From: claudio <claudio@openbsd.org>
Date: Tue, 18 Jan 2022 16:52:18 +0000 (+0000)
Subject: Use X509_get0_pubkey() for opk and remove the EVP_PKEY_free(opk).
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=00e3cb6a472f77a4a657993f0b6730548c605580;p=openbsd

Use X509_get0_pubkey() for opk and remove the EVP_PKEY_free(opk).
Suggested by and OK tb@
---

diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c
index 9c3cbca1d62..808e78f7faa 100644
--- a/usr.sbin/rpki-client/cert.c
+++ b/usr.sbin/rpki-client/cert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cert.c,v 1.51 2022/01/18 16:36:49 claudio Exp $ */
+/*	$OpenBSD: cert.c,v 1.52 2022/01/18 16:52:18 claudio Exp $ */
 /*
  * Copyright (c) 2021 Job Snijders <job@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -1168,7 +1168,7 @@ ta_parse(const char *fn, const unsigned char *der, size_t len,
 		pk = d2i_PUBKEY(NULL, &pkey, pkeysz);
 		assert(pk != NULL);
 
-		if ((opk = X509_get_pubkey(p->x509)) == NULL)
+		if ((opk = X509_get0_pubkey(p->x509)) == NULL)
 			cryptowarnx("%s: RFC 6487 (trust anchor): "
 			    "missing pubkey", fn);
 		else if (EVP_PKEY_cmp(pk, opk) != 1)
@@ -1178,7 +1178,6 @@ ta_parse(const char *fn, const unsigned char *der, size_t len,
 			rc = 1;
 
 		EVP_PKEY_free(pk);
-		EVP_PKEY_free(opk);
 	}
 
 	if (rc == 0) {