[openssl-commits] [openssl] master update

Tue Mar 22 15:40:03 UTC 2016

The branch master has been updated
       via  29fa0a1af45a1037850b29f5851f4a054124781b (commit)
       via  91829e456c998eb9c2e565307b8f1022481049ce (commit)
      from  b8ce6dda36e0c9a647ed7c5b00795bc835d747ef (commit)


- Log -----------------------------------------------------------------
commit 29fa0a1af45a1037850b29f5851f4a054124781b
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Mar 22 13:16:42 2016 +0000

    Make X509_PUBKEY opaque
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

commit 91829e456c998eb9c2e565307b8f1022481049ce
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Mar 22 12:45:58 2016 +0000

    move x_pubkey.c to crypto/x509
    
    Reviewed-by: Matt Caswell <matt at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/Makefile.in          |  4 ++--
 crypto/asn1/build.info           |  2 +-
 crypto/asn1/t_spki.c             |  4 +++-
 crypto/x509/Makefile.in          |  4 ++--
 crypto/x509/build.info           |  2 +-
 crypto/x509/x509_cmp.c           |  7 -------
 crypto/{asn1 => x509}/x_pubkey.c | 15 +++++++++++++++
 crypto/x509v3/v3_skey.c          | 15 +++++++++------
 include/openssl/x509.h           |  7 -------
 9 files changed, 33 insertions(+), 27 deletions(-)
 rename crypto/{asn1 => x509}/x_pubkey.c (97%)

diff --git a/crypto/asn1/Makefile.in b/crypto/asn1/Makefile.in
index fd8ffcf..282bd45 100644
--- a/crypto/asn1/Makefile.in
+++ b/crypto/asn1/Makefile.in
@@ -18,7 +18,7 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
 	a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
-	x_algor.c x_val.c x_pubkey.c x_sig.c x_bignum.c \
+	x_algor.c x_val.c x_sig.c x_bignum.c \
 	x_long.c x_info.c x_spki.c nsseq.c \
 	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
 	t_pkey.c t_spki.c t_bitst.c \
@@ -32,7 +32,7 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	a_print.o a_type.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
 	a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
-	x_algor.o x_val.o x_pubkey.o x_sig.o x_bignum.o \
+	x_algor.o x_val.o x_sig.o x_bignum.o \
 	x_long.o x_info.o x_spki.o nsseq.o \
 	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
 	t_pkey.o t_spki.o t_bitst.o \
diff --git a/crypto/asn1/build.info b/crypto/asn1/build.info
index d4b9b00..02d1120 100644
--- a/crypto/asn1/build.info
+++ b/crypto/asn1/build.info
@@ -3,7 +3,7 @@ SOURCE[../../libcrypto]=\
         a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
         a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
         a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
-        x_algor.c x_val.c x_pubkey.c x_sig.c x_bignum.c \
+        x_algor.c x_val.c x_sig.c x_bignum.c \
         x_long.c x_info.c x_spki.c nsseq.c \
         d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
         t_pkey.c t_spki.c t_bitst.c \
diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
index a289c7d..bc20c14 100644
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -70,10 +70,12 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 {
     EVP_PKEY *pkey;
     ASN1_IA5STRING *chal;
+    ASN1_OBJECT *spkioid;
     int i, n;
     char *s;
     BIO_printf(out, "Netscape SPKI:\n");
-    i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+    X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey);
+    i = OBJ_obj2nid(spkioid);
     BIO_printf(out, "  Public Key Algorithm: %s\n",
                (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
     pkey = X509_PUBKEY_get(spki->spkac->pubkey);
diff --git a/crypto/x509/Makefile.in b/crypto/x509/Makefile.in
index c1a173e..8b11dc4 100644
--- a/crypto/x509/Makefile.in
+++ b/crypto/x509/Makefile.in
@@ -22,7 +22,7 @@ LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
 	x509type.c x509_lu.c x_all.c x509_txt.c \
 	x509_trs.c by_file.c by_dir.c x509_vpm.c \
 	x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
-	x_x509a.c x_attrib.c x_exten.c x_name.c
+	x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c
 LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
 	x509_obj.o x509_req.o x509spki.o x509_vfy.o \
 	x509_set.o x509cset.o x509rset.o x509_err.o \
@@ -30,7 +30,7 @@ LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
 	x509type.o x509_lu.o x_all.o x509_txt.o \
 	x509_trs.o by_file.o by_dir.o x509_vpm.o \
 	x_crl.o t_crl.o x_req.o t_req.o x_x509.o t_x509.o \
-	x_x509a.o x_attrib.o x_exten.o x_name.o
+	x_pubkey.o x_x509a.o x_attrib.o x_exten.o x_name.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index 336687c..7fc4b45 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -7,4 +7,4 @@ SOURCE[../../libcrypto]=\
         x509type.c x509_lu.c x_all.c x509_txt.c \
         x509_trs.c by_file.c by_dir.c x509_vpm.c \
         x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
-        x_x509a.c x_attrib.c x_exten.c x_name.c
+        x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 69a3fb3..d3b2c19 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -318,13 +318,6 @@ EVP_PKEY *X509_get_pubkey(X509 *x)
     return X509_PUBKEY_get(x->cert_info.key);
 }
 
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
-{
-    if (!x)
-        return NULL;
-    return x->cert_info.key->public_key;
-}
-
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
 {
     EVP_PKEY *xk;
diff --git a/crypto/asn1/x_pubkey.c b/crypto/x509/x_pubkey.c
similarity index 97%
rename from crypto/asn1/x_pubkey.c
rename to crypto/x509/x_pubkey.c
index 158d1d2..55d5594 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -61,9 +61,17 @@
 #include <openssl/x509.h>
 #include "internal/asn1_int.h"
 #include "internal/evp_int.h"
+#include "internal/x509_int.h"
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 
+struct X509_pubkey_st {
+    X509_ALGOR *algor;
+    ASN1_BIT_STRING *public_key;
+    EVP_PKEY *pkey;
+    CRYPTO_RWLOCK *lock;
+};
+
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                      void *exarg)
@@ -375,3 +383,10 @@ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
         *pa = pub->algor;
     return 1;
 }
+
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return x->cert_info.key->public_key;
+}
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index d3fe9eb..074b712 100644
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -104,7 +104,9 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                       X509V3_CTX *ctx, char *str)
 {
     ASN1_OCTET_STRING *oct;
-    ASN1_BIT_STRING *pk;
+    X509_PUBKEY *pubkey;
+    const unsigned char *pk;
+    int pklen;
     unsigned char pkey_dig[EVP_MAX_MD_SIZE];
     unsigned int diglen;
 
@@ -125,17 +127,18 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
     }
 
     if (ctx->subject_req)
-        pk = ctx->subject_req->req_info.pubkey->public_key;
+        pubkey = ctx->subject_req->req_info.pubkey;
     else
-        pk = ctx->subject_cert->cert_info.key->public_key;
+        pubkey = ctx->subject_cert->cert_info.key;
 
-    if (!pk) {
+    if (pubkey == NULL) {
         X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
         goto err;
     }
 
-    if (!EVP_Digest
-        (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
+    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
+
+    if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))
         goto err;
 
     if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index d21460a..af9ab82 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -120,13 +120,6 @@ typedef struct X509_val_st {
     ASN1_TIME *notAfter;
 } X509_VAL;
 
-struct X509_pubkey_st {
-    X509_ALGOR *algor;
-    ASN1_BIT_STRING *public_key;
-    EVP_PKEY *pkey;
-    CRYPTO_RWLOCK *lock;
-};
-
 typedef struct X509_sig_st X509_SIG;
 
 typedef struct X509_name_entry_st X509_NAME_ENTRY;
