[pkg-opensc-commit] [libp11] 38/86: Returned EVP_PKEY objects are no longer "const"

Eric Dorland eric at moszumanska.debian.org
Sun Jul 24 21:40:20 UTC 2016 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 70eaa8855824e149133943c52a2c4aa47ccb5272
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Sat Feb 6 21:39:34 2016 +0100

    Returned EVP_PKEY objects are no longer "const"
---
 NEWS             |  1 +
 src/libp11-int.h |  7 ++-----
 src/libp11.h     |  4 ----
 src/p11_front.c  |  4 ++--
 src/p11_key.c    | 42 +++++++++++-------------------------------
 5 files changed, 16 insertions(+), 42 deletions(-)

diff --git a/NEWS b/NEWS
index 1b5e9ef..27da276 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ New in 0.4.0; unreleased;
 * Use PKCS11_MODULE_PATH environment variable (Doug Engert)
 * Added support for building against OpenSSL 1.1.0-dev (Doug Engert)
 * Added support for ECDH key derivation (Doug Engert)
+* Returned EVP_PKEY objects are no longer "const" (Michał Trojnara)
 * Fixed building against OpenSSL 0.9.8 (Michał Trojnara)
 * Removed support for OpenSSL 0.9.7 (Michał Trojnara)
 
diff --git a/src/libp11-int.h b/src/libp11-int.h
index 2fab1d1..0ea4fce 100644
--- a/src/libp11-int.h
+++ b/src/libp11-int.h
@@ -250,11 +250,8 @@ extern int pkcs11_enumerate_keys(PKCS11_TOKEN *token, unsigned int type,
 /* Get the key type (as EVP_PKEY_XXX) */
 extern int pkcs11_get_key_type(PKCS11_KEY *key);
 
-/* Returns a EVP_PKEY object for the private key */
-extern EVP_PKEY *pkcs11_get_private_key(PKCS11_KEY *key);
-
-/* Returns a EVP_PKEY object with the public key */
-extern EVP_PKEY *pkcs11_get_public_key(PKCS11_KEY *key);
+/* Returns a EVP_PKEY object with the private or public key */
+extern EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key, int isPrivate);
 
 /* Find the corresponding certificate (if any) */
 extern PKCS11_CERT *pkcs11_find_certificate(PKCS11_KEY *key);
diff --git a/src/libp11.h b/src/libp11.h
index d9ae6aa..aab5145 100644
--- a/src/libp11.h
+++ b/src/libp11.h
@@ -257,8 +257,6 @@ extern int PKCS11_get_key_type(PKCS11_KEY *);
  *
  * @param   key  PKCS11_KEY object
  * @retval !=NULL reference to EVP_PKEY object.
- *         The returned EVP_PKEY object should be treated as const
- *         and must not be freed.
  * @retval NULL error
  */
 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
@@ -268,8 +266,6 @@ extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
  *
  * @param  key  PKCS11_KEY object
  * @retval !=NULL reference to EVP_PKEY object.
- *         The returned EVP_PKEY object should be treated as const
- *         and must not be freed.
  * @retval NULL error
  */
 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
diff --git a/src/p11_front.c b/src/p11_front.c
index ddf6ba8..0381e83 100644
--- a/src/p11_front.c
+++ b/src/p11_front.c
@@ -285,14 +285,14 @@ EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key)
 {
 	if (check_key_fork(key) < 0)
 		return NULL;
-	return pkcs11_get_private_key(key);
+	return pkcs11_get_key(key, 1);
 }
 
 EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key)
 {
 	if (check_key_fork(key) < 0)
 		return NULL;
-	return pkcs11_get_public_key(key);
+	return pkcs11_get_key(key, 0);
 }
 
 PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *key)
diff --git a/src/p11_key.c b/src/p11_key.c
index a178651..d931ee6 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -278,45 +278,25 @@ int pkcs11_get_key_type(PKCS11_KEY * key)
 
 /*
  * Create an EVP_PKEY OpenSSL object for a given key
- * Always returns the private key object
+ * Returns private or public key depending on isPrivate
  */
-EVP_PKEY *pkcs11_get_private_key(PKCS11_KEY * key)
+EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key, int isPrivate)
 {
-	PKCS11_KEY_private *kpriv;
-
-	if (key == NULL)
-		return NULL;
-	if (!key->isPrivate) {
+	if (key->isPrivate != isPrivate)
 		key = pkcs11_find_key_from_key(key);
-		if (key == NULL)
-			return NULL;
-	}
-	if (key->evp_key == NULL) {
-		kpriv = PRIVKEY(key);
-		key->evp_key = kpriv->ops->get_evp_key(key);
-	}
-	return key->evp_key;
-}
-
-/*
- * Create an EVP_PKEY OpenSSL object for a given key
- * Always returns the public key object
- */
-EVP_PKEY *pkcs11_get_public_key(PKCS11_KEY * key)
-{
-	PKCS11_KEY_private *kpriv;
-
 	if (key == NULL)
 		return NULL;
-	if (key->isPrivate) {
-		key = pkcs11_find_key_from_key(key);
-		if (key == NULL)
-			return NULL;
-	}
 	if (key->evp_key == NULL) {
-		kpriv = PRIVKEY(key);
+		PKCS11_KEY_private *kpriv = PRIVKEY(key);
 		key->evp_key = kpriv->ops->get_evp_key(key);
+		if (key->evp_key == NULL)
+			return NULL;
 	}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	EVP_PKEY_up_ref(key->evp_key);
+#else
+	CRYPTO_add(&key->evp_key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#endif
 	return key->evp_key;
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

More information about the pkg-opensc-commit mailing list