the code. Also add error checking where possible.
ok jsing
-/* $OpenBSD: ca.c,v 1.52 2021/11/21 22:34:30 tb Exp $ */
+/* $OpenBSD: ca.c,v 1.53 2022/02/03 17:44:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
ok = 0;
goto err;
}
- if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
+ if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
goto err;
}
i = X509_REQ_verify(req, pktmp);
- EVP_PKEY_free(pktmp);
if (i < 0) {
ok = 0;
BIO_printf(bio_err, "Signature verification problems....\n");
BIO_printf(bio_err, "Check that the request matches the signature\n");
- if ((pktmp = X509_get_pubkey(req)) == NULL) {
+ if ((pktmp = X509_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "error unpacking public key\n");
goto err;
}
i = X509_verify(req, pktmp);
- EVP_PKEY_free(pktmp);
if (i < 0) {
ok = 0;
BIO_printf(bio_err, "Signature verification problems....\n");
if (!X509_set_subject_name(ret, subject))
goto err;
- pktmp = X509_REQ_get_pubkey(req);
- if (pktmp == NULL)
+ if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL)
goto err;
- i = X509_set_pubkey(ret, pktmp);
- EVP_PKEY_free(pktmp);
- if (!i)
+ if (!X509_set_pubkey(ret, pktmp))
goto err;
/* Lets add the extensions, if there are any */
}
}
- pktmp = X509_get_pubkey(ret);
- if (pktmp == NULL)
+ if ((pktmp = X509_get0_pubkey(ret)) == NULL)
goto err;
if (EVP_PKEY_missing_parameters(pktmp) &&
!EVP_PKEY_missing_parameters(pkey)) {
if (!EVP_PKEY_copy_parameters(pktmp, pkey)) {
- EVP_PKEY_free(pktmp);
goto err;
}
}
- EVP_PKEY_free(pktmp);
if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts))
goto err;
-/* $OpenBSD: req.c,v 1.22 2021/12/12 20:42:37 tb Exp $ */
+/* $OpenBSD: req.c,v 1.23 2022/02/03 17:44:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
if (req_config.x509) {
EVP_PKEY *tmppkey;
+
X509V3_CTX ext_ctx;
if ((x509ss = X509_new()) == NULL)
goto end;
goto end;
if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req)))
goto end;
- tmppkey = X509_REQ_get_pubkey(req);
- if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
+ if ((tmppkey = X509_REQ_get0_pubkey(req)) == NULL)
+ goto end;
+ if (!X509_set_pubkey(x509ss, tmppkey))
goto end;
- EVP_PKEY_free(tmppkey);
/* Set up V3 context struct */
}
}
if (req_config.verify && !req_config.x509) {
- int tmp = 0;
+ EVP_PKEY *pubkey = pkey;
- if (pkey == NULL) {
- pkey = X509_REQ_get_pubkey(req);
- tmp = 1;
- if (pkey == NULL)
- goto end;
- }
- i = X509_REQ_verify(req, pkey);
- if (tmp) {
- EVP_PKEY_free(pkey);
- pkey = NULL;
- }
+ if (pubkey == NULL)
+ pubkey = X509_REQ_get0_pubkey(req);
+ if (pubkey == NULL)
+ goto end;
+ i = X509_REQ_verify(req, pubkey);
if (i < 0) {
goto end;
} else if (i == 0) {
if (req_config.pubkey) {
EVP_PKEY *tpubkey;
- tpubkey = X509_REQ_get_pubkey(req);
- if (tpubkey == NULL) {
+
+ if ((tpubkey = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "Error getting public key\n");
ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_PUBKEY(out, tpubkey);
- EVP_PKEY_free(tpubkey);
}
if (req_config.text) {
if (req_config.x509)
-/* $OpenBSD: s_client.c,v 1.57 2021/12/26 14:46:06 jsing Exp $ */
+/* $OpenBSD: s_client.c,v 1.58 2022/02/03 17:44:04 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
SSL_CIPHER_get_name(c));
if (peer != NULL) {
EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(peer);
+
+ pktmp = X509_get0_pubkey(peer);
BIO_printf(bio, "Server public key is %d bit\n",
EVP_PKEY_bits(pktmp));
- EVP_PKEY_free(pktmp);
}
BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
projects / openbsd / commitdiff