Recommit -r1.45 but without error checking EVP_PKEY_copy_parameters()

EVP_PKEY_copy_parameters() will unconditionally fail if the pkey's ameth has no copy_params(). Obviously this is indistinguishable from actual failure... ok jsing
author: tb <> 2022-08-31 20:49:37 +0000
committer: tb <> 2022-08-31 20:49:37 +0000
commit: a29d24d2f4722b4c805fd5bbf6f162146b12ea24 (patch)
tree: 03d1ecba3d0293b8d6994fcd14c7f2a8af7fd500
parent: e2e4fec4d7b7d40e2bc9316875c41dadae93b1be (diff)
download: openbsd-a29d24d2f4722b4c805fd5bbf6f162146b12ea24.tar.gz
openbsd-a29d24d2f4722b4c805fd5bbf6f162146b12ea24.tar.bz2
openbsd-a29d24d2f4722b4c805fd5bbf6f162146b12ea24.zip
1 files changed, 12 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 28a24f83b3..70c29359f0 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_rsa.c,v 1.47 2022/08/31 20:20:53 tb Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.48 2022/08/31 20:49:37 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -184,9 +184,17 @@ ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey)
        if (c->pkeys[i].x509 != NULL) {
                EVP_PKEY *pktmp;
-                pktmp = X509_get_pubkey(c->pkeys[i].x509);
+                if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL)
+                        return 0;
+                /*
+                 * Callers of EVP_PKEY_copy_parameters() can't distinguish
+                 * errors from the absence of a param_copy() method. So
+                 * pretend it can never fail.
+                 */
                EVP_PKEY_copy_parameters(pktmp, pkey);
-                EVP_PKEY_free(pktmp);
                ERR_clear_error();
                /*
@@ -209,7 +217,7 @@ ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey)
        c->key = &(c->pkeys[i]);
        c->valid = 0;
-        return (1);
+        return 1;
 }
 int
author	tb <>	2022-08-31 20:49:37 +0000
committer	tb <>	2022-08-31 20:49:37 +0000
commit	a29d24d2f4722b4c805fd5bbf6f162146b12ea24 (patch)
tree	03d1ecba3d0293b8d6994fcd14c7f2a8af7fd500
parent	e2e4fec4d7b7d40e2bc9316875c41dadae93b1be (diff)
download	openbsd-a29d24d2f4722b4c805fd5bbf6f162146b12ea24.tar.gz openbsd-a29d24d2f4722b4c805fd5bbf6f162146b12ea24.tar.bz2 openbsd-a29d24d2f4722b4c805fd5bbf6f162146b12ea24.zip

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 28a24f83b3..70c29359f0 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_rsa.c,v 1.47 2022/08/31 20:20:53 tb Exp $ */	1	/* $OpenBSD: ssl_rsa.c,v 1.48 2022/08/31 20:49:37 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -184,9 +184,17 @@ ssl_set_pkey(SSL_CTX ctx, SSL ssl, EVP_PKEY *pkey)
184		184
185	if (c->pkeys[i].x509 != NULL) {	185	if (c->pkeys[i].x509 != NULL) {
186	EVP_PKEY *pktmp;	186	EVP_PKEY *pktmp;
187	pktmp = X509_get_pubkey(c->pkeys[i].x509);	187
		188	if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL)
		189	return 0;
		190
		191	/*
		192	* Callers of EVP_PKEY_copy_parameters() can't distinguish
		193	* errors from the absence of a param_copy() method. So
		194	* pretend it can never fail.
		195	*/
188	EVP_PKEY_copy_parameters(pktmp, pkey);	196	EVP_PKEY_copy_parameters(pktmp, pkey);
189	EVP_PKEY_free(pktmp);	197
190	ERR_clear_error();	198	ERR_clear_error();
191		199
192	/*	200	/*
@@ -209,7 +217,7 @@ ssl_set_pkey(SSL_CTX ctx, SSL ssl, EVP_PKEY *pkey)
209	c->key = &(c->pkeys[i]);	217	c->key = &(c->pkeys[i]);
210		218
211	c->valid = 0;	219	c->valid = 0;
212	return (1);	220	return 1;
213	}	221	}
214		222
215	int	223	int