Check that the obtained public key is valid

In the X509 app check that the obtained public key is valid before we
attempt to use it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

diff --git a/apps/x509.c b/apps/x509.c
index 4bf7cdb9c51380fa4721f71512b25a388cd5c37d..56c6fcca6aec9618a8c6563bff8c81f179c5f619 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -943,6 +943,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
     EVP_PKEY *upkey;
 
     upkey = X509_get0_pubkey(xca);
+    if (upkey == NULL) {
+        BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+        goto end;
+    }
     EVP_PKEY_copy_parameters(upkey, pkey);
 
     xsc = X509_STORE_CTX_new();