[openssl-dev] [openssl.org #3894] AutoReply: PATCH: EVP_PKEY_get_type (new function)

Kurt Roeckx via RT rt at openssl.org
Sat Jun 6 01:49:22 UTC 2015 

On Thu, Jun 04, 2015 at 04:52:22PM -0400, Jeffrey Walton wrote:
> Thanks Kurt. I think I'll need to think about this some more because I
> don't recall EVP_PKEY_id.
> 
> I think I never considered it because I could not find it when
> searching for something to return the inner type ('id' does not make a
> lot of sense to me, even now).
> 
> Maybe I should back up a bit. What is 'id' supposed to do above and
> beyond providing the 'type'?
> 
> *****
> 
> > I don't know if there are plans to run the EVP_PKEY into a opaque
> > struct soon, but it probably should.
> 
> That's fine as long as we have an accessor to ensure we are working
> with what we expect. Otherwise, we can't validate which means we can't
> use the value.
> 
> *****
> 
> > This doesn't make sense.  You're discouraging the function you
> > add?  Maybe you mean EVP_PKEY_type(pkey->type)?
> 
> Yeah, you're kind of right. On one hand, its lower level and its use
> is discouraged (see the NOTES in evp,h). On the other hand, we need it
> for use.
> 
> *****
> 
> According to the man pages for EVP_PKEY_type:
> 
>        EVP_PKEY_type() returns the type of key corresponding to the value
>        type. The type of a key can be obtained with EVP_PKEY_type(pkey->type).
> 
> Reading the man pages, it appears there's no accessor for
> `pkey->type`. Otherwise, we would have been told to use `EVP_PKEY_id`.
> 
> *****
> 
> > This seems to do almost exactly the same as EVP_PKEY_base_id().
> 
> Actually, I think its closer to EVP_PKEY_id().
> 
> Also, we have a NULL pointer dereference in the existing function:
> 
>     int EVP_PKEY_id(const EVP_PKEY *pkey)
>     {
>         return pkey->type;
>     }
> 
> (Sorry, I did not recall seeing that function).

I think you're getting confused.  There is:
int EVP_PKEY_id(const EVP_PKEY *pkey)
{
    return pkey->type;
}

int EVP_PKEY_base_id(const EVP_PKEY *pkey)
{
    return EVP_PKEY_type(pkey->type);
}


And you had:
int EVP_PKEY_get_type(EVP_PKEY *pkey)
{
    if (!pkey)
        return EVP_PKEY_NONE;

    return EVP_PKEY_type(pkey->type);
}


Kurt

More information about the openssl-dev mailing list