From: Richard Levitte <levitte@openssl.org>
Date: Fri, 7 Aug 2020 16:47:04 +0000 (+0200)
Subject: EVP: Have evp_pkey_cmp_any() detect if export wasn't possible
X-Git-Tag: openssl-3.0.0-alpha7~558
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a24b510c28006cdb9ef47009298589e0ea546334;p=thirdparty%2Fopenssl.git

EVP: Have evp_pkey_cmp_any() detect if export wasn't possible

There are some EC keys that can't be exported to provider keymgmt,
because the keymgmt implementation doesn't support certain forms of EC
keys.  This could lead to a crash caused by dereferencing a NULL
pointer, so we need to cover that case by returning an error instead.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12610)
---

diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 145c5286ce6..bee6337a88c 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -269,6 +269,10 @@ static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b,
     if (keymgmt1 != keymgmt2)
         return -2;
 
+    /* If the keymgmt implementations are NULL, the export failed */
+    if (keymgmt1 == NULL)
+        return -2;
+
     return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection);
 }