From: inoguchi <inoguchi@openbsd.org>
Date: Sat, 22 Jan 2022 00:34:48 +0000 (+0000)
Subject: X509_GET_PUBKEY(3) return value check in libcrypto
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c10e594f68bc8f990ceac9fb051888d605c77092;p=openbsd

X509_GET_PUBKEY(3) return value check in libcrypto

CID 25131

ok beck@ tb@

suggest using X509_REQ_get0_pubkey() and remove the EVP_PKEY_free() from tb@
---

diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c
index ffe9b8607f9..8d5bf585096 100644
--- a/lib/libcrypto/x509/x509_req.c
+++ b/lib/libcrypto/x509/x509_req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_req.c,v 1.27 2021/12/12 21:30:14 tb Exp $ */
+/* $OpenBSD: x509_req.c,v 1.28 2022/01/22 00:34:48 inoguchi Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -138,7 +138,9 @@ X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
 	EVP_PKEY *xk = NULL;
 	int ok = 0;
 
-	xk = X509_REQ_get_pubkey(x);
+	if ((xk = X509_REQ_get0_pubkey(x)) == NULL)
+		return 0;
+
 	switch (EVP_PKEY_cmp(xk, k)) {
 	case 1:
 		ok = 1;
@@ -166,7 +168,6 @@ X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
 		X509error(X509_R_UNKNOWN_KEY_TYPE);
 	}
 
-	EVP_PKEY_free(xk);
 	return (ok);
 }