From 29fa0a1af45a1037850b29f5851f4a054124781b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 22 Mar 2016 13:16:42 +0000 Subject: [PATCH] Make X509_PUBKEY opaque Reviewed-by: Matt Caswell --- crypto/asn1/t_spki.c | 4 +++- crypto/x509/x509_cmp.c | 7 ------- crypto/x509/x_pubkey.c | 15 +++++++++++++++ crypto/x509v3/v3_skey.c | 15 +++++++++------ include/openssl/x509.h | 7 ------- 5 files changed, 27 insertions(+), 21 deletions(-) diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index a289c7dae0..bc20c14e2b 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -70,10 +70,12 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) { EVP_PKEY *pkey; ASN1_IA5STRING *chal; + ASN1_OBJECT *spkioid; int i, n; char *s; BIO_printf(out, "Netscape SPKI:\n"); - i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); + X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey); + i = OBJ_obj2nid(spkioid); BIO_printf(out, " Public Key Algorithm: %s\n", (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); pkey = X509_PUBKEY_get(spki->spkac->pubkey); diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 69a3fb39a2..d3b2c199b9 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -318,13 +318,6 @@ EVP_PKEY *X509_get_pubkey(X509 *x) return X509_PUBKEY_get(x->cert_info.key); } -ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) -{ - if (!x) - return NULL; - return x->cert_info.key->public_key; -} - int X509_check_private_key(X509 *x, EVP_PKEY *k) { EVP_PKEY *xk; diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index 158d1d26af..55d5594b03 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -61,9 +61,17 @@ #include #include "internal/asn1_int.h" #include "internal/evp_int.h" +#include "internal/x509_int.h" #include #include +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + EVP_PKEY *pkey; + CRYPTO_RWLOCK *lock; +}; + /* Minor tweak to operation: free up EVP_PKEY */ static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) @@ -375,3 +383,10 @@ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, *pa = pub->algor; return 1; } + +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) +{ + if (x == NULL) + return NULL; + return x->cert_info.key->public_key; +} diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index d3fe9ebfb4..074b7128f4 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -104,7 +104,9 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) { ASN1_OCTET_STRING *oct; - ASN1_BIT_STRING *pk; + X509_PUBKEY *pubkey; + const unsigned char *pk; + int pklen; unsigned char pkey_dig[EVP_MAX_MD_SIZE]; unsigned int diglen; @@ -125,17 +127,18 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, } if (ctx->subject_req) - pk = ctx->subject_req->req_info.pubkey->public_key; + pubkey = ctx->subject_req->req_info.pubkey; else - pk = ctx->subject_cert->cert_info.key->public_key; + pubkey = ctx->subject_cert->cert_info.key; - if (!pk) { + if (pubkey == NULL) { X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); goto err; } - if (!EVP_Digest - (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) + X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); + + if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)) goto err; if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { diff --git a/include/openssl/x509.h b/include/openssl/x509.h index d21460a33e..af9ab821ee 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -120,13 +120,6 @@ typedef struct X509_val_st { ASN1_TIME *notAfter; } X509_VAL; -struct X509_pubkey_st { - X509_ALGOR *algor; - ASN1_BIT_STRING *public_key; - EVP_PKEY *pkey; - CRYPTO_RWLOCK *lock; -}; - typedef struct X509_sig_st X509_SIG; typedef struct X509_name_entry_st X509_NAME_ENTRY; -- 2.34.1