Google Git
Sign in
boringssl/boringssl/5656fec512a8dfd2833fbf47b6aaa76364c26fad^!/.
commit
5656fec512a8dfd2833fbf47b6aaa76364c26fad
[log]
author
David Benjamin <davidben@google.com>
Fri Nov 13 18:04:27 2020 -0500
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Tue Nov 17 23:58:07 2020 +0000
tree
a2546ea6b659fc363a1dad2cc142044cd947f26b
parent
53bbb1803640d51b25036fa5406d8a9f8252f618 [diff]
Fix NETSCAPE_SPKI_get_pubkey documentation.

I got that wrong. It passes ownership to the caller. It calls
X509_PUBKEY_get which bumps the refcount.

Change-Id: I46b7eabcf56f68bb1f745bc2f64091640e97c0bf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44084
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 7fd3a27..a75442f 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -697,9 +697,8 @@
 OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
 
 // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
-// |EVP_PKEY|, or NULL on error. The resulting pointer is non-owning and valid
-// until |spki| is released or mutated. The caller should take a reference with
-// |EVP_PKEY_up_ref| to extend the lifetime.
+// |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
+// pointer and must call |EVP_PKEY_free| when done.
 OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
 
 // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one