Change |EVP_PKEY_up_ref| to return int.

Upstream have added |EVP_PKEY_up_ref|, but their version returns an int. Having this function with a different signature like that is dangerous so this change aligns BoringSSL with upstream. Users of this function in Chromium and internally should already have been updated. Change-Id: I0a7aeaf1a1ca3b0f0c635e2ee3826aa100b18157 Reviewed-on: https://boringssl-review.googlesource.com/8736 Reviewed-by: David Benjamin <davidben@google.com>
2016-07-12 10:39:20 -07:00 · 2016-07-12 10:39:20 -07:00 · 310d3f63f3
commit 310d3f63f3
parent 27516f7c97
7 changed files with 24 additions and 15 deletions
--- a/crypto/evp/evp.c
+++ b/crypto/evp/evp.c
@ -108,9 +108,9 @@ void EVP_PKEY_free(EVP_PKEY *pkey) {
  OPENSSL_free(pkey);
 }

-EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey) {
+int EVP_PKEY_up_ref(EVP_PKEY *pkey) {
  CRYPTO_refcount_inc(&pkey->references);
-  return pkey;
+  return 1;
 }

 int EVP_PKEY_is_opaque(const EVP_PKEY *pkey) {
--- a/crypto/evp/evp_ctx.c
+++ b/crypto/evp/evp_ctx.c
@ -112,7 +112,8 @@ static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) {
  ret->operation = EVP_PKEY_OP_UNDEFINED;

  if (pkey) {
-    ret->pkey = EVP_PKEY_up_ref(pkey);
+    EVP_PKEY_up_ref(pkey);
+    ret->pkey = pkey;
  }

  if (pmeth->init) {
@ -165,14 +166,16 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) {
  rctx->operation = pctx->operation;

  if (pctx->pkey) {
-    rctx->pkey = EVP_PKEY_up_ref(pctx->pkey);
+    EVP_PKEY_up_ref(pctx->pkey);
+    rctx->pkey = pctx->pkey;
    if (rctx->pkey == NULL) {
      goto err;
    }
  }

  if (pctx->peerkey) {
-    rctx->peerkey = EVP_PKEY_up_ref(pctx->peerkey);
+    EVP_PKEY_up_ref(pctx->peerkey);
+    rctx->peerkey = pctx->peerkey;
    if (rctx->peerkey == NULL) {
      goto err;
    }
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@ -141,7 +141,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
    CRYPTO_STATIC_MUTEX_lock_read(&g_pubkey_lock);
    if (key->pkey != NULL) {
        CRYPTO_STATIC_MUTEX_unlock_read(&g_pubkey_lock);
-        return EVP_PKEY_up_ref(key->pkey);
+        EVP_PKEY_up_ref(key->pkey);
+        return key->pkey;
    }
    CRYPTO_STATIC_MUTEX_unlock_read(&g_pubkey_lock);

@ -170,7 +171,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
    }

    OPENSSL_free(spki);
-    return EVP_PKEY_up_ref(ret);
+    EVP_PKEY_up_ref(ret);
+    return ret;

 error:
    OPENSSL_free(spki);
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@ -89,8 +89,8 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new(void);
 * itself. */
 OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey);

-/* EVP_PKEY_up_ref increments the reference count of |pkey| and returns it. */
-OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey);
+/* EVP_PKEY_up_ref increments the reference count of |pkey| and returns one. */
+OPENSSL_EXPORT int EVP_PKEY_up_ref(EVP_PKEY *pkey);

 /* EVP_PKEY_is_opaque returns one if |pkey| is opaque. Opaque keys are backed by
 * custom implementations which do not expose key material and parameters. It is
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@ -174,7 +174,8 @@ CERT *ssl_cert_dup(CERT *cert) {
  }

  if (cert->privatekey != NULL) {
-    ret->privatekey = EVP_PKEY_up_ref(cert->privatekey);
+    EVP_PKEY_up_ref(cert->privatekey);
+    ret->privatekey = cert->privatekey;
  }

  if (cert->chain) {
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -456,8 +456,8 @@ SSL *SSL_new(SSL_CTX *ctx) {

  ssl->tlsext_channel_id_enabled = ctx->tlsext_channel_id_enabled;
  if (ctx->tlsext_channel_id_private) {
-    ssl->tlsext_channel_id_private =
-        EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
+    EVP_PKEY_up_ref(ctx->tlsext_channel_id_private);
+    ssl->tlsext_channel_id_private = ctx->tlsext_channel_id_private;
  }

  ssl->signed_cert_timestamps_enabled =
@ -1834,7 +1834,8 @@ int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
  }

  EVP_PKEY_free(ctx->tlsext_channel_id_private);
-  ctx->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key);
+  EVP_PKEY_up_ref(private_key);
+  ctx->tlsext_channel_id_private = private_key;
  ctx->tlsext_channel_id_enabled = 1;

  return 1;
@ -1847,7 +1848,8 @@ int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {
  }

  EVP_PKEY_free(ssl->tlsext_channel_id_private);
-  ssl->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key);
+  EVP_PKEY_up_ref(private_key);
+  ssl->tlsext_channel_id_private = private_key;
  ssl->tlsext_channel_id_enabled = 1;

  return 1;
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@ -143,7 +143,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) {
  }

  EVP_PKEY_free(c->privatekey);
-  c->privatekey = EVP_PKEY_up_ref(pkey);
+  EVP_PKEY_up_ref(pkey);
+  c->privatekey = pkey;

  return 1;
 }