From: Richard Levitte <levitte@openssl.org>
Date: Fri, 1 Oct 2021 13:02:15 +0000 (+0200)
Subject: EVP: For all operations that use an EVP_PKEY, check that there is one
X-Git-Tag: openssl-3.2.0-alpha1~3410
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=433e13455ede1a39d415b690b8a564b4f36b8dee;p=thirdparty%2Fopenssl.git

EVP: For all operations that use an EVP_PKEY, check that there is one

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
---

diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c
index f158b815cff..b7784c89945 100644
--- a/crypto/evp/asymcipher.c
+++ b/crypto/evp/asymcipher.c
@@ -41,6 +41,12 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
     if (evp_pkey_ctx_is_legacy(ctx))
         goto legacy;
 
+    if (ctx->pkey == NULL) {
+        ERR_clear_last_mark();
+        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
+        goto err;
+    }
+
     /*
      * Try to derive the supported asym cipher from |ctx->keymgmt|.
      */
diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c
index d5bdc6290a3..6ba598eb98f 100644
--- a/crypto/evp/kem.c
+++ b/crypto/evp/kem.c
@@ -36,6 +36,11 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
     evp_pkey_ctx_free_old_ops(ctx);
     ctx->operation = operation;
 
+    if (ctx->pkey == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
+        goto err;
+    }
+
     /*
      * Try to derive the supported kem from |ctx->keymgmt|.
      */
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index eeb1a9adfa9..2972734d8d9 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -81,6 +81,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
     if (evp_pkey_ctx_is_legacy(locpctx))
         goto legacy;
 
+    if (locpctx->pkey == NULL) {
+        ERR_clear_last_mark();
+        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
+        goto err;
+    }
+
     /*
      * Try to derive the supported signature from |locpctx->keymgmt|.
      */
diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index b33fe0d9525..026a430fe84 100644
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -414,6 +414,12 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation,
     if (evp_pkey_ctx_is_legacy(ctx))
         goto legacy;
 
+    if (ctx->pkey == NULL) {
+        ERR_clear_last_mark();
+        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
+        goto err;
+    }
+
     /*
      * Try to derive the supported signature from |ctx->keymgmt|.
      */