ENGINE_pkey_asn1_find_str(): don't assume an engine implements ASN1 method
authorRichard Levitte <levitte@openssl.org>
Thu, 31 May 2018 09:12:34 +0000 (11:12 +0200)
committerRichard Levitte <levitte@openssl.org>
Thu, 31 May 2018 10:03:20 +0000 (12:03 +0200)
Just because an engine implements algorithm methods, that doesn't mean
it also implements the ASN1 method.  Therefore, be careful when looking
for an ASN1 method among all engines, don't try to use one that doesn't
exist.

Fixes #6381

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6383)

(cherry picked from commit 1ac3cd6277f880fac4df313702d5e3b3814e56e2)
(cherry picked from commit 13b578ada3106a4ce9b836f167ee520539f5fa8f)

crypto/engine/tb_asnmth.c

index bc6e91c..ae99a37 100644 (file)
@@ -171,7 +171,8 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
         ENGINE *e = sk_ENGINE_value(sk, i);
         EVP_PKEY_ASN1_METHOD *ameth;
         e->pkey_asn1_meths(e, &ameth, NULL, nid);
-        if (((int)strlen(ameth->pem_str) == lk->len)
+        if (ameth != NULL
+                && ((int)strlen(ameth->pem_str) == lk->len)
                 && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
             lk->e = e;
             lk->ameth = ameth;