=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/ca.c,v retrieving revision 1.52 retrieving revision 1.53 diff -c -r1.52 -r1.53 *** src/usr.bin/openssl/ca.c 2021/11/21 22:34:30 1.52 --- src/usr.bin/openssl/ca.c 2022/02/03 17:44:04 1.53 *************** *** 1,4 **** ! /* $OpenBSD: ca.c,v 1.52 2021/11/21 22:34:30 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * --- 1,4 ---- ! /* $OpenBSD: ca.c,v 1.53 2022/02/03 17:44:04 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * *************** *** 1633,1644 **** ok = 0; goto err; } ! if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto err; } i = X509_REQ_verify(req, pktmp); - EVP_PKEY_free(pktmp); if (i < 0) { ok = 0; BIO_printf(bio_err, "Signature verification problems....\n"); --- 1633,1643 ---- ok = 0; goto err; } ! if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto err; } i = X509_REQ_verify(req, pktmp); if (i < 0) { ok = 0; BIO_printf(bio_err, "Signature verification problems....\n"); *************** *** 1688,1699 **** BIO_printf(bio_err, "Check that the request matches the signature\n"); ! if ((pktmp = X509_get_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto err; } i = X509_verify(req, pktmp); - EVP_PKEY_free(pktmp); if (i < 0) { ok = 0; BIO_printf(bio_err, "Signature verification problems....\n"); --- 1687,1697 ---- BIO_printf(bio_err, "Check that the request matches the signature\n"); ! if ((pktmp = X509_get0_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto err; } i = X509_verify(req, pktmp); if (i < 0) { ok = 0; BIO_printf(bio_err, "Signature verification problems....\n"); *************** *** 1997,2009 **** if (!X509_set_subject_name(ret, subject)) goto err; ! pktmp = X509_REQ_get_pubkey(req); ! if (pktmp == NULL) goto err; ! i = X509_set_pubkey(ret, pktmp); ! EVP_PKEY_free(pktmp); ! if (!i) goto err; /* Lets add the extensions, if there are any */ --- 1995,2004 ---- if (!X509_set_subject_name(ret, subject)) goto err; ! if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) goto err; ! if (!X509_set_pubkey(ret, pktmp)) goto err; /* Lets add the extensions, if there are any */ *************** *** 2226,2243 **** } } ! pktmp = X509_get_pubkey(ret); ! if (pktmp == NULL) goto err; if (EVP_PKEY_missing_parameters(pktmp) && !EVP_PKEY_missing_parameters(pkey)) { if (!EVP_PKEY_copy_parameters(pktmp, pkey)) { - EVP_PKEY_free(pktmp); goto err; } } - EVP_PKEY_free(pktmp); if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts)) goto err; --- 2221,2235 ---- } } ! if ((pktmp = X509_get0_pubkey(ret)) == NULL) goto err; if (EVP_PKEY_missing_parameters(pktmp) && !EVP_PKEY_missing_parameters(pkey)) { if (!EVP_PKEY_copy_parameters(pktmp, pkey)) { goto err; } } if (!do_X509_sign(bio_err, ret, pkey, dgst, sigopts)) goto err;