Mark the |e| argument to |RSA_generate_key_ex| as const. The function does not take ownership of |e| and this makes that clear. Change-Id: I53bb5fa94bec5d16d1c904b59391d36df7abbde6 Reviewed-on: https://boringssl-review.googlesource.com/c/33164 Commit-Queue: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c index e8072ec..895408d 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c +++ b/crypto/fipsmodule/rsa/rsa_impl.c
@@ -1066,7 +1066,7 @@ // // This function returns one on success and zero on failure. It has a failure // probability of about 2^-20. -static int rsa_generate_key_impl(RSA *rsa, int bits, BIGNUM *e_value, +static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value, BN_GENCB *cb) { // See FIPS 186-4 appendix B.3. This function implements a generalized version // of the FIPS algorithm. |RSA_generate_key_fips| performs additional checks @@ -1247,7 +1247,8 @@ *in = NULL; } -int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { +int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value, + BN_GENCB *cb) { // |rsa_generate_key_impl|'s 2^-20 failure probability is too high at scale, // so we run the FIPS algorithm four times, bringing it down to 2^-80. We // should just adjust the retry limit, but FIPS 186-4 prescribes that value
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index dcca9e3..2e5cc89 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h
@@ -161,7 +161,7 @@ // with event=3 when a suitable value for |p| is found. // // It returns one on success or zero on error. -OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, +OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); // RSA_generate_key_fips behaves like |RSA_generate_key_ex| but performs