From: Anton Moryakov <ant.v.moryakov@gmail.com>
Date: Tue, 4 Nov 2025 22:18:47 +0000 (+0300)
Subject: Prevent NULL deref in BN_is_zero when cofactor is missing
X-Git-Tag: 3.6-PRE-CLANG-FORMAT-WEBKIT~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd279bee35724f090c4d1f0bd3a55c4222eb1e55;p=thirdparty%2Fopenssl.git

Prevent NULL deref in BN_is_zero when cofactor is missing

In ossl_ec_curve_nid_from_params, EC_GROUP_get0_cofactor may return NULL,
but BN_is_zero was called on it unconditionally, leading to a potential
segmentation fault.

Now check that cofactor != NULL before calling BN_is_zero or BN_is_word,
aligning with safe practices used elsewhere in the codebase.

This fixes a critical NULL pointer dereference vulnerability that could
be triggered by EC groups with unset cofactor, preventing DoS via segfault.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29069)

(cherry picked from commit 87a4607668e959188aa5b3c5482d5cf7d18adf63)
---

diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 944f360d7fc..723f41e6ab2 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -3451,7 +3451,7 @@ int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
             && param_len == data->param_len
             && (nid <= 0 || nid == curve.nid)
             /* check the optional cofactor (ignore if its zero) */
-            && (BN_is_zero(cofactor)
+            && (cofactor == NULL || BN_is_zero(cofactor)
                 || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
             /* Check the optional seed (ignore if its not set) */
             && (data->seed_len == 0 || seed_len == 0