Use X509_REQ_get0_pubkey

Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-03 23:37:32 +02:00 · 2016-04-03 23:37:32 +02:00 · c5137473bd
commit c5137473bd
parent 97458daade
4 changed files with 13 additions and 28 deletions
--- a/apps/ca.c
+++ b/apps/ca.c
@ -1351,12 +1351,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
        ok = 0;
        goto end;
    }
-    if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
+    if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
        BIO_printf(bio_err, "error unpacking public key\n");
        goto end;
    }
    i = X509_REQ_verify(req, pktmp);
-    EVP_PKEY_free(pktmp);
+    pktmp = NULL;
    if (i < 0) {
        ok = 0;
        BIO_printf(bio_err, "Signature verification problems....\n");
@ -1790,7 +1790,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,

    pktmp = X509_REQ_get_pubkey(req);
    i = X509_set_pubkey(ret, pktmp);
-    EVP_PKEY_free(pktmp);
    if (!i)
        goto end;

--- a/apps/req.c
+++ b/apps/req.c
@ -375,6 +375,7 @@ int req_main(int argc, char **argv)
    if (!nmflag_set)
        nmflag = XN_FLAG_ONELINE;

+    /* TODO: simplify this as pkey is still always NULL here */ 
    private = newreq && (pkey == NULL) ? 1 : 0;

    if (!app_passwd(passargin, passargout, &passin, &passout)) {
@ -666,10 +667,9 @@ int req_main(int argc, char **argv)
            if (!X509_set_subject_name
                (x509ss, X509_REQ_get_subject_name(req)))
                goto end;
-            tmppkey = X509_REQ_get_pubkey(req);
+            tmppkey = X509_REQ_get0_pubkey(req);
            if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
                goto end;
-            EVP_PKEY_free(tmppkey);

            /* Set up V3 context struct */

@ -739,20 +739,15 @@ int req_main(int argc, char **argv)
    }

    if (verify && !x509) {
-        int tmp = 0;
+        EVP_PKEY *pubkey = pkey;

-        if (pkey == NULL) {
-            pkey = X509_REQ_get_pubkey(req);
-            tmp = 1;
-            if (pkey == NULL)
+        if (pubkey == NULL) {
+            pubkey = X509_REQ_get0_pubkey(req);
+            if (pubkey == NULL)
                goto end;
        }

-        i = X509_REQ_verify(req, pkey);
-        if (tmp) {
-            EVP_PKEY_free(pkey);
-            pkey = NULL;
-        }
+        i = X509_REQ_verify(req, pubkey);

        if (i < 0) {
            goto end;
--- a/apps/x509.c
+++ b/apps/x509.c
@ -562,12 +562,11 @@ int x509_main(int argc, char **argv)
            goto end;
        }

-        if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
+        if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
            BIO_printf(bio_err, "error unpacking public key\n");
            goto end;
        }
        i = X509_REQ_verify(req, pkey);
-        EVP_PKEY_free(pkey);
        if (i < 0) {
            BIO_printf(bio_err, "Signature verification error\n");
            ERR_print_errors(bio_err);
@ -607,9 +606,8 @@ int x509_main(int argc, char **argv)
        if (fkey)
            X509_set_pubkey(x, fkey);
        else {
-            pkey = X509_REQ_get_pubkey(req);
+            pkey = X509_REQ_get0_pubkey(req);
            X509_set_pubkey(x, pkey);
-            EVP_PKEY_free(pkey);
        }
    } else
        x = load_cert(infile, informat, "Certificate");
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@ -101,21 +101,14 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
        NULL)
        goto err;

-    pubkey = X509_REQ_get_pubkey(r);
-    if (pubkey == NULL)
+    pubkey = X509_REQ_get0_pubkey(r);
+    if (pubkey == NULL || !X509_set_pubkey(ret, pubkey))
        goto err;

-    if (!X509_set_pubkey(ret, pubkey))
-        goto err_pkey;
-
-    EVP_PKEY_free(pubkey);
-
    if (!X509_sign(ret, pkey, EVP_md5()))
        goto err;
    return ret;

- err_pkey:
-    EVP_PKEY_free(pubkey);
 err:
    X509_free(ret);
    return NULL;