Skip to content

openssl: handle NULL in jose_openssl_jwk_from_EC_KEY gracefully #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sarroutbi merged 1 commit into from
Jul 9, 2025
Merged

openssl: handle NULL in jose_openssl_jwk_from_EC_KEY gracefully #172

sarroutbi merged 1 commit into from
Jul 9, 2025

Conversation

@a3f
Copy link
Contributor

@a3f a3f commented Jul 8, 2025

We already check that the RSA *key is not NULL in jose_openssl_jwk_from_RSA(), but fail to do so for EC_KEY *key in jose_openssl_jwk_from_EC_KEY().

But EVP_PKEY_get0_EC_KEY() can return NULL too, e.g., if the EVP_PKEY comes from an OpenSSL provider that is not creating a keymgmt instance for a public key and the default provider is not loaded1.

Instead of crashing inside OpenSSL when we pass a NULL pointer to EC_KEY_get0_private_key(), detect this case and return gracefully.

@sarroutbi sarroutbi mentioned this pull request Jul 9, 2025
Merged
@sarroutbi
Copy link
Collaborator

sarroutbi commented Jul 9, 2025

Thanks for your PR @a3f. Could you please rebase master branch to check if CI issue in your PR is fixed?

@a3f
openssl: handle NULL in jose_openssl_jwk_from_EC_KEY gracefully
6c96b9a 
We already check that the RSA *key is not NULL in
jose_openssl_jwk_from_RSA(), but fail to do so for EC_KEY *key in
jose_openssl_jwk_from_EC_KEY().

But EVP_PKEY_get0_EC_KEY() can return NULL too, e.g., if
the EVP_PKEY comes from an OpenSSL provider that is not creating a
keymgmt instance for a public key and the default provider is not
loaded[1].

Instead of crashing inside OpenSSL when we pass a NULL pointer to
EC_KEY_get0_private_key(), detect this case and return gracefully.

[1]: openssl/openssl#25679

Signed-off-by: Ahmad Fatoum <[email protected]>
@a3f
Copy link
Contributor Author

a3f commented Jul 9, 2025

I have rebased, CI run needs maintainer approval.

sarroutbi
sarroutbi approved these changes Jul 9, 2025
View reviewed changes
Copy link
Collaborator

@sarroutbi sarroutbi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. @sergio-correia, PTAL

@sarroutbi sarroutbi requested a review from sergio-correia July 9, 2025 10:56
@sarroutbi sarroutbi merged commit 5aaaaf6 into latchset:master Jul 9, 2025
43 of 44 checks passed
@a3f a3f deleted the jose_openssl_jwk_from_EC_KEY-NULL-check branch July 9, 2025 12:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sarroutbi sarroutbi sarroutbi approved these changes

@sergio-correia sergio-correia sergio-correia approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@a3f @sarroutbi @sergio-correia