From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Thu, 8 Feb 2024 21:44:33 +0000 (+0100)
Subject: Remove handling of NULL sig param in ossl_ecdsa_deterministic_sign
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=commitdiff_plain;h=294782f3b5c4b81d682e6e8608bb6e851177494d

Remove handling of NULL sig param in ossl_ecdsa_deterministic_sign

The handling of sig=NULL was broken in this function, but since it
is only used internally and was never called with sig=NULL, it is
better to return an error in that case.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23529)
---

diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
index d7bd427e1b..e60877aa05 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -102,6 +102,11 @@ int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen,
     BIGNUM *kinv = NULL, *r = NULL;
     int ret = 0;
 
+    if (sig == NULL) {
+        ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     *siglen = 0;
     if (!ecdsa_sign_setup(eckey, NULL, &kinv, &r, dgst, dlen,
                           nonce_type, digestname, libctx, propq))
@@ -111,7 +116,7 @@ int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen,
     if (s == NULL)
         goto end;
 
-    *siglen = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL);
+    *siglen = i2d_ECDSA_SIG(s, &sig);
     ECDSA_SIG_free(s);
     ret = 1;
 end: