Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().

Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>

4 files changed, 19 insertions, 7 deletions

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 1b521077a9..f2f07ac2d5 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -363,7 +363,14 @@ int ASN1_STRING_type(const ASN1_STRING *x)
     return x->type;
 }
 
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+    return x->data;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
 unsigned char *ASN1_STRING_data(ASN1_STRING *x)
 {
     return x->data;
 }
+#endif
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index ad3a5bc7a0..a458367ebd 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -30,13 +30,13 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
 int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
 {
     int ret, num;
-    unsigned char *p;
+    const unsigned char *p;
 
     if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
         ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
         return (-1);
     }
-    p = ASN1_STRING_data(a->value.octet_string);
+    p = ASN1_STRING_get0_data(a->value.octet_string);
     ret = ASN1_STRING_length(a->value.octet_string);
     if (ret < max_len)
         num = ret;
@@ -105,7 +105,7 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
         n = max_len;
 
     if (data != NULL)
-        memcpy(data, ASN1_STRING_data(atmp->oct), n);
+        memcpy(data, ASN1_STRING_get0_data(atmp->oct), n);
     if (ret == -1) {
  err:
         ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index 92da23ec3b..ab7e16898f 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -29,7 +29,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
 {
     PBEPARAM *pbe = NULL;
     ASN1_STRING *pbe_str = NULL;
-    unsigned char *sstr;
+    unsigned char *sstr = NULL;
 
     pbe = PBEPARAM_new();
     if (pbe == NULL) {
@@ -44,16 +44,20 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
     }
     if (!saltlen)
         saltlen = PKCS5_SALT_LEN;
-    if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
+
+    sstr = OPENSSL_malloc(saltlen);
+    if (sstr == NULL) {
         ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    sstr = ASN1_STRING_data(pbe->salt);
     if (salt)
         memcpy(sstr, salt, saltlen);
     else if (RAND_bytes(sstr, saltlen) <= 0)
         goto err;
 
+    ASN1_STRING_set0(pbe->salt, sstr, saltlen);
+    sstr = NULL;
+
     if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
         ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
         goto err;
@@ -66,6 +70,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
         return 1;
 
  err:
+    OPENSSL_free(sstr);
     PBEPARAM_free(pbe);
     ASN1_STRING_free(pbe_str);
     return 0;
diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
index ebee6b50cd..c08aa85267 100644
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -57,7 +57,7 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
     if (ppkalg)
         *ppkalg = p8->pkeyalg->algorithm;
     if (pk) {
-        *pk = ASN1_STRING_data(p8->pkey);
+        *pk = ASN1_STRING_get0_data(p8->pkey);
         *ppklen = ASN1_STRING_length(p8->pkey);
     }
     if (pa)