diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-01-24 13:30:42 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-01-29 16:49:24 +0000 |
commit | 62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 (patch) | |
tree | 15fb8fedf8e52fb1f7e2d8f0b1a790911a91ce54 /crypto/asn1 | |
parent | 014265eb02e26f35c8db58e2ccbf100b0b2f0072 (diff) | |
download | openssl-new-62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7.tar.gz |
Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
Diffstat (limited to 'crypto/asn1')
-rw-r--r-- | crypto/asn1/a_verify.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 432722e409..fc84cd3d19 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -140,6 +140,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, int mdnid, pknid; + if (!pkey) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ |