From e4d8cd3ce2d50ba3da2a751d1b981cc823df6a7b Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 8 Dec 2021 19:25:04 +0000 Subject: [PATCH] relayd/ssl.c: Remove a workaround that uses a copy of the old certificate instead of using it directly because BIO_new_mem_buf() used to take an non-const buffer. This was changed in 2018, so we can now remove an XXX and simplify the code. ok bluhm --- usr.sbin/relayd/ssl.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/usr.sbin/relayd/ssl.c b/usr.sbin/relayd/ssl.c index d1a4d876424..0d76f8ba5eb 100644 --- a/usr.sbin/relayd/ssl.c +++ b/usr.sbin/relayd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.35 2021/01/27 20:33:05 eric Exp $ */ +/* $OpenBSD: ssl.c,v 1.36 2021/12/08 19:25:04 tb Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -123,16 +123,9 @@ ssl_update_certificate(const uint8_t *oldcert, size_t oldlen, EVP_PKEY *pkey, BIO *in, *out = NULL; BUF_MEM *bptr = NULL; X509 *cert = NULL; - uint8_t *newcert = NULL, *foo = NULL; + uint8_t *newcert = NULL; - /* XXX BIO_new_mem_buf is not using const so work around this */ - if ((foo = malloc(oldlen)) == NULL) { - log_warn("%s: malloc", __func__); - return (NULL); - } - memcpy(foo, oldcert, oldlen); - - if ((in = BIO_new_mem_buf(foo, oldlen)) == NULL) { + if ((in = BIO_new_mem_buf(oldcert, oldlen)) == NULL) { log_warnx("%s: BIO_new_mem_buf failed", __func__); goto done; } @@ -193,7 +186,6 @@ ssl_update_certificate(const uint8_t *oldcert, size_t oldlen, EVP_PKEY *pkey, *newlen = bptr->length; done: - free(foo); if (in) BIO_free(in); if (out) -- 2.20.1