Fix constness of |gcm128_context.key|.
The key is never modified through the key pointer member, and the
calling code relies on that fact for maintaining its own
const-correctness.
Change-Id: I63946451aa7c400cd127895a61c30d9a647b1b8c
Reviewed-on: https://boringssl-review.googlesource.com/6040
Reviewed-by: Adam Langley <alangley@gmail.com>
diff --git a/crypto/modes/gcm.c b/crypto/modes/gcm.c
index 218032f..34e5dcf 100644
--- a/crypto/modes/gcm.c
+++ b/crypto/modes/gcm.c
@@ -406,7 +406,7 @@
#endif
#endif
-GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) {
+GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key, block128_f block) {
GCM128_CONTEXT *ret;
ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT));
@@ -417,7 +417,8 @@
return ret;
}
-void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) {
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key,
+ block128_f block) {
const union {
long one;
char little;
@@ -642,7 +643,7 @@
size_t i;
uint64_t mlen = ctx->len.u[1];
block128_f block = ctx->block;
- void *key = ctx->key;
+ const void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
#ifdef GHASH
@@ -802,7 +803,7 @@
size_t i;
uint64_t mlen = ctx->len.u[1];
block128_f block = ctx->block;
- void *key = ctx->key;
+ const void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
#ifdef GHASH
@@ -967,7 +968,7 @@
} is_endian = {1};
unsigned int n, ctr;
uint64_t mlen = ctx->len.u[1];
- void *key = ctx->key;
+ const void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
#ifdef GHASH
@@ -1077,7 +1078,7 @@
} is_endian = {1};
unsigned int n, ctr;
uint64_t mlen = ctx->len.u[1];
- void *key = ctx->key;
+ const void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p)(uint64_t Xi[2], const u128 Htable[16]) = ctx->gmult;
#ifdef GHASH
diff --git a/crypto/modes/internal.h b/crypto/modes/internal.h
index caeac40..0c2200f 100644
--- a/crypto/modes/internal.h
+++ b/crypto/modes/internal.h
@@ -170,7 +170,7 @@
unsigned int mres, ares;
block128_f block;
- void *key;
+ const void *key;
};
struct ccm128_context {
diff --git a/include/openssl/modes.h b/include/openssl/modes.h
index 220adec..fb4d496 100644
--- a/include/openssl/modes.h
+++ b/include/openssl/modes.h
@@ -97,11 +97,12 @@
/* CRYPTO_gcm128_new allocates a fresh |GCM128_CONTEXT| and calls
* |CRYPTO_gcm128_init|. It returns the new context, or NULL on error. */
-OPENSSL_EXPORT GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
+OPENSSL_EXPORT GCM128_CONTEXT *CRYPTO_gcm128_new(const void *key,
+ block128_f block);
/* CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with the
* given key. */
-OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key,
+OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key,
block128_f block);
/* CRYPTO_gcm128_setiv sets the IV (nonce) for |ctx|. */
