Don't try and verify signatures if key is NULL (CVE-2013-0166)

Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)
author: Dr. Stephen Henson <steve@openssl.org> 2013-01-24 13:30:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-04-01 16:37:51 +0100
commit: b48310627d1fdc58f64ccf208ac82c732e654dca (patch)
tree: 918e679e429cdad1bdd908291ac8fd16310f3bff /crypto/asn1
parent: 5a49001bde4e0cf8e34da55a9cfe9b5255275e10 (diff)
download: openssl-b48310627d1fdc58f64ccf208ac82c732e654dca.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 807587e628..87e7ef4f5e 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -140,6 +140,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 
 	int mdnid, pknid;
 
+	if (!pkey)
+		{
+		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+		return -1;
+		}
+
 	EVP_MD_CTX_init(&ctx);
 
 	/* Convert signature OID into digest and public key OIDs */
author	Dr. Stephen Henson <steve@openssl.org>	2013-01-24 13:30:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-04-01 16:37:51 +0100
commit	b48310627d1fdc58f64ccf208ac82c732e654dca (patch)
tree	918e679e429cdad1bdd908291ac8fd16310f3bff /crypto/asn1
parent	5a49001bde4e0cf8e34da55a9cfe9b5255275e10 (diff)
download	openssl-b48310627d1fdc58f64ccf208ac82c732e654dca.tar.gz