===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/ca.c,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- src/usr.bin/openssl/ca.c	2021/08/28 02:40:17	1.38
+++ src/usr.bin/openssl/ca.c	2021/08/28 04:02:20	1.39
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.38 2021/08/28 02:40:17 inoguchi Exp $ */
+/* $OpenBSD: ca.c,v 1.39 2021/08/28 04:02:20 inoguchi Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -673,7 +673,7 @@
 	CA_DB *db = NULL;
 	X509_CRL *crl = NULL;
 	X509_REVOKED *r = NULL;
-	ASN1_TIME *tmptm;
+	ASN1_TIME *tmptm = NULL;
 	ASN1_INTEGER *tmpserial;
 	char *f;
 	const char *p;
@@ -1425,29 +1425,20 @@
 		if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
 			goto err;
 
-		tmptm = ASN1_TIME_new();
-		if (tmptm == NULL)
+		if ((tmptm = X509_gmtime_adj(NULL, 0)) == NULL)
 			goto err;
-		if (X509_gmtime_adj(tmptm, 0) == NULL) {
-			ASN1_TIME_free(tmptm);
+		if (!X509_CRL_set_lastUpdate(crl, tmptm))
 			goto err;
-		}
-		if (!X509_CRL_set_lastUpdate(crl, tmptm)) {
-			ASN1_TIME_free(tmptm);
-			goto err;
-		}
 		if (X509_time_adj_ex(tmptm, ca_config.crldays,
 		    ca_config.crlhours * 60 * 60 + ca_config.crlsec, NULL) ==
 		    NULL) {
 			BIO_puts(bio_err, "error setting CRL nextUpdate\n");
-			ASN1_TIME_free(tmptm);
 			goto err;
 		}
-		if (!X509_CRL_set_nextUpdate(crl, tmptm)) {
-			ASN1_TIME_free(tmptm);
+		if (!X509_CRL_set_nextUpdate(crl, tmptm))
 			goto err;
-		}
 		ASN1_TIME_free(tmptm);
+		tmptm = NULL;
 
 		for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
 			pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
@@ -1591,6 +1582,7 @@
 		X509_free(x509);
 	X509_CRL_free(crl);
 	X509_REVOKED_free(r);
+	ASN1_TIME_free(tmptm);
 	NCONF_free(conf);
 	NCONF_free(extconf);
 	OBJ_cleanup();