From fd4ba71a77f4325e0ccc424c0902413d24c639c1 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Thu, 20 Oct 2022 12:38:39 +0200
Subject: Fix handshake segfault if no privkey is supplied

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
 lib/auth/cert.c | 3 +++
 lib/privkey.c   | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 454070642c..228d98468a 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -1640,6 +1640,9 @@ _gnutls_select_server_cert(gnutls_session_t session, const gnutls_cipher_suite_e
 					  gnutls_pk_get_name(session->internals.selected_cert_list[0].pubkey->params.algo));
 		}
 
+		if (session->internals.selected_key == NULL)
+			return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
 		ret = cert_select_sign_algorithm(session,
 						 &session->internals.selected_cert_list[0],
 						 session->internals.selected_key,
diff --git a/lib/privkey.c b/lib/privkey.c
index 2069fc016a..2ec87dd4c7 100644
--- a/lib/privkey.c
+++ b/lib/privkey.c
@@ -1972,6 +1972,9 @@ unsigned _gnutls_privkey_compatible_with_sig(gnutls_privkey_t privkey,
 {
 	const gnutls_sign_entry_st *se;
 
+	if (unlikely(privkey == NULL))
+		return gnutls_assert_val(0);
+
 	se = _gnutls_sign_to_entry(sign);
 	if (unlikely(se == NULL))
 		return gnutls_assert_val(0);
-- 
cgit v1.2.1