1 files changed, 33 insertions, 22 deletions
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
index d31642d6c5..b1618de4a6 100644
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssltest.c,v 1.31 2021/10/31 16:56:17 tb Exp $ */
+/*      $OpenBSD: ssltest.c,v 1.32 2021/11/18 16:45:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -371,34 +371,45 @@ static void
 print_details(SSL *c_ssl, const char *prefix)
 {
        const SSL_CIPHER *ciph;
-        X509 *cert;
+        X509 *cert = NULL;
+        EVP_PKEY *pkey;
        ciph = SSL_get_current_cipher(c_ssl);
        BIO_printf(bio_stdout, "%s%s, cipher %s %s",
            prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),
            SSL_CIPHER_get_name(ciph));
-        cert = SSL_get_peer_certificate(c_ssl);
-        if (cert != NULL) {
+        if ((cert = SSL_get_peer_certificate(c_ssl)) == NULL)
-                EVP_PKEY *pkey = X509_get_pubkey(cert);
+                goto out;
-                if (pkey != NULL) {
+        if ((pkey = X509_get0_pubkey(cert)) == NULL)
-                        if (pkey->type == EVP_PKEY_RSA &&
+                goto out;
-                            pkey->pkey.rsa != NULL &&
+        if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
-                            pkey->pkey.rsa->n != NULL) {
+                RSA *rsa;
-                                BIO_printf(bio_stdout, ", %d bit RSA",
-                                    BN_num_bits(pkey->pkey.rsa->n));
+                if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL)
-                        } else if (pkey->type == EVP_PKEY_DSA &&
+                        goto out;
-                            pkey->pkey.dsa != NULL &&
-                            pkey->pkey.dsa->p != NULL) {
+                BIO_printf(bio_stdout, ", %d bit RSA", RSA_bits(rsa));
-                                BIO_printf(bio_stdout, ", %d bit DSA",
+        } else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
-                                    BN_num_bits(pkey->pkey.dsa->p));
+                DSA *dsa;
-                        }
+                const BIGNUM *p;
-                        EVP_PKEY_free(pkey);
-                }
+                if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL)
-                X509_free(cert);
+                        goto out;
+                DSA_get0_pqg(dsa, &p, NULL, NULL);
+                BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(p));
        }
-        /* The SSL API does not allow us to look at temporary RSA/DH keys,
-         * otherwise we should print their lengths too */
+ out:
+        /*
+         * The SSL API does not allow us to look at temporary RSA/DH keys,
+         * otherwise we should print their lengths too
+         */
        BIO_printf(bio_stdout, "\n");
+        X509_free(cert);
 }
 int

diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index d31642d6c5..b1618de4a6 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssltest.c,v 1.31 2021/10/31 16:56:17 tb Exp $ */	1	/* $OpenBSD: ssltest.c,v 1.32 2021/11/18 16:45:28 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -371,34 +371,45 @@ static void
371	print_details(SSL c_ssl, const char prefix)	371	print_details(SSL c_ssl, const char prefix)
372	{	372	{
373	const SSL_CIPHER *ciph;	373	const SSL_CIPHER *ciph;
374	X509 *cert;	374	X509 *cert = NULL;
		375	EVP_PKEY *pkey;
375		376
376	ciph = SSL_get_current_cipher(c_ssl);	377	ciph = SSL_get_current_cipher(c_ssl);
377	BIO_printf(bio_stdout, "%s%s, cipher %s %s",	378	BIO_printf(bio_stdout, "%s%s, cipher %s %s",
378	prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),	379	prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),
379	SSL_CIPHER_get_name(ciph));	380	SSL_CIPHER_get_name(ciph));
380	cert = SSL_get_peer_certificate(c_ssl);	381
381	if (cert != NULL) {	382	if ((cert = SSL_get_peer_certificate(c_ssl)) == NULL)
382	EVP_PKEY *pkey = X509_get_pubkey(cert);	383	goto out;
383	if (pkey != NULL) {	384	if ((pkey = X509_get0_pubkey(cert)) == NULL)
384	if (pkey->type == EVP_PKEY_RSA &&	385	goto out;
385	pkey->pkey.rsa != NULL &&	386	if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
386	pkey->pkey.rsa->n != NULL) {	387	RSA *rsa;
387	BIO_printf(bio_stdout, ", %d bit RSA",	388
388	BN_num_bits(pkey->pkey.rsa->n));	389	if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL)
389	} else if (pkey->type == EVP_PKEY_DSA &&	390	goto out;
390	pkey->pkey.dsa != NULL &&	391
391	pkey->pkey.dsa->p != NULL) {	392	BIO_printf(bio_stdout, ", %d bit RSA", RSA_bits(rsa));
392	BIO_printf(bio_stdout, ", %d bit DSA",	393	} else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
393	BN_num_bits(pkey->pkey.dsa->p));	394	DSA *dsa;
394	}	395	const BIGNUM *p;
395	EVP_PKEY_free(pkey);	396
396	}	397	if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL)
397	X509_free(cert);	398	goto out;
		399
		400	DSA_get0_pqg(dsa, &p, NULL, NULL);
		401
		402	BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(p));
398	}	403	}
399	/* The SSL API does not allow us to look at temporary RSA/DH keys,	404
400	* otherwise we should print their lengths too */	405	out:
		406	/*
		407	* The SSL API does not allow us to look at temporary RSA/DH keys,
		408	* otherwise we should print their lengths too
		409	*/
401	BIO_printf(bio_stdout, "\n");	410	BIO_printf(bio_stdout, "\n");
		411
		412	X509_free(cert);
402	}	413	}
403		414
404	int	415	int