ruby-changes:74048
From: Kazuki <ko1@a...>
Date: Mon, 17 Oct 2022 16:43:36 +0900 (JST)
Subject: [ruby-changes:74048] b69d41e1c4 (master): [ruby/openssl] pkey/ec: check existence of public key component before exporting
https://git.ruby-lang.org/ruby.git/commit/?id=b69d41e1c4 From b69d41e1c433f9109b7c9237cde6ed8b4884cc06 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi <k@r...> Date: Fri, 2 Sep 2022 23:05:28 +0900 Subject: [ruby/openssl] pkey/ec: check existence of public key component before exporting i2d_PUBKEY_bio() against an EC_KEY without the public key component trggers a null dereference. This is a regression introduced by commit https://github.com/ruby/openssl/commit/56f0d34d63fb ("pkey: refactor #export/#to_pem and #to_der", 2017-06-14). Fixes https://github.com/ruby/openssl/pull/527#issuecomment-1220504524 Fixes https://github.com/ruby/openssl/issues/369#issuecomment-1221554057 https://github.com/ruby/openssl/commit/f6ee0fa4de --- ext/openssl/ossl_pkey_ec.c | 4 ++++ test/openssl/test_pkey_ec.rb | 2 ++ 2 files changed, 6 insertions(+) diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c index dee215447d..06d59c2a4f 100644 --- a/ext/openssl/ossl_pkey_ec.c +++ b/ext/openssl/ossl_pkey_ec.c @@ -414,6 +414,8 @@ ossl_ec_key_export(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L414 EC_KEY *ec; GetEC(self, ec); + if (EC_KEY_get0_public_key(ec) == NULL) + ossl_raise(eECError, "can't export - no public key set"); if (EC_KEY_get0_private_key(ec)) return ossl_pkey_export_traditional(argc, argv, self, 0); else @@ -432,6 +434,8 @@ ossl_ec_key_to_der(VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_pkey_ec.c#L434 EC_KEY *ec; GetEC(self, ec); + if (EC_KEY_get0_public_key(ec) == NULL) + ossl_raise(eECError, "can't export - no public key set"); if (EC_KEY_get0_private_key(ec)) return ossl_pkey_export_traditional(0, NULL, self, 1); else diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb index 23c6c4d421..9a4818de8e 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb @@ -61,8 +61,10 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase https://github.com/ruby/ruby/blob/trunk/test/openssl/test_pkey_ec.rb#L61 def test_generate_key ec = OpenSSL::PKey::EC.new("prime256v1") assert_equal false, ec.private? + assert_raise(OpenSSL::PKey::ECError) { ec.to_der } ec.generate_key! assert_equal true, ec.private? + assert_nothing_raised { ec.to_der } end if !openssl?(3, 0, 0) def test_marshal -- cgit v1.2.3 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/