From: tb Date: Wed, 31 Aug 2022 20:49:37 +0000 (+0000) Subject: Recommit -r1.45 but without error checking EVP_PKEY_copy_parameters() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5b39a7377ac92e4f9b698369d4acd8e715b1c609;p=openbsd Recommit -r1.45 but without error checking EVP_PKEY_copy_parameters() EVP_PKEY_copy_parameters() will unconditionally fail if the pkey's ameth has no copy_params(). Obviously this is indistinguishable from actual failure... ok jsing --- diff --git a/lib/libssl/ssl_rsa.c b/lib/libssl/ssl_rsa.c index 28a24f83b3f..70c29359f0e 100644 --- a/lib/libssl/ssl_rsa.c +++ b/lib/libssl/ssl_rsa.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_rsa.c,v 1.47 2022/08/31 20:20:53 tb Exp $ */ +/* $OpenBSD: ssl_rsa.c,v 1.48 2022/08/31 20:49:37 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -184,9 +184,17 @@ ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey) if (c->pkeys[i].x509 != NULL) { EVP_PKEY *pktmp; - pktmp = X509_get_pubkey(c->pkeys[i].x509); + + if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL) + return 0; + + /* + * Callers of EVP_PKEY_copy_parameters() can't distinguish + * errors from the absence of a param_copy() method. So + * pretend it can never fail. + */ EVP_PKEY_copy_parameters(pktmp, pkey); - EVP_PKEY_free(pktmp); + ERR_clear_error(); /* @@ -209,7 +217,7 @@ ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey) c->key = &(c->pkeys[i]); c->valid = 0; - return (1); + return 1; } int