Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commitceb1d5e

Browse files
tniessenmarco-ippolito
authored andcommitted
crypto: avoid taking ownership of OpenSSL objects
It is often unnecessary to obtain (shared) ownership of OpenSSL objectsin this code, and it generally is more costly to do so as opposed tojust obtaining a pointer to the respective OpenSSL object. Therefore,this patch replaces various OpenSSL function calls that take ownershipwith ones that do not.Refs:#53436PR-URL:#53460Reviewed-By: Daniel Lemire <daniel@lemire.me>Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
1 parent57b8b8e commitceb1d5e

File tree

3 files changed

+34
-34
lines changed

3 files changed

+34
-34
lines changed

‎src/crypto/crypto_common.cc

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -21,14 +21,6 @@
2121
#include<string>
2222
#include<unordered_map>
2323

24-
// Some OpenSSL 1.1.1 functions unnecessarily operate on and return non-const
25-
// pointers, whereas the same functions in OpenSSL 3 use const pointers.
26-
#if OPENSSL_VERSION_MAJOR >= 3
27-
#defineOSSL3_CONSTconst
28-
#else
29-
#defineOSSL3_CONST
30-
#endif
31-
3224
namespacenode {
3325

3426
using v8::Array;

‎src/crypto/crypto_common.h

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,14 @@
1010

1111
#include<string>
1212

13+
// Some OpenSSL 1.1.1 functions unnecessarily operate on and return non-const
14+
// pointers, whereas the same functions in OpenSSL 3 use const pointers.
15+
#if OPENSSL_VERSION_MAJOR >= 3
16+
#defineOSSL3_CONSTconst
17+
#else
18+
#defineOSSL3_CONST
19+
#endif
20+
1321
namespacenode {
1422
namespacecrypto {
1523

‎src/crypto/crypto_keys.cc

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -289,11 +289,9 @@ MaybeLocal<Value> BIOToStringOrBuffer(
289289
}
290290
}
291291

292-
293-
MaybeLocal<Value>WritePrivateKey(
294-
Environment* env,
295-
EVP_PKEY* pkey,
296-
const PrivateKeyEncodingConfig& config) {
292+
MaybeLocal<Value>WritePrivateKey(Environment* env,
293+
OSSL3_CONST EVP_PKEY* pkey,
294+
const PrivateKeyEncodingConfig& config) {
297295
BIOPointerbio(BIO_new(BIO_s_mem()));
298296
CHECK(bio);
299297

@@ -327,20 +325,21 @@ MaybeLocal<Value> WritePrivateKey(
327325
// PKCS#1 is only permitted for RSA keys.
328326
CHECK_EQ(EVP_PKEY_id(pkey), EVP_PKEY_RSA);
329327

330-
RSAPointerrsa(EVP_PKEY_get1_RSA(pkey));
328+
OSSL3_CONST RSA*rsa =EVP_PKEY_get0_RSA(pkey);
331329
if (config.format_ ==kKeyFormatPEM) {
332330
// Encode PKCS#1 as PEM.
333-
err =PEM_write_bio_RSAPrivateKey(
334-
bio.get(), rsa.get(),
335-
config.cipher_,
336-
reinterpret_cast<unsignedchar*>(pass),
337-
pass_len,
338-
nullptr,nullptr) !=1;
331+
err =PEM_write_bio_RSAPrivateKey(bio.get(),
332+
rsa,
333+
config.cipher_,
334+
reinterpret_cast<unsignedchar*>(pass),
335+
pass_len,
336+
nullptr,
337+
nullptr) !=1;
339338
}else {
340339
// Encode PKCS#1 as DER. This does not permit encryption.
341340
CHECK_EQ(config.format_,kKeyFormatDER);
342341
CHECK_NULL(config.cipher_);
343-
err =i2d_RSAPrivateKey_bio(bio.get(), rsa.get()) !=1;
342+
err =i2d_RSAPrivateKey_bio(bio.get(), rsa) !=1;
344343
}
345344
}elseif (encoding_type ==kKeyEncodingPKCS8) {
346345
if (config.format_ ==kKeyFormatPEM) {
@@ -367,20 +366,21 @@ MaybeLocal<Value> WritePrivateKey(
367366
// SEC1 is only permitted for EC keys.
368367
CHECK_EQ(EVP_PKEY_id(pkey), EVP_PKEY_EC);
369368

370-
ECKeyPointerec_key(EVP_PKEY_get1_EC_KEY(pkey));
369+
OSSL3_CONST EC_KEY*ec_key =EVP_PKEY_get0_EC_KEY(pkey);
371370
if (config.format_ ==kKeyFormatPEM) {
372371
// Encode SEC1 as PEM.
373-
err =PEM_write_bio_ECPrivateKey(
374-
bio.get(), ec_key.get(),
375-
config.cipher_,
376-
reinterpret_cast<unsignedchar*>(pass),
377-
pass_len,
378-
nullptr,nullptr) !=1;
372+
err =PEM_write_bio_ECPrivateKey(bio.get(),
373+
ec_key,
374+
config.cipher_,
375+
reinterpret_cast<unsignedchar*>(pass),
376+
pass_len,
377+
nullptr,
378+
nullptr) !=1;
379379
}else {
380380
// Encode SEC1 as DER. This does not permit encryption.
381381
CHECK_EQ(config.format_,kKeyFormatDER);
382382
CHECK_NULL(config.cipher_);
383-
err =i2d_ECPrivateKey_bio(bio.get(), ec_key.get()) !=1;
383+
err =i2d_ECPrivateKey_bio(bio.get(), ec_key) !=1;
384384
}
385385
}
386386

@@ -391,20 +391,20 @@ MaybeLocal<Value> WritePrivateKey(
391391
returnBIOToStringOrBuffer(env, bio.get(), config.format_);
392392
}
393393

394-
boolWritePublicKeyInner(EVP_PKEY* pkey,
394+
boolWritePublicKeyInner(OSSL3_CONSTEVP_PKEY* pkey,
395395
const BIOPointer& bio,
396396
const PublicKeyEncodingConfig& config) {
397397
if (config.type_.ToChecked() ==kKeyEncodingPKCS1) {
398398
// PKCS#1 is only valid for RSA keys.
399399
CHECK_EQ(EVP_PKEY_id(pkey), EVP_PKEY_RSA);
400-
RSAPointerrsa(EVP_PKEY_get1_RSA(pkey));
400+
OSSL3_CONST RSA*rsa =EVP_PKEY_get0_RSA(pkey);
401401
if (config.format_ ==kKeyFormatPEM) {
402402
// Encode PKCS#1 as PEM.
403-
returnPEM_write_bio_RSAPublicKey(bio.get(), rsa.get()) ==1;
403+
returnPEM_write_bio_RSAPublicKey(bio.get(), rsa) ==1;
404404
}else {
405405
// Encode PKCS#1 as DER.
406406
CHECK_EQ(config.format_,kKeyFormatDER);
407-
returni2d_RSAPublicKey_bio(bio.get(), rsa.get()) ==1;
407+
returni2d_RSAPublicKey_bio(bio.get(), rsa) ==1;
408408
}
409409
}else {
410410
CHECK_EQ(config.type_.ToChecked(),kKeyEncodingSPKI);
@@ -420,7 +420,7 @@ bool WritePublicKeyInner(EVP_PKEY* pkey,
420420
}
421421

422422
MaybeLocal<Value>WritePublicKey(Environment* env,
423-
EVP_PKEY* pkey,
423+
OSSL3_CONSTEVP_PKEY* pkey,
424424
const PublicKeyEncodingConfig& config) {
425425
BIOPointerbio(BIO_new(BIO_s_mem()));
426426
CHECK(bio);

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp