Const-correct ASN1_item_verify a bit more.
Change-Id: I188feff6d62986554e34a10d148108b19a4eae0b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48226
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.c
index 3cda5d0..ec671c0 100644
--- a/crypto/x509/a_verify.c
+++ b/crypto/x509/a_verify.c
@@ -69,7 +69,7 @@
#include "internal.h"
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *a,
const ASN1_BIT_STRING *signature, void *asn,
EVP_PKEY *pkey) {
if (!pkey) {
diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c
index c021dc4..7f90480 100644
--- a/crypto/x509/algorithm.c
+++ b/crypto/x509/algorithm.c
@@ -110,7 +110,7 @@
return 1;
}
-int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg,
+int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
EVP_PKEY *pkey) {
/* Convert the signature OID into digest and public key OIDs. */
int sigalg_nid = OBJ_obj2nid(sigalg->algorithm);
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 32a6a9f..59e980a 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -139,7 +139,8 @@
* signature algorithm parameters in |sigalg| (which must have type
* |NID_rsassaPss|) and key |pkey|. It returns one on success and zero on
* error. */
-int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey);
+int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
+ EVP_PKEY *pkey);
/* x509_rsa_pss_to_ctx sets |algor| to the signature algorithm parameters for
* |ctx|, which must have been configured for an RSA-PSS signing operation. It
@@ -164,7 +165,7 @@
* with public key |pkey| and parameters from |algor|. The |ctx| argument must
* have been initialised with |EVP_MD_CTX_init|. It returns one on success, or
* zero on error. */
-int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg,
+int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
EVP_PKEY *pkey);
diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.c
index 39637b9..1520c08 100644
--- a/crypto/x509/rsa_pss.c
+++ b/crypto/x509/rsa_pss.c
@@ -167,7 +167,8 @@
}
/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */
-static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash) {
+static const EVP_MD *rsa_mgf1_to_md(const X509_ALGOR *alg,
+ X509_ALGOR *maskHash) {
const EVP_MD *md;
if (!alg) {
return EVP_sha1();
@@ -246,7 +247,8 @@
return ret;
}
-int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) {
+int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
+ EVP_PKEY *pkey) {
assert(OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss);
/* Decode PSS parameters */
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 97b3ccb..9901bfa 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1074,7 +1074,8 @@
void *data, unsigned char *md,
unsigned int *len);
-OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
+ const X509_ALGOR *algor1,
const ASN1_BIT_STRING *signature,
void *data, EVP_PKEY *pkey);