From c5137473bdc7bcf7c43b4bd5d28827f8ddd70490 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Sun, 3 Apr 2016 23:37:32 +0200 Subject: [PATCH] Use X509_REQ_get0_pubkey Reviewed-by: Stephen Henson Reviewed-by: Rich Salz --- apps/ca.c | 5 ++--- apps/req.c | 19 +++++++------------ apps/x509.c | 6 ++---- crypto/x509/x509_r2x.c | 11 ++--------- 4 files changed, 13 insertions(+), 28 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 3062d7e054..85766cccbb 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1351,12 +1351,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509, ok = 0; goto end; } - if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) { + if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; } i = X509_REQ_verify(req, pktmp); - EVP_PKEY_free(pktmp); + pktmp = NULL; if (i < 0) { ok = 0; BIO_printf(bio_err, "Signature verification problems....\n"); @@ -1790,7 +1790,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, pktmp = X509_REQ_get_pubkey(req); i = X509_set_pubkey(ret, pktmp); - EVP_PKEY_free(pktmp); if (!i) goto end; diff --git a/apps/req.c b/apps/req.c index edf998ba70..561cccc98f 100644 --- a/apps/req.c +++ b/apps/req.c @@ -375,6 +375,7 @@ int req_main(int argc, char **argv) if (!nmflag_set) nmflag = XN_FLAG_ONELINE; + /* TODO: simplify this as pkey is still always NULL here */ private = newreq && (pkey == NULL) ? 1 : 0; if (!app_passwd(passargin, passargout, &passin, &passout)) { @@ -666,10 +667,9 @@ int req_main(int argc, char **argv) if (!X509_set_subject_name (x509ss, X509_REQ_get_subject_name(req))) goto end; - tmppkey = X509_REQ_get_pubkey(req); + tmppkey = X509_REQ_get0_pubkey(req); if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey)) goto end; - EVP_PKEY_free(tmppkey); /* Set up V3 context struct */ @@ -739,20 +739,15 @@ int req_main(int argc, char **argv) } if (verify && !x509) { - int tmp = 0; + EVP_PKEY *pubkey = pkey; - if (pkey == NULL) { - pkey = X509_REQ_get_pubkey(req); - tmp = 1; - if (pkey == NULL) + if (pubkey == NULL) { + pubkey = X509_REQ_get0_pubkey(req); + if (pubkey == NULL) goto end; } - i = X509_REQ_verify(req, pkey); - if (tmp) { - EVP_PKEY_free(pkey); - pkey = NULL; - } + i = X509_REQ_verify(req, pubkey); if (i < 0) { goto end; diff --git a/apps/x509.c b/apps/x509.c index 00c0d97aa2..bc5623365a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -562,12 +562,11 @@ int x509_main(int argc, char **argv) goto end; } - if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { + if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; } i = X509_REQ_verify(req, pkey); - EVP_PKEY_free(pkey); if (i < 0) { BIO_printf(bio_err, "Signature verification error\n"); ERR_print_errors(bio_err); @@ -607,9 +606,8 @@ int x509_main(int argc, char **argv) if (fkey) X509_set_pubkey(x, fkey); else { - pkey = X509_REQ_get_pubkey(req); + pkey = X509_REQ_get0_pubkey(req); X509_set_pubkey(x, pkey); - EVP_PKEY_free(pkey); } } else x = load_cert(infile, informat, "Certificate"); diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index dc7e41265c..d082636de4 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -101,21 +101,14 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) NULL) goto err; - pubkey = X509_REQ_get_pubkey(r); - if (pubkey == NULL) + pubkey = X509_REQ_get0_pubkey(r); + if (pubkey == NULL || !X509_set_pubkey(ret, pubkey)) goto err; - if (!X509_set_pubkey(ret, pubkey)) - goto err_pkey; - - EVP_PKEY_free(pubkey); - if (!X509_sign(ret, pkey, EVP_md5())) goto err; return ret; - err_pkey: - EVP_PKEY_free(pubkey); err: X509_free(ret); return NULL;