=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/x509.c,v retrieving revision 1.24 retrieving revision 1.25 diff -c -r1.24 -r1.25 *** src/usr.bin/openssl/x509.c 2021/08/29 19:56:40 1.24 --- src/usr.bin/openssl/x509.c 2021/10/23 15:44:39 1.25 *************** *** 1,4 **** ! /* $OpenBSD: x509.c,v 1.24 2021/08/29 19:56:40 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * --- 1,4 ---- ! /* $OpenBSD: x509.c,v 1.25 2021/10/23 15:44:39 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * *************** *** 846,861 **** ERR_print_errors(bio_err); goto end; } - if ((req->req_info == NULL) || - (req->req_info->pubkey == NULL) || - (req->req_info->pubkey->public_key == NULL) || - (req->req_info->pubkey->public_key->data == NULL)) { - BIO_printf(bio_err, - "The certificate request appears to corrupted\n"); - BIO_printf(bio_err, - "It does not contain a public key\n"); - goto end; - } if ((pkey = X509_REQ_get_pubkey(req)) == NULL) { BIO_printf(bio_err, "error unpacking public key\n"); goto end; --- 846,851 ---- *************** *** 892,900 **** } else if (!X509_set_serialNumber(x, x509_config.sno)) goto end; ! if (!X509_set_issuer_name(x, req->req_info->subject)) goto end; ! if (!X509_set_subject_name(x, req->req_info->subject)) goto end; if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) --- 882,890 ---- } else if (!X509_set_serialNumber(x, x509_config.sno)) goto end; ! if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req))) goto end; ! if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req))) goto end; if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) *************** *** 1403,1409 **** { int ret = 0; ASN1_INTEGER *bs = NULL; ! X509_STORE_CTX xsc; EVP_PKEY *upkey; upkey = X509_get_pubkey(xca); --- 1393,1399 ---- { int ret = 0; ASN1_INTEGER *bs = NULL; ! X509_STORE_CTX *xsc = NULL; EVP_PKEY *upkey; upkey = X509_get_pubkey(xca); *************** *** 1412,1418 **** EVP_PKEY_copy_parameters(upkey, pkey); EVP_PKEY_free(upkey); ! if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) { BIO_printf(bio_err, "Error initialising X509 store\n"); goto end; } --- 1402,1410 ---- EVP_PKEY_copy_parameters(upkey, pkey); EVP_PKEY_free(upkey); ! if ((xsc = X509_STORE_CTX_new()) == NULL) ! goto end; ! if (!X509_STORE_CTX_init(xsc, ctx, x, NULL)) { BIO_printf(bio_err, "Error initialising X509 store\n"); goto end; } *************** *** 1427,1435 **** * NOTE: this certificate can/should be self signed, unless it was a * certificate request in which case it is not. */ ! X509_STORE_CTX_set_cert(&xsc, x); ! X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); ! if (!x509_config.reqfile && X509_verify_cert(&xsc) <= 0) goto end; if (!X509_check_private_key(xca, pkey)) { --- 1419,1427 ---- * NOTE: this certificate can/should be self signed, unless it was a * certificate request in which case it is not. */ ! X509_STORE_CTX_set_cert(xsc, x); ! X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); ! if (!x509_config.reqfile && X509_verify_cert(xsc) <= 0) goto end; if (!X509_check_private_key(xca, pkey)) { *************** *** 1469,1475 **** ret = 1; end: ! X509_STORE_CTX_cleanup(&xsc); if (!ret) ERR_print_errors(bio_err); if (sno == NULL) --- 1461,1467 ---- ret = 1; end: ! X509_STORE_CTX_free(xsc); if (!ret) ERR_print_errors(bio_err); if (sno == NULL)