diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-12-14 13:13:32 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-12-14 23:06:14 +0000 |
commit | c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 (patch) | |
tree | 5d4bfc88099fab5f8178b3cdfee4e8f4db2ad68d /crypto/x509 | |
parent | 2872dbe1c46eceb20c38bc55a5fe2a4c4c52fe9d (diff) |
New function X509_get0_pubkey
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/t_x509.c | 3 | ||||
-rw-r--r-- | crypto/x509/x509_cmp.c | 18 | ||||
-rw-r--r-- | crypto/x509/x509_err.c | 2 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 19 |
4 files changed, 18 insertions, 24 deletions
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 3a29f4082a..204aed417c 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -209,13 +209,12 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, if (BIO_puts(bp, "\n") <= 0) goto err; - pkey = X509_get_pubkey(x); + pkey = X509_get0_pubkey(x); if (pkey == NULL) { BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ERR_print_errors(bp); } else { EVP_PKEY_print_public(bp, pkey, 16, NULL); - EVP_PKEY_free(pkey); } } diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 5c3ac6a66f..9d9ea4b605 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -305,11 +305,18 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) return (NULL); } +EVP_PKEY *X509_get0_pubkey(X509 *x) +{ + if (x == NULL) + return NULL; + return X509_PUBKEY_get0(x->cert_info.key); +} + EVP_PKEY *X509_get_pubkey(X509 *x) { if (x == NULL) - return (NULL); - return (X509_PUBKEY_get(x->cert_info.key)); + return NULL; + return X509_PUBKEY_get(x->cert_info.key); } ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) @@ -324,7 +331,7 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) EVP_PKEY *xk; int ret; - xk = X509_get_pubkey(x); + xk = X509_get0_pubkey(x); if (xk) ret = EVP_PKEY_cmp(xk, k); @@ -343,7 +350,6 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k) case -2: X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); } - EVP_PKEY_free(xk); if (ret > 0) return 1; return 0; @@ -411,7 +417,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, goto end; } - pk = X509_get_pubkey(x); + pk = X509_get0_pubkey(x); /* Check EE key only */ rv = check_suite_b(pk, -1, &tflags); if (rv != X509_V_OK) { @@ -426,7 +432,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, rv = X509_V_ERR_SUITE_B_INVALID_VERSION; goto end; } - EVP_PKEY_free(pk); pk = X509_get_pubkey(x); rv = check_suite_b(pk, sign_nid, &tflags); if (rv != X509_V_OK) @@ -436,7 +441,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, /* Final check: root CA signature */ rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); end: - EVP_PKEY_free(pk); if (rv != X509_V_OK) { /* Invalid signature or LOS errors are for previous cert */ if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c index a6fae614e5..25f90ea584 100644 --- a/crypto/x509/x509_err.c +++ b/crypto/x509/x509_err.c @@ -109,7 +109,7 @@ static ERR_STRING_DATA X509_str_functs[] = { {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, - {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, + {ERR_FUNC(X509_F_X509_PUBKEY_GET0), "X509_PUBKEY_get0"}, {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 3156e04225..3acb374a54 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1559,7 +1559,7 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) } /* Attempt to get issuer certificate public key */ - ikey = X509_get_pubkey(issuer); + ikey = X509_get0_pubkey(issuer); if (!ikey) { ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; @@ -1588,7 +1588,6 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) ok = 1; err: - EVP_PKEY_free(ikey); return ok; } @@ -1769,7 +1768,7 @@ static int internal_verify(X509_STORE_CTX *ctx) if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { - if ((pkey = X509_get_pubkey(xi)) == NULL) { + if ((pkey = X509_get0_pubkey(xi)) == NULL) { ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ctx->current_cert = xi; ok = (*cb) (0, ctx); @@ -1779,13 +1778,9 @@ static int internal_verify(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert = xs; ok = (*cb) (0, ctx); - if (!ok) { - EVP_PKEY_free(pkey); + if (!ok) goto end; - } } - EVP_PKEY_free(pkey); - pkey = NULL; } xs->valid = 1; @@ -1973,7 +1968,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) return 1; for (i = 0; i < sk_X509_num(chain); i++) { - ktmp = X509_get_pubkey(sk_X509_value(chain, i)); + ktmp = X509_get0_pubkey(sk_X509_value(chain, i)); if (ktmp == NULL) { X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); @@ -1981,8 +1976,6 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) } if (!EVP_PKEY_missing_parameters(ktmp)) break; - EVP_PKEY_free(ktmp); - ktmp = NULL; } if (ktmp == NULL) { X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, @@ -1992,14 +1985,12 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) /* first, populate the other certs */ for (j = i - 1; j >= 0; j--) { - ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); + ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j)); EVP_PKEY_copy_parameters(ktmp2, ktmp); - EVP_PKEY_free(ktmp2); } if (pkey != NULL) EVP_PKEY_copy_parameters(pkey, ktmp); - EVP_PKEY_free(ktmp); return 1; } |