From: Matt Caswell <matt@openssl.org>
Date: Mon, 25 Oct 2021 12:07:01 +0000 (+0100)
Subject: Don't crash encoding a public key with no public key value
X-Git-Tag: openssl-3.2.0-alpha1~3421
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6187d9eac2738e873d23c0c91f9769333b1bb6af;p=thirdparty%2Fopenssl.git

Don't crash encoding a public key with no public key value

If asked to encode an EC_KEY public key, but no public key value is present
in the structure, we should fail rather than crash.

Fixes the crash seen here:
https://mta.openssl.org/pipermail/openssl-users/2021-October/014479.html

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16911)
---

diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
index f142f2b2424..9ee12a9fd48 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -701,6 +701,10 @@ static int prepare_ec_params(const void *eckey, int nid, int save,
 
 static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder)
 {
+    if (EC_KEY_get0_public_key(eckey) == NULL) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
+        return 0;
+    }
     return i2o_ECPublicKey(eckey, pder);
 }