Mark the |e| argument to |RSA_generate_key_ex| as const.
The function does not take ownership of |e| and this makes that clear.
Change-Id: I53bb5fa94bec5d16d1c904b59391d36df7abbde6
Reviewed-on: https://boringssl-review.googlesource.com/c/33164
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c
index e8072ec..895408d 100644
--- a/crypto/fipsmodule/rsa/rsa_impl.c
+++ b/crypto/fipsmodule/rsa/rsa_impl.c
@@ -1066,7 +1066,7 @@
//
// This function returns one on success and zero on failure. It has a failure
// probability of about 2^-20.
-static int rsa_generate_key_impl(RSA *rsa, int bits, BIGNUM *e_value,
+static int rsa_generate_key_impl(RSA *rsa, int bits, const BIGNUM *e_value,
BN_GENCB *cb) {
// See FIPS 186-4 appendix B.3. This function implements a generalized version
// of the FIPS algorithm. |RSA_generate_key_fips| performs additional checks
@@ -1247,7 +1247,8 @@
*in = NULL;
}
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) {
+int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value,
+ BN_GENCB *cb) {
// |rsa_generate_key_impl|'s 2^-20 failure probability is too high at scale,
// so we run the FIPS algorithm four times, bringing it down to 2^-80. We
// should just adjust the retry limit, but FIPS 186-4 prescribes that value
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index dcca9e3..2e5cc89 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -161,7 +161,7 @@
// with event=3 when a suitable value for |p| is found.
//
// It returns one on success or zero on error.
-OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
BN_GENCB *cb);
// RSA_generate_key_fips behaves like |RSA_generate_key_ex| but performs