diff options
author | tb <> | 2025-02-08 01:04:56 +0000 |
---|---|---|
committer | tb <> | 2025-02-08 01:04:56 +0000 |
commit | 5e6e46092b1b16ca7be107711e67259b335c8de6 (patch) | |
tree | 45d1260baf0fc891586b86c16834d592043ef401 | |
parent | 96c75ee2b11e9696094f297147e12a22be999847 (diff) | |
download | openbsd-5e6e46092b1b16ca7be107711e67259b335c8de6.tar.gz openbsd-5e6e46092b1b16ca7be107711e67259b335c8de6.tar.bz2 openbsd-5e6e46092b1b16ca7be107711e67259b335c8de6.zip |
x509_verify_parent_signature(): no need to bump pkey's refcount
The parent certificate outlives the signature check, so we don't have
to take a refcount of its pubkey and then release it again.
ok beck
-rw-r--r-- | src/lib/libcrypto/x509/x509_verify.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 5dcec27542..235f488fc7 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: x509_verify.c,v 1.71 2025/02/08 01:01:31 tb Exp $ */ | 1 | /* $OpenBSD: x509_verify.c,v 1.72 2025/02/08 01:04:56 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> |
4 | * | 4 | * |
@@ -546,7 +546,7 @@ x509_verify_parent_signature(X509 *parent, X509 *child, int *error) | |||
546 | } | 546 | } |
547 | 547 | ||
548 | /* Check signature. Did parent sign child? */ | 548 | /* Check signature. Did parent sign child? */ |
549 | if ((pkey = X509_get_pubkey(parent)) == NULL) { | 549 | if ((pkey = X509_get0_pubkey(parent)) == NULL) { |
550 | *error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; | 550 | *error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; |
551 | return 0; | 551 | return 0; |
552 | } | 552 | } |
@@ -558,8 +558,6 @@ x509_verify_parent_signature(X509 *parent, X509 *child, int *error) | |||
558 | /* Add result to cache */ | 558 | /* Add result to cache */ |
559 | x509_issuer_cache_add(parent->hash, child->hash, ret); | 559 | x509_issuer_cache_add(parent->hash, child->hash, ret); |
560 | 560 | ||
561 | EVP_PKEY_free(pkey); | ||
562 | |||
563 | return ret; | 561 | return ret; |
564 | } | 562 | } |
565 | 563 | ||