fix a minor bug of s_client

[openssl.git] / apps / req.c

diff --git a/apps/req.c b/apps/req.c
index 76bbbeb555460dd510ed624901046dd9c5935fb1..7140705f09f795bed39ce91a9446c284f8e13185 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -214,9 +214,12 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
     *p = '\0';
 
     /* Finally have a clean "key"; see if it's there [by attempt to add it]. */
-    if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv))
-        != NULL || lh_OPENSSL_STRING_error(addexts)) {
-        OPENSSL_free(p != NULL ? p : kv);
+    p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv);
+    if (p != NULL) {
+        OPENSSL_free(p);
+        return 1;
+    } else if (lh_OPENSSL_STRING_error(addexts)) {
+        OPENSSL_free(kv);
         return -1;
     }
 
@@ -1671,41 +1674,16 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
     return 1;
 }
 
-#ifndef OPENSSL_NO_SM2
-static int ec_pkey_is_sm2(EVP_PKEY *pkey)
-{
-    EC_KEY *eckey = NULL;
-    const EC_GROUP *group = NULL;
-
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2)
-        return 1;
-    if (EVP_PKEY_id(pkey) == EVP_PKEY_EC
-            && (eckey = EVP_PKEY_get0_EC_KEY(pkey)) != NULL
-            && (group = EC_KEY_get0_group(eckey)) != NULL
-            && EC_GROUP_get_curve_name(group) == NID_sm2)
-        return 1;
-    return 0;
-}
-#endif
-
 static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
                         const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
 {
     EVP_PKEY_CTX *pkctx = NULL;
-#ifndef OPENSSL_NO_SM2
     EVP_PKEY_CTX *pctx = NULL;
-#endif
     int i, def_nid, ret = 0;
 
     if (ctx == NULL)
         goto err;
-#ifndef OPENSSL_NO_SM2
-    if (ec_pkey_is_sm2(pkey)) {
-        /* initialize some SM2-specific code */
-        if (!EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) {
-            BIO_printf(bio_err, "Internal error.\n");
-            goto err;
-        }
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) {
         pctx = EVP_PKEY_CTX_new(pkey, NULL);
         if (pctx == NULL) {
             BIO_printf(bio_err, "memory allocation failure.\n");
@@ -1722,7 +1700,6 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
         }
         EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
     }
-#endif
     /*
      * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory
      * for this algorithm.
@@ -1745,90 +1722,63 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
 
     ret = 1;
  err:
-#ifndef OPENSSL_NO_SM2
     if (!ret)
         EVP_PKEY_CTX_free(pctx);
-#endif
     return ret;
 }
 
+static void do_sign_cleanup(EVP_MD_CTX *ctx, EVP_PKEY *pkey)
+{
+    /*
+     * With SM2, do_sign_init() attached an EVP_PKEY_CTX to the EVP_MD_CTX,
+     * and we have to free it explicitly.
+     */
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) {
+        EVP_PKEY_CTX *pctx = EVP_MD_CTX_pkey_ctx(ctx);
+
+        EVP_MD_CTX_set_pkey_ctx(ctx, NULL);
+        EVP_PKEY_CTX_free(pctx);
+    }
+}
+
 int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
                  STACK_OF(OPENSSL_STRING) *sigopts)
 {
-    int rv;
+    int rv = 0;
     EVP_MD_CTX *mctx = EVP_MD_CTX_new();
-#ifndef OPENSSL_NO_SM2
-    EVP_PKEY_CTX *pctx = NULL;
-#endif
 
-    rv = do_sign_init(mctx, pkey, md, sigopts);
-    if (rv > 0) {
-        rv = X509_sign_ctx(x, mctx);
-#ifndef OPENSSL_NO_SM2
-        /*
-         * only in SM2 case we need to free the pctx explicitly
-         * if do_sign_init() fails, pctx is already freed in it
-         */
-        if (ec_pkey_is_sm2(pkey)) {
-            pctx = EVP_MD_CTX_pkey_ctx(mctx);
-            EVP_PKEY_CTX_free(pctx);
-        }
-#endif
+    if (do_sign_init(mctx, pkey, md, sigopts) > 0) {
+        rv = (X509_sign_ctx(x, mctx) > 0);
+        do_sign_cleanup(mctx, pkey);
     }
     EVP_MD_CTX_free(mctx);
-    return rv > 0 ? 1 : 0;
+    return rv;
 }
 
 int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
                      STACK_OF(OPENSSL_STRING) *sigopts)
 {
-    int rv;
+    int rv = 0;
     EVP_MD_CTX *mctx = EVP_MD_CTX_new();
-#ifndef OPENSSL_NO_SM2
-    EVP_PKEY_CTX *pctx = NULL;
-#endif
 
-    rv = do_sign_init(mctx, pkey, md, sigopts);
-    if (rv > 0) {
-        rv = X509_REQ_sign_ctx(x, mctx);
-#ifndef OPENSSL_NO_SM2
-        /*
-         * only in SM2 case we need to free the pctx explicitly
-         * if do_sign_init() fails, pctx is already freed in it
-         */
-        if (ec_pkey_is_sm2(pkey)) {
-            pctx = EVP_MD_CTX_pkey_ctx(mctx);
-            EVP_PKEY_CTX_free(pctx);
-        }
-#endif
+    if (do_sign_init(mctx, pkey, md, sigopts) > 0) {
+        rv = (X509_REQ_sign_ctx(x, mctx) > 0);
+        do_sign_cleanup(mctx, pkey);
     }
     EVP_MD_CTX_free(mctx);
-    return rv > 0 ? 1 : 0;
+    return rv;
 }
 
 int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
                      STACK_OF(OPENSSL_STRING) *sigopts)
 {
-    int rv;
+    int rv = 0;
     EVP_MD_CTX *mctx = EVP_MD_CTX_new();
-#ifndef OPENSSL_NO_SM2
-    EVP_PKEY_CTX *pctx = NULL;
-#endif
 
-    rv = do_sign_init(mctx, pkey, md, sigopts);
-    if (rv > 0) {
-        rv = X509_CRL_sign_ctx(x, mctx);
-#ifndef OPENSSL_NO_SM2
-        /*
-         * only in SM2 case we need to free the pctx explicitly
-         * if do_sign_init() fails, no need to double free pctx
-         */
-        if (ec_pkey_is_sm2(pkey)) {
-            pctx = EVP_MD_CTX_pkey_ctx(mctx);
-            EVP_PKEY_CTX_free(pctx);
-        }
-#endif
+    if (do_sign_init(mctx, pkey, md, sigopts) > 0) {
+        rv = (X509_CRL_sign_ctx(x, mctx) > 0);
+        do_sign_cleanup(mctx, pkey);
     }
     EVP_MD_CTX_free(mctx);
-    return rv > 0 ? 1 : 0;
+    return rv;
 }