Google Git
Sign in
boringssl / boringssl.git / 890c201d4ac9c345c304d646365fe077cf2b60c1^! / . / ssl
commit890c201d4ac9c345c304d646365fe077cf2b60c1[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Feb 08 15:24:47 2023 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Feb 16 17:51:20 2023 +0000
tree5e31c13ed68cd1fd35e5cd63f22e694fe814c180
parent987dff1a9fa953a8c7dffa369d78caae02b8d9ab [diff]
Make EVP_PKEY opaque.

While hiding 'type' isn't such a huge deal, accessing 'pkey' without a
type check is very dangerous. The accessors are type-checked and avoid
this problem. It also gets us slightly closer to not needing to utter
CRYPTO_refcount_t in public headers, as we're currently not quite
declaring it right. And it allows us to remove another union:
https://boringssl-review.googlesource.com/c/boringssl/+/57106

This matches what upstream did in OpenSSL 1.1.0.

Update-Note: Code that reaches into the EVP_PKEY struct will no longer
compile, like in OpenSSL. I believe I've fixed all the cases. If I
missed any, the fix is to switch code to accessors. EVP_PKEY_id(pkey)
for pkey->type is the most common fix.

Change-Id: Ibe8d6b6cb8fbd141ea1cef0d02dc1ae3703e9469
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57105
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index ec77381..aa46a8b 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc

@@ -237,14 +237,14 @@
     return leaf_cert_and_privkey_error;
   }
 
-  if (!ssl_is_key_type_supported(pubkey->type)) {
+  if (!ssl_is_key_type_supported(EVP_PKEY_id(pubkey.get()))) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
     return leaf_cert_and_privkey_error;
   }
 
   // An ECC certificate may be usable for ECDH or ECDSA. We only support ECDSA
   // certificates, so sanity-check the key usage extension.
-  if (pubkey->type == EVP_PKEY_EC &&
+  if (EVP_PKEY_id(pubkey.get()) == EVP_PKEY_EC &&
       !ssl_cert_check_key_usage(&cert_cbs, key_usage_digital_signature)) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
     return leaf_cert_and_privkey_error;

diff --git a/ssl/ssl_privkey.cc b/ssl/ssl_privkey.cc
index 60fda69..5a75b5e 100644
--- a/ssl/ssl_privkey.cc
+++ b/ssl/ssl_privkey.cc

@@ -77,7 +77,7 @@
 }
 
 static bool ssl_set_pkey(CERT *cert, EVP_PKEY *pkey) {
-  if (!ssl_is_key_type_supported(pkey->type)) {
+  if (!ssl_is_key_type_supported(EVP_PKEY_id(pkey))) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
     return false;
   }