[pkg-opensc-commit] [libp11] 54/86: Restored "const" EVP_PKEY objects

Eric Dorland eric at moszumanska.debian.org
Sun Jul 24 21:40:22 UTC 2016 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 88d357cf72bef79c1200f09a25ce3a0dcbdfbce7
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Tue Feb 16 16:44:33 2016 +0100

    Restored "const" EVP_PKEY objects
    
    Restored the old behaviour, as this is apparently an undocumented requirement of the engine interface.
---
 NEWS              | 1 -
 src/libp11.h      | 4 ++++
 src/p11_key.c     | 5 -----
 tests/fork-test.c | 6 ++++++
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index b812d0b..8e72c83 100644
--- a/NEWS
+++ b/NEWS
@@ -6,7 +6,6 @@ New in 0.4.0; unreleased;
 * Fixed deadlocks in keys and certificates listing (Brian Hinz)
 * Use PKCS11_MODULE_PATH environment variable (Doug Engert)
 * Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
-* Returned EVP_PKEY objects are no longer "const" (Michał Trojnara)
 * Fixed building against OpenSSL 0.9.8 (Michał Trojnara)
 * Removed support for OpenSSL 0.9.7 (Michał Trojnara)
 
diff --git a/src/libp11.h b/src/libp11.h
index ca85e8b..4e06e1b 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -256,6 +256,8 @@ extern int PKCS11_get_key_type(PKCS11_KEY *);
  *
  * @param   key  PKCS11_KEY object
  * @retval !=NULL reference to EVP_PKEY object.
+ *         The returned EVP_PKEY object should be treated as const
+ *         and must not be freed.
  * @retval NULL error
  */
 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
@@ -265,6 +267,8 @@ extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
  *
  * @param  key  PKCS11_KEY object
  * @retval !=NULL reference to EVP_PKEY object.
+ *         The returned EVP_PKEY object should be treated as const
+ *         and must not be freed.
  * @retval NULL error
  */
 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
diff --git a/src/p11_key.c b/src/p11_key.c
index 610204e..d797c89 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -292,11 +292,6 @@ EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key, int isPrivate)
 		if (key->evp_key == NULL)
 			return NULL;
 	}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-	EVP_PKEY_up_ref(key->evp_key);
-#else
-	CRYPTO_add(&key->evp_key->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#endif
 	return key->evp_key;
 }
 
diff --git a/tests/fork-test.c b/tests/fork-test.c
index dd8e2ea..17b6664 100644
--- a/tests/fork-test.c
+++ b/tests/fork-test.c
@@ -184,6 +184,12 @@ loggedin:
 		fprintf(stderr, "Could not extract the private key\n");
 		goto failed;
 	}
+	/* allow the EVP_PKEY object to be freed normally */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	EVP_PKEY_up_ref(privkey);
+#else
+	CRYPTO_add(&privkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#endif
 
 	/* sign on the PKCS#11 device */
 	md_ctx = EVP_MD_CTX_create();

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

More information about the pkg-opensc-commit mailing list