diff options
| author | Matt Caswell <matt@openssl.org> | 2016-04-25 16:50:59 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-05-19 21:07:15 +0100 |
| commit | 2e648db2469ea94d54fa51e3af7ac54663b94966 (patch) | |
| tree | 61b4679527a0c70cd91ba5ce79038441fdb65b73 /apps | |
| parent | ec8f246e6ed4d39a8a5417078eaa49f3e757c25d (diff) | |
| download | openssl-new-2e648db2469ea94d54fa51e3af7ac54663b94966.tar.gz | |
Check that the obtained public key is valid
In the X509 app check that the obtained public key is valid before we
attempt to use it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/x509.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/apps/x509.c b/apps/x509.c index 7c215bced0..17cb62da72 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1105,6 +1105,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, EVP_PKEY *upkey; upkey = X509_get_pubkey(xca); + if (upkey == NULL) { + BIO_printf(bio_err, "Error obtaining CA X509 public key\n"); + goto end; + } EVP_PKEY_copy_parameters(upkey, pkey); EVP_PKEY_free(upkey); @@ -1217,6 +1221,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, EVP_PKEY *pktmp; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; EVP_PKEY_copy_parameters(pktmp, pkey); EVP_PKEY_save_parameters(pktmp, 1); EVP_PKEY_free(pktmp); |