diff options
author | Matt Caswell <matt@openssl.org> | 2021-03-02 15:52:00 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-03-08 15:13:09 +0000 |
commit | 7bc0fdd3fd4535e06c35b92d71afab9a6de94cc5 (patch) | |
tree | 2e57cd75e2b81a4ae2bc8d375096e094f8b5b0e5 /crypto | |
parent | cc57dc962516410f6269023c8a93913617414b5e (diff) |
Make the EVP_PKEY_get0* functions have a const return type
OTC have decided that the EVP_PKEY_get0* functions should have a const
return type. This is a breaking change to emphasise that these values
should be considered as immutable.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14319)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/dh/dh_ameth.c | 5 | ||||
-rw-r--r-- | crypto/ec/ec_ameth.c | 5 | ||||
-rw-r--r-- | crypto/evp/ctrl_params_translate.c | 8 | ||||
-rw-r--r-- | crypto/evp/p_dec.c | 3 | ||||
-rw-r--r-- | crypto/evp/p_enc.c | 4 | ||||
-rw-r--r-- | crypto/evp/p_legacy.c | 20 | ||||
-rw-r--r-- | crypto/evp/p_lib.c | 36 | ||||
-rw-r--r-- | crypto/pem/pvkfmt.c | 16 |
8 files changed, 64 insertions, 33 deletions
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 338f308934..18f4c9955e 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -433,7 +433,10 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) { switch (op) { case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - return ossl_dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1); + /* We should only be here if we have a legacy key */ + if (!ossl_assert(evp_pkey_is_legacy(pkey))) + return 0; + return ossl_dh_buf2key(evp_pkey_get0_DH_int(pkey), arg2, arg1); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); default: diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 89241b97c1..694fcb3789 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -482,7 +482,10 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) return 1; case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL); + /* We should only be here if we have a legacy key */ + if (!ossl_assert(evp_pkey_is_legacy(pkey))) + return 0; + return EC_KEY_oct2key(evp_pkey_get0_EC_KEY_int(pkey), arg2, arg1, NULL); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey), diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index ae3340395d..966278171c 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1481,7 +1481,7 @@ static int get_payload_group_name(enum state state, #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: { - DH *dh = EVP_PKEY_get0_DH(pkey); + const DH *dh = EVP_PKEY_get0_DH(pkey); int uid = DH_get_nid(dh); if (uid != NID_undef) { @@ -1531,7 +1531,7 @@ static int get_payload_private_key(enum state state, #ifndef OPENSSL_NO_DH case EVP_PKEY_DH: { - DH *dh = EVP_PKEY_get0_DH(pkey); + const DH *dh = EVP_PKEY_get0_DH(pkey); ctx->p2 = (BIGNUM *)DH_get0_priv_key(dh); } @@ -1540,7 +1540,7 @@ static int get_payload_private_key(enum state state, #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: { - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); ctx->p2 = (BIGNUM *)EC_KEY_get0_private_key(ec); } @@ -1590,7 +1590,7 @@ static int get_payload_public_key(enum state state, #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: if (ctx->params->data_type == OSSL_PARAM_OCTET_STRING) { - EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eckey)); const EC_GROUP *ecg = EC_KEY_get0_group(eckey); const EC_POINT *point = EC_KEY_get0_public_key(eckey); diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index 6ac344e394..2e90705656 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -16,6 +16,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include "crypto/evp.h" int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, EVP_PKEY *priv) @@ -28,7 +29,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, } ret = - RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv), + RSA_private_decrypt(ekl, ek, key, evp_pkey_get0_RSA_int(priv), RSA_PKCS1_PADDING); err: return ret; diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index bdc490d884..5881153dbb 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -16,6 +16,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include "crypto/evp.h" int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len, EVP_PKEY *pubk) @@ -26,8 +27,9 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA); goto err; } + ret = - RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk), + RSA_public_encrypt(key_len, key, ek, evp_pkey_get0_RSA_int(pubk), RSA_PKCS1_PADDING); err: return ret; diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c index e478814065..af93288dcb 100644 --- a/crypto/evp/p_legacy.c +++ b/crypto/evp/p_legacy.c @@ -31,7 +31,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) return ret; } -RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) +RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY); @@ -40,9 +40,14 @@ RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) return evp_pkey_get_legacy((EVP_PKEY *)pkey); } +const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) +{ + return evp_pkey_get0_RSA_int(pkey); +} + RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) { - RSA *ret = EVP_PKEY_get0_RSA(pkey); + RSA *ret = evp_pkey_get0_RSA_int(pkey); if (ret != NULL) RSA_up_ref(ret); @@ -59,18 +64,23 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) return ret; } -EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) +EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey) { if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { - EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); + ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY); return NULL; } return evp_pkey_get_legacy((EVP_PKEY *)pkey); } +const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) +{ + return evp_pkey_get0_EC_KEY_int(pkey); +} + EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) { - EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); + EC_KEY *ret = evp_pkey_get0_EC_KEY_int(pkey); if (ret != NULL) EC_KEY_up_ref(ret); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 55214dd3d6..21fbc2ea4c 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -740,7 +740,7 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) } # endif -void *EVP_PKEY_get0(const EVP_PKEY *pkey) +const void *EVP_PKEY_get0(const EVP_PKEY *pkey) { if (pkey == NULL) return NULL; @@ -750,7 +750,7 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey) const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) { - ASN1_OCTET_STRING *os = NULL; + const ASN1_OCTET_STRING *os = NULL; if (pkey->type != EVP_PKEY_HMAC) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_HMAC_KEY); return NULL; @@ -763,7 +763,7 @@ const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) # ifndef OPENSSL_NO_POLY1305 const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) { - ASN1_OCTET_STRING *os = NULL; + const ASN1_OCTET_STRING *os = NULL; if (pkey->type != EVP_PKEY_POLY1305) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_POLY1305_KEY); return NULL; @@ -777,7 +777,7 @@ const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) # ifndef OPENSSL_NO_SIPHASH const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) { - ASN1_OCTET_STRING *os = NULL; + const ASN1_OCTET_STRING *os = NULL; if (pkey->type != EVP_PKEY_SIPHASH) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_SIPHASH_KEY); @@ -790,7 +790,7 @@ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) # endif # ifndef OPENSSL_NO_DSA -DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) +static DSA *evp_pkey_get0_DSA_int(const EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_DSA) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_DSA_KEY); @@ -799,6 +799,11 @@ DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) return evp_pkey_get_legacy((EVP_PKEY *)pkey); } +const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) +{ + return evp_pkey_get0_DSA_int(pkey); +} + int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) { int ret = EVP_PKEY_assign_DSA(pkey, key); @@ -808,7 +813,8 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) } DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) { - DSA *ret = EVP_PKEY_get0_DSA(pkey); + DSA *ret = evp_pkey_get0_DSA_int(pkey); + if (ret != NULL) DSA_up_ref(ret); return ret; @@ -818,7 +824,7 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) #ifndef FIPS_MODULE # ifndef OPENSSL_NO_EC -static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) +static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) { if (EVP_PKEY_base_id(pkey) != type) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_ECX_KEY); @@ -829,7 +835,7 @@ static ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) static ECX_KEY *evp_pkey_get1_ECX_KEY(EVP_PKEY *pkey, int type) { - ECX_KEY *ret = evp_pkey_get0_ECX_KEY(pkey, type); + ECX_KEY *ret = (ECX_KEY *)evp_pkey_get0_ECX_KEY(pkey, type); if (ret != NULL) ossl_ecx_key_up_ref(ret); return ret; @@ -859,7 +865,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) return ret; } -DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) +DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_DH_KEY); @@ -868,9 +874,15 @@ DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) return evp_pkey_get_legacy((EVP_PKEY *)pkey); } +const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) +{ + return evp_pkey_get0_DH_int(pkey); +} + DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) { - DH *ret = EVP_PKEY_get0_DH(pkey); + DH *ret = evp_pkey_get0_DH_int(pkey); + if (ret != NULL) DH_up_ref(ret); return ret; @@ -2166,7 +2178,7 @@ int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey) || pkey->keydata == NULL) { #ifndef OPENSSL_NO_EC /* Might work through the legacy route */ - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); if (ec == NULL) return 0; @@ -2206,7 +2218,7 @@ int EVP_PKEY_get_field_type(const EVP_PKEY *pkey) || pkey->keydata == NULL) { #ifndef OPENSSL_NO_EC /* Might work through the legacy route */ - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); const EC_GROUP *grp; if (ec == NULL) diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index de673be005..8006c64b3a 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -450,12 +450,12 @@ static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) *out += len; } -static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); -static void write_rsa(unsigned char **out, RSA *rsa, int ispub); +static int check_bitlen_rsa(const RSA *rsa, int ispub, unsigned int *magic); +static void write_rsa(unsigned char **out, const RSA *rsa, int ispub); #ifndef OPENSSL_NO_DSA -static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic); -static void write_dsa(unsigned char **out, DSA *dsa, int ispub); +static int check_bitlen_dsa(const DSA *dsa, int ispub, unsigned int *magic); +static void write_dsa(unsigned char **out, const DSA *dsa, int ispub); #endif static int do_i2b(unsigned char **out, const EVP_PKEY *pk, int ispub) @@ -542,7 +542,7 @@ static int do_i2b_bio(BIO *out, const EVP_PKEY *pk, int ispub) return -1; } -static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) +static int check_bitlen_rsa(const RSA *rsa, int ispub, unsigned int *pmagic) { int nbyte, hnbyte, bitlen; const BIGNUM *e; @@ -582,7 +582,7 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) return 0; } -static void write_rsa(unsigned char **out, RSA *rsa, int ispub) +static void write_rsa(unsigned char **out, const RSA *rsa, int ispub) { int nbyte, hnbyte; const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1; @@ -605,7 +605,7 @@ static void write_rsa(unsigned char **out, RSA *rsa, int ispub) } #ifndef OPENSSL_NO_DSA -static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) +static int check_bitlen_dsa(const DSA *dsa, int ispub, unsigned int *pmagic) { int bitlen; const BIGNUM *p = NULL, *q = NULL, *g = NULL; @@ -633,7 +633,7 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) return 0; } -static void write_dsa(unsigned char **out, DSA *dsa, int ispub) +static void write_dsa(unsigned char **out, const DSA *dsa, int ispub) { int nbyte; const BIGNUM *p = NULL, *q = NULL, *g = NULL; |