[pkg-opensc-commit] [libp11] 73/86: Revert "Restored "const" EVP_PKEY objects"

Sun Jul 24 21:40:24 UTC 2016

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 96f7d5b32a3f66f3602b478bf3867a916e6bd0c9
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Fri Mar 18 12:41:24 2016 +0100

    Revert "Restored "const" EVP_PKEY objects"
    
    This reverts commit 88d357cf72bef79c1200f09a25ce3a0dcbdfbce7.
---
 NEWS              | 1 +
 src/libp11.h      | 4 ----
 src/p11_key.c     | 5 +++++
 tests/fork-test.c | 6 ------
 4 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/NEWS b/NEWS
index ad5a2cb..abb92b2 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ New in 0.4.0; unreleased;
 * Fixed deadlocks in keys and certificates listing (Brian Hinz)
 * Use PKCS11_MODULE_PATH environment variable (Doug Engert)
 * Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
+* Returned EVP_PKEY objects are no longer "const" (Michał Trojnara)
 * Fixed building against OpenSSL 0.9.8 (Michał Trojnara)
 * Removed support for OpenSSL 0.9.7 (Michał Trojnara)
 
diff --git a/src/libp11.h b/src/libp11.h
index c4b5767..068cb83 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -256,8 +256,6 @@ extern int PKCS11_get_key_type(PKCS11_KEY *);
  *
  * @param   key  PKCS11_KEY object
  * @retval !=NULL reference to EVP_PKEY object.
- *         The returned EVP_PKEY object should be treated as const
- *         and must not be freed.
  * @retval NULL error
  */
 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
@@ -267,8 +265,6 @@ extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
  *
  * @param  key  PKCS11_KEY object
  * @retval !=NULL reference to EVP_PKEY object.
- *         The returned EVP_PKEY object should be treated as const
- *         and must not be freed.
  * @retval NULL error
  */
 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
diff --git a/src/p11_key.c b/src/p11_key.c
index 5247cab..05538b9 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -298,6 +298,11 @@ EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key, int isPrivate)
 				fprintf(stderr, "Missing CKA_ALWAYS_AUTHENTICATE attribute\n");
 		}
 	}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	EVP_PKEY_up_ref(key->evp_key);
+#else
+	CRYPTO_add(&key->evp_key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#endif
 	return key->evp_key;
 }
 
diff --git a/tests/fork-test.c b/tests/fork-test.c
index 17b6664..dd8e2ea 100644
--- a/tests/fork-test.c
+++ b/tests/fork-test.c
@@ -184,12 +184,6 @@ loggedin:
 		fprintf(stderr, "Could not extract the private key\n");
 		goto failed;
 	}
-	/* allow the EVP_PKEY object to be freed normally */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-	EVP_PKEY_up_ref(privkey);
-#else
-	CRYPTO_add(&privkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-#endif
 
 	/* sign on the PKCS#11 device */
 	md_ctx = EVP_MD_CTX_create();

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

