commit 8f3f6be0d5eaaa6f97d39b6cb3ef3b6667a60fe1
author David Benjamin <davidben@google.com> Wed Dec 28 04:42:19 2016 -0500
committer Adam Langley <alangley@gmail.com> Tue Jan 10 23:42:10 2017 +0000
tree 9fc873161e8aca3c3ce3b5b6bcd655dfc01e23db
parent 35349e9fac8166a3dc16ebe359ea0cfecd835195

Const-correct the PKCS8 salt parameter.

Change-Id: Iad9b0898b3a602fc2e554c4fd59a599c61cd8ef7
Reviewed-on: https://boringssl-review.googlesource.com/13063
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <alangley@gmail.com>

crypto/pkcs8/internal.h

diff --git a/crypto/pkcs8/internal.h b/crypto/pkcs8/internal.h
index 99c6b37..d29a4af 100644
--- a/crypto/pkcs8/internal.h
+++ b/crypto/pkcs8/internal.h
@@ -99,7 +99,7 @@
 X509_ALGOR *PKCS5_pbe_set(int alg, int iter, const unsigned char *salt,
                           int saltlen);
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-                           unsigned char *salt, int saltlen);
+                           const unsigned char *salt, int saltlen);
 
 
 #if defined(__cplusplus)

crypto/pkcs8/p5_pbev2.c

diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.c
index 2fd438a..1a901a6 100644
--- a/crypto/pkcs8/p5_pbev2.c
+++ b/crypto/pkcs8/p5_pbev2.c
@@ -110,8 +110,8 @@
 	return ASN1_TYPE_set_octetstring(type, c->oiv, iv_len);
 	}
 
-static X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-	                            int prf_nid, int keylen)
+static X509_ALGOR *PKCS5_pbkdf2_set(int iter, const unsigned char *salt,
+                                    int saltlen, int prf_nid, int keylen)
 	{
 	X509_ALGOR *keyfunc = NULL;
 	PBKDF2PARAM *kdf = NULL;
@@ -197,7 +197,7 @@
  * Extended version to allow application supplied PRF NID and IV. */
 
 static X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-				     unsigned char *salt, int saltlen,
+				     const unsigned char *salt, int saltlen,
 				     unsigned char *aiv, int prf_nid)
 {
 	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
@@ -300,7 +300,7 @@
 }
 
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-				 unsigned char *salt, int saltlen)
+			   const unsigned char *salt, int saltlen)
 	{
 	return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
 	}

crypto/pkcs8/pkcs8.c

diff --git a/crypto/pkcs8/pkcs8.c b/crypto/pkcs8/pkcs8.c
index e965bc9..2e81adf 100644
--- a/crypto/pkcs8/pkcs8.c
+++ b/crypto/pkcs8/pkcs8.c
@@ -540,7 +540,7 @@
 }
 
 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass,
-                        int pass_len, uint8_t *salt, size_t salt_len,
+                        int pass_len, const uint8_t *salt, size_t salt_len,
                         int iterations, PKCS8_PRIV_KEY_INFO *p8inf) {
   uint8_t *pass_raw = NULL;
   size_t pass_raw_len = 0;
@@ -560,7 +560,7 @@
 
 X509_SIG *PKCS8_encrypt_pbe(int pbe_nid, const EVP_CIPHER *cipher,
                             const uint8_t *pass_raw, size_t pass_raw_len,
-                            uint8_t *salt, size_t salt_len,
+                            const uint8_t *salt, size_t salt_len,
                             int iterations, PKCS8_PRIV_KEY_INFO *p8inf) {
   X509_SIG *pkcs8 = NULL;
   X509_ALGOR *pbe;

include/openssl/pkcs8.h

diff --git a/include/openssl/pkcs8.h b/include/openssl/pkcs8.h
index e04a4f3..141ed8d 100644
--- a/include/openssl/pkcs8.h
+++ b/include/openssl/pkcs8.h
@@ -88,7 +88,7 @@
                                            const EVP_CIPHER *cipher,
                                            const uint8_t *pass_raw,
                                            size_t pass_raw_len,
-                                           uint8_t *salt, size_t salt_len,
+                                           const uint8_t *salt, size_t salt_len,
                                            int iterations,
                                            PKCS8_PRIV_KEY_INFO *p8inf);
 
@@ -123,7 +123,7 @@
  * unchanged.  */
 OPENSSL_EXPORT X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
                                        const char *pass, int pass_len,
-                                       uint8_t *salt, size_t salt_len,
+                                       const uint8_t *salt, size_t salt_len,
                                        int iterations,
                                        PKCS8_PRIV_KEY_INFO *p8inf);