Use X509_*get0_pubkey() wherever possible to simplify and clean up

the code. Also add error checking where possible. ok jsing
author: tb <> 2022-02-03 17:44:04 +0000
committer: tb <> 2022-02-03 17:44:04 +0000
commit: 99e959b3452e5b44dc52e0e6e87b7e4ec42147af (patch)
tree: d64d65e1fd6a83904267a56b4660fb0e0411b465 /src/usr.bin/openssl/ca.c
parent: 355870caa2e034326f5b6b4df6b18cf93e907bc7 (diff)
download: openbsd-99e959b3452e5b44dc52e0e6e87b7e4ec42147af.tar.gz
openbsd-99e959b3452e5b44dc52e0e6e87b7e4ec42147af.tar.bz2
openbsd-99e959b3452e5b44dc52e0e6e87b7e4ec42147af.zip
1 files changed, 6 insertions, 14 deletions
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index c711f8b4b2..bbc5403e3c 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.52 2021/11/21 22:34:30 tb Exp $ */
+/* $OpenBSD: ca.c,v 1.53 2022/02/03 17:44:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1633,12 +1633,11 @@ certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
                ok = 0;
                goto err;
        }
-        if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
+        if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
                BIO_printf(bio_err, "error unpacking public key\n");
                goto err;
        }
        i = X509_REQ_verify(req, pktmp);
-        EVP_PKEY_free(pktmp);
        if (i < 0) {
                ok = 0;
                BIO_printf(bio_err, "Signature verification problems....\n");
@@ -1688,12 +1687,11 @@ certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
        BIO_printf(bio_err, "Check that the request matches the signature\n");
-        if ((pktmp = X509_get_pubkey(req)) == NULL) {
+        if ((pktmp = X509_get0_pubkey(req)) == NULL) {
                BIO_printf(bio_err, "error unpacking public key\n");
                goto err;
        }
        i = X509_verify(req, pktmp);
-        EVP_PKEY_free(pktmp);
        if (i < 0) {
                ok = 0;
                BIO_printf(bio_err, "Signature verification problems....\n");
@@ -1997,13 +1995,10 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
        if (!X509_set_subject_name(ret, subject))
                goto err;
-        pktmp = X509_REQ_get_pubkey(req);
+        if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL)
-        if (pktmp == NULL)
                goto err;
-        i = X509_set_pubkey(ret, pktmp);
+        if (!X509_set_pubkey(ret, pktmp))
-        EVP_PKEY_free(pktmp);
-        if (!i)
                goto err;
        /* Lets add the extensions, if there are any */
@@ -2226,18 +2221,15 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
                }
        }
-        pktmp = X509_get_pubkey(ret);
+        if ((pktmp = X509_get0_pubkey(ret)) == NULL)
-        if (pktmp == NULL)
                goto err;
        if (EVP_PKEY_missing_parameters(pktmp) &&
            !EVP_PKEY_missing_parameters(pkey)) {
                if (!EVP_PKEY_copy_parameters(pktmp, pkey)) {
-                        EVP_PKEY_free(pktmp);
                        goto err;
                }
        }
-        EVP_PKEY_free(pktmp);
        if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts))
                goto err;
author	tb <>	2022-02-03 17:44:04 +0000
committer	tb <>	2022-02-03 17:44:04 +0000
commit	99e959b3452e5b44dc52e0e6e87b7e4ec42147af (patch)
tree	d64d65e1fd6a83904267a56b4660fb0e0411b465 /src/usr.bin/openssl/ca.c
parent	355870caa2e034326f5b6b4df6b18cf93e907bc7 (diff)
download	openbsd-99e959b3452e5b44dc52e0e6e87b7e4ec42147af.tar.gz openbsd-99e959b3452e5b44dc52e0e6e87b7e4ec42147af.tar.bz2 openbsd-99e959b3452e5b44dc52e0e6e87b7e4ec42147af.zip