From 4d9d2a4ca4c44d0e5f4b26337113b6f241ab2e56 Mon Sep 17 00:00:00 2001
From: inoguchi <>
Date: Sat, 22 Jan 2022 00:33:02 +0000
Subject: X509_GET_PUBKEY(3) return value check in libcrypto

ok beck@ tb@

suggest using X509_get0_pubkey() and remove EVP_PKEY_free() from tb@
---
 src/lib/libcrypto/ocsp/ocsp_vfy.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index f5597d0245..0da402fd47 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_vfy.c,v 1.20 2022/01/07 09:45:52 tb Exp $ */
+/* $OpenBSD: ocsp_vfy.c,v 1.21 2022/01/22 00:33:02 inoguchi Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -407,9 +407,9 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
 	if (!(flags & OCSP_NOSIGS)) {
 		EVP_PKEY *skey;
 
-		skey = X509_get_pubkey(signer);
+		if ((skey = X509_get0_pubkey(signer)) == NULL)
+			return 0;
 		ret = OCSP_REQUEST_verify(req, skey);
-		EVP_PKEY_free(skey);
 		if (ret <= 0) {
 			OCSPerror(OCSP_R_SIGNATURE_FAILURE);
 			return 0;
-- 
cgit v1.2.3-55-g6feb