1 files changed, 6 insertions, 8 deletions
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 786362ea02..30545320b3 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.139 2022/01/11 18:39:28 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.140 2022/01/11 19:03:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1905,7 +1905,7 @@ ssl3_get_cert_verify(SSL *s)
        CBS cbs, signature;
        const struct ssl_sigalg *sigalg = NULL;
        uint16_t sigalg_value = SIGALG_NONE;
-        EVP_PKEY *pkey = NULL;
+        EVP_PKEY *pkey;
        X509 *peer_cert = NULL;
        EVP_MD_CTX *mctx = NULL;
        int al, verify;
@@ -1928,11 +1928,9 @@ ssl3_get_cert_verify(SSL *s)
        CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
-        if (s->session->peer_cert != NULL) {
+        peer_cert = s->session->peer_cert;
-                peer_cert = s->session->peer_cert;
+        pkey = X509_get0_pubkey(peer_cert);
-                pkey = X509_get_pubkey(peer_cert);
+        type = X509_certificate_type(peer_cert, pkey);
-                type = X509_certificate_type(peer_cert, pkey);
-        }
        if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
                S3I(s)->hs.tls12.reuse_message = 1;
@@ -2131,7 +2129,7 @@ ssl3_get_cert_verify(SSL *s)
        tls1_transcript_free(s);
 err:
        EVP_MD_CTX_free(mctx);
-        EVP_PKEY_free(pkey);
        return (ret);
 }

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c index 786362ea02..30545320b3 100644 --- a/src/lib/libssl/ssl_srvr.c +++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_srvr.c,v 1.139 2022/01/11 18:39:28 jsing Exp $ */	1	/* $OpenBSD: ssl_srvr.c,v 1.140 2022/01/11 19:03:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1905,7 +1905,7 @@ ssl3_get_cert_verify(SSL *s)
1905	CBS cbs, signature;	1905	CBS cbs, signature;
1906	const struct ssl_sigalg *sigalg = NULL;	1906	const struct ssl_sigalg *sigalg = NULL;
1907	uint16_t sigalg_value = SIGALG_NONE;	1907	uint16_t sigalg_value = SIGALG_NONE;
1908	EVP_PKEY *pkey = NULL;	1908	EVP_PKEY *pkey;
1909	X509 *peer_cert = NULL;	1909	X509 *peer_cert = NULL;
1910	EVP_MD_CTX *mctx = NULL;	1910	EVP_MD_CTX *mctx = NULL;
1911	int al, verify;	1911	int al, verify;
@@ -1928,11 +1928,9 @@ ssl3_get_cert_verify(SSL *s)
1928		1928
1929	CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);	1929	CBS_init(&cbs, s->internal->init_msg, s->internal->init_num);
1930		1930
1931	if (s->session->peer_cert != NULL) {	1931	peer_cert = s->session->peer_cert;
1932	peer_cert = s->session->peer_cert;	1932	pkey = X509_get0_pubkey(peer_cert);
1933	pkey = X509_get_pubkey(peer_cert);	1933	type = X509_certificate_type(peer_cert, pkey);
1934	type = X509_certificate_type(peer_cert, pkey);
1935	}
1936		1934
1937	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {	1935	if (S3I(s)->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
1938	S3I(s)->hs.tls12.reuse_message = 1;	1936	S3I(s)->hs.tls12.reuse_message = 1;
@@ -2131,7 +2129,7 @@ ssl3_get_cert_verify(SSL *s)
2131	tls1_transcript_free(s);	2129	tls1_transcript_free(s);
2132	err:	2130	err:
2133	EVP_MD_CTX_free(mctx);	2131	EVP_MD_CTX_free(mctx);
2134	EVP_PKEY_free(pkey);	2132
2135	return (ret);	2133	return (ret);
2136	}	2134	}
2137		2135