Remove handling of NULL sig param in ossl_ecdsa_deterministic_sign

The handling of sig=NULL was broken in this function, but since it is only used internally and was never called with sig=NULL, it is better to return an error in that case. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #23529)
openssl · Apr 2, 2024 · 294782f · 294782f
1 parent 1fa2bf9
commit 294782f
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
@@ -102,6 +102,11 @@ int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen,
     BIGNUM *kinv = NULL, *r = NULL;
     int ret = 0;
 
+    if (sig == NULL) {
+        ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     *siglen = 0;
     if (!ecdsa_sign_setup(eckey, NULL, &kinv, &r, dgst, dlen,
                           nonce_type, digestname, libctx, propq))
@@ -111,7 +116,7 @@ int ossl_ecdsa_deterministic_sign(const unsigned char *dgst, int dlen,
     if (s == NULL)
         goto end;
 
-    *siglen = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL);
+    *siglen = i2d_ECDSA_SIG(s, &sig);
     ECDSA_SIG_free(s);
     ret = 1;
 end: