From 6c96b9ab8d75f737d136ac382735c738cf996ddf Mon Sep 17 00:00:00 2001
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
Date: Tue, 8 Jul 2025 17:39:06 +0200
Subject: [PATCH] openssl: handle NULL in jose_openssl_jwk_from_EC_KEY
 gracefully

We already check that the RSA *key is not NULL in
jose_openssl_jwk_from_RSA(), but fail to do so for EC_KEY *key in
jose_openssl_jwk_from_EC_KEY().

But EVP_PKEY_get0_EC_KEY() can return NULL too, e.g., if
the EVP_PKEY comes from an OpenSSL provider that is not creating a
keymgmt instance for a public key and the default provider is not
loaded[1].

Instead of crashing inside OpenSSL when we pass a NULL pointer to
EC_KEY_get0_private_key(), detect this case and return gracefully.

[1]: https://github.com/openssl/openssl/discussions/25679

Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
 lib/openssl/jwk.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/openssl/jwk.c b/lib/openssl/jwk.c
index 1e8f3118..d7ff3db6 100644
--- a/lib/openssl/jwk.c
+++ b/lib/openssl/jwk.c
@@ -140,6 +140,9 @@ jose_openssl_jwk_from_RSA(jose_cfg_t *cfg, const RSA *key)
 json_t *
 jose_openssl_jwk_from_EC_KEY(jose_cfg_t *cfg, const EC_KEY *key)
 {
+    if (!key)
+        return NULL;
+
     return jose_openssl_jwk_from_EC_POINT(
         cfg,
         EC_KEY_get0_group(key),