X509_GET_PUBKEY(3) return value check in libcrypto

ok beck@ tb@ suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
author: inoguchi <> 2022-01-22 00:33:02 +0000
committer: inoguchi <> 2022-01-22 00:33:02 +0000
commit: 4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56 (patch)
tree: 0518e3714d7d153956fa08e5c230a89e0d76f6e8 /src
parent: f681a5a63acd72d47e3469699cb30955a22010f0 (diff)
download: openbsd-4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56.tar.gz
openbsd-4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56.tar.bz2
openbsd-4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index f5597d0245..0da402fd47 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_vfy.c,v 1.20 2022/01/07 09:45:52 tb Exp $ */
+/* $OpenBSD: ocsp_vfy.c,v 1.21 2022/01/22 00:33:02 inoguchi Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -407,9 +407,9 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
        if (!(flags & OCSP_NOSIGS)) {
                EVP_PKEY *skey;
-                skey = X509_get_pubkey(signer);
+                if ((skey = X509_get0_pubkey(signer)) == NULL)
+                        return 0;
                ret = OCSP_REQUEST_verify(req, skey);
-                EVP_PKEY_free(skey);
                if (ret <= 0) {
                        OCSPerror(OCSP_R_SIGNATURE_FAILURE);
                        return 0;
author	inoguchi <>	2022-01-22 00:33:02 +0000
committer	inoguchi <>	2022-01-22 00:33:02 +0000
commit	4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56 (patch)
tree	0518e3714d7d153956fa08e5c230a89e0d76f6e8 /src
parent	f681a5a63acd72d47e3469699cb30955a22010f0 (diff)
download	openbsd-4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56.tar.gz openbsd-4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56.tar.bz2 openbsd-4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56.zip