crypto: avoid taking ownership of OpenSSL objects · nodejs/node@ceb1d5e
@@ -289,11 +289,9 @@ MaybeLocal<Value> BIOToStringOrBuffer(
289289 }
290290}
291291292-293-MaybeLocal<Value> WritePrivateKey(
294- Environment* env,
295-EVP_PKEY* pkey,
296-const PrivateKeyEncodingConfig& config) {
292+MaybeLocal<Value> WritePrivateKey(Environment* env,
293+OSSL3_CONST EVP_PKEY* pkey,
294+const PrivateKeyEncodingConfig& config) {
297295 BIOPointer bio(BIO_new(BIO_s_mem()));
298296CHECK(bio);
299297@@ -327,20 +325,21 @@ MaybeLocal<Value> WritePrivateKey(
327325// PKCS#1 is only permitted for RSA keys.
328326CHECK_EQ(EVP_PKEY_id(pkey), EVP_PKEY_RSA);
329327330-RSAPointer rsa(EVP_PKEY_get1_RSA(pkey));
328+OSSL3_CONST RSA* rsa = EVP_PKEY_get0_RSA(pkey);
331329if (config.format_ == kKeyFormatPEM) {
332330// Encode PKCS#1 as PEM.
333- err = PEM_write_bio_RSAPrivateKey(
334- bio.get(), rsa.get(),
335- config.cipher_,
336-reinterpret_cast<unsigned char*>(pass),
337- pass_len,
338-nullptr, nullptr) != 1;
331+ err = PEM_write_bio_RSAPrivateKey(bio.get(),
332+ rsa,
333+ config.cipher_,
334+reinterpret_cast<unsigned char*>(pass),
335+ pass_len,
336+nullptr,
337+nullptr) != 1;
339338 } else {
340339// Encode PKCS#1 as DER. This does not permit encryption.
341340CHECK_EQ(config.format_, kKeyFormatDER);
342341CHECK_NULL(config.cipher_);
343- err = i2d_RSAPrivateKey_bio(bio.get(), rsa.get()) != 1;
342+ err = i2d_RSAPrivateKey_bio(bio.get(), rsa) != 1;
344343 }
345344 } else if (encoding_type == kKeyEncodingPKCS8) {
346345if (config.format_ == kKeyFormatPEM) {
@@ -367,20 +366,21 @@ MaybeLocal<Value> WritePrivateKey(
367366// SEC1 is only permitted for EC keys.
368367CHECK_EQ(EVP_PKEY_id(pkey), EVP_PKEY_EC);
369368370-ECKeyPointer ec_key(EVP_PKEY_get1_EC_KEY(pkey));
369+OSSL3_CONST EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey);
371370if (config.format_ == kKeyFormatPEM) {
372371// Encode SEC1 as PEM.
373- err = PEM_write_bio_ECPrivateKey(
374- bio.get(), ec_key.get(),
375- config.cipher_,
376-reinterpret_cast<unsigned char*>(pass),
377- pass_len,
378-nullptr, nullptr) != 1;
372+ err = PEM_write_bio_ECPrivateKey(bio.get(),
373+ ec_key,
374+ config.cipher_,
375+reinterpret_cast<unsigned char*>(pass),
376+ pass_len,
377+nullptr,
378+nullptr) != 1;
379379 } else {
380380// Encode SEC1 as DER. This does not permit encryption.
381381CHECK_EQ(config.format_, kKeyFormatDER);
382382CHECK_NULL(config.cipher_);
383- err = i2d_ECPrivateKey_bio(bio.get(), ec_key.get()) != 1;
383+ err = i2d_ECPrivateKey_bio(bio.get(), ec_key) != 1;
384384 }
385385 }
386386@@ -391,20 +391,20 @@ MaybeLocal<Value> WritePrivateKey(
391391return BIOToStringOrBuffer(env, bio.get(), config.format_);
392392}
393393394-bool WritePublicKeyInner(EVP_PKEY* pkey,
394+bool WritePublicKeyInner(OSSL3_CONST EVP_PKEY* pkey,
395395const BIOPointer& bio,
396396const PublicKeyEncodingConfig& config) {
397397if (config.type_.ToChecked() == kKeyEncodingPKCS1) {
398398// PKCS#1 is only valid for RSA keys.
399399CHECK_EQ(EVP_PKEY_id(pkey), EVP_PKEY_RSA);
400-RSAPointer rsa(EVP_PKEY_get1_RSA(pkey));
400+OSSL3_CONST RSA* rsa = EVP_PKEY_get0_RSA(pkey);
401401if (config.format_ == kKeyFormatPEM) {
402402// Encode PKCS#1 as PEM.
403-return PEM_write_bio_RSAPublicKey(bio.get(), rsa.get()) == 1;
403+return PEM_write_bio_RSAPublicKey(bio.get(), rsa) == 1;
404404 } else {
405405// Encode PKCS#1 as DER.
406406CHECK_EQ(config.format_, kKeyFormatDER);
407-return i2d_RSAPublicKey_bio(bio.get(), rsa.get()) == 1;
407+return i2d_RSAPublicKey_bio(bio.get(), rsa) == 1;
408408 }
409409 } else {
410410CHECK_EQ(config.type_.ToChecked(), kKeyEncodingSPKI);
@@ -420,7 +420,7 @@ bool WritePublicKeyInner(EVP_PKEY* pkey,
420420}
421421422422MaybeLocal<Value> WritePublicKey(Environment* env,
423-EVP_PKEY* pkey,
423+OSSL3_CONST EVP_PKEY* pkey,
424424const PublicKeyEncodingConfig& config) {
425425 BIOPointer bio(BIO_new(BIO_s_mem()));
426426CHECK(bio);