cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txt

from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
author: markus <> 2013-02-14 15:11:44 +0000
committer: markus <> 2013-02-14 15:11:44 +0000
commit: 4383d44ca79eba8836d9f92c612c44ba8aeb87bd (patch)
tree: cd2035e8f8ac3d4ade1ee779dcaabbe671c2003a /src/lib/libcrypto/ocsp/ocsp_vfy.c
parent: 4fd69672e5f9867343486cefcdfdd970465430d6 (diff)
download: openbsd-4383d44ca79eba8836d9f92c612c44ba8aeb87bd.tar.gz
openbsd-4383d44ca79eba8836d9f92c612c44ba8aeb87bd.tar.bz2
openbsd-4383d44ca79eba8836d9f92c612c44ba8aeb87bd.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 415d67e61c..91a45c9133 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                {
                EVP_PKEY *skey;
                skey = X509_get_pubkey(signer);
-                ret = OCSP_BASICRESP_verify(bs, skey, 0);
+                if (skey)
-                EVP_PKEY_free(skey);
+                        {
-                if(ret <= 0)
+                        ret = OCSP_BASICRESP_verify(bs, skey, 0);
+                        EVP_PKEY_free(skey);
+                        }
+                if(!skey || ret <= 0)
                        {
                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
                        goto end;
author	markus <>	2013-02-14 15:11:44 +0000
committer	markus <>	2013-02-14 15:11:44 +0000
commit	4383d44ca79eba8836d9f92c612c44ba8aeb87bd (patch)
tree	cd2035e8f8ac3d4ade1ee779dcaabbe671c2003a /src/lib/libcrypto/ocsp/ocsp_vfy.c
parent	4fd69672e5f9867343486cefcdfdd970465430d6 (diff)
download	openbsd-4383d44ca79eba8836d9f92c612c44ba8aeb87bd.tar.gz openbsd-4383d44ca79eba8836d9f92c612c44ba8aeb87bd.tar.bz2 openbsd-4383d44ca79eba8836d9f92c612c44ba8aeb87bd.zip