From 8295d8bb4ab55c022ae9d09571e6136e546c1691 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 16 Oct 2013 10:16:04 -0700
Subject: [PATCH] 1. Reject DSA certificates instead of ignoring them. 2.
 Resolved potential crash when trying to calculate a Subject Key    ID when
 the public key is missing from a certificate.

---
 ctaocrypt/src/asn.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index c3dcbaaf9..4b99b6760 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -1244,6 +1244,7 @@ int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key,
 void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
 {
     cert->publicKey       = 0;
+    cert->pubKeySize      = 0;
     cert->pubKeyStored    = 0;
     cert->signature       = 0;
     cert->subjectCN       = 0;
@@ -1419,9 +1420,6 @@ static int GetKey(DecodedCert* cert)
         return ASN_PARSE_E;
 
     switch (cert->keyOID) {
-        case DSAk:
-            /* do nothing */
-        break;
    #ifndef NO_RSA
         case RSAk:
         {
@@ -2992,7 +2990,8 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
         return ASN_SIG_OID_E;
 
     #ifndef NO_SKID
-        if (cert->extSubjKeyIdSet == 0) {
+        if (cert->extSubjKeyIdSet == 0
+                          && cert->publicKey != NULL && cert->pubKeySize > 0) {
             Sha sha;
             InitSha(&sha);
             ShaUpdate(&sha, cert->publicKey, cert->pubKeySize);