[openssl] master update

Dr. Paul Dale pauli at openssl.org
Wed Apr 14 04:54:23 UTC 2021


The branch master has been updated
       via  0d5bbaaae2c65ddf7a30596b61617304e0950d9c (commit)
      from  89947af2c5e32ddceaeecc5f486577ad5b5f946c (commit)


- Log -----------------------------------------------------------------
commit 0d5bbaaae2c65ddf7a30596b61617304e0950d9c
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Apr 12 15:52:05 2021 +0100

    Remove a TODO(3.0) from X509_PUBKEY_set
    
    The comment talks about the EVP_PKEY that is contained within an
    X509_PUBKEY object and whether it has to be exactly the same as the one
    passed by the caller in X509_PUBKEY_set(). IMO it does, so the TODO should
    be dropped.
    
    Fixes #14378
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14845)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x_pubkey.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 5099f9618a..9b846a8bc2 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -282,14 +282,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
     /*
      * pk->pkey is NULL when using the legacy routine, but is non-NULL when
      * going through the encoder, and for all intents and purposes, it's
-     * a perfect copy of |pkey|, just not the same instance.  In that case,
-     * we could simply return early, right here.
-     * However, in the interest of being cautious leaning on paranoia, some
-     * application might very well depend on the passed |pkey| being used
-     * and none other, so we spend a few more cycles throwing away the newly
-     * created |pk->pkey| and replace it with |pkey|.
-     * TODO(3.0) Investigate if it's safe to change to simply return here
-     * if |pk->pkey != NULL|.
+     * a perfect copy of the public key portions of |pkey|, just not the same
+     * instance.  If that's all there was to pkey then we could simply return
+     * early, right here. However, some application might very well depend on
+     * the passed |pkey| being used and none other, so we spend a few more
+     * cycles throwing away the newly created |pk->pkey| and replace it with
+     * |pkey|.
      */
     if (pk->pkey != NULL)
         EVP_PKEY_free(pk->pkey);


More information about the openssl-commits mailing list