diff options
| author | tb <> | 2025-07-02 06:36:52 +0000 |
|---|---|---|
| committer | tb <> | 2025-07-02 06:36:52 +0000 |
| commit | 6b47f048c12894f6c2677b85edda844d168c969c (patch) | |
| tree | 9209c373920f0b7491e3c9c0a2dd3aaa7a762f23 /src | |
| parent | 3d76905090cbe420b60189cf441b5452c9c8bdf0 (diff) | |
| download | openbsd-6b47f048c12894f6c2677b85edda844d168c969c.tar.gz openbsd-6b47f048c12894f6c2677b85edda844d168c969c.tar.bz2 openbsd-6b47f048c12894f6c2677b85edda844d168c969c.zip | |
Const correct EVP_PKEY_get{0,1}_{DH,DSA,EC_KEY,RSA}()
These are safe to call concurrently and they don't modify the memory
region pointed to by the pkey - they only bump the refcount of the
key hanging off of it. The returned "legacy" key has to be handled with
care in threaded constexts, so it is handed back as non-const. This also
matches what EVP_PKEY_get0() always had.
This way our signature is identical to BoringSSL's and doesn't cause
compiler warnings in code that overuses const because one of the many
API incoherencies added by OpenSSL 3 was to turn get0 into a function
that takes and returns const while leaving get1 as it was.
dlg agrees
ok kenjiro
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/evp/evp.h | 30 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/p_lib.c | 18 |
2 files changed, 22 insertions, 26 deletions
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index c2b81d0576..94295e1262 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp.h,v 1.137 2024/08/31 10:38:49 tb Exp $ */ | 1 | /* $OpenBSD: evp.h,v 1.138 2025/07/02 06:36:52 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -778,28 +778,24 @@ void *EVP_PKEY_get0(const EVP_PKEY *pkey); | |||
| 778 | const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); | 778 | const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); |
| 779 | 779 | ||
| 780 | #ifndef OPENSSL_NO_RSA | 780 | #ifndef OPENSSL_NO_RSA |
| 781 | struct rsa_st; | 781 | RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey); |
| 782 | struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); | 782 | RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey); |
| 783 | struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); | 783 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); |
| 784 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); | ||
| 785 | #endif | 784 | #endif |
| 786 | #ifndef OPENSSL_NO_DSA | 785 | #ifndef OPENSSL_NO_DSA |
| 787 | struct dsa_st; | 786 | DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey); |
| 788 | struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); | 787 | DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey); |
| 789 | struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); | 788 | int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); |
| 790 | int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); | ||
| 791 | #endif | 789 | #endif |
| 792 | #ifndef OPENSSL_NO_DH | 790 | #ifndef OPENSSL_NO_DH |
| 793 | struct dh_st; | 791 | DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey); |
| 794 | struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); | 792 | DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey); |
| 795 | struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); | 793 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); |
| 796 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); | ||
| 797 | #endif | 794 | #endif |
| 798 | #ifndef OPENSSL_NO_EC | 795 | #ifndef OPENSSL_NO_EC |
| 799 | struct ec_key_st; | 796 | EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); |
| 800 | struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); | 797 | EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); |
| 801 | struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); | 798 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); |
| 802 | int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); | ||
| 803 | #endif | 799 | #endif |
| 804 | 800 | ||
| 805 | EVP_PKEY *EVP_PKEY_new(void); | 801 | EVP_PKEY *EVP_PKEY_new(void); |
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index 9623bb59a1..3f88185737 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p_lib.c,v 1.62 2025/05/10 05:54:38 tb Exp $ */ | 1 | /* $OpenBSD: p_lib.c,v 1.63 2025/07/02 06:36:52 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -628,7 +628,7 @@ LCRYPTO_ALIAS(EVP_PKEY_get0_hmac); | |||
| 628 | 628 | ||
| 629 | #ifndef OPENSSL_NO_RSA | 629 | #ifndef OPENSSL_NO_RSA |
| 630 | RSA * | 630 | RSA * |
| 631 | EVP_PKEY_get0_RSA(EVP_PKEY *pkey) | 631 | EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) |
| 632 | { | 632 | { |
| 633 | if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS) | 633 | if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA_PSS) |
| 634 | return pkey->pkey.rsa; | 634 | return pkey->pkey.rsa; |
| @@ -639,7 +639,7 @@ EVP_PKEY_get0_RSA(EVP_PKEY *pkey) | |||
| 639 | LCRYPTO_ALIAS(EVP_PKEY_get0_RSA); | 639 | LCRYPTO_ALIAS(EVP_PKEY_get0_RSA); |
| 640 | 640 | ||
| 641 | RSA * | 641 | RSA * |
| 642 | EVP_PKEY_get1_RSA(EVP_PKEY *pkey) | 642 | EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) |
| 643 | { | 643 | { |
| 644 | RSA *rsa; | 644 | RSA *rsa; |
| 645 | 645 | ||
| @@ -665,7 +665,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_RSA); | |||
| 665 | 665 | ||
| 666 | #ifndef OPENSSL_NO_DSA | 666 | #ifndef OPENSSL_NO_DSA |
| 667 | DSA * | 667 | DSA * |
| 668 | EVP_PKEY_get0_DSA(EVP_PKEY *pkey) | 668 | EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) |
| 669 | { | 669 | { |
| 670 | if (pkey->type != EVP_PKEY_DSA) { | 670 | if (pkey->type != EVP_PKEY_DSA) { |
| 671 | EVPerror(EVP_R_EXPECTING_A_DSA_KEY); | 671 | EVPerror(EVP_R_EXPECTING_A_DSA_KEY); |
| @@ -676,7 +676,7 @@ EVP_PKEY_get0_DSA(EVP_PKEY *pkey) | |||
| 676 | LCRYPTO_ALIAS(EVP_PKEY_get0_DSA); | 676 | LCRYPTO_ALIAS(EVP_PKEY_get0_DSA); |
| 677 | 677 | ||
| 678 | DSA * | 678 | DSA * |
| 679 | EVP_PKEY_get1_DSA(EVP_PKEY *pkey) | 679 | EVP_PKEY_get1_DSA(const EVP_PKEY *pkey) |
| 680 | { | 680 | { |
| 681 | DSA *dsa; | 681 | DSA *dsa; |
| 682 | 682 | ||
| @@ -702,7 +702,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_DSA); | |||
| 702 | 702 | ||
| 703 | #ifndef OPENSSL_NO_EC | 703 | #ifndef OPENSSL_NO_EC |
| 704 | EC_KEY * | 704 | EC_KEY * |
| 705 | EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) | 705 | EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) |
| 706 | { | 706 | { |
| 707 | if (pkey->type != EVP_PKEY_EC) { | 707 | if (pkey->type != EVP_PKEY_EC) { |
| 708 | EVPerror(EVP_R_EXPECTING_A_EC_KEY); | 708 | EVPerror(EVP_R_EXPECTING_A_EC_KEY); |
| @@ -713,7 +713,7 @@ EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) | |||
| 713 | LCRYPTO_ALIAS(EVP_PKEY_get0_EC_KEY); | 713 | LCRYPTO_ALIAS(EVP_PKEY_get0_EC_KEY); |
| 714 | 714 | ||
| 715 | EC_KEY * | 715 | EC_KEY * |
| 716 | EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) | 716 | EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) |
| 717 | { | 717 | { |
| 718 | EC_KEY *key; | 718 | EC_KEY *key; |
| 719 | 719 | ||
| @@ -740,7 +740,7 @@ LCRYPTO_ALIAS(EVP_PKEY_set1_EC_KEY); | |||
| 740 | 740 | ||
| 741 | #ifndef OPENSSL_NO_DH | 741 | #ifndef OPENSSL_NO_DH |
| 742 | DH * | 742 | DH * |
| 743 | EVP_PKEY_get0_DH(EVP_PKEY *pkey) | 743 | EVP_PKEY_get0_DH(const EVP_PKEY *pkey) |
| 744 | { | 744 | { |
| 745 | if (pkey->type != EVP_PKEY_DH) { | 745 | if (pkey->type != EVP_PKEY_DH) { |
| 746 | EVPerror(EVP_R_EXPECTING_A_DH_KEY); | 746 | EVPerror(EVP_R_EXPECTING_A_DH_KEY); |
| @@ -751,7 +751,7 @@ EVP_PKEY_get0_DH(EVP_PKEY *pkey) | |||
| 751 | LCRYPTO_ALIAS(EVP_PKEY_get0_DH); | 751 | LCRYPTO_ALIAS(EVP_PKEY_get0_DH); |
| 752 | 752 | ||
| 753 | DH * | 753 | DH * |
| 754 | EVP_PKEY_get1_DH(EVP_PKEY *pkey) | 754 | EVP_PKEY_get1_DH(const EVP_PKEY *pkey) |
| 755 | { | 755 | { |
| 756 | DH *dh; | 756 | DH *dh; |
| 757 | 757 | ||