From 843bc504f993aa0101d69f421b11c5c96a0a22b7 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 10 Aug 2021 13:56:25 +0200
Subject: [PATCH] checkKey: handle NULL error string from OpenSSL more
 gracefully

fixes #10641
---
 pdns/opensslsigners.cc | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc
index cee5e6069a..0f5396cea2 100644
--- a/pdns/opensslsigners.cc
+++ b/pdns/opensslsigners.cc
@@ -491,7 +491,11 @@ bool OpenSSLRSADNSCryptoKeyEngine::checkKey(vector<string> *errorMessages) const
   if (RSA_check_key(d_key.get()) != 1) {
     retval = false;
     if (errorMessages != nullptr) {
-      errorMessages->push_back(ERR_reason_error_string(ERR_get_error()));
+      auto errmsg = ERR_reason_error_string(ERR_get_error());
+      if (errmsg == nullptr) {
+        errmsg = "Unknown OpenSSL error";
+      }
+      errorMessages->push_back(errmsg);
     }
   }
   return retval;
@@ -802,7 +806,11 @@ bool OpenSSLECDSADNSCryptoKeyEngine::checkKey(vector<string> *errorMessages) con
   if (EC_KEY_check_key(d_eckey.get()) != 1) {
     retval = false;
     if (errorMessages != nullptr) {
-      errorMessages->push_back(ERR_reason_error_string(ERR_get_error()));
+      auto errmsg = ERR_reason_error_string(ERR_get_error());
+      if (errmsg == nullptr) {
+        errmsg = "Unknown OpenSSL error";
+      }
+      errorMessages->push_back(errmsg);
     }
   }
   return retval;
-- 
2.47.2