Use X509_get0_pubkey where appropriate (8382fd3a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/cms/cms_env.c

+1 −4

Original line number	Diff line number	Diff line
		@@ -236,7 +236,7 @@ CMS_RecipientInfo CMS_add1_recipient_cert(CMS_ContentInfo cms,
		if (!ri)
		goto merr;

		pk = X509_get_pubkey(recip);
		pk = X509_get0_pubkey(recip);
		if (!pk) {
		CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
		goto err;
		@@ -264,15 +264,12 @@ CMS_RecipientInfo CMS_add1_recipient_cert(CMS_ContentInfo cms,
		if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
		goto merr;

		EVP_PKEY_free(pk);

		return ri;

		merr:
		CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
		err:
		M_ASN1_free_of(ri, CMS_RecipientInfo);
		EVP_PKEY_free(pk);
		return NULL;

		}

+3 −6

Original line number	Diff line number	Diff line
		@@ -97,11 +97,9 @@ int OCSP_basic_verify(OCSP_BASICRESP bs, STACK_OF(X509) certs,
		flags \|= OCSP_NOVERIFY;
		if (!(flags & OCSP_NOSIGS)) {
		EVP_PKEY *skey;
		skey = X509_get_pubkey(signer);
		if (skey) {
		skey = X509_get0_pubkey(signer);
		if (skey)
		ret = OCSP_BASICRESP_verify(bs, skey, 0);
		EVP_PKEY_free(skey);
		}
		if (!skey \|\| ret <= 0) {
		OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
		goto end;
		@@ -397,9 +395,8 @@ int OCSP_request_verify(OCSP_REQUEST req, STACK_OF(X509) certs,
		flags \|= OCSP_NOVERIFY;
		if (!(flags & OCSP_NOSIGS)) {
		EVP_PKEY *skey;
		skey = X509_get_pubkey(signer);
		skey = X509_get0_pubkey(signer);
		ret = OCSP_REQUEST_verify(req, skey);
		EVP_PKEY_free(skey);
		if (ret <= 0) {
		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
		return 0;

+2 −4

Original line number	Diff line number	Diff line
		@@ -142,7 +142,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
		int ret = 0;
		size_t eklen;

		pkey = X509_get_pubkey(ri->cert);
		pkey = X509_get0_pubkey(ri->cert);

		if (!pkey)
		return 0;
		@@ -179,7 +179,6 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
		ret = 1;

		err:
		EVP_PKEY_free(pkey);
		EVP_PKEY_CTX_free(pctx);
		OPENSSL_free(ek);
		return ret;
		@@ -1072,14 +1071,13 @@ int PKCS7_signatureVerify(BIO bio, PKCS7 p7, PKCS7_SIGNER_INFO *si,
		}

		os = si->enc_digest;
		pkey = X509_get_pubkey(x509);
		pkey = X509_get0_pubkey(x509);
		if (!pkey) {
		ret = -1;
		goto err;
		}

		i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
		EVP_PKEY_free(pkey);
		if (i <= 0) {
		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
		ret = -1;

+1 −4

Original line number	Diff line number	Diff line
		@@ -523,7 +523,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO p7i, X509 x509)
		ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
		return 0;

		pkey = X509_get_pubkey(x509);
		pkey = X509_get0_pubkey(x509);

		if (!pkey \|\| !pkey->ameth \|\| !pkey->ameth->pkey_ctrl) {
		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
		@@ -543,15 +543,12 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO p7i, X509 x509)
		goto err;
		}

		EVP_PKEY_free(pkey);

		X509_up_ref(x509);
		p7i->cert = x509;

		return 1;

		err:
		EVP_PKEY_free(pkey);
		return 0;
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -432,7 +432,7 @@ int X509_chain_check_suiteb(int perror_depth, X509 x, STACK_OF(X509) *chain,
		rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
		goto end;
		}
		pk = X509_get_pubkey(x);
		pk = X509_get0_pubkey(x);
		rv = check_suite_b(pk, sign_nid, &tflags);
		if (rv != X509_V_OK)
		goto end;