From e6e15fc3a19ac6e4317d7245df24313c261fc2bb Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Tue, 5 Aug 2014 21:46:37 -0400
Subject: [PATCH] Use EVP_PKEY_dup instead of manually incrementing the
 refcount.

Reference counting should be internal to the type, otherwise callers need to
know which lock to use.

Change-Id: If4d805876a321ef6dece115c805e605584ff311e
Reviewed-on: https://boringssl-review.googlesource.com/1414
Reviewed-by: Adam Langley <agl@google.com>
---
 crypto/evp/evp_ctx.c   | 11 ++++-------
 crypto/x509/x_pubkey.c |  6 ++----
 ssl/ssl_rsa.c          |  5 ++---
 3 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.c
index 1416d3a2..d1ed67d6 100644
--- a/crypto/evp/evp_ctx.c
+++ b/crypto/evp/evp_ctx.c
@@ -119,8 +119,7 @@ static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) {
   ret->operation = EVP_PKEY_OP_UNDEFINED;
 
   if (pkey) {
-    ret->pkey = pkey;
-    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    ret->pkey = EVP_PKEY_dup(pkey);
   }
 
   if (pmeth->init) {
@@ -176,14 +175,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) {
   rctx->operation = pctx->operation;
 
   if (pctx->pkey) {
-    CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    rctx->pkey = EVP_PKEY_dup(pctx->pkey);
   }
-  rctx->pkey = pctx->pkey;
 
   if (pctx->peerkey) {
-    CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    rctx->peerkey = EVP_PKEY_dup(pctx->peerkey);
   }
-  rctx->peerkey = pctx->peerkey;
 
   if (pctx->pmeth->copy(rctx, pctx) > 0) {
     return rctx;
@@ -437,7 +434,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) {
     return 0;
   }
 
-  CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY);
+  EVP_PKEY_dup(peer);
   return 1;
 }
 
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index d1b21465..04275f76 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -133,8 +133,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 
 	if (key->pkey != NULL)
 		{
-		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-		return key->pkey;
+		return EVP_PKEY_dup(key->pkey);
 		}
 
 	if (key->public_key == NULL) goto error;
@@ -178,9 +177,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 		key->pkey = ret;
 		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
 		}
-	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 
-	return ret;
+	return EVP_PKEY_dup(ret);
 
 	error:
 	if (ret != NULL)
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 2a8dfce0..05163d42 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -226,9 +226,8 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 
 	if (c->pkeys[i].privatekey != NULL)
 		EVP_PKEY_free(c->pkeys[i].privatekey);
-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-	c->pkeys[i].privatekey=pkey;
-	c->key= &(c->pkeys[i]);
+	c->pkeys[i].privatekey = EVP_PKEY_dup(pkey);
+	c->key = &(c->pkeys[i]);
 
 	c->valid=0;
 	return(1);