From e2c2f60c447eeb069a6d12e349347956ec8e42c9 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@chromium.org>
Date: Fri, 20 Jun 2014 12:00:00 -0700
Subject: [PATCH] Don't try and verify signatures if key is NULL
 (CVE-2013-0166)

Add additional check to catch this in ASN1_item_verify too.

(Imported from upstream's e9b4b8afbd129adc18d3fe71ca2ab34fe61d8640)
---
 crypto/x509/a_verify.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.c
index 2bece385..51f0b352 100644
--- a/crypto/x509/a_verify.c
+++ b/crypto/x509/a_verify.c
@@ -81,6 +81,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 
 	int mdnid, pknid;
 
+	if (!pkey)
+		{
+		OPENSSL_PUT_ERROR(X509, ASN1_item_verify, ERR_R_PASSED_NULL_PARAMETER);
+		return 1;
+		}
+
 	EVP_MD_CTX_init(&ctx);
 
 	/* Convert signature OID into digest and public key OIDs */