[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Wed Jul 20 05:36:24 UTC 2016
The branch master has been updated
via 7606c231c9e056822c4613c7617390bcdb822108 (commit)
via edbff8da9b95d22dba22475bcf69ccf1ed15cab7 (commit)
via f6c460e8f69e90fdb87129bb70951ced89c7906f (commit)
via cdd202f2546f301d128a547d77b27fb4321d249b (commit)
via 1c72f70df43a0ceb118a990b9554913e26a83696 (commit)
from 415e7c488e09119a42be24129e38ddd43524ee06 (commit)
- Log -----------------------------------------------------------------
commit 7606c231c9e056822c4613c7617390bcdb822108
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Tue Jul 5 19:48:23 2016 +0200
Simplify buffer limit checking, and reuse BIO_snprintf returned value.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
commit edbff8da9b95d22dba22475bcf69ccf1ed15cab7
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Thu May 19 08:39:47 2016 +0200
Code factorisation and simplification
Fix some code indentation
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
commit f6c460e8f69e90fdb87129bb70951ced89c7906f
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Mon May 9 18:42:58 2016 +0200
Fix double calls to strlen
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
commit cdd202f2546f301d128a547d77b27fb4321d249b
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Mon May 30 00:30:52 2016 +0200
Simplify code related to tmp_email_dn.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
commit 1c72f70df43a0ceb118a990b9554913e26a83696
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Thu Apr 7 00:20:11 2016 +0200
Use more X509_REQ_get0_pubkey & X509_get0_pubkey
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 111 +++++++++++++++++++++++-----------------------------
apps/enc.c | 6 ++-
apps/passwd.c | 22 +++++++----
apps/req.c | 10 ++---
apps/s_time.c | 26 ++++++------
apps/srp.c | 35 ++++++++---------
crypto/x509/t_req.c | 3 +-
test/ssltest_old.c | 8 ++--
8 files changed, 107 insertions(+), 114 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index acbd388..ac9c174 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -89,7 +89,7 @@
#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
-static void lookup_fail(const char *name, const char *tag);
+static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
STACK_OF(CONF_VALUE) *policy, CA_DB *db,
@@ -239,7 +239,7 @@ int ca_main(int argc, char **argv)
char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL;
char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
char *serialfile = NULL, *startdate = NULL, *subj = NULL;
- char *prog, *enddate = NULL, *tmp_email_dn = NULL;
+ char *prog, *enddate = NULL;
char *dbfile = NULL, *f, *randfile = NULL;
char buf[3][BSIZE];
char *const *pp;
@@ -434,13 +434,9 @@ end_of_options:
goto end;
/* Lets get the config section we are using */
- if (section == NULL) {
- section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
- if (section == NULL) {
- lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
- goto end;
- }
- }
+ if (section == NULL
+ && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
+ goto end;
if (conf != NULL) {
p = NCONF_get_string(conf, NULL, "oid_file");
@@ -499,10 +495,10 @@ end_of_options:
/*****************************************************************/
/* report status of cert with serial number given on command line */
if (ser_status) {
- if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
- lookup_fail(section, ENV_DATABASE);
+ dbfile = lookup_conf(conf, section, ENV_DATABASE);
+ if (dbfile == NULL)
goto end;
- }
+
db = load_index(dbfile, &db_attr);
if (db == NULL)
goto end;
@@ -518,13 +514,10 @@ end_of_options:
/*****************************************************************/
/* we definitely need a private key, so let's get it */
- if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
- section,
- ENV_PRIVATE_KEY)) ==
- NULL)) {
- lookup_fail(section, ENV_PRIVATE_KEY);
+ if (keyfile == NULL
+ && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL)
goto end;
- }
+
if (!key) {
free_key = 1;
if (!app_passwd(passinarg, NULL, &key, NULL)) {
@@ -543,13 +536,10 @@ end_of_options:
/*****************************************************************/
/* we need a certificate */
if (!selfsign || spkac_file || ss_cert_file || gencrl) {
- if ((certfile == NULL)
- && ((certfile = NCONF_get_string(conf,
- section,
- ENV_CERTIFICATE)) == NULL)) {
- lookup_fail(section, ENV_CERTIFICATE);
+ if (certfile == NULL
+ && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
goto end;
- }
+
x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
if (x509 == NULL)
goto end;
@@ -612,8 +602,8 @@ end_of_options:
/* lookup where to write new certificates */
if ((outdir == NULL) && (req)) {
- if ((outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR))
- == NULL) {
+ outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR);
+ if (outdir == NULL) {
BIO_printf(bio_err,
"there needs to be defined a directory for new certificate to be placed in\n");
goto end;
@@ -636,10 +626,10 @@ end_of_options:
/*****************************************************************/
/* we need to load the database file */
- if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
- lookup_fail(section, ENV_DATABASE);
+ dbfile = lookup_conf(conf, section, ENV_DATABASE);
+ if (dbfile == NULL)
goto end;
- }
+
db = load_index(dbfile, &db_attr);
if (db == NULL)
goto end;
@@ -731,10 +721,11 @@ end_of_options:
extfile);
/* We can have sections in the ext file */
- if (!extensions
- && !(extensions =
- NCONF_get_string(extconf, "default", "extensions")))
- extensions = "default";
+ if (extensions == NULL) {
+ extensions = NCONF_get_string(extconf, "default", "extensions");
+ if (extensions == NULL)
+ extensions = "default";
+ }
}
/*****************************************************************/
@@ -745,12 +736,9 @@ end_of_options:
goto end;
}
- if ((md == NULL) && ((md = NCONF_get_string(conf,
- section,
- ENV_DEFAULT_MD)) == NULL)) {
- lookup_fail(section, ENV_DEFAULT_MD);
+ if (md == NULL
+ && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL)
goto end;
- }
if (strcmp(md, "default") == 0) {
int def_nid;
@@ -766,31 +754,26 @@ end_of_options:
}
if (req) {
- if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf,
- section,
- ENV_DEFAULT_EMAIL_DN))
- != NULL)) {
- if (strcmp(tmp_email_dn, "no") == 0)
+ if (email_dn == 1) {
+ char *tmp_email_dn = NULL;
+
+ tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN);
+ if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0)
email_dn = 0;
}
if (verbose)
BIO_printf(bio_err, "message digest is %s\n",
OBJ_nid2ln(EVP_MD_type(dgst)));
- if ((policy == NULL) && ((policy = NCONF_get_string(conf,
- section,
- ENV_POLICY)) ==
- NULL)) {
- lookup_fail(section, ENV_POLICY);
+ if (policy == NULL
+ && (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL)
goto end;
- }
+
if (verbose)
BIO_printf(bio_err, "policy is %s\n", policy);
- if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
- == NULL) {
- lookup_fail(section, ENV_SERIAL);
+ serialfile = lookup_conf(conf, section, ENV_SERIAL);
+ if (serialfile == NULL)
goto end;
- }
if (!extconf) {
/*
@@ -1253,9 +1236,12 @@ end_of_options:
return (ret);
}
-static void lookup_fail(const char *name, const char *tag)
+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
{
- BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
+ char *entry = NCONF_get_string(conf, section, tag);
+ if (entry == NULL)
+ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
+ return entry;
}
static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
@@ -2137,27 +2123,28 @@ static int get_certificate_status(const char *serial, CA_DB *db)
{
char *row[DB_NUMBER], **rrow;
int ok = -1, i;
+ size_t serial_len = strlen(serial);
/* Free Resources */
for (i = 0; i < DB_NUMBER; i++)
row[i] = NULL;
/* Malloc needed char spaces */
- row[DB_serial] = app_malloc(strlen(serial) + 2, "row serial#");
+ row[DB_serial] = app_malloc(serial_len + 2, "row serial#");
- if (strlen(serial) % 2) {
+ if (serial_len % 2) {
/*
* Set the first char to 0
*/ ;
row[DB_serial][0] = '0';
/* Copy String from serial to row[DB_serial] */
- memcpy(row[DB_serial] + 1, serial, strlen(serial));
- row[DB_serial][strlen(serial) + 1] = '\0';
+ memcpy(row[DB_serial] + 1, serial, serial_len);
+ row[DB_serial][serial_len + 1] = '\0';
} else {
/* Copy String from serial to row[DB_serial] */
- memcpy(row[DB_serial], serial, strlen(serial));
- row[DB_serial][strlen(serial)] = '\0';
+ memcpy(row[DB_serial], serial, serial_len);
+ row[DB_serial][serial_len] = '\0';
}
/* Make it Upper Case */
@@ -2213,7 +2200,7 @@ static int do_updatedb(CA_DB *db)
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
- a_tm_s = (char *)app_malloc(a_tm->length + 1, "time string");
+ a_tm_s = app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length);
a_tm_s[a_tm->length] = '\0';
diff --git a/apps/enc.c b/apps/enc.c
index 403d14e..10ab15a 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -382,6 +382,8 @@ int enc_main(int argc, char **argv)
* output BIO. If decrypting read salt from input BIO.
*/
unsigned char *sptr;
+ size_t str_len = strlen(str);
+
if (nosalt)
sptr = NULL;
else {
@@ -421,7 +423,7 @@ int enc_main(int argc, char **argv)
if (!EVP_BytesToKey(cipher, dgst, sptr,
(unsigned char *)str,
- strlen(str), 1, key, iv)) {
+ str_len, 1, key, iv)) {
BIO_printf(bio_err, "EVP_BytesToKey failed\n");
goto end;
}
@@ -432,7 +434,7 @@ int enc_main(int argc, char **argv)
if (str == strbuf)
OPENSSL_cleanse(str, SIZE);
else
- OPENSSL_cleanse(str, strlen(str));
+ OPENSSL_cleanse(str, str_len);
}
if (hiv != NULL) {
int siz = EVP_CIPHER_iv_length(cipher);
diff --git a/apps/passwd.c b/apps/passwd.c
index 8404d8c..31c4eef 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -288,26 +288,35 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
int n;
unsigned int i;
EVP_MD_CTX *md = NULL, *md2 = NULL;
- size_t passwd_len, salt_len;
+ size_t passwd_len, salt_len, magic_len;
passwd_len = strlen(passwd);
out_buf[0] = '$';
out_buf[1] = 0;
- assert(strlen(magic) <= 4); /* "1" or "apr1" */
+ magic_len = strlen(magic);
+
+ if (magic_len > 4) /* assert it's "1" or "apr1" */
+ return NULL;
+
OPENSSL_strlcat(out_buf, magic, sizeof out_buf);
OPENSSL_strlcat(out_buf, "$", sizeof out_buf);
OPENSSL_strlcat(out_buf, salt, sizeof out_buf);
- assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
- salt_out = out_buf + 2 + strlen(magic);
+
+ if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
+ return NULL;
+
+ salt_out = out_buf + 2 + magic_len;
salt_len = strlen(salt_out);
- assert(salt_len <= 8);
+
+ if (salt_len > 8)
+ return NULL;
md = EVP_MD_CTX_new();
if (md == NULL
|| !EVP_DigestInit_ex(md, EVP_md5(), NULL)
|| !EVP_DigestUpdate(md, passwd, passwd_len)
|| !EVP_DigestUpdate(md, "$", 1)
- || !EVP_DigestUpdate(md, magic, strlen(magic))
+ || !EVP_DigestUpdate(md, magic, magic_len)
|| !EVP_DigestUpdate(md, "$", 1)
|| !EVP_DigestUpdate(md, salt_out, salt_len))
@@ -365,7 +374,6 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{
/* transform buf into output string */
-
unsigned char buf_perm[sizeof buf];
int dest, source;
char *output;
diff --git a/apps/req.c b/apps/req.c
index f1ee951..e459a71 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -727,15 +727,14 @@ int req_main(int argc, char **argv)
goto end;
if (pubkey) {
- EVP_PKEY *tpubkey;
- tpubkey = X509_REQ_get_pubkey(req);
+ EVP_PKEY *tpubkey = X509_REQ_get0_pubkey(req);
+
if (tpubkey == NULL) {
BIO_printf(bio_err, "Error getting public key\n");
ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_PUBKEY(out, tpubkey);
- EVP_PKEY_free(tpubkey);
}
if (text) {
@@ -758,9 +757,9 @@ int req_main(int argc, char **argv)
EVP_PKEY *tpubkey;
if (x509)
- tpubkey = X509_get_pubkey(x509ss);
+ tpubkey = X509_get0_pubkey(x509ss);
else
- tpubkey = X509_REQ_get_pubkey(req);
+ tpubkey = X509_REQ_get0_pubkey(req);
if (tpubkey == NULL) {
fprintf(stdout, "Modulus=unavailable\n");
goto end;
@@ -774,7 +773,6 @@ int req_main(int argc, char **argv)
} else
#endif
fprintf(stdout, "Wrong Algorithm type");
- EVP_PKEY_free(tpubkey);
fprintf(stdout, "\n");
}
diff --git a/apps/s_time.c b/apps/s_time.c
index ecab515..a08a14d 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -41,8 +41,6 @@
#undef BUFSIZZ
#define BUFSIZZ 1024*10
-#define MYBUFSIZ 1024*8
-
#undef min
#undef max
#define min(a,b) (((a) < (b)) ? (a) : (b))
@@ -57,6 +55,8 @@ extern int verify_error;
static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
+static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
+
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
@@ -109,11 +109,11 @@ int s_time_main(int argc, char **argv)
char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
double totalTime = 0.0;
int noCApath = 0, noCAfile = 0;
- int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs =
- 0, ver;
+ int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
long bytes_read = 0, finishtime = 0;
OPTION_CHOICE o;
- int max_version = 0;
+ int max_version = 0, ver, buf_len;
+ size_t buf_size;
meth = TLS_client_method();
verify_depth = 0;
@@ -176,8 +176,9 @@ int s_time_main(int argc, char **argv)
break;
case OPT_WWW:
www_path = opt_arg();
- if (strlen(www_path) > MYBUFSIZ - 100) {
- BIO_printf(bio_err, "%s: -www option too long\n", prog);
+ buf_size = strlen(www_path) + sizeof(fmt_http_get_cmd) - 2; /* 2 is for %s */
+ if (buf_size > sizeof(buf)) {
+ BIO_printf(bio_err, "%s: -www option is too long\n", prog);
goto end;
}
break;
@@ -232,9 +233,9 @@ int s_time_main(int argc, char **argv)
goto end;
if (www_path != NULL) {
- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
- www_path);
- if (SSL_write(scon, buf, strlen(buf)) <= 0)
+ buf_len = BIO_snprintf(buf, sizeof buf,
+ fmt_http_get_cmd, www_path);
+ if (SSL_write(scon, buf, buf_len) <= 0)
goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
@@ -290,8 +291,9 @@ int s_time_main(int argc, char **argv)
}
if (www_path != NULL) {
- BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", www_path);
- if (SSL_write(scon, buf, strlen(buf)) <= 0)
+ buf_len = BIO_snprintf(buf, sizeof buf,
+ fmt_http_get_cmd, www_path);
+ if (SSL_write(scon, buf, buf_len) <= 0)
goto end;
while (SSL_read(scon, buf, sizeof(buf)) > 0)
continue;
diff --git a/apps/srp.c b/apps/srp.c
index 5ba9375..69175eb 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -107,9 +107,12 @@ static int update_index(CA_DB *db, char **row)
return 1;
}
-static void lookup_fail(const char *name, const char *tag)
+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
{
- BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
+ char *entry = NCONF_get_string(conf, section, tag);
+ if (entry == NULL)
+ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
+ return entry;
}
static char *srp_verify_user(const char *user, const char *srp_verifier,
@@ -124,7 +127,7 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
cb_tmp.prompt_info = user;
cb_tmp.password = passin;
- if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
+ if (password_callback(password, sizeof(password), 0, &cb_tmp) > 0) {
if (verbose)
BIO_printf(bio_err,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
@@ -157,7 +160,7 @@ static char *srp_create_user(char *user, char **srp_verifier,
cb_tmp.prompt_info = user;
cb_tmp.password = passout;
- if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
+ if (password_callback(password, sizeof(password), 1, &cb_tmp) > 0) {
if (verbose)
BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N);
@@ -320,14 +323,12 @@ int srp_main(int argc, char **argv)
"trying to read " ENV_DEFAULT_SRP
" in " BASE_SECTION "\n");
- section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
- if (section == NULL) {
- lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
+ section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
+ if (section == NULL)
goto end;
- }
}
- if (randfile == NULL && conf)
+ if (randfile == NULL)
randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
if (verbose)
@@ -335,12 +336,9 @@ int srp_main(int argc, char **argv)
"trying to read " ENV_DATABASE " in section \"%s\"\n",
section);
- if ((srpvfile = NCONF_get_string(conf, section, ENV_DATABASE))
- == NULL) {
- lookup_fail(section, ENV_DATABASE);
+ srpvfile = lookup_conf(conf, section, ENV_DATABASE);
+ if (srpvfile == NULL)
goto end;
- }
-
}
if (randfile == NULL)
ERR_clear_error();
@@ -391,12 +389,11 @@ int srp_main(int argc, char **argv)
while (mode == OPT_LIST || user) {
int userindex = -1;
- if (user)
- if (verbose > 1)
- BIO_printf(bio_err, "Processing user \"%s\"\n", user);
+
+ if (user != NULL && verbose > 1)
+ BIO_printf(bio_err, "Processing user \"%s\"\n", user);
if ((userindex = get_index(db, user, 'U')) >= 0) {
- print_user(db, userindex, (verbose > 0)
- || mode == OPT_LIST);
+ print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
}
if (mode == OPT_LIST) {
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c
index 0d0447b..dbe4be3 100644
--- a/crypto/x509/t_req.c
+++ b/crypto/x509/t_req.c
@@ -86,13 +86,12 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
if (BIO_puts(bp, "\n") <= 0)
goto err;
- pkey = X509_REQ_get_pubkey(x);
+ pkey = X509_REQ_get0_pubkey(x);
if (pkey == NULL) {
BIO_printf(bp, "%12sUnable to load Public Key\n", "");
ERR_print_errors(bp);
} else {
EVP_PKEY_print_public(bp, pkey, 16, NULL);
- EVP_PKEY_free(pkey);
}
}
diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 74908b0..8863465 100644
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -852,11 +852,11 @@ static void print_details(SSL *c_ssl, const char *prefix)
SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
cert = SSL_get_peer_certificate(c_ssl);
if (cert != NULL) {
- pkey = X509_get_pubkey(cert);
- if (pkey != NULL) {
+ EVP_PKEY* pubkey = X509_get0_pubkey(cert);
+
+ if (pubkey != NULL) {
BIO_puts(bio_stdout, ", ");
- print_key_details(bio_stdout, pkey);
- EVP_PKEY_free(pkey);
+ print_key_details(bio_stdout, pubkey);
}
X509_free(cert);
}
More information about the openssl-commits
mailing list