[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Apr 14 04:54:23 UTC 2021
The branch master has been updated
via 0d5bbaaae2c65ddf7a30596b61617304e0950d9c (commit)
from 89947af2c5e32ddceaeecc5f486577ad5b5f946c (commit)
- Log -----------------------------------------------------------------
commit 0d5bbaaae2c65ddf7a30596b61617304e0950d9c
Author: Matt Caswell <matt at openssl.org>
Date: Mon Apr 12 15:52:05 2021 +0100
Remove a TODO(3.0) from X509_PUBKEY_set
The comment talks about the EVP_PKEY that is contained within an
X509_PUBKEY object and whether it has to be exactly the same as the one
passed by the caller in X509_PUBKEY_set(). IMO it does, so the TODO should
be dropped.
Fixes #14378
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14845)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x_pubkey.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 5099f9618a..9b846a8bc2 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -282,14 +282,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
/*
* pk->pkey is NULL when using the legacy routine, but is non-NULL when
* going through the encoder, and for all intents and purposes, it's
- * a perfect copy of |pkey|, just not the same instance. In that case,
- * we could simply return early, right here.
- * However, in the interest of being cautious leaning on paranoia, some
- * application might very well depend on the passed |pkey| being used
- * and none other, so we spend a few more cycles throwing away the newly
- * created |pk->pkey| and replace it with |pkey|.
- * TODO(3.0) Investigate if it's safe to change to simply return here
- * if |pk->pkey != NULL|.
+ * a perfect copy of the public key portions of |pkey|, just not the same
+ * instance. If that's all there was to pkey then we could simply return
+ * early, right here. However, some application might very well depend on
+ * the passed |pkey| being used and none other, so we spend a few more
+ * cycles throwing away the newly created |pk->pkey| and replace it with
+ * |pkey|.
*/
if (pk->pkey != NULL)
EVP_PKEY_free(pk->pkey);
More information about the openssl-commits
mailing list