[pkg-opensc-commit] [libp11] 38/86: Returned EVP_PKEY objects are no longer "const"
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 24 21:40:20 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 70eaa8855824e149133943c52a2c4aa47ccb5272
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Sat Feb 6 21:39:34 2016 +0100
Returned EVP_PKEY objects are no longer "const"
---
NEWS | 1 +
src/libp11-int.h | 7 ++-----
src/libp11.h | 4 ----
src/p11_front.c | 4 ++--
src/p11_key.c | 42 +++++++++++-------------------------------
5 files changed, 16 insertions(+), 42 deletions(-)
diff --git a/NEWS b/NEWS
index 1b5e9ef..27da276 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ New in 0.4.0; unreleased;
* Use PKCS11_MODULE_PATH environment variable (Doug Engert)
* Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
* Added support for ECDH key derivation (Doug Engert)
+* Returned EVP_PKEY objects are no longer "const" (Michał Trojnara)
* Fixed building against OpenSSL 0.9.8 (Michał Trojnara)
* Removed support for OpenSSL 0.9.7 (Michał Trojnara)
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 2fab1d1..0ea4fce 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -250,11 +250,8 @@ extern int pkcs11_enumerate_keys(PKCS11_TOKEN *token, unsigned int type,
/* Get the key type (as EVP_PKEY_XXX) */
extern int pkcs11_get_key_type(PKCS11_KEY *key);
-/* Returns a EVP_PKEY object for the private key */
-extern EVP_PKEY *pkcs11_get_private_key(PKCS11_KEY *key);
-
-/* Returns a EVP_PKEY object with the public key */
-extern EVP_PKEY *pkcs11_get_public_key(PKCS11_KEY *key);
+/* Returns a EVP_PKEY object with the private or public key */
+extern EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key, int isPrivate);
/* Find the corresponding certificate (if any) */
extern PKCS11_CERT *pkcs11_find_certificate(PKCS11_KEY *key);
diff --git a/src/libp11.h b/src/libp11.h
index d9ae6aa..aab5145 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -257,8 +257,6 @@ extern int PKCS11_get_key_type(PKCS11_KEY *);
*
* @param key PKCS11_KEY object
* @retval !=NULL reference to EVP_PKEY object.
- * The returned EVP_PKEY object should be treated as const
- * and must not be freed.
* @retval NULL error
*/
extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
@@ -268,8 +266,6 @@ extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
*
* @param key PKCS11_KEY object
* @retval !=NULL reference to EVP_PKEY object.
- * The returned EVP_PKEY object should be treated as const
- * and must not be freed.
* @retval NULL error
*/
extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
diff --git a/src/p11_front.c b/src/p11_front.c
index ddf6ba8..0381e83 100644
--- a/src/p11_front.c
+++ b/src/p11_front.c
@@ -285,14 +285,14 @@ EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key)
{
if (check_key_fork(key) < 0)
return NULL;
- return pkcs11_get_private_key(key);
+ return pkcs11_get_key(key, 1);
}
EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key)
{
if (check_key_fork(key) < 0)
return NULL;
- return pkcs11_get_public_key(key);
+ return pkcs11_get_key(key, 0);
}
PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *key)
diff --git a/src/p11_key.c b/src/p11_key.c
index a178651..d931ee6 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -278,45 +278,25 @@ int pkcs11_get_key_type(PKCS11_KEY * key)
/*
* Create an EVP_PKEY OpenSSL object for a given key
- * Always returns the private key object
+ * Returns private or public key depending on isPrivate
*/
-EVP_PKEY *pkcs11_get_private_key(PKCS11_KEY * key)
+EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key, int isPrivate)
{
- PKCS11_KEY_private *kpriv;
-
- if (key == NULL)
- return NULL;
- if (!key->isPrivate) {
+ if (key->isPrivate != isPrivate)
key = pkcs11_find_key_from_key(key);
- if (key == NULL)
- return NULL;
- }
- if (key->evp_key == NULL) {
- kpriv = PRIVKEY(key);
- key->evp_key = kpriv->ops->get_evp_key(key);
- }
- return key->evp_key;
-}
-
-/*
- * Create an EVP_PKEY OpenSSL object for a given key
- * Always returns the public key object
- */
-EVP_PKEY *pkcs11_get_public_key(PKCS11_KEY * key)
-{
- PKCS11_KEY_private *kpriv;
-
if (key == NULL)
return NULL;
- if (key->isPrivate) {
- key = pkcs11_find_key_from_key(key);
- if (key == NULL)
- return NULL;
- }
if (key->evp_key == NULL) {
- kpriv = PRIVKEY(key);
+ PKCS11_KEY_private *kpriv = PRIVKEY(key);
key->evp_key = kpriv->ops->get_evp_key(key);
+ if (key->evp_key == NULL)
+ return NULL;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ EVP_PKEY_up_ref(key->evp_key);
+#else
+ CRYPTO_add(&key->evp_key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#endif
return key->evp_key;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list