Use X509_get0_pubkey where appropriate Reviewed-by: Rich Salz <rsalz@openssl.org>

commit: 8382fd3a93cb076af5ad954613557152c878172f [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Sun Dec 20 00:32:36 2015 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Thu Dec 31 18:44:46 2015 +0000
tree: 77afac19fd26c7df42e8bec4c1d021d460745132
parent: 39a6a4a707f23992beefc93d99549466857d2b10 [diff] [blame]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 421a5a6..a2a68af 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -786,16 +786,13 @@
     unsigned char comp_id, curve_id[2];
     EVP_PKEY *pkey;
     int rv;
-    pkey = X509_get_pubkey(x);
+    pkey = X509_get0_pubkey(x);
     if (!pkey)
         return 0;
     /* If not EC nothing to do */
-    if (pkey->type != EVP_PKEY_EC) {
-        EVP_PKEY_free(pkey);
+    if (pkey->type != EVP_PKEY_EC)
         return 1;
-    }
     rv = tls1_set_ec_id(curve_id, &comp_id, pkey->pkey.ec);
-    EVP_PKEY_free(pkey);
     if (!rv)
         return 0;
     /*
@@ -4254,7 +4251,7 @@
 static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
 {
     int secbits = -1;
-    EVP_PKEY *pkey = X509_get_pubkey(x);
+    EVP_PKEY *pkey = X509_get0_pubkey(x);
     if (pkey) {
         /*
          * If no parameters this will return -1 and fail using the default
@@ -4263,7 +4260,6 @@
          * omission of parameters is never (?) done in practice.
          */
         secbits = EVP_PKEY_security_bits(pkey);
-        EVP_PKEY_free(pkey);
     }
     if (s)
         return ssl_security(s, op, secbits, 0, x);
commit	8382fd3a93cb076af5ad954613557152c878172f	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Sun Dec 20 00:32:36 2015 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Thu Dec 31 18:44:46 2015 +0000
tree	77afac19fd26c7df42e8bec4c1d021d460745132
parent	39a6a4a707f23992beefc93d99549466857d2b10 [diff] [blame]