Blame SOURCES/openssl-fips-0.9.8e-cve-2013-0166.patch
|
 |
c4366c |
diff -up openssl-fips-0.9.8e/CHANGES.ocsp-dos openssl-fips-0.9.8e/CHANGES
|
|
|
c4366c |
diff -up openssl-fips-0.9.8e/crypto/asn1/a_verify.c.ocsp-dos openssl-fips-0.9.8e/crypto/asn1/a_verify.c
|
|
|
c4366c |
--- openssl-fips-0.9.8e/crypto/asn1/a_verify.c.ocsp-dos 2005-05-09 02:27:32.000000000 +0200
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/crypto/asn1/a_verify.c 2013-02-25 11:34:37.011201995 +0100
|
|
|
c4366c |
@@ -133,6 +133,12 @@ int ASN1_item_verify(const ASN1_ITEM *it
|
|
|
c4366c |
unsigned char *buf_in=NULL;
|
|
|
c4366c |
int ret= -1,i,inl;
|
|
|
c4366c |
|
|
|
c4366c |
+ if (!pkey)
|
|
|
c4366c |
+ {
|
|
|
c4366c |
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
c4366c |
+ return -1;
|
|
|
c4366c |
+ }
|
|
|
c4366c |
+
|
|
|
c4366c |
EVP_MD_CTX_init(&ctx;;
|
|
|
c4366c |
i=OBJ_obj2nid(a->algorithm);
|
|
|
c4366c |
type=EVP_get_digestbyname(OBJ_nid2sn(i));
|
|
|
c4366c |
diff -up openssl-fips-0.9.8e/crypto/ocsp/ocsp_vfy.c.ocsp-dos openssl-fips-0.9.8e/crypto/ocsp/ocsp_vfy.c
|
|
|
c4366c |
--- openssl-fips-0.9.8e/crypto/ocsp/ocsp_vfy.c.ocsp-dos 2006-11-13 14:23:05.000000000 +0100
|
|
|
c4366c |
+++ openssl-fips-0.9.8e/crypto/ocsp/ocsp_vfy.c 2013-02-25 11:34:38.363204929 +0100
|
|
|
c4366c |
@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
|
|
|
c4366c |
{
|
|
|
c4366c |
EVP_PKEY *skey;
|
|
|
c4366c |
skey = X509_get_pubkey(signer);
|
|
|
c4366c |
- ret = OCSP_BASICRESP_verify(bs, skey, 0);
|
|
|
c4366c |
- EVP_PKEY_free(skey);
|
|
|
c4366c |
- if(ret <= 0)
|
|
|
c4366c |
+ if (skey)
|
|
|
c4366c |
+ {
|
|
|
c4366c |
+ ret = OCSP_BASICRESP_verify(bs, skey, 0);
|
|
|
c4366c |
+ EVP_PKEY_free(skey);
|
|
|
c4366c |
+ }
|
|
|
c4366c |
+ if(!skey || ret <= 0)
|
|
|
c4366c |
{
|
|
|
c4366c |
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
|
|
|
c4366c |
goto end;
|