relayd/ssl.c: Remove a workaround that uses a copy of the old

certificate instead of using it directly because BIO_new_mem_buf()
used to take an non-const buffer. This was changed in 2018, so we
can now remove an XXX and simplify the code.

ok bluhm

diff --git a/usr.sbin/relayd/ssl.c b/usr.sbin/relayd/ssl.c
index d1a4d87..0d76f8b 100644 (file)
--- a/usr.sbin/relayd/ssl.c
+++ b/usr.sbin/relayd/ssl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ssl.c,v 1.35 2021/01/27 20:33:05 eric Exp $   */
+/*     $OpenBSD: ssl.c,v 1.36 2021/12/08 19:25:04 tb Exp $     */
 
 /*
  * Copyright (c) 2007 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -123,16 +123,9 @@ ssl_update_certificate(const uint8_t *oldcert, size_t oldlen, EVP_PKEY *pkey,
        BIO             *in, *out = NULL;
        BUF_MEM         *bptr = NULL;
        X509            *cert = NULL;
-       uint8_t         *newcert = NULL, *foo = NULL;
+       uint8_t         *newcert = NULL;
 
-       /* XXX BIO_new_mem_buf is not using const so work around this */
-       if ((foo = malloc(oldlen)) == NULL) {
-               log_warn("%s: malloc", __func__);
-               return (NULL);
-       }
-       memcpy(foo, oldcert, oldlen);
-
-       if ((in = BIO_new_mem_buf(foo, oldlen)) == NULL) {
+       if ((in = BIO_new_mem_buf(oldcert, oldlen)) == NULL) {
                log_warnx("%s: BIO_new_mem_buf failed", __func__);
                goto done;
        }
@@ -193,7 +186,6 @@ ssl_update_certificate(const uint8_t *oldcert, size_t oldlen, EVP_PKEY *pkey,
        *newlen = bptr->length;
 
 done:
-       free(foo);
        if (in)
                BIO_free(in);
        if (out)