libkeynote: stop reaching into EVP_PKEY internals.

Use EVP_PKEY_get0_RSA() instead of pPublicKey->pkey.rsa.

Fix a couple of leaks in the vicinity: we need a reference on the RSA,
which is what keynote_free_key() frees, not on the EVP_PKEY. Also, don't
leak the entire certificate on success.

ok beck

diff --git a/lib/libkeynote/signature.c b/lib/libkeynote/signature.c
index c0dadc2..dd96bdb 100644 (file)
--- a/lib/libkeynote/signature.c
+++ b/lib/libkeynote/signature.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signature.c,v 1.26 2017/05/09 13:52:45 mestre Exp $ */
+/* $OpenBSD: signature.c,v 1.27 2021/11/24 04:32:52 tb Exp $ */
 /*
  * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
  *
@@ -522,7 +522,7 @@ kn_decode_key(struct keynote_deckey *dc, char *key, int keytype)
            return -1;
        }
 
-       if ((pPublicKey = X509_get_pubkey(px509Cert)) == NULL) {
+       if ((pPublicKey = X509_get0_pubkey(px509Cert)) == NULL) {
            free(ptr);
            X509_free(px509Cert);
            keynote_errno = ERROR_SYNTAX;
@@ -530,9 +530,11 @@ kn_decode_key(struct keynote_deckey *dc, char *key, int keytype)
        }
 
        /* RSA-specific */
-       dc->dec_key = pPublicKey->pkey.rsa;
+       dc->dec_key = EVP_PKEY_get0_RSA(pPublicKey);
+       RSA_up_ref(dc->dec_key);
 
        free(ptr);
+       X509_free(px509Cert);
        return 0;
     }