diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-20 00:32:36 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-31 18:44:46 +0000 |
commit | 8382fd3a93cb076af5ad954613557152c878172f (patch) | |
tree | 77afac19fd26c7df42e8bec4c1d021d460745132 /crypto | |
parent | 39a6a4a707f23992beefc93d99549466857d2b10 (diff) |
Use X509_get0_pubkey where appropriate
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cms/cms_env.c | 5 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 9 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 6 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_lib.c | 5 | ||||
-rw-r--r-- | crypto/x509/x509_cmp.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509_req.c | 3 | ||||
-rw-r--r-- | crypto/x509/x509type.c | 4 |
7 files changed, 10 insertions, 24 deletions
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index b9775e0ad2..a9a9d84e60 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -236,7 +236,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, if (!ri) goto merr; - pk = X509_get_pubkey(recip); + pk = X509_get0_pubkey(recip); if (!pk) { CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY); goto err; @@ -264,15 +264,12 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) goto merr; - EVP_PKEY_free(pk); - return ri; merr: CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); err: M_ASN1_free_of(ri, CMS_RecipientInfo); - EVP_PKEY_free(pk); return NULL; } diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 629ebf0e29..87b5144b39 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -97,11 +97,9 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, flags |= OCSP_NOVERIFY; if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; - skey = X509_get_pubkey(signer); - if (skey) { + skey = X509_get0_pubkey(signer); + if (skey) ret = OCSP_BASICRESP_verify(bs, skey, 0); - EVP_PKEY_free(skey); - } if (!skey || ret <= 0) { OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); goto end; @@ -397,9 +395,8 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, flags |= OCSP_NOVERIFY; if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; - skey = X509_get_pubkey(signer); + skey = X509_get0_pubkey(signer); ret = OCSP_REQUEST_verify(req, skey); - EVP_PKEY_free(skey); if (ret <= 0) { OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); return 0; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 91864dceae..b2df65980b 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -142,7 +142,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, int ret = 0; size_t eklen; - pkey = X509_get_pubkey(ri->cert); + pkey = X509_get0_pubkey(ri->cert); if (!pkey) return 0; @@ -179,7 +179,6 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, ret = 1; err: - EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); OPENSSL_free(ek); return ret; @@ -1072,14 +1071,13 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } os = si->enc_digest; - pkey = X509_get_pubkey(x509); + pkey = X509_get0_pubkey(x509); if (!pkey) { ret = -1; goto err; } i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey); - EVP_PKEY_free(pkey); if (i <= 0) { PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); ret = -1; diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index b116f5a806..17e4de221a 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -523,7 +523,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) return 0; - pkey = X509_get_pubkey(x509); + pkey = X509_get0_pubkey(x509); if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, @@ -543,15 +543,12 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) goto err; } - EVP_PKEY_free(pkey); - X509_up_ref(x509); p7i->cert = x509; return 1; err: - EVP_PKEY_free(pkey); return 0; } diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 9d9ea4b605..20834a079f 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -432,7 +432,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, rv = X509_V_ERR_SUITE_B_INVALID_VERSION; goto end; } - pk = X509_get_pubkey(x); + pk = X509_get0_pubkey(x); rv = check_suite_b(pk, sign_nid, &tflags); if (rv != X509_V_OK) goto end; diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 8cc35b3365..b27f9f6010 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -92,11 +92,10 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) goto err; - pktmp = X509_get_pubkey(x); + pktmp = X509_get0_pubkey(x); if (pktmp == NULL) goto err; i = X509_REQ_set_pubkey(ret, pktmp); - EVP_PKEY_free(pktmp); if (!i) goto err; diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index a7695cad77..a9116e7c77 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -71,7 +71,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) return (0); if (pkey == NULL) - pk = X509_get_pubkey(x); + pk = X509_get0_pubkey(x); else pk = pkey; @@ -122,7 +122,5 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) } } - if (pkey == NULL) - EVP_PKEY_free(pk); return (ret); } |