Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
8382fd3a
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
8382fd3a
编写于
12月 20, 2015
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Use X509_get0_pubkey where appropriate
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
39a6a4a7
变更
11
隐藏空白更改
内联
并排
Showing
11 changed file
with
28 addition
and
63 deletion
+28
-63
crypto/cms/cms_env.c
crypto/cms/cms_env.c
+1
-4
crypto/ocsp/ocsp_vfy.c
crypto/ocsp/ocsp_vfy.c
+3
-6
crypto/pkcs7/pk7_doit.c
crypto/pkcs7/pk7_doit.c
+2
-4
crypto/pkcs7/pk7_lib.c
crypto/pkcs7/pk7_lib.c
+1
-4
crypto/x509/x509_cmp.c
crypto/x509/x509_cmp.c
+1
-1
crypto/x509/x509_req.c
crypto/x509/x509_req.c
+1
-2
crypto/x509/x509type.c
crypto/x509/x509type.c
+1
-3
ssl/ssl_rsa.c
ssl/ssl_rsa.c
+4
-9
ssl/statem/statem_clnt.c
ssl/statem/statem_clnt.c
+8
-16
ssl/statem/statem_srvr.c
ssl/statem/statem_srvr.c
+3
-7
ssl/t1_lib.c
ssl/t1_lib.c
+3
-7
未找到文件。
crypto/cms/cms_env.c
浏览文件 @
8382fd3a
...
...
@@ -236,7 +236,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
if
(
!
ri
)
goto
merr
;
pk
=
X509_get_pubkey
(
recip
);
pk
=
X509_get
0
_pubkey
(
recip
);
if
(
!
pk
)
{
CMSerr
(
CMS_F_CMS_ADD1_RECIPIENT_CERT
,
CMS_R_ERROR_GETTING_PUBLIC_KEY
);
goto
err
;
...
...
@@ -264,15 +264,12 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
if
(
!
sk_CMS_RecipientInfo_push
(
env
->
recipientInfos
,
ri
))
goto
merr
;
EVP_PKEY_free
(
pk
);
return
ri
;
merr:
CMSerr
(
CMS_F_CMS_ADD1_RECIPIENT_CERT
,
ERR_R_MALLOC_FAILURE
);
err:
M_ASN1_free_of
(
ri
,
CMS_RecipientInfo
);
EVP_PKEY_free
(
pk
);
return
NULL
;
}
...
...
crypto/ocsp/ocsp_vfy.c
浏览文件 @
8382fd3a
...
...
@@ -97,11 +97,9 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
flags
|=
OCSP_NOVERIFY
;
if
(
!
(
flags
&
OCSP_NOSIGS
))
{
EVP_PKEY
*
skey
;
skey
=
X509_get_pubkey
(
signer
);
if
(
skey
)
{
skey
=
X509_get
0
_pubkey
(
signer
);
if
(
skey
)
ret
=
OCSP_BASICRESP_verify
(
bs
,
skey
,
0
);
EVP_PKEY_free
(
skey
);
}
if
(
!
skey
||
ret
<=
0
)
{
OCSPerr
(
OCSP_F_OCSP_BASIC_VERIFY
,
OCSP_R_SIGNATURE_FAILURE
);
goto
end
;
...
...
@@ -397,9 +395,8 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
flags
|=
OCSP_NOVERIFY
;
if
(
!
(
flags
&
OCSP_NOSIGS
))
{
EVP_PKEY
*
skey
;
skey
=
X509_get_pubkey
(
signer
);
skey
=
X509_get
0
_pubkey
(
signer
);
ret
=
OCSP_REQUEST_verify
(
req
,
skey
);
EVP_PKEY_free
(
skey
);
if
(
ret
<=
0
)
{
OCSPerr
(
OCSP_F_OCSP_REQUEST_VERIFY
,
OCSP_R_SIGNATURE_FAILURE
);
return
0
;
...
...
crypto/pkcs7/pk7_doit.c
浏览文件 @
8382fd3a
...
...
@@ -142,7 +142,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
int
ret
=
0
;
size_t
eklen
;
pkey
=
X509_get_pubkey
(
ri
->
cert
);
pkey
=
X509_get
0
_pubkey
(
ri
->
cert
);
if
(
!
pkey
)
return
0
;
...
...
@@ -179,7 +179,6 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
ret
=
1
;
err:
EVP_PKEY_free
(
pkey
);
EVP_PKEY_CTX_free
(
pctx
);
OPENSSL_free
(
ek
);
return
ret
;
...
...
@@ -1072,14 +1071,13 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
os
=
si
->
enc_digest
;
pkey
=
X509_get_pubkey
(
x509
);
pkey
=
X509_get
0
_pubkey
(
x509
);
if
(
!
pkey
)
{
ret
=
-
1
;
goto
err
;
}
i
=
EVP_VerifyFinal
(
mdc_tmp
,
os
->
data
,
os
->
length
,
pkey
);
EVP_PKEY_free
(
pkey
);
if
(
i
<=
0
)
{
PKCS7err
(
PKCS7_F_PKCS7_SIGNATUREVERIFY
,
PKCS7_R_SIGNATURE_FAILURE
);
ret
=
-
1
;
...
...
crypto/pkcs7/pk7_lib.c
浏览文件 @
8382fd3a
...
...
@@ -523,7 +523,7 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
ASN1_INTEGER_dup
(
X509_get_serialNumber
(
x509
))))
return
0
;
pkey
=
X509_get_pubkey
(
x509
);
pkey
=
X509_get
0
_pubkey
(
x509
);
if
(
!
pkey
||
!
pkey
->
ameth
||
!
pkey
->
ameth
->
pkey_ctrl
)
{
PKCS7err
(
PKCS7_F_PKCS7_RECIP_INFO_SET
,
...
...
@@ -543,15 +543,12 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
goto
err
;
}
EVP_PKEY_free
(
pkey
);
X509_up_ref
(
x509
);
p7i
->
cert
=
x509
;
return
1
;
err:
EVP_PKEY_free
(
pkey
);
return
0
;
}
...
...
crypto/x509/x509_cmp.c
浏览文件 @
8382fd3a
...
...
@@ -432,7 +432,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
rv
=
X509_V_ERR_SUITE_B_INVALID_VERSION
;
goto
end
;
}
pk
=
X509_get_pubkey
(
x
);
pk
=
X509_get
0
_pubkey
(
x
);
rv
=
check_suite_b
(
pk
,
sign_nid
,
&
tflags
);
if
(
rv
!=
X509_V_OK
)
goto
end
;
...
...
crypto/x509/x509_req.c
浏览文件 @
8382fd3a
...
...
@@ -92,11 +92,10 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
if
(
!
X509_REQ_set_subject_name
(
ret
,
X509_get_subject_name
(
x
)))
goto
err
;
pktmp
=
X509_get_pubkey
(
x
);
pktmp
=
X509_get
0
_pubkey
(
x
);
if
(
pktmp
==
NULL
)
goto
err
;
i
=
X509_REQ_set_pubkey
(
ret
,
pktmp
);
EVP_PKEY_free
(
pktmp
);
if
(
!
i
)
goto
err
;
...
...
crypto/x509/x509type.c
浏览文件 @
8382fd3a
...
...
@@ -71,7 +71,7 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
return
(
0
);
if
(
pkey
==
NULL
)
pk
=
X509_get_pubkey
(
x
);
pk
=
X509_get
0
_pubkey
(
x
);
else
pk
=
pkey
;
...
...
@@ -122,7 +122,5 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
}
}
if
(
pkey
==
NULL
)
EVP_PKEY_free
(
pk
);
return
(
ret
);
}
ssl/ssl_rsa.c
浏览文件 @
8382fd3a
...
...
@@ -179,10 +179,9 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
if
(
c
->
pkeys
[
i
].
x509
!=
NULL
)
{
EVP_PKEY
*
pktmp
;
pktmp
=
X509_get_pubkey
(
c
->
pkeys
[
i
].
x509
);
pktmp
=
X509_get
0
_pubkey
(
c
->
pkeys
[
i
].
x509
);
if
(
pktmp
==
NULL
)
{
SSLerr
(
SSL_F_SSL_SET_PKEY
,
ERR_R_MALLOC_FAILURE
);
EVP_PKEY_free
(
pktmp
);
return
0
;
}
/*
...
...
@@ -190,7 +189,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
* ignored. Some EVP_PKEY types cannot do this.
*/
EVP_PKEY_copy_parameters
(
pktmp
,
pkey
);
EVP_PKEY_free
(
pktmp
);
ERR_clear_error
();
#ifndef OPENSSL_NO_RSA
...
...
@@ -369,7 +367,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
EVP_PKEY
*
pkey
;
int
i
;
pkey
=
X509_get_pubkey
(
x
);
pkey
=
X509_get
0
_pubkey
(
x
);
if
(
pkey
==
NULL
)
{
SSLerr
(
SSL_F_SSL_SET_CERT
,
SSL_R_X509_LIB
);
return
(
0
);
...
...
@@ -378,8 +376,7 @@ static int ssl_set_cert(CERT *c, X509 *x)
i
=
ssl_cert_type
(
x
,
pkey
);
if
(
i
<
0
)
{
SSLerr
(
SSL_F_SSL_SET_CERT
,
SSL_R_UNKNOWN_CERTIFICATE_TYPE
);
EVP_PKEY_free
(
pkey
);
return
(
0
);
return
0
;
}
if
(
c
->
pkeys
[
i
].
privatekey
!=
NULL
)
{
...
...
@@ -413,14 +410,12 @@ static int ssl_set_cert(CERT *c, X509 *x)
}
}
EVP_PKEY_free
(
pkey
);
X509_free
(
c
->
pkeys
[
i
].
x509
);
X509_up_ref
(
x
);
c
->
pkeys
[
i
].
x509
=
x
;
c
->
key
=
&
(
c
->
pkeys
[
i
]);
return
(
1
)
;
return
1
;
}
#ifndef OPENSSL_NO_STDIO
...
...
ssl/statem/statem_clnt.c
浏览文件 @
8382fd3a
...
...
@@ -1524,7 +1524,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end
*/
pkey
=
X509_get_pubkey
(
x
);
pkey
=
X509_get
0
_pubkey
(
x
);
if
(
pkey
==
NULL
||
EVP_PKEY_missing_parameters
(
pkey
))
{
x
=
NULL
;
...
...
@@ -1570,7 +1570,6 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
err:
ossl_statem_set_error
(
s
);
done:
EVP_PKEY_free
(
pkey
);
X509_free
(
x
);
sk_X509_pop_free
(
sk
,
X509_free
);
return
ret
;
...
...
@@ -1686,7 +1685,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
/* We must check if there is a certificate */
if
(
alg_a
&
(
SSL_aRSA
|
SSL_aDSS
))
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
pkey
=
X509_get
0
_pubkey
(
s
->
session
->
peer
);
}
#endif
/* !OPENSSL_NO_SRP */
#ifndef OPENSSL_NO_DH
...
...
@@ -1739,7 +1738,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto
f_err
;
}
if
(
alg_a
&
(
SSL_aRSA
|
SSL_aDSS
))
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
pkey
=
X509_get
0
_pubkey
(
s
->
session
->
peer
);
/* else anonymous DH, so no certificate or pkey. */
}
#endif
/* !OPENSSL_NO_DH */
...
...
@@ -1809,11 +1808,11 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
if
(
0
)
;
# ifndef OPENSSL_NO_RSA
else
if
(
alg_a
&
SSL_aRSA
)
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
pkey
=
X509_get
0
_pubkey
(
s
->
session
->
peer
);
# endif
# ifndef OPENSSL_NO_EC
else
if
(
alg_a
&
SSL_aECDSA
)
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
pkey
=
X509_get
0
_pubkey
(
s
->
session
->
peer
);
# endif
/* else anonymous ECDH, so no certificate or pkey. */
}
else
if
(
alg_k
)
{
...
...
@@ -1912,13 +1911,11 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
goto
f_err
;
}
}
EVP_PKEY_free
(
pkey
);
EVP_MD_CTX_free
(
md_ctx
);
return
MSG_PROCESS_CONTINUE_READING
;
f_err:
ssl3_send_alert
(
s
,
SSL3_AL_FATAL
,
al
);
err:
EVP_PKEY_free
(
pkey
);
#ifndef OPENSSL_NO_RSA
RSA_free
(
rsa
);
#endif
...
...
@@ -2363,12 +2360,11 @@ psk_err:
goto
err
;
}
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
pkey
=
X509_get
0
_pubkey
(
s
->
session
->
peer
);
if
((
pkey
==
NULL
)
||
(
pkey
->
type
!=
EVP_PKEY_RSA
)
||
(
pkey
->
pkey
.
rsa
==
NULL
))
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_INTERNAL_ERROR
);
EVP_PKEY_free
(
pkey
);
goto
err
;
}
...
...
@@ -2501,7 +2497,6 @@ psk_err:
unsigned
int
md_len
;
unsigned
char
shared_ukm
[
32
],
tmp
[
256
];
EVP_MD_CTX
*
ukm_hash
;
EVP_PKEY
*
pub_key
;
int
dgst_nid
=
NID_id_GostR3411_94
;
if
((
s
->
s3
->
tmp
.
new_cipher
->
algorithm_auth
&
SSL_aGOST12
)
!=
0
)
dgst_nid
=
NID_id_GostR3411_2012_256
;
...
...
@@ -2522,8 +2517,7 @@ psk_err:
goto
err
;
}
pkey_ctx
=
EVP_PKEY_CTX_new
(
pub_key
=
X509_get_pubkey
(
peer_cert
),
NULL
);
pkey_ctx
=
EVP_PKEY_CTX_new
(
X509_get0_pubkey
(
peer_cert
),
NULL
);
if
(
pkey_ctx
==
NULL
)
{
SSLerr
(
SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE
,
ERR_R_MALLOC_FAILURE
);
...
...
@@ -2611,7 +2605,6 @@ psk_err:
s
->
s3
->
flags
|=
TLS1_FLAGS_SKIP_CERT_VERIFY
;
}
EVP_PKEY_CTX_free
(
pkey_ctx
);
EVP_PKEY_free
(
pub_key
);
}
#endif
...
...
@@ -2963,9 +2956,8 @@ int ssl3_check_cert_and_algorithm(SSL *s)
goto
f_err
;
}
#endif
pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
pkey
=
X509_get
0
_pubkey
(
s
->
session
->
peer
);
i
=
X509_certificate_type
(
s
->
session
->
peer
,
pkey
);
EVP_PKEY_free
(
pkey
);
/* Check that we have a certificate if we require one */
if
((
alg_a
&
SSL_aRSA
)
&&
!
has_bits
(
i
,
EVP_PK_RSA
|
EVP_PKT_SIGN
))
{
...
...
ssl/statem/statem_srvr.c
浏览文件 @
8382fd3a
...
...
@@ -2553,7 +2553,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
* EVP_PKEY_derive_set_peer, because it is completely valid to use a
* client certificate for authorization only.
*/
client_pub_pkey
=
X509_get_pubkey
(
s
->
session
->
peer
);
client_pub_pkey
=
X509_get
0
_pubkey
(
s
->
session
->
peer
);
if
(
client_pub_pkey
)
{
if
(
EVP_PKEY_derive_set_peer
(
pkey_ctx
,
client_pub_pkey
)
<=
0
)
ERR_clear_error
();
...
...
@@ -2595,11 +2595,9 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
(
pkey_ctx
,
-
1
,
-
1
,
EVP_PKEY_CTRL_PEER_KEY
,
2
,
NULL
)
>
0
)
s
->
statem
.
no_cert_verify
=
1
;
EVP_PKEY_free
(
client_pub_pkey
);
EVP_PKEY_CTX_free
(
pkey_ctx
);
return
MSG_PROCESS_CONTINUE_PROCESSING
;
gerr:
EVP_PKEY_free
(
client_pub_pkey
);
EVP_PKEY_CTX_free
(
pkey_ctx
);
goto
f_err
;
}
else
...
...
@@ -2725,7 +2723,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
}
peer
=
s
->
session
->
peer
;
pkey
=
X509_get_pubkey
(
peer
);
pkey
=
X509_get
0
_pubkey
(
peer
);
type
=
X509_certificate_type
(
peer
,
pkey
);
if
(
!
(
type
&
EVP_PKT_SIGN
))
{
...
...
@@ -2842,7 +2840,6 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
BIO_free
(
s
->
s3
->
handshake_buffer
);
s
->
s3
->
handshake_buffer
=
NULL
;
EVP_MD_CTX_free
(
mctx
);
EVP_PKEY_free
(
pkey
);
return
ret
;
}
...
...
@@ -2931,14 +2928,13 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
al
=
SSL_AD_HANDSHAKE_FAILURE
;
goto
f_err
;
}
pkey
=
X509_get_pubkey
(
sk_X509_value
(
sk
,
0
));
pkey
=
X509_get
0
_pubkey
(
sk_X509_value
(
sk
,
0
));
if
(
pkey
==
NULL
)
{
al
=
SSL3_AD_HANDSHAKE_FAILURE
;
SSLerr
(
SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE
,
SSL_R_UNKNOWN_CERTIFICATE_TYPE
);
goto
f_err
;
}
EVP_PKEY_free
(
pkey
);
}
X509_free
(
s
->
session
->
peer
);
...
...
ssl/t1_lib.c
浏览文件 @
8382fd3a
...
...
@@ -786,16 +786,13 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
unsigned
char
comp_id
,
curve_id
[
2
];
EVP_PKEY
*
pkey
;
int
rv
;
pkey
=
X509_get_pubkey
(
x
);
pkey
=
X509_get
0
_pubkey
(
x
);
if
(
!
pkey
)
return
0
;
/* If not EC nothing to do */
if
(
pkey
->
type
!=
EVP_PKEY_EC
)
{
EVP_PKEY_free
(
pkey
);
if
(
pkey
->
type
!=
EVP_PKEY_EC
)
return
1
;
}
rv
=
tls1_set_ec_id
(
curve_id
,
&
comp_id
,
pkey
->
pkey
.
ec
);
EVP_PKEY_free
(
pkey
);
if
(
!
rv
)
return
0
;
/*
...
...
@@ -4254,7 +4251,7 @@ DH *ssl_get_auto_dh(SSL *s)
static
int
ssl_security_cert_key
(
SSL
*
s
,
SSL_CTX
*
ctx
,
X509
*
x
,
int
op
)
{
int
secbits
=
-
1
;
EVP_PKEY
*
pkey
=
X509_get_pubkey
(
x
);
EVP_PKEY
*
pkey
=
X509_get
0
_pubkey
(
x
);
if
(
pkey
)
{
/*
* If no parameters this will return -1 and fail using the default
...
...
@@ -4263,7 +4260,6 @@ static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
* omission of parameters is never (?) done in practice.
*/
secbits
=
EVP_PKEY_security_bits
(
pkey
);
EVP_PKEY_free
(
pkey
);
}
if
(
s
)
return
ssl_security
(
s
,
op
,
secbits
,
0
,
x
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录