Commit 92ed7fa5 authored by David Woodhouse's avatar David Woodhouse
Browse files

Avoid EVP_PKEY_cmp() crash on EC keys without public component 



Some hardware devices don't provide the public EC_POINT data. The only
way for X509_check_private_key() to validate that the key matches a
given certificate is to actually perform a sign operation and then
verify it using the public key in the certificate.

Maybe that can come later, as discussed in issue 1532. But for now let's
at least make it fail gracefully and not crash.

GH: 1532

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1547)
parent 79e5eae6

crypto/ec/ec_ameth.c

+4 −0
Original line number Diff line number Diff line
@@ -171,6 +171,8 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 
    const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);

    const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),

        *pb = EC_KEY_get0_public_key(b->pkey.ec);

    if (group == NULL || pa == NULL || pb == NULL)

        return -2;

    r = EC_POINT_cmp(group, pa, pb, NULL);

    if (r == 0)

        return 1;
@@ -311,6 +313,8 @@ static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) 
{

    const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),

        *group_b = EC_KEY_get0_group(b->pkey.ec);

    if (group_a == NULL || group_b == NULL)

        return -2;

    if (EC_GROUP_cmp(group_a, group_b, NULL))

        return 0;

    else