Google Git
Sign in
boringssl / boringssl.git / 5f8c681d7897a6a7dea5daa8ab361b73e2dd7500^! / .
commit5f8c681d7897a6a7dea5daa8ab361b73e2dd7500[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sat Jun 19 16:33:17 2021 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Jun 23 01:42:53 2021 +0000
treee488c52a9cfea83af10d9898a9b32e53c83be42d
parent52067828463443821e175975d19085b2c8bf2f54 [diff]
Const-correct ASN1_item_verify a bit more.

Change-Id: I188feff6d62986554e34a10d148108b19a4eae0b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48226
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.c
index 3cda5d0..ec671c0 100644
--- a/crypto/x509/a_verify.c
+++ b/crypto/x509/a_verify.c

@@ -69,7 +69,7 @@
 
 #include "internal.h"
 
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *a,
                      const ASN1_BIT_STRING *signature, void *asn,
                      EVP_PKEY *pkey) {
     if (!pkey) {

diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c
index c021dc4..7f90480 100644
--- a/crypto/x509/algorithm.c
+++ b/crypto/x509/algorithm.c

@@ -110,7 +110,7 @@
   return 1;
 }
 
-int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg,
+int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
                             EVP_PKEY *pkey) {
   /* Convert the signature OID into digest and public key OIDs. */
   int sigalg_nid = OBJ_obj2nid(sigalg->algorithm);

diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 32a6a9f..59e980a 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h

@@ -139,7 +139,8 @@
  * signature algorithm parameters in |sigalg| (which must have type
  * |NID_rsassaPss|) and key |pkey|. It returns one on success and zero on
  * error. */
-int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey);
+int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
+                        EVP_PKEY *pkey);
 
 /* x509_rsa_pss_to_ctx sets |algor| to the signature algorithm parameters for
  * |ctx|, which must have been configured for an RSA-PSS signing operation. It
@@ -164,7 +165,7 @@
  * with public key |pkey| and parameters from |algor|. The |ctx| argument must
  * have been initialised with |EVP_MD_CTX_init|. It returns one on success, or
  * zero on error. */
-int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg,
+int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
                             EVP_PKEY *pkey);
 
 

diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.c
index 39637b9..1520c08 100644
--- a/crypto/x509/rsa_pss.c
+++ b/crypto/x509/rsa_pss.c

@@ -167,7 +167,8 @@
 }
 
 /* convert MGF1 algorithm ID to EVP_MD, default SHA1 */
-static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash) {
+static const EVP_MD *rsa_mgf1_to_md(const X509_ALGOR *alg,
+                                    X509_ALGOR *maskHash) {
   const EVP_MD *md;
   if (!alg) {
     return EVP_sha1();
@@ -246,7 +247,8 @@
   return ret;
 }
 
-int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) {
+int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
+                        EVP_PKEY *pkey) {
   assert(OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss);
 
   /* Decode PSS parameters */

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 97b3ccb..9901bfa 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h

@@ -1074,7 +1074,8 @@
                                     void *data, unsigned char *md,
                                     unsigned int *len);
 
-OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
+                                    const X509_ALGOR *algor1,
                                     const ASN1_BIT_STRING *signature,
                                     void *data, EVP_PKEY *pkey);