From 1b78ce0485c23be33121e4388fae61d0d4c85c58 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 24 Nov 2021 19:29:19 +0000 Subject: [PATCH] Simplify slightly by using X509_get0_pubkey() thus eliminating the need for EVP_PKEY_free(). ok beck --- lib/libcrypto/ocsp/ocsp_vfy.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c index 67d45605ffe..0ba906efb1c 100644 --- a/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/lib/libcrypto/ocsp/ocsp_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_vfy.c,v 1.17 2021/11/01 20:53:08 tb Exp $ */ +/* $OpenBSD: ocsp_vfy.c,v 1.18 2021/11/24 19:29:19 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -96,10 +96,9 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; - skey = X509_get_pubkey(signer); + skey = X509_get0_pubkey(signer); if (skey) { ret = OCSP_BASICRESP_verify(bs, skey, 0); - EVP_PKEY_free(skey); } if (!skey || ret <= 0) { OCSPerror(OCSP_R_SIGNATURE_FAILURE); -- 2.20.1