New function X509_get0_pubkey

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-12-14 13:13:32 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-12-14 23:06:14 +0000
commit: c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 (patch)
tree: 5d4bfc88099fab5f8178b3cdfee4e8f4db2ad68d /apps
parent: 2872dbe1c46eceb20c38bc55a5fe2a4c4c52fe9d (diff)
download: openssl-c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7.tar.gz
5 files changed, 8 insertions, 16 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 535526ce30..6404e48507 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1402,12 +1402,11 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
 
     BIO_printf(bio_err, "Check that the request matches the signature\n");
 
-    if ((pktmp = X509_get_pubkey(req)) == NULL) {
+    if ((pktmp = X509_get0_pubkey(req)) == NULL) {
         BIO_printf(bio_err, "error unpacking public key\n");
         goto end;
     }
     i = X509_verify(req, pktmp);
-    EVP_PKEY_free(pktmp);
     if (i < 0) {
         ok = 0;
         BIO_printf(bio_err, "Signature verification problems....\n");
@@ -1890,11 +1889,10 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         }
     }
 
-    pktmp = X509_get_pubkey(ret);
+    pktmp = X509_get0_pubkey(ret);
     if (EVP_PKEY_missing_parameters(pktmp) &&
         !EVP_PKEY_missing_parameters(pkey))
         EVP_PKEY_copy_parameters(pktmp, pkey);
-    EVP_PKEY_free(pktmp);
 
     if (!do_X509_sign(ret, pkey, dgst, sigopts))
         goto end;
diff --git a/apps/crl.c b/apps/crl.c
index b2a5d7f54d..3f64cdd57a 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -253,14 +253,13 @@ int crl_main(int argc, char **argv)
             BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
             goto end;
         }
-        pkey = X509_get_pubkey(xobj.data.x509);
+        pkey = X509_get0_pubkey(xobj.data.x509);
         X509_OBJECT_free_contents(&xobj);
         if (!pkey) {
             BIO_printf(bio_err, "Error getting CRL issuer public key\n");
             goto end;
         }
         i = X509_CRL_verify(x, pkey);
-        EVP_PKEY_free(pkey);
         if (i < 0)
             goto end;
         if (i == 0)
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 734d57fda4..7a4bf297cc 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1402,13 +1402,12 @@ static int security_callback_debug(SSL *s, SSL_CTX *ctx,
                 int sig_nid = X509_get_signature_nid(other);
                 BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
             } else {
-                EVP_PKEY *pkey = X509_get_pubkey(other);
+                EVP_PKEY *pkey = X509_get0_pubkey(other);
                 const char *algname = "";
                 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
                                         &algname, EVP_PKEY_get0_asn1(pkey));
                 BIO_printf(sdb->out, "%s, bits=%d",
                            algname, EVP_PKEY_bits(pkey));
-                EVP_PKEY_free(pkey);
             }
             break;
         }
diff --git a/apps/s_client.c b/apps/s_client.c
index f93ae35f56..5aa1adc51e 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2206,10 +2206,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
     if (peer != NULL) {
         EVP_PKEY *pktmp;
-        pktmp = X509_get_pubkey(peer);
+        pktmp = X509_get0_pubkey(peer);
         BIO_printf(bio, "Server public key is %d bit\n",
                    EVP_PKEY_bits(pktmp));
-        EVP_PKEY_free(pktmp);
     }
     BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
                SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
diff --git a/apps/x509.c b/apps/x509.c
index 7155b33246..1677ba5fda 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -723,7 +723,7 @@ int x509_main(int argc, char **argv)
             } else if (modulus == i) {
                 EVP_PKEY *pkey;
 
-                pkey = X509_get_pubkey(x);
+                pkey = X509_get0_pubkey(x);
                 if (pkey == NULL) {
                     BIO_printf(bio_err, "Modulus=unavailable\n");
                     ERR_print_errors(bio_err);
@@ -742,18 +742,16 @@ int x509_main(int argc, char **argv)
 #endif
                     BIO_printf(out, "Wrong Algorithm type");
                 BIO_printf(out, "\n");
-                EVP_PKEY_free(pkey);
             } else if (pubkey == i) {
                 EVP_PKEY *pkey;
 
-                pkey = X509_get_pubkey(x);
+                pkey = X509_get0_pubkey(x);
                 if (pkey == NULL) {
                     BIO_printf(bio_err, "Error getting public key\n");
                     ERR_print_errors(bio_err);
                     goto end;
                 }
                 PEM_write_bio_PUBKEY(out, pkey);
-                EVP_PKEY_free(pkey);
             } else if (C == i) {
                 unsigned char *d;
                 char *m;
@@ -991,9 +989,8 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
     X509_STORE_CTX xsc;
     EVP_PKEY *upkey;
 
-    upkey = X509_get_pubkey(xca);
+    upkey = X509_get0_pubkey(xca);
     EVP_PKEY_copy_parameters(upkey, pkey);
-    EVP_PKEY_free(upkey);
 
     if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) {
         BIO_printf(bio_err, "Error initialising X509 store\n");
author	Dr. Stephen Henson <steve@openssl.org>	2015-12-14 13:13:32 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-12-14 23:06:14 +0000
commit	c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 (patch)
tree	5d4bfc88099fab5f8178b3cdfee4e8f4db2ad68d /apps
parent	2872dbe1c46eceb20c38bc55a5fe2a4c4c52fe9d (diff)
download	openssl-c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7.tar.gz