Don't try and verify signatures if key is NULL (CVE-2013-0166)

Add additional check to catch this in ASN1_item_verify too. (cherry picked from commit 66e8211c0b1347970096e04b18aa52567c325200)
author: Dr. Stephen Henson <steve@openssl.org> 2013-01-24 13:30:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-04-01 16:37:51 +0100
commit: b48310627d1fdc58f64ccf208ac82c732e654dca (patch)
tree: 918e679e429cdad1bdd908291ac8fd16310f3bff /crypto/ocsp
parent: 5a49001bde4e0cf8e34da55a9cfe9b5255275e10 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 8a5e788d96..276718304d 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
 		{
 		EVP_PKEY *skey;
 		skey = X509_get_pubkey(signer);
-		ret = OCSP_BASICRESP_verify(bs, skey, 0);
-		EVP_PKEY_free(skey);
-		if(ret <= 0)
+		if (skey)
+			{
+			ret = OCSP_BASICRESP_verify(bs, skey, 0);
+			EVP_PKEY_free(skey);
+			}
+		if(!skey || ret <= 0)
 			{
 			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
 			goto end;
author	Dr. Stephen Henson <steve@openssl.org>	2013-01-24 13:30:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-04-01 16:37:51 +0100
commit	b48310627d1fdc58f64ccf208ac82c732e654dca (patch)
tree	918e679e429cdad1bdd908291ac8fd16310f3bff /crypto/ocsp
parent	5a49001bde4e0cf8e34da55a9cfe9b5255275e10 (diff)