Use X509_REQ_get0_pubkey

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/apps/ca.c b/apps/ca.c
index 3062d7e05470ffbbde74c446bb9b1bcea6e8a05b..85766cccbbd97d3d1da3e8ff75e11a7e4b712ef8 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1351,12 +1351,12 @@ static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
         ok = 0;
         goto end;
     }
-    if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
+    if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
         BIO_printf(bio_err, "error unpacking public key\n");
         goto end;
     }
     i = X509_REQ_verify(req, pktmp);
-    EVP_PKEY_free(pktmp);
+    pktmp = NULL;
     if (i < 0) {
         ok = 0;
         BIO_printf(bio_err, "Signature verification problems....\n");
@@ -1790,7 +1790,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
     pktmp = X509_REQ_get_pubkey(req);
     i = X509_set_pubkey(ret, pktmp);
-    EVP_PKEY_free(pktmp);
     if (!i)
         goto end;
 

diff --git a/apps/req.c b/apps/req.c
index edf998ba703a8b81fa5d5f2d31d184ecd2c03350..561cccc98fa5c82ca2d2525e0df01d9bcbe73243 100644 (file)
--- a/apps/req.c
+++ b/apps/req.c
@@ -375,6 +375,7 @@ int req_main(int argc, char **argv)
     if (!nmflag_set)
         nmflag = XN_FLAG_ONELINE;
 
+    /* TODO: simplify this as pkey is still always NULL here */ 
     private = newreq && (pkey == NULL) ? 1 : 0;
 
     if (!app_passwd(passargin, passargout, &passin, &passout)) {
@@ -666,10 +667,9 @@ int req_main(int argc, char **argv)
             if (!X509_set_subject_name
                 (x509ss, X509_REQ_get_subject_name(req)))
                 goto end;
-            tmppkey = X509_REQ_get_pubkey(req);
+            tmppkey = X509_REQ_get0_pubkey(req);
             if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
                 goto end;
-            EVP_PKEY_free(tmppkey);
 
             /* Set up V3 context struct */
 
@@ -739,20 +739,15 @@ int req_main(int argc, char **argv)
     }
 
     if (verify && !x509) {
-        int tmp = 0;
+        EVP_PKEY *pubkey = pkey;
 
-        if (pkey == NULL) {
-            pkey = X509_REQ_get_pubkey(req);
-            tmp = 1;
-            if (pkey == NULL)
+        if (pubkey == NULL) {
+            pubkey = X509_REQ_get0_pubkey(req);
+            if (pubkey == NULL)
                 goto end;
         }
 
-        i = X509_REQ_verify(req, pkey);
-        if (tmp) {
-            EVP_PKEY_free(pkey);
-            pkey = NULL;
-        }
+        i = X509_REQ_verify(req, pubkey);
 
         if (i < 0) {
             goto end;

diff --git a/apps/x509.c b/apps/x509.c
index 00c0d97aa2e5ef018534e6d934e4ac4dae71bef2..bc5623365ae9c51749d0487e197da0e7c16754fc 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -562,12 +562,11 @@ int x509_main(int argc, char **argv)
             goto end;
         }
 
-        if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
+        if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
             BIO_printf(bio_err, "error unpacking public key\n");
             goto end;
         }
         i = X509_REQ_verify(req, pkey);
-        EVP_PKEY_free(pkey);
         if (i < 0) {
             BIO_printf(bio_err, "Signature verification error\n");
             ERR_print_errors(bio_err);
@@ -607,9 +606,8 @@ int x509_main(int argc, char **argv)
         if (fkey)
             X509_set_pubkey(x, fkey);
         else {
-            pkey = X509_REQ_get_pubkey(req);
+            pkey = X509_REQ_get0_pubkey(req);
             X509_set_pubkey(x, pkey);
-            EVP_PKEY_free(pkey);
         }
     } else
         x = load_cert(infile, informat, "Certificate");

diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index dc7e41265ccb09b46dbc35b95901259cd1b37c9e..d082636de411a504ae347952ad50dc9b3b88b7dd 100644 (file)
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -101,21 +101,14 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
         NULL)
         goto err;
 
-    pubkey = X509_REQ_get_pubkey(r);
-    if (pubkey == NULL)
+    pubkey = X509_REQ_get0_pubkey(r);
+    if (pubkey == NULL || !X509_set_pubkey(ret, pubkey))
         goto err;
 
-    if (!X509_set_pubkey(ret, pubkey))
-        goto err_pkey;
-
-    EVP_PKEY_free(pubkey);
-
     if (!X509_sign(ret, pkey, EVP_md5()))
         goto err;
     return ret;
 
- err_pkey:
-    EVP_PKEY_free(pubkey);
  err:
     X509_free(ret);
     return NULL;