]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
crypto-util: simplify openssl_extract_public_key()
authorYu Watanabe <watanabe.yu+github@gmail.com>
Tue, 30 Jun 2026 15:33:27 +0000 (00:33 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Thu, 2 Jul 2026 18:02:56 +0000 (03:02 +0900)
Drop memstream and i2d_PUBKEY_fp(). We can simply use i2d_PUBKEY()
which automatically allocates the necessary buffer for us.

Note that dropping the secure erase (erase_and_freep()) in favor of
OPENSSL_free() is intentional and safe, as the buffer only holds
public key material which does not need to be securely wiped.

src/shared/crypto-util.c

index 006edbe8662dd01c20965303bb07359027325011..ac4737afc09a47b99ff62cb9df5a3cae42c528ff 100644 (file)
@@ -306,7 +306,6 @@ DLSYM_PROTOTYPE(i2d_ECDSA_SIG) = NULL;
 DLSYM_PROTOTYPE(i2d_PKCS7) = NULL;
 DLSYM_PROTOTYPE(i2d_PKCS7_fp) = NULL;
 DLSYM_PROTOTYPE(i2d_PUBKEY) = NULL;
-static DLSYM_PROTOTYPE(i2d_PUBKEY_fp) = NULL;
 static DLSYM_PROTOTYPE(i2d_PublicKey) = NULL;
 DLSYM_PROTOTYPE(i2d_X509) = NULL;
 DLSYM_PROTOTYPE(i2d_X509_NAME) = NULL;
@@ -629,7 +628,6 @@ int dlopen_libcrypto(int log_level) {
                         DLSYM_ARG(i2d_PKCS7),
                         DLSYM_ARG(i2d_PKCS7_fp),
                         DLSYM_ARG(i2d_PUBKEY),
-                        DLSYM_ARG(i2d_PUBKEY_fp),
                         DLSYM_ARG(i2d_PublicKey),
                         DLSYM_ARG(i2d_X509),
                         DLSYM_ARG(i2d_X509_NAME),
@@ -2401,21 +2399,12 @@ int openssl_extract_public_key(EVP_PKEY *private_key, EVP_PKEY **ret) {
         if (r < 0)
                 return r;
 
-        _cleanup_(memstream_done) MemStream m = {};
-        FILE *tf = memstream_init(&m);
-        if (!tf)
-                return -ENOMEM;
-
-        if (sym_i2d_PUBKEY_fp(tf, private_key) != 1)
+        _cleanup_(OPENSSL_freep) void *buf = NULL;
+        int len = sym_i2d_PUBKEY(private_key, (unsigned char**) &buf);
+        if (len < 0)
                 return log_openssl_errors(LOG_DEBUG, "Failed to extract public key in DER format");
 
-        _cleanup_(erase_and_freep) char *buf = NULL;
-        size_t len;
-        r = memstream_finalize(&m, &buf, &len);
-        if (r < 0)
-                return r;
-
-        const unsigned char *t = (const unsigned char*) buf;
+        const unsigned char *t = buf;
         if (!sym_d2i_PUBKEY(ret, &t, len))
                 return log_openssl_errors(LOG_DEBUG, "Failed to parse public key in DER format");