[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Thu May 19 20:14:58 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 2e648db2469ea94d54fa51e3af7ac54663b94966 (commit)
from ec8f246e6ed4d39a8a5417078eaa49f3e757c25d (commit)
- Log -----------------------------------------------------------------
commit 2e648db2469ea94d54fa51e3af7ac54663b94966
Author: Matt Caswell <matt at openssl.org>
Date: Mon Apr 25 16:50:59 2016 +0100
Check that the obtained public key is valid
In the X509 app check that the obtained public key is valid before we
attempt to use it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/x509.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/apps/x509.c b/apps/x509.c
index 7c215bc..17cb62d 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1105,6 +1105,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
EVP_PKEY *upkey;
upkey = X509_get_pubkey(xca);
+ if (upkey == NULL) {
+ BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+ goto end;
+ }
EVP_PKEY_copy_parameters(upkey, pkey);
EVP_PKEY_free(upkey);
@@ -1217,6 +1221,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x);
+ if (pktmp == NULL)
+ goto err;
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_save_parameters(pktmp, 1);
EVP_PKEY_free(pktmp);
More information about the openssl-commits
mailing list