Make X509_PUBKEY opaque

Reviewed-by: N Matt Caswell <matt@openssl.org>

Make X509_PUBKEY opaque
Reviewed-by: N Matt Caswell <matt@openssl.org>
29fa0a1a · Dr. Stephen Henson · 91829e45 · 29fa0a1a · 29fa0a1a · 29fa0a1a
5 changed file
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -70,10 +70,12 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 {
    EVP_PKEY *pkey;
    ASN1_IA5STRING *chal;
+    ASN1_OBJECT *spkioid;
    int i, n;
    char *s;
    BIO_printf(out, "Netscape SPKI:\n");
-    i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+    X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey);
+    i = OBJ_obj2nid(spkioid);
    BIO_printf(out, "  Public Key Algorithm: %s\n",
               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
    pkey = X509_PUBKEY_get(spki->spkac->pubkey);

--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -318,13 +318,6 @@ EVP_PKEY *X509_get_pubkey(X509 *x)
    return X509_PUBKEY_get(x->cert_info.key);
 }
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
-{
-    if (!x)
-        return NULL;
-    return x->cert_info.key->public_key;
-}
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
 {
    EVP_PKEY *xk;

--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -61,9 +61,17 @@
 #include <openssl/x509.h>
 #include "internal/asn1_int.h"
 #include "internal/evp_int.h"
+#include "internal/x509_int.h"
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
+struct X509_pubkey_st {
+    X509_ALGOR *algor;
+    ASN1_BIT_STRING *public_key;
+    EVP_PKEY *pkey;
+    CRYPTO_RWLOCK *lock;
+};
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                     void *exarg)
@@ -375,3 +383,10 @@ int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
        *pa = pub->algor;
    return 1;
 }
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return x->cert_info.key->public_key;
+}
--- a/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
@@ -104,7 +104,9 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                                      X509V3_CTX *ctx, char *str)
 {
    ASN1_OCTET_STRING *oct;
-    ASN1_BIT_STRING *pk;
+    X509_PUBKEY *pubkey;
+    const unsigned char *pk;
+    int pklen;
    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
    unsigned int diglen;
@@ -125,17 +127,18 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
    }
    if (ctx->subject_req)
-        pk = ctx->subject_req->req_info.pubkey->public_key;
+        pubkey = ctx->subject_req->req_info.pubkey;
    else
-        pk = ctx->subject_cert->cert_info.key->public_key;
+        pubkey = ctx->subject_cert->cert_info.key;
-    if (!pk) {
+    if (pubkey == NULL) {
        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
        goto err;
    }
-    if (!EVP_Digest
+    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
-        (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
+    if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))
        goto err;
    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {

--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -120,13 +120,6 @@ typedef struct X509_val_st {
    ASN1_TIME *notAfter;
 } X509_VAL;
-struct X509_pubkey_st {
-    X509_ALGOR *algor;
-    ASN1_BIT_STRING *public_key;
-    EVP_PKEY *pkey;
-    CRYPTO_RWLOCK *lock;
-};
 typedef struct X509_sig_st X509_SIG;
 typedef struct X509_name_entry_st X509_NAME_ENTRY;