Prevent NULL deref in BN_is_zero when cofactor is missing

In ossl_ec_curve_nid_from_params, EC_GROUP_get0_cofactor may return NULL,
but BN_is_zero was called on it unconditionally, leading to a potential
segmentation fault.

Now check that cofactor != NULL before calling BN_is_zero or BN_is_word,
aligning with safe practices used elsewhere in the codebase.

This fixes a critical NULL pointer dereference vulnerability that could
be triggered by EC groups with unset cofactor, preventing DoS via segfault.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29069)

diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 944f360d7fc2b1a0e7d4f4c6a2421dd0eedaad99..723f41e6ab2c8bdace03badd438038cbad5dbb3e 100644 (file)
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -3451,7 +3451,7 @@ int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
             && param_len == data->param_len
             && (nid <= 0 || nid == curve.nid)
             /* check the optional cofactor (ignore if its zero) */
-            && (BN_is_zero(cofactor)
+            && (cofactor == NULL || BN_is_zero(cofactor)
                 || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
             /* Check the optional seed (ignore if its not set) */
             && (data->seed_len == 0 || seed_len == 0