 2 Jun 2025 10:14:28 +0000 (+0300) Subject: sm2: sm2_sign.c: check EC_KEY_get0_private_key() for NULL in sm2_sig_gen() X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c108ead2840a76a59fe02c049d08322a02b24761;p=thirdparty%2Fopenssl.git sm2: sm2_sign.c: check EC_KEY_get0_private_key() for NULL in sm2_sig_gen() Static analysis revealed that sm2_sig_gen() dereferences the return value of EC_KEY_get0_private_key() without checking for NULL. This could lead to a crash if the private key is unset. This patch adds a NULL check and raises ERR_R_PASSED_NULL_PARAMETER if the key is missing. Issue found by static analyzer: > Return value of EC_KEY_get0_private_key() is dereferenced without checking for NULL (11/12 checked) CLA: trivial Signed-off-by: Anton Moryakov Reviewed-by: Nicola Tuveri Reviewed-by: Tom Cosgrove Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27741) --- diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 28cf95cc48c..b16a7da3963 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -220,6 +220,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) BIGNUM *tmp = NULL; OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); + if (dA == NULL) { + ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY); + goto done; + } kG = EC_POINT_new(group); if (kG == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB);