Be more cautious in CertificateChain::private_key_valid.

author: Carl Hetherington <cth@carlh.net> 2020-03-10 22:24:46 +0100
committer: Carl Hetherington <cth@carlh.net> 2020-03-10 22:25:36 +0100
commit: 1b9271d523018476936bc22a1ef7d4f1ee4cf42c (patch)
tree: 57af81c124fac89a516b6be6b4a11f8aff226fb0 /src
parent: a818ea7b22fc3c669dea70f4104ab5d9ed50b642 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index ce8d14aa..2fb0f651 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -507,6 +507,10 @@ CertificateChain::private_key_valid () const
 	}
 
 	RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
+	if (!private_key) {
+		return false;
+	}
+
 	RSA* public_key = leaf().public_key ();
 
 #if OPENSSL_VERSION_NUMBER > 0x10100000L
@@ -514,6 +518,9 @@ CertificateChain::private_key_valid () const
 	RSA_get0_key(private_key, &private_key_n, 0, 0);
 	BIGNUM const * public_key_n;
 	RSA_get0_key(public_key, &public_key_n, 0, 0);
+	if (!private_key_n || !public_key_n) {
+		return false;
+	}
 	bool const valid = !BN_cmp (private_key_n, public_key_n);
 #else
 	bool const valid = !BN_cmp (private_key->n, public_key->n);
author	Carl Hetherington <cth@carlh.net>	2020-03-10 22:24:46 +0100
committer	Carl Hetherington <cth@carlh.net>	2020-03-10 22:25:36 +0100
commit	1b9271d523018476936bc22a1ef7d4f1ee4cf42c (patch)
tree	57af81c124fac89a516b6be6b4a11f8aff226fb0 /src
parent	a818ea7b22fc3c669dea70f4104ab5d9ed50b642 (diff)