Daniel Lanz wrote:
>
> The d2i_X509() call, when given a DER-encoded cert, populates
> the openssl internal X509 data structure. The public key for
> this datastructure is stored within the X509 structure in
> cert_info->key, which contains three elements, 'algor',
> 'public_key', and 'pkey'. But, when d2i_X509() is invoked,
> the 'pkey' element is never populated. Does anyone know why?
> You can, of course, hack around this by setting the pkey
> element to the result of d2i_PublicKey(), using the encoded key
> in the 'public_key' element as an argument. However, when
> you later free the X509_PUBKEY data structure in the cert,
> the 'pkey' data structure is never freed because of the reference
> counting on this object, which is apparently affected by the
> hacking I mentioned above.
>
> My question is, does anyone know how this is supposed to
> work? Why is the pkey element not properly populated?
> If the 'pkey' element is manually populated, why does this
> always lead to a memory leak?
>
The 'pkey' element is used as a cache for the internal format of the
public key, you should not populate or mess with the structures in
applications if at all possible.
What you normally do is this...
EVP_PKEY *key;
/* X509 *cert from somewhere */
key = X509_get_pubkey(x509);
/* various operations */
X509_free(x509);
EVP_PKEY_free(key);
This is why the reference count is 2.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
