From 35520e3849edbf8c7171be7865eb0627fe0e8572 Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 15 Jun 2023 13:07:45 +0000 Subject: [PATCH] ASN1_item_sign_ctx() Pull a NULL check for pkey->ameth up to before ameth is first accessed. An EVP_PKEY created with EVP_PKEY_new() has ameth == NULL, so this check makes sense, but it does not make sense to do it where it was. --- lib/libcrypto/asn1/asn1_item.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/asn1/asn1_item.c b/lib/libcrypto/asn1/asn1_item.c index d87a27b535d..10b67805909 100644 --- a/lib/libcrypto/asn1/asn1_item.c +++ b/lib/libcrypto/asn1/asn1_item.c @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_item.c,v 1.8 2023/06/15 12:44:17 tb Exp $ */ +/* $OpenBSD: asn1_item.c,v 1.9 2023/06/15 13:07:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -248,6 +248,11 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, return 0; } + if (pkey->ameth == NULL) { + ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; + } + if (pkey->ameth->item_sign) { rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); @@ -268,8 +273,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, } if (rv == 2) { - if (!pkey->ameth || - !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), + if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type), pkey->ameth->pkey_id)) { ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; -- 2.20.1