Const-correct ASN1_item_verify a bit more. Change-Id: I188feff6d62986554e34a10d148108b19a4eae0b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48226 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.c index 3cda5d0..ec671c0 100644 --- a/crypto/x509/a_verify.c +++ b/crypto/x509/a_verify.c
@@ -69,7 +69,7 @@ #include "internal.h" -int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, +int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *a, const ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { if (!pkey) {
diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c index c021dc4..7f90480 100644 --- a/crypto/x509/algorithm.c +++ b/crypto/x509/algorithm.c
@@ -110,7 +110,7 @@ return 1; } -int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, +int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg, EVP_PKEY *pkey) { /* Convert the signature OID into digest and public key OIDs. */ int sigalg_nid = OBJ_obj2nid(sigalg->algorithm);
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h index 32a6a9f..59e980a 100644 --- a/crypto/x509/internal.h +++ b/crypto/x509/internal.h
@@ -139,7 +139,8 @@ * signature algorithm parameters in |sigalg| (which must have type * |NID_rsassaPss|) and key |pkey|. It returns one on success and zero on * error. */ -int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey); +int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg, + EVP_PKEY *pkey); /* x509_rsa_pss_to_ctx sets |algor| to the signature algorithm parameters for * |ctx|, which must have been configured for an RSA-PSS signing operation. It @@ -164,7 +165,7 @@ * with public key |pkey| and parameters from |algor|. The |ctx| argument must * have been initialised with |EVP_MD_CTX_init|. It returns one on success, or * zero on error. */ -int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, +int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg, EVP_PKEY *pkey);
diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.c index 39637b9..1520c08 100644 --- a/crypto/x509/rsa_pss.c +++ b/crypto/x509/rsa_pss.c
@@ -167,7 +167,8 @@ } /* convert MGF1 algorithm ID to EVP_MD, default SHA1 */ -static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash) { +static const EVP_MD *rsa_mgf1_to_md(const X509_ALGOR *alg, + X509_ALGOR *maskHash) { const EVP_MD *md; if (!alg) { return EVP_sha1(); @@ -246,7 +247,8 @@ return ret; } -int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) { +int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg, + EVP_PKEY *pkey) { assert(OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss); /* Decode PSS parameters */
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 97b3ccb..9901bfa 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -1074,7 +1074,8 @@ void *data, unsigned char *md, unsigned int *len); -OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, +OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it, + const X509_ALGOR *algor1, const ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);