1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Subject: Openssl: handle NULL in jose_openssl_jwk_from_EC_KEY gracefully (#172)
Origin: upstream, commit v14-7-g5aaaaf6 <https://github.com/latchset/jose/commit/v14-7-g5aaaaf6>
Author: Ahmad Fatoum <ahmad@a3f.at>
Date: Wed Jul 9 14:21:37 2025 +0200
We already check that the RSA *key is not NULL in
jose_openssl_jwk_from_RSA(), but fail to do so for EC_KEY *key in
jose_openssl_jwk_from_EC_KEY().
But EVP_PKEY_get0_EC_KEY() can return NULL too, e.g., if
the EVP_PKEY comes from an OpenSSL provider that is not creating a
keymgmt instance for a public key and the default provider is not
loaded[1].
Instead of crashing inside OpenSSL when we pass a NULL pointer to
EC_KEY_get0_private_key(), detect this case and return gracefully.
[1]: https://github.com/openssl/openssl/discussions/25679
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
--- a/lib/openssl/jwk.c
+++ b/lib/openssl/jwk.c
@@ -140,6 +140,9 @@
json_t *
jose_openssl_jwk_from_EC_KEY(jose_cfg_t *cfg, const EC_KEY *key)
{
+ if (!key)
+ return NULL;
+
return jose_openssl_jwk_from_EC_POINT(
cfg,
EC_KEY_get0_group(key),
|
