x509cert, x509crl, x509req, ns_spki: check sanity of public keyky/pkey-check-sanity

The pub_encode routine of an EVP_PKEY_ASN1_METHOD seems to assume the
parameters and public key component(s) to be set properly. Calling that,
for example, through X509_set_pubkey(), with an incomplete object may
cause segfault.

Use ossl_pkey_check_public_key() to check that. It doesn't look pretty,
but unfortunately there isn't a generic way to do that with the EVP API.

Something similar applies to the verify routine of an EVP_PKEY_METHOD.
Do the same check before calling *_verify().

Reference: http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/83688
Reference: https://bugs.ruby-lang.org/issues/14087

1 files changed, 4 insertions, 1 deletions

diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index 035025ab..add72c6c 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -366,9 +366,12 @@ static VALUE
 ossl_x509crl_verify(VALUE self, VALUE key)
 {
     X509_CRL *crl;
+    EVP_PKEY *pkey;
 
     GetX509CRL(self, crl);
-    switch (X509_CRL_verify(crl, GetPKeyPtr(key))) {
+    pkey = GetPKeyPtr(key);
+    ossl_pkey_check_public_key(pkey);
+    switch (X509_CRL_verify(crl, pkey)) {
       case 1:
 	return Qtrue;
       case 0: